Reflections on information security from a social science perspective

January 30, 2018

Speaking the same language as your audience is important. In most cases you're already speaking the literal, high-level language of your audience but it's a lot more nuanced than that. Language at a lower level is one thing that trips people up on the way to understand...

January 16, 2018

There are a lot of ways to think about audiences of information security messages. Your relationship to your audience influences how you communicate with them. Why are they listening to you? Are you part of an internal team - are you communicating with your coworkers -...

December 13, 2017

Last post, I went over two methods for understanding or segmenting your audience. The first was based on the influence you have over your audience - why are they listening to you in the first place?

  • Affinity

  • Required to listen

    • Structural reasons

    • ...

July 3, 2017

It’s commonly known that we (humans) are bad a evaluating risk. We're consumed by worry about risks that are unlikely to impact us and disregard risks that are more likely. People are afraid of flying and worried about terrorist attacks but don’t think twice about gett...

Please reload

Our Recent Posts

November 17, 2019

Please reload


Please reload




This blog is a place for me to explore issues in information security from a somewhat scholarly and very communication-centric viewpoint. Here I'll be talking about scholarly theories from my time in graduate school, best practices (both academic and not) from communication, and how they all play out in information security. I'll also be looking at specific cases and analyzing the communication around them. I'll include citations and links to relevant resources as appropriate in my posts so you can continue explroing some of these topics on your own.



I have my M.A. in communication from the University of Maryland. My research there focused primarily on crisis communication and public relations. Using theories from those fields, I’ve begun examining certain information security issues. Specifically how organizations and individuals communicate about infosec and how it can be done more effectively.