The Evolution of InfoSec Through 25 Years of RSA Conference Sessions, Part 4: We Echo That Sentiment

RSA ConferenceWell, the 2016 RSA Conference is over. From my perspective, it was one of the most enjoyable RSACs ever. I had the good fortune to speak several times, participate in a StoryCorps project, do an interview with ISMG, meet with partners, customers, and friends, and even squeeze in a few sessions when my schedule allowed. I trust you’ve fully recovered by now and are busily exploring and implementing all the great ideas you encountered there. 

With the conference over and my stack of catch-up tasks down to a manageable level, it’s time to make good on my promise to complete the four-part series on RSAC titles I started back in January (see parts 1, 2, and 3 if you wanna catch up). And speaking of this series—I had the chance to chat about it with my good friends Jay Jacobs (@jayjacobs), Wendy Nather (@RCISCwendy), and Alex Pinto (@alexcpsec) during a very fun, but very early 8 a.m. panel that was filmed

This last post is going to be short and sweet. I’d like to switch gears from basic word counts to examining titles using a technique known as sentiment analysis. And in so doing, I need to give a hat tip to Bob Rudis (@hrbrmstr), who originally did this analysis in preparation for the RSAC panel (which he ended up not being able to attend).

In a nutshell, sentiment analysis does exactly what the name suggests—it aims to determine the attitude, emotions, tone, polarity, etc., of of a given text. For instance, is it positive or negative? Is the author angry or happy? We thought it would be fun to bring questions like this to bear on RSAC titles over the last 25 years. 

Do we accentuate the positive? Eliminate the negative?

I’ve heard it said that infosec people are often seen as surly and negative, but you wouldn’t immediately get that impression from our presentations. Historically, RSAC talks have leaned decidedly toward the positive, but negativity does seem to be catching up—especially in the decade following 2001 (a 9/11 influence, perhaps?). I was actually surprised to see positive sentiment trending up over the last several years, while negativity is trending down. I would have thought the “data breaches are inevitable” attitude that is gaining popularity lately would steer dialogue in a negative direction, but presenters seem to be effectively accentuating the positive. Good for them.

Figure 1. Percentage of titles with positive and negative sentiment.

positive trends

negative trends

Do we give in to our anger? Is fear the path to the B-Sides?

In one of the previous posts, I showed how titles that include words like threat, breach, attack, and risk have risen dramatically in the last 5 years. Logic would suggest that sentiments of fear would mirror that trend. Curiously, that doesn’t appear to be the case. Fear-emoting titles did indeed rise in the ‘aughts’ but has leveled out and declined since 2012. Anger rose quickly between 2000-2003 to about 20% of sessions and hovered there ever since. I’m glad to see we’re remembering the lessons of Master Yoda and not letting our fear and anger get the best of us.

Figure 2. . Percentage of titles with anger and fear sentiment.

anger sentiment

fear trends 

Do we try to sound all highfalutin?

This last bit isn’t sentiment analysis, but it’s not too far afield either. You might have seen statements like “this book is written at a X grade level.” What you might not have known is that there’s a method for making that determination called the Flesch-Kincaid readability test. While titles don’t provide enough text to conduct an accurate test, I thought it would be interesting to see where we came out. A hat-tip here to Jay Jacobs, who found an R package for F-K testing and knocked out this analysis.

Figure 3. Flesch-Kincaid readability level for RSAC titles

readability scale

My first reaction to this was to throw up my hands in exasperation and lament that our talks are getting dumber. Then Alex Pinto wisely reminded me that what is really happening here is that we’re producing more accessible content. I like his interpretation better.

In all seriousness—to the extent this application of the F-K test has any validity at all—this figure tells the same basic story we heard at the beginning of this series. The RSA Conference has steadily evolved from a very technical conference for cryptographers to one that covers diverse topics at varying levels for a wide audience. And if you think about it, pretty much the same thing has happened to the industry as a whole. 

I’d like to thank the RSAC committee for providing the opportunity and data for this analysis. It’s been fun to examine my industry through this lens and I hope others have enjoyed this series as well.


Join us for a webcast on Wednesday, April 27, 2016 at 1 p.m. ET/10 a.m. PT as Wade Baker, Alex Pinto and Jay Jacobs present a fun yet informative analysis of all RSA Conference session titles since it began in 1991 to gain insight into the ways the industry has evolved over the last 25 years, and to see where it might be heading. 

Posted on March 29, 2016

Wade Baker

by Wade Baker

VP, Innovation & Analytics, ThreatConnect

USA 2016

← View more Blogs

This document was retrieved from on Fri, 28 Oct 2016 02:27:19 -0400.
© 2016 EMC Corporation. All rights reserved.