I work in usable privacy and security. My focus is on understanding how people's security attitudes and social environments weigh in their decision to adopt - or not adopt - secure behaviors (such as sharing passwords securely or ignoring UX cues to scams and "fake news"). I employ a mix of qualitative and quantitative methods from social science, computer science, and design. My work also is informed by prior experiences as a journalist, IT/UX specialist, and social media manager.
In 2018-19, I created the SA-6 security attitude scale. SA-6 is a six-item, self-report measure of a person's engagement with and attentiveness to cybersecurity measures. You are free to use it with attribution. Also, see my SA-13 inventory and the associated working paper for items measuring resistance and concernedness.
If you would like to become an advisee of mine at UNC Charlotte, please send me your CV and a brief summary of what you can contribute to our research group. I have mentored almost 25 students, many from outside computer science. My research examines the experiences of people who differ from the "ideal user" a system was designed for. This statement adds details about my philosophy and plans to foster diversity, equity, and inclusion in academia.
- My work with Sauvik Das, Jason I. Hong, and Laura A. Dabbish to summarize the past 35 years' work in usable security is now published! Our Security and Privacy Acceptance Framework for Foundations and Trends in Security and Privacy discusses how Awareness, Ability, and Motivation contribute to people's decision to put best practices into action.
- For Spring 2023, I am teaching the course on Usable Security and Privacy. The course number is ITIS 4420. It is designed for active learning - students read articles and watch mini-lectures before class time, then participate in activities when we meet.
- I am serving on three program committees for 2022-23: the USENIX Symposium on Usable Privacy and Security (SOUPS 2023), the ACM Fairness, Accountability, and Transparency conference (FAcct 2023), and the ACM Human Factors in Computing Systems conference (CHI 2023) subcommittee on Privacy and Security.