Reflections on information security from a social science perspective

August 7, 2018

My last post was a case study of A.P. Møller-Maersk's communication is response to the NotPetya incident that took some of the company's global systems offline in June 2017 and the narratives carried by the news media in covering the incident. In this post, I want to w...

September 13, 2017

So, Equifax happened... this blog is not about that, even though it seems like it is. I wrote it before that news broke. Any resemblance to that situation is coincidence.

Previously, I went through the first two stages of CERC, pre-crisis and initial, and how they inter...

September 6, 2017

In previous posts, I examined the use of communication at the more granular level of technical attribution, now I'd like to zoom out a bit. I want to examine incident response and how communication can be used throughout the process. Based on my research and conversati...

August 29, 2017

In a previous post, I presented a couple of cases in which communicative attribution (responsibility) and technical attribution conflicted. I selected those cases specifically to show that the public (media, employees, etc.) can pick and choose whether or not to incorp...

August 7, 2017

Attribution is a linguistic overlap between crisis communication theory and information security. Both of these fields rely on attribution and, while they are similar at the conceptual level (who is responsible), they are very different in how they are used. How terms...

Please reload

Our Recent Posts

November 17, 2019

Please reload


Please reload




This blog is a place for me to explore issues in information security from a somewhat scholarly and very communication-centric viewpoint. Here I'll be talking about scholarly theories from my time in graduate school, best practices (both academic and not) from communication, and how they all play out in information security. I'll also be looking at specific cases and analyzing the communication around them. I'll include citations and links to relevant resources as appropriate in my posts so you can continue explroing some of these topics on your own.



I have my M.A. in communication from the University of Maryland. My research there focused primarily on crisis communication and public relations. Using theories from those fields, I’ve begun examining certain information security issues. Specifically how organizations and individuals communicate about infosec and how it can be done more effectively.