Reflections on information security from a social science perspective

August 7, 2018

My last post was a case study of A.P. Møller-Maersk's communication is response to the NotPetya incident that took some of the company's global systems offline in June 2017 and the narratives carried by the news media in covering the incident. In this post, I want to w...

May 20, 2018

A.P. Møller-Maersk's Chariman Jim Hagemann Snabe said on a panel at the World Economic Forum in January 2018 that "we were basically average when it comes to cybersecurity, like many companies, and this was a wake up call" he also said "we chose a very open dialogue ar...

October 4, 2017

I don't want to hop on the meme-train here but the saga of Trevor gave me some ideas so here they are. Humor is rare in crisis communication but it's not unheard of. Rumor, on the other hand, is common. People seek information and explanation in a crisis and aren't as...

August 7, 2017

Attribution is a linguistic overlap between crisis communication theory and information security. Both of these fields rely on attribution and, while they are similar at the conceptual level (who is responsible), they are very different in how they are used. How terms...

June 19, 2017

Last week, I went through the findings from my textual analysis of the Sony hack in 2014. I originally planned on covering the entire Sony case study in one post but that first post got away from me a little. Today, I’ll get into the implications of my findings, what i...

June 14, 2017

My first foray into studying information security crises from a communication perspective was a case study of Sony Pictures Entertainment’s 2014 mega breach. Go big or go home?

Eventually, I looped the OPM breach as well and I’ve gone through maybe 3 or 4 different meth...

Please reload

Our Recent Posts

November 17, 2019

Please reload


Please reload




This blog is a place for me to explore issues in information security from a somewhat scholarly and very communication-centric viewpoint. Here I'll be talking about scholarly theories from my time in graduate school, best practices (both academic and not) from communication, and how they all play out in information security. I'll also be looking at specific cases and analyzing the communication around them. I'll include citations and links to relevant resources as appropriate in my posts so you can continue explroing some of these topics on your own.



I have my M.A. in communication from the University of Maryland. My research there focused primarily on crisis communication and public relations. Using theories from those fields, I’ve begun examining certain information security issues. Specifically how organizations and individuals communicate about infosec and how it can be done more effectively.