What’s the RSA Conference About, Daddy?

Like many of my infosec brethren and sistren (yep; apparently it’s a word), I leave some sad kids behind every year as I make the annual pilgrimage to the RSA 2015 Conference. This year, my 8 year old put me on the spot as I headed out the door by asking “what’s the RSA Conference about, Daddy?” I suppose the “it’s something Daddy has to do for work” response wasn’t cutting it for her anymore. I thought about it for a sec and gave an answer that I thought would satisfy: “it’s a big event where people I work with get together to talk and learn” (obviously omitting certain activities). When she replied, “ok, but what’s it *about*, Daddy?”, I knew I was in trouble. I was about to give a lame “it’s about security stuff, sweetheart” to diffuse the pressure, but I thought better of it. Instead, I told her that I’d take good notes while there and give a proper explanation when I got back.

Now I’m 1+ week back, and I owe my daughter an explanation of what RSAC is. Unfortunately, my notes didn’t work out very well; too many meetings and distractions to observe/process it all. Plus, any such answer would only describe RSAC from my subjective experience; and she didn’t ask that. And that’s when my data-driven side kicked in. I decided to let RSAC tell her what RSAC is about (accuse me of dodging the question if you like; I’m fine with it).

So I ran some numbers. To make a long story short, I used some open source threat intelligence and pulled all presentation titles from 2012 through 2015 from the RSAC website. I was hoping for longer history, but couldn’t find it (if you have a source, please respond with it and I’ll update the data). Then I looked at word frequencies, percentages, rates of change, etc. as a proxy for determining what RSAC is about. Yes, I realize one could argue that RSAC is equally “about” the extracurricular activities as the presentations, but just go with me on this. Once finished, I felt confident that I was prepared to give a credible answer. I didn’t really like the answer, but who am I to argue with the numbers?

“RSAC is about cyber,” I reluctantly told her. She looked at me with a half-confused, half-annoyed expression that probably mimicked the one I gave the first person who told me “information security is dead; we’ve moved on to cyber now.” Clearly, she expected more. “Um, it’s about the risk from cyber threats to data in the cloud, sweetheart.” She seemed to accept this, so my confidence grew, and I continued. “But interestingly, it’s becoming less and less about data and the cloud and more about intelligence and response. And if I had to read the tea leaves, the future of RSAC will be about the Internet of Things.” “Thanks Daddy,” she said with a satisfied look. I breathed a sigh of relief; promise kept and dependability preserved.

I realize you “grown ups” may need a little more information before accepting the explanation above. The rest of this post is for you. I’ll start by dropping a word cloud for each year, even though I hear they aren’t the hotness in data visualization these days. If you’re of that opinion, by all means, scroll on by.

“RSAC is about cyber”
I’m going to admit one of my petty biases. I’ve gotten over “cyber x” notation (e.g., cybersecurity, cybercrime, cyberintelligence), but I find the use of just “cyber” rather annoying. Especially when it’s put forth as the penultimate advancement of computer network information security. So, I was a little miffed when my analysis showed that “cyber” was the most-used word among RSAC presentation titles over the last 4 years (note: I excluded “security” from my analysis).

“RSAC is about the risk from cyber threats to data in the cloud”
I was, however, glad to see that “data” ranked #2; even happier that it topped “cyber” in relative usage as a percentage of presentations. At least we still remember what we’re protecting. Tables 2 justifies inclusion of the other words in this heading that round out the top 5. Viewing percentages doesn’t do much to change the outcome over raw counts, but it’s still a worthwhile test since the number of presentations grew substantially each year. It’s the best way to see how strongly each word/theme plays into the overall vibe of the conference.

“Less about data and the cloud and more about cyber threat intelligence and response”
Figure 1 lists the 20 most common words and their relative percentage change between 2012 and 2015 (orange denotes increase, grey decrease). It’s a good indicator of what’s hot and what’s not. As I told my daughter, “cloud” and “data” stole a lot less of the show in 2015 compared to 2012. Maybe we’ve all gotten used to the fact that our data is already in (or headed to) the cloud, so it’s not worth talking about as much.

Figure 2 is similar to Figure 1, but shows the 20 highest-ranked words based on raw count. It’s readily apparent that “intelligence” and “response” gained a lot of airtime at RSAC between 2012 and 2015, moving way up from #70+ to near the top 10. That’s because intelligence is awesome and using it to drive better, quicker response to threats is even awesome-er. In fact, I know a company with a great threat intelligence platform that will do just that!

“The future of RSAC will be about the Internet of Things”

Figure 2 shows “future” and “internet” moved up the rankings fairly substantially, which I find curious. Not quite curious enough to dive into the context of the titles for an explanation, but curious nonetheless. Even though “things” was not in the top 20 in any year, I included it in Figure 2 to make a point. Of all words across all titles, it gained more usage at RSAC from 2012 to 2015 than any other. That’s not terribly surprising given the IoT buzz that grew progressively louder over 2014/15, but it’s still an interesting bit of information. Given that trajectory, I wouldn’t be surprised if it cracked the top 20 soon.

Other miscellaneous observations:

• In 2012, “cloud” appeared in 11% of presentation titles; that’s the highest of any word for four years I studied. You might say the cloud buzz hit the stratosphere…or should I say troposphere…that year. “Cyber” is the only other word to hit the 10% mark (in 2013).
• “Access” lost the most ground in the rankings, falling 68 slots between 2012 and 2015. Weird. Maybe the byproduct of assuming the bad guys have access nowadays, so it’s not cool to talk about prevention (which fell 42 ranks, by the way)? “Social” lost 66. Also weird. Maybe we feel we’ve silenced the risks from social media?
• It’s odd that “breach” dropped more poll positions than any other word per Figure 2. Aren’t we in the “everybody’s breached” era?
• I’m surprised that “privacy” hit the highest mark at RSAC 2013. If you’re thinking “wait – 2013 was a huge year in privacy circles,” keep in mind that the conference took place months before the Snowden leaks of that year. I’d have expected the blowback from that to push privacy way up the list in 2014.
• There’s a lot more I could draw out of this, but you’re not a sweet little girl asking daddy a question 😉 If you’d like to do it yourself, here’s the base data file (.csv). Also, I’ll say again that if anyone has listings of presentations earlier than 2012, I’d appreciate a pointer.

What do you think RSAC is all about? Do you agree with what the data is telling us from the veteran industry vendors to those working day-to-day to protect our networks?