- I study the intersection of human-computer interaction and systems security, investigating users’ (mis)behavior with systems security. Oftentimes users are unwilling to report socially unacceptable behavior such as violating security policies. Or, they are unable to explain why they did not notice a security warning. Furthermore, it is challenging to ask users about their security behavior and still obtain ecologically-valid data since doing so primes users to think about security. This is problematic because in practice, security tasks are secondary tasks – they are not the focus of primary attention. Given these challenges, studying this field while still obtaining generalizable results requires carefully-crafted laboratory studies that do not prime users to security. Alternatively, field studies are required. Survey instruments can be of use to the extent that they capture constructs that are antecedents to real security behaviors.