Reflections on information security from a social science perspective

November 13, 2017

There are a few more things you might want to consider when you're using benefit framing for infosec. These are slightly more advanced considerations but they're at least worth having on your mind.

"Topping out"

This is the idea that certain people won't respond to your...

November 6, 2017

Last time, I introduced the basics of gain-loss framing from health communication. I also discussed how this approach should be applied to infosec issues. Now I'm going to give you more detail on how to actually use gain-loss framing.

What needs to be manipulated

In orde...

October 26, 2017

I've spoken before about the need for infosec communication and persuasion to move in a more positive and proactive direction. (This isn't an original argument. @iMeluny and @jessysaurusrex have been saying this for a long time now, among others.) Fear isn't an effecti...

July 12, 2017

UPDATE: I gave a talk on this at BSidesDC and Delaware 2017. Here are my slides for that talk. 

I've wanted to cover efficacy for a while. When talking with people at conferences like BSides, it kept popping to mind as a solution to some of the problems I kept hearing a...

July 3, 2017

It’s commonly known that we (humans) are bad a evaluating risk. We're consumed by worry about risks that are unlikely to impact us and disregard risks that are more likely. People are afraid of flying and worried about terrorist attacks but don’t think twice about gett...

June 26, 2017

Now that I’ve covered the first incident that pulled me into security communication and shown how infosec and crisis communication intersect, I’m happy to move on. Too often, communication is only used in infosec when there is a crisis. Communication has a lot more to...

Please reload

Our Recent Posts

November 17, 2019

Please reload


Please reload




This blog is a place for me to explore issues in information security from a somewhat scholarly and very communication-centric viewpoint. Here I'll be talking about scholarly theories from my time in graduate school, best practices (both academic and not) from communication, and how they all play out in information security. I'll also be looking at specific cases and analyzing the communication around them. I'll include citations and links to relevant resources as appropriate in my posts so you can continue explroing some of these topics on your own.



I have my M.A. in communication from the University of Maryland. My research there focused primarily on crisis communication and public relations. Using theories from those fields, I’ve begun examining certain information security issues. Specifically how organizations and individuals communicate about infosec and how it can be done more effectively.