There’s a paradox in information security where the community wants two things at once:
- High quality research and talks, and
- Unbiased research and talks
I’ve personally been one of these affiliated speakers countless times.
Many conference schedules, however, are full of talks from people who work at vendors.
Conversely, people in the crowd at these conferences often have two complaints about the content.
- There isn’t enough good content, or
- This presenter is just talking their own book! They sell ____________ service!
I think it’s ultimately a market failure due to natural incentives. As it turns out, very few people are both inspired and capable of doing research on a particular topic.
He’s the COO of Corellium, which does mobile forensics.
Some people would balk at that, and say he’s horribly biased and you can’t trust anything he says. But there’s another way to look at that, through the lens of incentives.
Who else has the incentive to deeply analyze this problem, other than those who have oriented a business around solving it?
Clearly not many people, otherwise podcasts and conferences would be overflowing with talk submissions from non-affiliated speakers. They’re not.
Most conferences and podcasts are full of people thinking about a problem because that’s how they make their living, which is tied to money, which they get from a company, which has an agenda.
That’s the paradox.
We often can’t get a quality discussion of a problem without the participants having some significant financial association with one or more solutions.
So what’s the answer? There isn’t one, really.
We just have to be very clear about the biases we bring due to our affiliations, and acknowledge that without those biased participants we wouldn’t have much of a conversation at all.