Cybersecurity leaders spend much of their time watching how threats and tools change. A new study asks a different question, how has the research community itself changed over the past two decades. Researchers from the University of Southampton examined two long running conference communities, SOUPS and Financial Cryptography and Data Security, to see how teams form, who contributes, and which kinds of work gain attention.
The result is a rare look at the structure behind the papers that influence security practice.
Two communities that grew in different ways
The team gathered data from both conferences from their founding years through 2023. SOUPS launched in 2005 with a focus on usable security and privacy. FC started in 1997 with a mix of cryptography, systems security, and later blockchain research. Each community expanded over time, although in different ways. SOUPS reached more than 400 papers during the period studied and FC reached more than 650. FC has also carried a distinctly interdisciplinary character, which was one of the primary reasons the authors chose to compare SOUPS and FC in the first place.
SOUPS grew a larger share of interdisciplinary work. The average team size reached above four authors, compared with about three in FC. Many SOUPS papers involved collaborations across human factors, security engineering, and design. FC tended to draw from more technical subfields, often forming smaller teams.
Jeff Yan, the main author of the study, told Help Net Security that assumptions about big teams do not always match how impact emerges. He said, “I feel that lean, diverse, and focused teams may represent a sweet spot, and that institutional or cultural incentives pushing for large consortia or homogeneous teams may misjudge what produces impact. This is especially relevant given how often the assumption bigger teams equals more resources equals more papers equals more impact is assumed, for example in grant strategy and institutional planning.”
Even small differences in team size changed the shape of the collaboration network. SOUPS produced a large central island that eventually held more than half of all authors. FC produced more islands overall, which reflected the community’s stronger pattern of smaller, independent groups. Some islands later merged, especially in FC during the rise of blockchain research, but the conference still kept a more distributed structure.
Gender balance shifted, but not evenly
The study tracked gender participation across both communities and found major differences. SOUPS saw steady growth in women authors, reaching about 35 percent across the dataset and about 46 percent in 2023. FC stayed near 13 percent overall and never passed 20 percent in any single year.
Team composition reflected this pattern. SOUPS produced far more mixed gender teams, while FC remained dominated by all male groups. All female teams were uncommon in both.
First author roles showed the same divide. SOUPS moved toward near parity after 2017, with some years where women first authors outnumbered men. FC stayed far lower and never rose above 26 percent. These patterns suggest that subfields bring different collaboration norms and career pathways.
Which teams produced widely cited work
CISOs often rely on academic results when setting policy or reviewing new approaches. The study used citation counts as one way to measure which kinds of teams tended to have reach.
SOUPS had a higher average citation count than FC. The most cited SOUPS paper passed 1,500 citations and the most cited FC paper passed 3,000, but the averages favored SOUPS.
The data also shows some trends about team formation. Mixed gender teams produced the highest average citation counts in both communities. Smaller mixed gender teams scored especially well. Single author work ranked highest in SOUPS but ranked lowest in FC.
Yan said research leaders can play a part in shaping these patterns by supporting teams that show strong performance. “It is important for research leaders to recognise and reward high impact small teams, rather than placing too much emphasis on publication counts,” he said. He added that leaders can “encourage and support small, focused teams rather than large, diffuse collaborations” and promote a “lean project culture” built on clear roles and shared expectations. He also recommended pairing junior researchers with one primary supervisor and one secondary mentor instead of large committees.
He stressed that gender diversity is not only a representation goal. “It is beneficial for research leaders to recognise that cross gender collaboration is not just a diversity objective, but also an intellectual performance driver,” he said.
Yan also cautioned that research strategy needs to reflect the wide spread of cybersecurity subfields. “Cybersecurity is not monolithic. Its subfields are culturally distinct. Team structures and impact patterns vary widely across communities, so research strategy must be tailored.”
Collaboration networks reveal long term shifts
The study spent significant effort mapping how authors connect. Most researchers had only a few collaborators, but a small group had far more. In SOUPS, the top collaborator worked with 73 coauthors during the study period. In FC, the top collaborator worked with 43.
This difference pushed the SOUPS network toward a stronger center. FC’s network grew through many smaller islands that later merged. The merge events often happened when new research areas gained momentum. Bitcoin and blockchain research sparked a large rise in new collaborations, which drove major network growth after 2018.
Tracking the growth of ideas
The researchers also looked at how topics changed. SOUPS focused on authentication, passwords, phishing, privacy labels, and related areas tied to human behavior. FC tracked blockchain, digital currency, digital signatures, and privacy preserving methods. Topic counts grew in each community, but paper counts grew much faster, which suggests rising attention and growing interest in these emerging disciplines.
For CISOs, the study offers a window into how fields evolve. Hiring, research partnerships, and long term planning depend not only on threats but also on the people who study them. This work shows how those patterns shift over time and how different areas of cybersecurity build knowledge in their own ways.