Thursday, November 7, 2013

Science Meets Marketing

Some time ago, I meant to write a post on why I was linking to physics blogs from a security blog. This is not really that post, but it may serve as a partial explanation. See Science Marketing needs Consumer Feedback, in which Sabine Hossenfelder (whose BackReAction blog is one of the physics blogs I link to) says, "It’s been a while since I read Marc Kuchner’s book “Marketing for Scientists”. I hated the book as I’ve rarely hated a book."

I could not be in more complete agreement with Sabine. I encourage you to read her post, and Kuchner's book. It is entirely relevant to a security blog, and I would like to present a single representative argument for my position: the Georgia Institute of Technology Emerging Cyber Threats Report 2014.

This report touches all the bases of marketing. Use of 'Cyber'-whatever is indicative, but not the least offense.  Almost all references (and this is from academia) point to news outlets of one sort or another, even where there are academic papers that could have (and unless you follow the literature, you would not know this) been referenced. In fact, no papers are referenced, even when they exist; apparently the author regards CNN as a more interesting or reliable source of knowledge. Repeated use of 'He said', 'randomperson said' quotes, always in reference to GeorgiaTech staff, sounds much like a press release.

This is marketing, pure and simple, and straight from the halls of academia. It is moderately informative, but if you are not involved in the daily business of systems and information security, the references provide no reliable guide to separating the wheat from the chaff. 

If I were determined to find an appropriate leading graphic, it would probably involve Gandalf waiving at Elves or something.