I am a scholar in human-computer interaction and assistant professor at the University of North Carolina at Charlotte, where I direct the Security and Privacy Experiences (SPEX) research group.

I work in usable privacy and security. My focus is on understanding how people's security attitudes and social environments weigh in their decision to adopt - or not adopt - secure behaviors (such as sharing passwords securely or ignoring UX cues to scams and "fake news"). I employ a mix of qualitative and quantitative methods from social science, computer science, and design. My work also is informed by prior experiences as a journalist, IT/UX specialist, and social media manager.

In 2018-19, I created the SA-6 security attitude scale. SA-6 is a six-item, self-report measure of a person's engagement with and attentiveness to cybersecurity measures. You are free to use it with attribution. Also, see my SA-13 inventory and the associated working paper for items measuring resistance and concernedness.

If you would like to become an advisee of mine at UNC Charlotte, please send me your CV and a brief summary of what you can contribute to our research group. (See this handout, "Applying for Grad School: What to Do and When," for advice about applications, and this webpage for advice on cold emailing.) I have mentored almost 25 students, many from outside computer science. My research examines the experiences of people who differ from the "ideal user" a system was designed for. This statement adds details about my philosophy and plans to foster diversity, equity, and inclusion in academia.

I maintain a list of publicly available Large Language Models (LLMs) and other Generative AI tools, crowdsourced from my courses and audiences for my speaking engagements. Feel free to suggest additions or edits in the comments at this link.

You can book time with me during my office hours on campus using my Calendly link.

Interested in survey research for HCI? Check out (and comment on) my list of books, papers and blog posts that either helped me or are good exemplars (yes, some of them are my own papers) at this link.

Recent news:

  • I help run the CyberDNA Center's Cybersecurity Reading Group. Meetings alternate on Thursdays with scheduled presentations of research. Contact Dr. Bill Chu or myself if you are interested in attending.
  • Many thanks to the Center for Cybersecurity Analytics and Automation for my recent $50,000 grant to study vulnerabilities and solutions to counter fraudulent SMS text messages, known as "SMShing."
  • For Spring 2024, I am teaching one face-to-face course: ITIS 4214: Usable Privacy and Security. This is an undergraduate course designed for active learning - students read articles and watch mini-lectures before class time, then participate in activities when we meet. I also am taking on 1-3 independent-study students (ITIS 4990 or grad equivalent). Contact me if you are interested in working with me on a specific research topic.