Who Shares What? An Empirical Analysis of Security Conference Content Across Academia and Industry

Security conferences are important venues for information sharing, where academics and practitioners share knowledge about new attacks and state-of-the-art defenses. Despite their importance, researchers have not systematically examined who shares information and which security topics are discussed. To address this gap, our paper characterizes the speakers, sponsors, and topics presented at prestigious academic and industry security conferences. We compile a longitudinal dataset containing 9,728 abstracts and 1,686 sponsors across four academic and six industry conferences. Our findings show limited information sharing between industry and academia. Conferences vary significantly in how equitably talks and authorship are distributed across individuals. The topics of academic and industry abstracts display consistent coverage of techniques within the MITRE ATT&CK framework. Top-tier academic conferences, as well as DEFCON and Black Hat, address the governance, response, and recovery functions of the NIST Cybersecurity Framework inconsistently. Commercial information security and insurance conferences (RSA, Gartner, Advisen and NetDiligence) more consistently cover the framework. Prevention and detection were the most common topics in the sample period, with no clear temporal trends.