The Evolution of InfoSec Through 25 Years of RSA Conference Sessions, Part 4: We Echo That Sentiment

Posted on by Wade Baker

Well, the 2016 RSA Conference is over. From my perspective, it was one of the most enjoyable RSACs ever. I had the good fortune to speak several times, participate in a StoryCorps project, do an interview with ISMG, meet with partners, customers, and friends, and even squeeze in a few sessions when my schedule allowed. I trust you’ve fully recovered by now and are busily exploring and implementing all the great ideas you encountered there. 

With the conference over and my stack of catch-up tasks down to a manageable level, it’s time to make good on my promise to complete the four-part series on RSAC titles I started back in January (see parts 1, 2, and 3 if you wanna catch up). And speaking of this series—I had the chance to chat about it with my good friends Jay Jacobs (@jayjacobs), Wendy Nather (@RCISCwendy), and Alex Pinto (@alexcpsec) during a very fun, but very early 8 a.m. panel that was filmed. 

This last post is going to be short and sweet. I’d like to switch gears from basic word counts to examining titles using a technique known as sentiment analysis. And in so doing, I need to give a hat tip to Bob Rudis (@hrbrmstr), who originally did this analysis in preparation for the RSAC panel (which he ended up not being able to attend).

In a nutshell, sentiment analysis does exactly what the name suggests—it aims to determine the attitude, emotions, tone, polarity, etc., of of a given text. For instance, is it positive or negative? Is the author angry or happy? We thought it would be fun to bring questions like this to bear on RSAC titles over the last 25 years. 

Do we accentuate the positive? Eliminate the negative?

I’ve heard it said that infosec people are often seen as surly and negative, but you wouldn’t immediately get that impression from our presentations. Historically, RSAC talks have leaned decidedly toward the positive, but negativity does seem to be catching up—especially in the decade following 2001 (a 9/11 influence, perhaps?). I was actually surprised to see positive sentiment trending up over the last several years, while negativity is trending down. I would have thought the “data breaches are inevitable” attitude that is gaining popularity lately would steer dialogue in a negative direction, but presenters seem to be effectively accentuating the positive. Good for them.

Figure 1. Percentage of titles with positive and negative sentiment. 

Do we give in to our anger? Is fear the path to the B-Sides?

In one of the previous posts, I showed how titles that include words like threat, breach, attack, and risk have risen dramatically in the last 5 years. Logic would suggest that sentiments of fear would mirror that trend. Curiously, that doesn’t appear to be the case. Fear-emoting titles did indeed rise in the ‘aughts’ but has leveled out and declined since 2012. Anger rose quickly between 2000-2003 to about 20% of sessions and hovered there ever since. I’m glad to see we’re remembering the lessons of Master Yoda and not letting our fear and anger get the best of us.

Figure 2. . Percentage of titles with anger and fear sentiment. 

Do we try to sound all highfalutin?

This last bit isn’t sentiment analysis, but it’s not too far afield either. You might have seen statements like “this book is written at a X grade level.” What you might not have known is that there’s a method for making that determination called the Flesch-Kincaid readability test. While titles don’t provide enough text to conduct an accurate test, I thought it would be interesting to see where we came out. A hat-tip here to Jay Jacobs, who found an R package for F-K testing and knocked out this analysis.

Figure 3. Flesch-Kincaid readability level for RSAC titles 

My first reaction to this was to throw up my hands in exasperation and lament that our talks are getting dumber. Then Alex Pinto wisely reminded me that what is really happening here is that we’re producing more accessible content. I like his interpretation better.

In all seriousness—to the extent this application of the F-K test has any validity at all—this figure tells the same basic story we heard at the beginning of this series. The RSA Conference has steadily evolved from a very technical conference for cryptographers to one that covers diverse topics at varying levels for a wide audience. And if you think about it, pretty much the same thing has happened to the industry as a whole. 

I’d like to thank the RSAC committee for providing the opportunity and data for this analysis. It’s been fun to examine my industry through this lens and I hope others have enjoyed this series as well.


Join us for a webcast on Wednesday, April 27, 2016 at 1 p.m. ET/10 a.m. PT as Wade Baker, Alex Pinto and Jay Jacobs present a fun yet informative analysis of all RSA Conference session titles since it began in 1991 to gain insight into the ways the industry has evolved over the last 25 years, and to see where it might be heading. 

Wade Baker

Partner and Co-Founder, Cyentia Institute

Business Perspectives

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community