Chapter 46. Academics
When I first got into security, I was an academic, writing conference papers, grant proposals, and crap like that. Even in my time consulting and in product development, I have tried to do some things that were both academically interesting and practical.
Having been on both sides of the divide, I’d say that for the most part there is not much practical work coming out of academia that is making a big impact in the real world. There are certainly a few exceptions, most of them in the world of cryptography (that subfield is a lot better with practical applications in general, though there are still a lot of people working on stuff that will never be interesting for real-world systems).
There are lots of reasons for this, an important one being that industry and academia don’t share very much. For instance, my first startup built cool security tools for finding bugs, way ahead of what academia was doing. Years later, there are still new papers reinventing things that we did a long time ago but never shared with anybody because we thought we were better off not sharing.
I see the same thing in AV and intrusion detection. Lots of academics are reinventing what industry has been doing for years. Or they’re proposing systems that look like they might be viable until someone tries to apply the technique to the real world on a large scale and identifies all the problems (many academic papers on detecting “bad stuff” look good to the authors, but would have serious accuracy ...
Get The Myths of Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
