Reflections on information security from a social science perspective

January 16, 2018

There are a lot of ways to think about audiences of information security messages. Your relationship to your audience influences how you communicate with them. Why are they listening to you? Are you part of an internal team - are you communicating with your coworkers -...

November 13, 2017

There are a few more things you might want to consider when you're using benefit framing for infosec. These are slightly more advanced considerations but they're at least worth having on your mind.

"Topping out"

This is the idea that certain people won't respond to your...

October 26, 2017

I've spoken before about the need for infosec communication and persuasion to move in a more positive and proactive direction. (This isn't an original argument. @iMeluny and @jessysaurusrex have been saying this for a long time now, among others.) Fear isn't an effecti...

September 20, 2017

Just in 2017, we've seen a lot of different types of infosec incidents gain major attention. With that attention, we've seen a variety of public responses to these incidents. There are some themes in these responses that I want to discuss here. 

One major inspiration, b...

July 26, 2017

Fear can be a great motivator but it can also be paralyzing. Scholars have examined the use of fear appeals in advertising and  public information campaigns quite thoroughly and achieved mixed results. While experimental studies have supported the motivating effect of...

July 3, 2017

It’s commonly known that we (humans) are bad a evaluating risk. We're consumed by worry about risks that are unlikely to impact us and disregard risks that are more likely. People are afraid of flying and worried about terrorist attacks but don’t think twice about gett...

Please reload

Our Recent Posts

November 17, 2019

Please reload


Please reload




This blog is a place for me to explore issues in information security from a somewhat scholarly and very communication-centric viewpoint. Here I'll be talking about scholarly theories from my time in graduate school, best practices (both academic and not) from communication, and how they all play out in information security. I'll also be looking at specific cases and analyzing the communication around them. I'll include citations and links to relevant resources as appropriate in my posts so you can continue explroing some of these topics on your own.



I have my M.A. in communication from the University of Maryland. My research there focused primarily on crisis communication and public relations. Using theories from those fields, I’ve begun examining certain information security issues. Specifically how organizations and individuals communicate about infosec and how it can be done more effectively.