Reflections on information security from a social science perspective

December 26, 2019

This blog post is inspired by an article by Sooraj Shah for the BBC published about a month ago. When I read the article, I was really happy to see that someone was exploring this component of the situation. I did find myself doing an impromptu analysis of the article,...

November 17, 2019

There are countless reasons people write. There are maybe even more reasons people don’t. Twitter is chock full of writers’ woes about the difficulty of writing when they want to, especially when they need to. I want to explore some of the reasons I haven’t written for...

August 7, 2018

My last post was a case study of A.P. Møller-Maersk's communication is response to the NotPetya incident that took some of the company's global systems offline in June 2017 and the narratives carried by the news media in covering the incident. In this post, I want to w...

May 20, 2018

A.P. Møller-Maersk's Chariman Jim Hagemann Snabe said on a panel at the World Economic Forum in January 2018 that "we were basically average when it comes to cybersecurity, like many companies, and this was a wake up call" he also said "we chose a very open dialogue ar...

March 27, 2018

One aspect of breach response and communication that's fascinated me has been the gravitational field incidents can have. Especially with the major incidents, organizations that weren't involved, or only involved very distantly, forced to respond to the incident. 


February 13, 2018

There have been enough large-scale data breaches in the news that people now have expectations for how companies respond. There's a script. This script doesn't necessarily leads to successful responses. It just means that people expect companies to communicate in certa...

January 30, 2018

Speaking the same language as your audience is important. In most cases you're already speaking the literal, high-level language of your audience but it's a lot more nuanced than that. Language at a lower level is one thing that trips people up on the way to understand...

January 16, 2018

There are a lot of ways to think about audiences of information security messages. Your relationship to your audience influences how you communicate with them. Why are they listening to you? Are you part of an internal team - are you communicating with your coworkers -...

December 13, 2017

Last post, I went over two methods for understanding or segmenting your audience. The first was based on the influence you have over your audience - why are they listening to you in the first place?

  • Affinity

  • Required to listen

    • Structural reasons

    • ...

December 1, 2017

I've mentioned a caveat in a few of my previous posts and talks that "it depends on your audience." Now I want to dive into that caveat a little and talk about the audiences for infosec communication. How does your audience change your communication? 

When you're planni...

Please reload

Our Recent Posts

November 17, 2019

Please reload


Please reload




This blog is a place for me to explore issues in information security from a somewhat scholarly and very communication-centric viewpoint. Here I'll be talking about scholarly theories from my time in graduate school, best practices (both academic and not) from communication, and how they all play out in information security. I'll also be looking at specific cases and analyzing the communication around them. I'll include citations and links to relevant resources as appropriate in my posts so you can continue explroing some of these topics on your own.