Users are bombarded with security content from a wide variety of malicious, selfish, and benevolent third parties, which can ultimately influence users' conscious security actions and underlying security mental models. To capture user attention, third parties put effort into making parts of their content salient to users: more noticeable, more important, more entertaining, etc. We hypothesize that the style of security content can be elevated to be just as influential to users as the information communicated in that content---that users are influenced not only by "what you say" (information), but also "how you say it'' (style). Through our proposed dissertation, we will explore how style and information affect which parts of security content users find salient, and how malicious, selfish, and benevolent third parties create security content that leverages style and information to influence users' security actions and security mental models.
Richard Roberts is a Ph.D. student studying computer science at the University of Maryland, College Park, advised by Dr. Dave Levin. His research lies at the intersection of cybersecurity, usability, and measurement, with an interest in how users' security postures are influenced by non-expert sources of security information.