It all started with a simple question from my eight-year-old daughter: “What’s the RSA Conference about, Daddy?” I gave her a generic response as I headed out the door for the 2015 Conference, but her question stuck with me for some reason. Upon returning, I pulled all the talk titles available for the past few years, ran some simple analysis and published a short blog post. I thought that’d be the end of it.

Turns out, however, that some of the folks behind RSA Conference are really into data-driven storytelling too. They reached out, offering 25 years of presentation titles in exchange for some expanded analysis. How could I resist? And so I wrote four more blog posts (parts 1, 2, 3, 4) and led a panel to discuss the findings. I really thought that’d be the end of it.

But those data-loving conference organizers had another idea. If short talk titles yielded so much insight, what might we learn about the security industry by analyzing the far more verbose abstracts from all submitted talks? Thankfully, Jay Jacobs and I had started the Cyentia Institute by then, and he was able to more capably take over the data crunching for that effort. That analysis led to us publishing an entire report sharing all our findings and another presentation. I just knew that was the end of it.

Well, that obviously wasn’t the end of it because here we are again with another blog post a full six years after my daughter’s seemingly innocuous question. What else could we possibly analyze to keep this going after all that?

I generally separate the RSA Conference experience into four categories: the presentations, the exhibition floor, the hallway con and leisure activities. As described above, we’ve already done a lot of analysis focused on that first category, and, short of blanketing the Moscone Center area with listening devices, we’re not going to get any data to study on those last two categories. We assumed exhibitor info was lost to the ages but did we mention those RSA Conference folks like data? Yep, they went back through their records—even manually transcribing from the few remaining printed versions of old Conference booklets—to gather exhibitor descriptions from the past 20+ years!

We had a lot of ideas about what we might discover from this new corpus of information. Similar to our analysis of Conference presentations, we expected to discern evolving industry themes reflected in how vendors describe who they are and what they do. But one question rose above the rest across our collective interests in this dataset: Is the cybersecurity market becoming more or less diversified over time?

By “diversified” here, we mean the types of products and services that comprise the security marketplace. Are there more vendors doing more things now, or has market consolidation and buzzwordy solution descriptions muddled it all to the point where everyone pretty much seems to be doing some version of the same thing? Let’s see if the data on RSA Conference exhibitors sheds any light on this question.

Figure 1: Number of annual exhibitors at RSA Conference  View Full Size

One way to think about that question is by looking at the number of exhibitors. By that measure, vendor diversification at Conference has risen dramatically over the years. There was a dip in exhibitors in 2020, some due to COVID-19 cancellations and others likely due to layout changes on the exhibit floor. But this isn’t a very sophisticated or satisfying answer to the question. More vendors doesn’t necessarily mean more market diversification. A set of topics or terms to compare among exhibitor descriptions would get us closer to our real question.

We could simply count the most common words, but that tends to emphasize mundane stop words like “the” that reflect more about the English language than security vendors. So we removed those. Then we used a keyword extraction technique called RAKE that’s designed to—you guessed it—extract meaningful keywords (and phrases) from the corpus of text (in this case, vendor descriptions). RAKE gets complicated quickly, so we’re not going to dive into the details of that process. Suffice it to say that Cyentia team members still don’t agree on whose approach to RAKE takes the cake.

After RAKEing through the text, we identified 701 important keywords among exhibitor descriptions across all years of Conference. We’re not going to focus on the individual terms now, but rest assured, we’ll explore them more fully in a follow-up blog post.

With a way to identify important keywords used by exhibitors during each year, we have the beginnings of a comparable measure of market diversification. If we see a greater volume and variety of keywords used to describe vendor products and services over time, it’s reasonable to infer divergence. The opposite trend would suggest vendor consolidation, product convergence or maybe just buzzword conformance. Figure 2 depicts what we saw.

Figure 2: Volume and variety of keyword usage among RSA Conference exhibitors over time View Full Size

Each colored segment in Figure 2 represents a unique keyword. From that, it’s pretty clear that the volume and variety of unique keywords extracted from RSAC exhibitor descriptions generally increase over time. Sure, there are ebbs and flows, but this is a good indicator that the market is becoming more and more diversified. At least, that is, in terms of how security vendors describe themselves and what they do.

Looking more closely, periods of rapid convergence or divergence become apparent. Perhaps most obvious is the explosion in volume around 2014-2015. This indicates not only more vendors (see Figure 1) using more unique keywords but also settling on shared terminology such as “threat management” and “vulnerability assessment.”

Rewinding 10 years before that reveals no keywords reaching mainstream prominence across a large proportion of exhibitors. In other words, everyone was kind of doing their own thing. We see the broader striations toward the right side of Figure 2 as a possible sign of a maturing market where differentiation isn’t unnecessarily forced and accepted categories emerge.

Figure 3 offers one final visual of the growing topical diversity among RSA Conference exhibitors. It shows the same basic information as Figure 2 but emphasizes years of growth and contraction. It starts in the bottom left, where we see 1998’s Conference had far fewer vendors and less variety among them. And it generally increases from there on both axes.

Figure 3: Annual shifts in RSA Conference exhibitors and keywords used in their descriptions View Full Size

But it’s not the growth that sold us on including this chart; it’s the pullbacks. It’s possible we’re reading too much into the data. But we can’t help but notice the periods where vendor diversity at Conference decreases coincides with the 2000 dot-com bubble, 2008 global financial crisis and 2020 COVID-19 pandemic. It makes sense that such events would result in fewer exhibitors at Conference as well as opportunities for vendor and product convergence.