Quality Research Part II: Publicizing Research
In my last blog post, I discussed (very generally) what can make research “bad.” Now I want to explore the second step of good research,...
CLEAR SECURITY COMMUNICATION
Search
We need more *Quality* Research
Not all research is created equally. Good research is methodologically solid and is presented to the world accurately.
We Need More Qualitative Research on Infosec
This blog post is inspired by an article by Sooraj Shah for the BBC published about a month ago. When I read the article, I was really...
On...not writing
There are countless reasons people write. There are maybe even more reasons people don’t. Twitter is chock full of writers’ woes about...
Conclusions from the Maersk case study
My last post was a case study of A.P. Møller-Maersk's communication is response to the NotPetya incident that took some of the company's...
Case Study: A.P. Møller-Maersk and NotPetya
A.P. Møller-Maersk's Chariman Jim Hagemann Snabe said on a panel at the World Economic Forum in January 2018 that "we were basically...
Watching a narrative change: Orbitz
One aspect of breach response and communication that's fascinated me has been the gravitational field incidents can have. Especially with...
Breach response expectations: cliches impeding change
There have been enough large-scale data breaches in the news that people now have expectations for how companies respond. There's a...
Shared Language: how to fake it if you don't have it
Speaking the same language as your audience is important. In most cases you're already speaking the literal, high-level language of your...
Audiences of infosec communication: Internal or external?
There are a lot of ways to think about audiences of information security messages. Your relationship to your audience influences how you...