Reflections on information security from a social science perspective

May 20, 2018

A.P. Møller-Maersk's Chariman Jim Hagemann Snabe said on a panel at the World Economic Forum in January 2018 that "we were basically average when it comes to cybersecurity, like many companies, and this was a wake up call" he also said "we chose a very open dialogue ar...

October 4, 2017

I don't want to hop on the meme-train here but the saga of Trevor gave me some ideas so here they are. Humor is rare in crisis communication but it's not unheard of. Rumor, on the other hand, is common. People seek information and explanation in a crisis and aren't as...

September 13, 2017

So, Equifax happened... this blog is not about that, even though it seems like it is. I wrote it before that news broke. Any resemblance to that situation is coincidence.

Previously, I went through the first two stages of CERC, pre-crisis and initial, and how they inter...

September 6, 2017

In previous posts, I examined the use of communication at the more granular level of technical attribution, now I'd like to zoom out a bit. I want to examine incident response and how communication can be used throughout the process. Based on my research and conversati...

August 29, 2017

In a previous post, I presented a couple of cases in which communicative attribution (responsibility) and technical attribution conflicted. I selected those cases specifically to show that the public (media, employees, etc.) can pick and choose whether or not to incorp...

August 7, 2017

Attribution is a linguistic overlap between crisis communication theory and information security. Both of these fields rely on attribution and, while they are similar at the conceptual level (who is responsible), they are very different in how they are used. How terms...

June 7, 2017

My background is in crisis communication and I wanted to start off by explaining how I see the overlap between information security and crisis communication. Most scholars see crises as cycles, there is debate about how many stages there are and what they should be cal...

Please reload

Our Recent Posts

November 17, 2019

Please reload


Please reload




This blog is a place for me to explore issues in information security from a somewhat scholarly and very communication-centric viewpoint. Here I'll be talking about scholarly theories from my time in graduate school, best practices (both academic and not) from communication, and how they all play out in information security. I'll also be looking at specific cases and analyzing the communication around them. I'll include citations and links to relevant resources as appropriate in my posts so you can continue explroing some of these topics on your own.



I have my M.A. in communication from the University of Maryland. My research there focused primarily on crisis communication and public relations. Using theories from those fields, I’ve begun examining certain information security issues. Specifically how organizations and individuals communicate about infosec and how it can be done more effectively.