Theorising the ‘Security Influencer’: Speaking security, terror and Muslims on social media during the Manchester bombings

Security studies literature neglects social media’s potential for lay actors to become influential within security debates. This article develops the concept of ‘security influencers’, bringing literature from marketing into the security debate to understand how social media enables individuals to ‘speak’ and contest security and how lay actors exert influence. Methodologically, this article applies a multi-methods approach to 27,367 tweets to identify and analyse the top four most influential actors in 48 hours following the 2017 bombings by keywords ‘Manchester’ and ‘Muslims’. This article builds a typology of security influencers nuancing definitions of the passive ‘security broadcaster’ and the active ‘security engager’, both of which emerge from obscurity or influence within non-security domains. Furthermore, a dichotomy emerges within influential messages and contestation; messages discussing Muslims in banal terms as diverse individuals register high levels of agreement, whereas those discussing Islam as a world religion receive more hostility and contestation.


Introducing security, influencers and Manchester
On the 22nd of May 2017, a British man, Salman Abedi, detonated a suicide bomb in the Manchester Arena re-igniting debates about counterterrorism and radicalisation (Hedges, 2017) and presenting multiple discursive implications for existing debates. Prior UK constructions of British Muslims had been dominated by integration and security concerns (Poole, 2002;Saeed, 2007;Sian et al., 2012) for more than a decade in light of 9/11 and the war on terror. However, the media landscape had shifted since previous attacks with the Manchester bombing occurring in the social media era and not requiring individuals wishing to debate to wait for newspaper editorials, nor academic and policy literature that trickled out in the following years. Users could take to social media platforms, like Twitter, immediately after the attack. Such immediacy and the democratic nature of social media challenges established bodies of security scholarship; moreover, social media itself remains under theorised within constructivist discussions.
The elite centric Copenhagen School (Buzan et al., 1997) defined the discursive turn in security studies by introducing constructivism to questions of threat emergence. Here, elites competed to structure security debates and threats and move issues between emergency and non-emergency politics. However, the hierarchical nature of this work leaves little room for understanding how 'non-elites' discuss, redefine and contest security narratives. Thus, the Copenhagen school cannot offer a conceptualisation of how constructivist notions of security apply outside of the context of the elite. A response has been vernacular security studies (Bubandt, 2005;Jarvis, 2019) which consider the voice of non-elite actors within constructivist security equations. Vernacular security brings 'lay' actors into the equation, offering insights into how security is constructed through local idioms. This, however, does not allow for conceptualisation of key differentiating factors within the democratised landscape of social media and inequalities of influence; insights from social media enable us to begin to understand how some vernacular security speak is 'more equal' than others. Social media presents constructivist security scholars with a theatre of study sitting somewhere between the 'flat' plane of vernacular and hierarchical notions of the Copenhagen school in that, while anyone theoretically can 'speak' security on social media, only a few will become influential doing so. This article intervenes in this understudied field posing the research question 'How do security influencers emerge on social media?' So, this article contributes to understandings of constructivist security through analysing social media outputs to understand who is influential in the security debate and how. Working at the intersection of 'flat' vernacular and 'hierarchical' Copenhagen School understandings of security it identifies mechanisms of security influencers' rise to prominence, speaking to the reality of the social media landscape that renders security speak neither radically flat nor rigidly hierarchical. This enables incorporation of notions of non-elite actors speaking security in ways that enable novel theoretical insights for both schools of critical security.
Answering this question requires an innovative approach applying concepts and tools used to identify social media influencers from digital marketing literature, where they are seen existing in competition and coexistence with professional media (Del Fresno García et al. 2016). In addition, they are considered influential through self-branding and (Khamis et al., 2017) and acquired influencer capital (Freberg et al., 2011). This article problematises constructivist understandings of who does security speak but also notions that an influencer has to have become established and acquired capital with several influencers identified having no prior influence before becoming key in driving the debate.

Conceptualising Manchester and security challenges on social media
This article seeks to intervene within constructivist debates on security and thus requires grounding in both hierarchical theory such as the Copenhagen School and flatter Vernacular security studies discussion. This demonstrates how neither hierarchical nor flat theories accurately account for differentiation of actors' influence when speaking about security on social media. To account for this question of influence and allow us to typologise the security influencer, we must also account for digital marketing literature considering social influence and influencers. It is also important to consider implications that specifics of this study have for ongoing discussions within the Critical Terrorism Studies field that foreground constructivist dimensions of such events. Finally, Manchester occurred within, and gave renewed impetus to debates about the place of Muslims in British society and the wider integration debate.

Challenging constructivist understandings of security
Constructivist understandings of security are well established. The Copenhagen school of (de)securitisation made the central important observation for this study that security is a domain not of 'objective' realities, but rather 'subjective' constructions created through narratives (Inter alia Buzan et al., 1997). This has implications because successful 'securitisation' of a subject as a threat moves them from 'normal' to emergency politics (Buzan et al., 1997). Constructivist notions of security are not a panacea; indeed, they have failed in normative missions to de-construct issues back into realms of normal politics (to 'desecuritise') (Coskun, 2011;Rumelili, 2013). This has relevance to construction of Muslim minorities during terror events because of the intersection of an individual perpetrated episode of insecurity ostensibly in the name of a religion which has become widely used, even if as a homogenising and extremely problematic label to denote a diverse minority diaspora group. Thus, existence of collective nouns such as 'Muslims' denotes commonality and homogeneity running contrary to de-construction and nuancing group identity, and further to de-constructing notions of security threats (Roe, 2004).
While considering questions of how social media influence relates to construction of terror threats, it is worth pausing to question 'who' does this constructivism. The Copenhagen school is elite focused, where the security elite is situated to do the construction through authority endowed actors that speak security (Buzan et al., 1997). Critiques have emerged of the voicelessness of those excluded from elite focused conversations (McDonald, 2008) and the insecurity of silence (Hansen, 2000) created.
These critiques have found a response through 'vernacular' security studies (Inter alia Jarvis and Lister, 2013;Vaughan-Williams and Stevens, 2016) which have made inroads in conceptualising how everyday discussions of security occur away from the historically privileged state elites of the Copenhagen School. Yet, 'vernacular' conceptualises ways security is constructed in everyday terms and privileges the plurality of ways security is practised, requiring context specific understanding of idioms of uncertainty and fear about global, national and/or local security concerns (Bubandt, 2005;Jarvis and Lister, 2013). Thus, vernacular security prioritises stories of marginalised groups within global politics and seeks to understand how 'citizens . . . construct and describe experiences of security and insecurity in their own vocabularies, cultural repertoires' (Croft and Vaughan-Williams, 2017). Coming without conceptions of what security is or should be, provides vernacular security studies with a theoretical 'emptiness' allowing for truly inductive insights into public experience, understanding and anxiety (Jarvis, 2019). These theoretical insights provide space for a fusion of security literature with social media influence and what we can learn from how new media technologies present a context; within these security can be discussed by everyday actors where these themselves become influential.

Bringing marketing knowledge to security: the 'Influencer'
This research will nuance a definition of the social media security influencer. Influencers are primarily considered within marketing (Gorry and Westbrook, 2009) as representing independent third-party endorsers shaping audience attitudes through shared online content. Although there have been significant academic definition influencers (Bakshy et al., 2011) and quantifying influence (Anger and Kittl, 2011), there is a little consideration of typologies (Au-Yong-Oliveira et al., 2019).
Within this research social media enables the security 'layman' to act as a security influencer. As discussed, the influencer concept comes from marking and has been used to describe emergence of an independent actors who shapes attitudes through social media in competition/coexistence with 'professional media' (Del Fresno García et al., 2016). The term 'influence' has been applied to highly organised leveraging of social media to cultivate neo-liberal individualist 'self-branding' (Khamis et al., 2017) and production of 'Social media influencer capital' through third-party endorsement (Freberg et al., 2011) shaping audience perceptions. Influencers with the highest potential influence identified within this article are not organised in creating an individual 'security brand' to cultivate influence, instead taking micro or nano 'security' influencer form (Au-Yong-Oliveira et al., 2019). As such, although they do correspond with the influencer definition in providing third-party content production and endorsement of discourse of security and they are neither traditional state security elite nor self-affiliating with a terror group or vector of insecurity. In this case, their influence emerges through engagement with content by followers and messages shared and from their established platforms which they have previously used for often different purposes.
This dovetails with observations that security has bled into practice and vernacular of daily life through routine data collection and CCTV operation (Huysmans, 2011) immersing individuals in constant engagement with security. Here, the security/technology nexus becomes increasingly important not simply as something which surveys and monitors individuals, but democratises abilities to subvert, re-make and challenge dominant narratives and constructions of events.

Influencing constructivist understandings of terrorism
Critical Terrorism Studies (CTS) emphasises constructivist dimensions inherent in subjective, dynamic, social and political factors contributing to understandings of terror (Gunning and Jackson, 2011). These observations have emerged from critique of empirical, conceptual and ontological weaknesses in conventional terrorism studies (inter alia Gunning, 2007;Jackson et al., 2007). Essentially, CTS argues the importance of foregrounding constructions of terrorism embedded in political and ideological debates, competitions and concerns (Gunning, 2007;Jarvis, 2009). Thus, here the broader discursive dimensions of terrorism are shaped not in a vacuum, but in dialogue with, and influenced by, political, ideological and power concerns. This has spawned enquiry into the cultural dimensions' terrorism takes in contemporary times where it is increasingly part of life (Erickson, 2008). Furthermore, current scholarship on 'hard' aspects of the Internet where extremism/dissent can spread through 'electronic-jihad' (Aly et al., 2016) also presents valuable insights through which to expand on cultural, social and local means through which terrorism and security are discussed and constructed. Thus, this study will offer insight into how varying types of security speak contribute to constructivist dimensions of events, such as Manchester.

Manchester and British Muslims
Post-event initial reaction on social media relied on stereotyping creating temporary antiimmigrant sentiment (Cappiali et al., 2018). Furthermore, 'liked' messages generally contained emotive/human content, both positive and negative in nature (Zhao and Zhan 2019). While framing varied by media outlet (Nazmi, 2018), Manchester was typical in that anger, rather than fear, typified public response (Roach et al., 2020), yet also raised questions about radicalisation (Hedges, 2017).
These observations echo ongoing debates about security and British Muslims stretching back to the Iranian Revolution and the Satanic Verses scandal (Modood, 2006). However, in post-9/11 times, British Muslims are increasingly situated as existential threats to UK liberal political and social order (Moore et al., 2008;Poole, 2002;Saeed, 2007;Sian et al., 2012). Coverage focuses on recurring concerns of terror, religious and cultural difference and extremism (Moore et al., 2008) with two-thirds during this period situating Muslims as a threat and/or problem (Abbas, 2004;Moore et al., 2008). This has stripped British Muslim agency; they are reported, written about, yet rarely given voice (Ahmed, 2009). Yet, British Muslims have conversely exerted agency in social and political representation (Adamson, 2011;Kahani-Hopkins and Hopkins, 2010). Nuancing this further, the British context has caused dichotomisation into 'good' and 'bad' British Muslims with the 'good' encouraged to denounce the 'bad' (Sirin and Fine, 2007), or the 'good' requiring coercive liberation from the 'bad' (Maira, 2009;Mamdani, 2008). In the United Kingdom, such calls to denounce are seen within government policy through the prevent strategy (Qurashi, 2018).

A sequential multi-methods approach to the emergence of security influencers
This article seeks to build a typology of security influencers showing the different ways they emerge and go on to influence the security debate. The four clusters identified in this study have one commonality; they emerge from security obscurity to positions of influence. However, they exhibit significant differences in that some are influential in other Twitter domains with large numbers of followers while others are more generally obscure. In addition, two of the users engage with the questions of Muslims in security in 'secular' ways discussing Muslims as a social group, while two engage more overtly with religion by attempting to delineate Islam as a religion from violent acts of terrorism. Building a typology better enables this article to engage with security literature in identifying mechanisms by which non-security elites become influential within security debates in a multiplicity of different ways.
Once Twitter data collection was complete, a multi-methods approach facilitated the capturing of these complexities. Multi-methods approaches emerge to answer complex social science questions (Greene, 2015) such as the research question posed here. Identifying how security influencers emerge cannot be adequately captured using a single methodological approach as social network analysis offers insights into structures of networks, but fails to capture discursive content; yet, both of these are vital for an understanding security speak and who becomes important generating it. However, it is important to be specific when adopting a multi-methods approach as their very concept have caused significant debate and confusion within the social sciences in past decades in both definition and application (Anguera et al., 2018). This article thus draws on an advantage of multi-methods approaches; that they can be used in sequence or in parallel and thus do not require integrating until results are obtained and inferences can be made (Johnson et al., 2007). Thus, this article applies a sequential approach where different, yet complimentary methods are applied in turn to gain overlaying insights to answer how security influencers emerge. The sequence and rationale is as follows: 1. Mapping data into a social network graph to identify users who are the most influential by betweenness centrality. This gives a structural indication of who is influential but does not enable the understanding of on what terms their influence is based beyond numerical betweenness centrality scores. Theoretically, this demonstrates that neither the Copenhagen school's (Buzan et al., 1997) hierarchical, elite notion of security speak captures this current research's online security influencers because none of the four users identified are security elites. It also contests vernacular securities' (Bubandt, 2005) understandings of security speak because it demonstrates that the landscape for social media users is not 'flat' but that hierarchies emerge. 2. The complete networks of the four most influential users are extracted to allow examination of how they are influential discursively and provide insights into how their debate is structured. This required a thematic analysis exploring which key themes emerge in response to the most influential users' initial messages, and in parallel a sentiment analysis to see if they agree with or contest the original message.

Collecting Twitter data about security
The data analysed in this study were a sub-sample of 27,367 tweets for 48 hours running from the 21st May 2017 beginning at 10:57:29 p.m. until the 23rd May 2017 at 9:59:53 a.m., of a larger 96-hour, 187,000 tweet dataset. This was a complete firehose application programming interface (API) data, guaranteeing a full sample of non-deleted tweets but at cost from the decommissioned 'texifter' service. The tweets were collected using a keyword search of 'Manchester' and 'Muslim'. Tweets here are reproduced in a non-edited form in line with Twitter's requirements for researchers to re-produce tweets in unedited forms. A sacrifice was use of a signifier of difference, 'Muslim', within search terms limiting this study to only mentions on Twitter where 'Muslims' are referred to by this signifier of difference and not neutrally. This has conceptual implications, as Muslims are not just reported on as such but are covered in many different ways. Ideally, if data were freely available, it would have been beneficial to collect a more general dataset and examine discourse and networks where 'Muslims' were also covered without this signifier of difference being mentioned providing a broader picture of discursive constructions.

Using Social Network Analysis to identify security influencers
The first step in understanding how security influencers emerge is to use social network analysis (SNA) to define the most influential within the security debate. It is important to note here that 'influential' does not mean either 1. Simply producing viral tweets that are unconsciously spread; or 2. Influencing real world behaviour.
Rather, influence in this case is about driving debate on social media through engagement which can be agreement or contestation and which requires further analysis steps because SNA alone cannot provide us insights into this.
However, SNA can demonstrate who emerges as the most influential within the security debate at a particular point in time. Once raw Twitter data were converted to .graphml format, the data could be imported into Gephi enabling rendering of large datasets into complex 'sociograms' where, individuals are represented by points (nodes), and interactions by lines (edges). This enables us to investigate the following: 1. How individuals share messages; 2. How their behaviour forms clusters; 3. The relationships between clusters of messages.
Thus, a fundamental of SNA is examining structural relationships between socially connected actors (Davies, 2009) to understand salience of messages (Ahmed and Lugovic, 2019). This is important as a first step in understanding how non-elite actors produce security speak because SNA gives structure to a dataset and enables visualisation of who the influential actors are. This is done through SNA's ability to classify tweets into 'clusters' and to see how narratives spread and are contested within these. The value is that individual graphs can be extracted from a network and analysed instead of considering the whole network, valuable when considering network domains (White, 2008). This is important in an era of highly polarised politics where it is conceptualised that messages spread within separate 'echo chambers' without intersecting (Guo et al., 2020). Thus, the fundamental concern of SNA is to examine what structures relationships between individuals (Ahmed et al., 2017;Gardy et al., 2011;Scott, 2017), here with the sharing of ideas and narratives between actors and organisations. SNA is limited, however, because it sites analytical primacy not at the level of the individual, but through connections in which they are embedded in (De Nooy et al., 2018). However, using SNA overcomes some of these limitations because it offers identification of key 'influencers', that being, individuals responsible for creating narratives spread by others and thus, the most frequently interacted with narratives can be identified. Figure 1 graphically represents the four principle sub-networks where it can be seen how four influential conversations emerge from four separate tweets; these users tweet a message that becomes influential in the security debate on Twitter in this 48-hour period. Table 1 shows numbers that substantiate these users as the most influential by shares and betweenness centrality. Betweenness centrality in SNA is a measure within a graph based on shortest paths. Within sociograms, with every pair of vertices in a connected graph, there will be at least one shortest path; the betweenness centrality for each vertex is the number of these shortest paths. In network theory, it is a measure that represents the degree to which nodes stand between each other; nodes with higher betweenness centrality would have more control over the network, because more information will always pass through that node. As such, the nodes detailed in Table 1 with the highest betweenness centralities demonstrate their capacity to influence.
The SNA also demonstrates how influencers' conversations have little interaction with others; conversations analysed remain discrete and contestation/agreement occur within specific clusters without spreading, even though they emerge thematically and are empirically similar in message. It is this ability to gain insight into the largest clusters that enable the data to be sorted into separate graphs, and analysable datasets, so that the mechanics of security influence can be considered in more depth. Thus, the first step in analysing how security influencers emerge in more depth is to dissect the narratives which emerge within the most influential and important clusters.

Sentiment analysis and contestation as influence
Once SNA revealed the security influencers identity and their clusters of interactions, cluster contents were extracted in their entirety using NodeXL (2020) which can extract a dataset's individual Twitter IDs. This provides the data for the next step in the sequential multi-methods approach to identify how security influencers emerge by agreement/ contestation of their tweets and the content of these agreements/contestations. This aligns with a key mission over the past two decades of critical security studies literature to understand the content of messages and the terms upon which the security debate is structured (Buzan et al., 1997;Jarvis and Lister, 2013).
The first step in this was to analyse the agreement/contestation of the original security influencers' message. All four actors who emerged as highly influential in the debate in the 48 hours following the bombing expressed similar sentiments; that Muslims as a social group or Islam as a global religion should be differentiated from those responsible. This stirred significant debate within the clusters and drove the importance of the security influencers in structuring the debate. This was measured using a sentiment analysis which methodologically sets out to consider opinion and sentiment towards entities such as a product, service, organisation, individual, issue or event and their attributes (Dave et al., 2003;Nasukawa and Yi, 2003;Turney, 2002). Through this method, classification is applied to opinions which express/imply positive or negative sentiments and has been applied across disciplines and contexts (Feldman, 2013;Liu, 2012). In this case, it was used to determine attitude of a 'speaker' (Feldman, 2013) to the influencers' original tweet with every tweet within the four-cluster logged as 'agree', 'contest' or 'neutral'. While sentiment analysis gives an indication of the sentiment of replies vis-à-vis the original tweet, it does not offer deeper insights into discursive terms on which the security debate is structured and thus does not offer insight into the discursive terms upon which security influencers emerge. This required a thematic analysis to define the key themes which emerge in the security debate and thus, the themes which drive the influence of the security influencer. This study chooses to operationalise discourse analysis through a thematic analysis approach using the six-step coding process (Fereday, Muir-, and Cochrane, 2006). This six-step process involved the following: 1. Familiarisation with data; 2. Generating initial codes; 3. Searching for themes; 4. Reviewing themes; 5. Designing/naming themes; 6. Producing the final report.
This worked well because sentiment analysis enabled the first two steps to be completed, these being familiarisation and generating initial codes. This reflective approach is suitable because one cannot know the content of a Twitter dataset even when searching with specific keywords/hashtags because of the unpredictable nature of how narratives are created. This sequential application of three methodologies in a coherent multi-method approach enables insights to be gained into the security influencers that would have been impossible with a single method.

Passive, active and deeply contested: typologising the security influencer
The innovative, sequential multi-methods approach enables this article to build a typology of the different ways in which security influencers emerge. Importantly, this moves beyond the surface level of identifying the most influential clusters within the network, but also identifies the discursive terms upon which the security debate is structured. This is important due to conceptualisations in security literature regarding how messages are created and spread. As discussed, the Copenhagen School's hierarchical model advocates that security elites are the most important in debate shaping (Buzan et al., 1997), yet, this does not account here for emergence of 'lay' actors, or those with influencer capital in other areas shaping the debate. In addition, 'flatter' conceptions of security speak in vernacular security theory (Bubandt, 2005; Jarvis, 2019) do not give insight into how disparities of influence occur within vernacular security speak on social media. The case studies presented demonstrate that more nuanced understanding of both the nature and production of discourse needs to be developed to understand security speak on social media. Within this, a typology emerges from this study giving nuance to this discussion as users with little or no influencer capital emerge and become influential and then fall back into obscurity. In addition, others pivot their influencer capital from unrelated arenas to become temporary security influencers.

Passive security influencers: 'Security Broadcasters'
The first type of security influencer emerging within the dataset are 'security broadcasters'. This type of security influencer simply broadcasts a message that becomes influential without further engagement from the influencer. This is interesting because critical security studies conceptualise elite generated security discourse in this way. The Copenhagen school sees the elite as in a position of power projecting their security narratives to the audience (Huysmans, 2011). In this respect, we identify that non-security elites on social media become influential in ways similar to that of established security elites. Here, they project a message to their online audience and do not engage in further debate. Within this type, the two users have varying levels of influencer capital, one user becoming influential from total obscurity and the other pivoting influencer capital from a non-security field. This dovetails in a transient and ephemeral way with unidirectional, hierarchical notions of elite-audience relationships in the Copenhagen school (Buzan et al., 1997). Thus, the security broadcaster demonstrates a paradoxical relationship to the notion of the increased democratisation of security speak in that an actor can create and broadcast a message which can be contested, yet does not reply.
The first broadcaster, @EmilyPriceMan tweets a message (Figure 2) that constructs the Muslim community in 'banal' terms (Downing, 2019) as everyday actors playing roles in society as 'taxi drivers, police officers, doctors', supporting the victims of the attack.
Here, Emily becomes influential by positioning herself in oppositions to dominant narratives within the United Kingdom situating Muslims and Islam as security threats (Moore et al., 2008;Poole, 2002). As CTS argue that terrorism has become a feature of everyday life (Erickson, 2008), this clear situation within the debate demonstrates that actors who become influential demonstrate a literacy in dominant debates about terror. Thus, we see here that lay actors can become important in the security debate by opposing dominant narratives that hint at new media offering the ability of alternative voices to emerge on security issues that can be influential within the debate. Within this, Emily rises to prominence by seeking to make claims about the 'banality' of Muslims as social actors akin to non-Muslims in fulfilling important social functions. This theme has emerged in other social media constructions of terror attacks that have resulted in Muslim victimhood (Downing, 2019) where users have sought to attach Muslim minorities to the broader national narrative. This discourse of banality, while contested, meets with majority agreement ( Table 2 presents a summary of discourse by theme).
Agreement by users who engage with the original tweet (45% of total engagement) continues in this vein in seeking to de-construct these dominant notions of Muslims as security threats (Moore et al., 2008;Poole, 2002;Saeed, 2007;Sian et al., 2012). Other users agree by specifically pointing to examples of mass violence, such as the Irish Republican Army (IRA) bombings of Manchester, to highlight that non-Muslims also engage in terrorism.
A significant number of users also contest the notions expressed in the original tweet (36% of total engagements). Within these, they engage with the broader debates about Muslims as security threats and Islam as a vector of global violence in diametrically opposing ways, repeating tropes about Islam being violent and committing acts of gendered oppression (Allen, 2010; Figure 3).

Cross-platform broadcaster
The second security influencer demonstrates a different profile; they have existing influencer capital in a non-security domain that they pivot to discussing security. Here, she also presents a different argument in seeking to nuance discussions of terror by arguing that Islam as a global religion is not the cause of violence (Figure 4). Once again, she seeks to situate herself outside of the dominant discursive UK context where Islam and Muslims are securitised (Moore et al., 2008;Poole, 2002), demonstrating a literacy with key debates about terrorism in the United Kingdom and globally.
Here, @nhkindness' original tweet takes a different thematic tact form the first security broadcaster in that her message engages not with the banality of Muslims as a social group but with Islam as a religion in a larger global context (Figure 4).
This produces a different response with 56% of engagements disagreeing with the original tweet (Table 3).
The disagreement ( Figure 5) aligns closely with the dominant discursive UK context that Islam is a problematic religion and Muslims a security threat (Moore et al., 2008; Poole, 2002). Thus, the discursive shift the influencer makes towards discussions of religion and not a local social group generates more disagreement and problematic responses. Structuring this discussion around religion and violence generates a theme not seen in secular discussions of Muslims as a social group; an overt discussion of 'liberals' and 'liberalism' as a problem and a key driver of terrorism. This echoes Alt-Right discourse (Michelsen and De Orellana, 2019) promoting illiberal political, different social norms and migration as solutions to terrorism. CTS argue that terrorism is constructed by security elites drawing on social and political factors (Gunning and Jackson, 2011). The structure of this disagreement shows that this is also true of social media users who bring in larger discussions about liberal politics into the security debate.

Active security influencers: the 'Security Engagers'
Further topologising the different forms and mechanisms through which security influencers emerge uncovers security influencers that behave differently. They are not acting simply like traditional security elites conceptualised by the Copenhagen school (Buzan et al., 1997) who 'broadcast' their message to the audience, but rather they engage further with responses to their messages on social media. The first user has no prior social media influence in any particular domain yet rises to prominence within the debate by engaging with broader global debates about Islam specifically as a religion and not with Muslims as a local, banal, social group (Table 4). This can be seen in the text and photo tweeted by the user articulating the sentiment that the individual responsible for the attack "was a monster not a Muslim" (Figure 6). Analogous to the second security broadcaster, whose message about religion met with majority contestation, this engagers' discussion of religion meets with majority contestation (61%). Similar to the previous religious message of the security broadcaster, contestation is centred on dominant tropes of Muslims as terrorists and Islam as violent (Moore et al., 2008;Poole, 2002). The user engages with this contestation and attempts to provide further evidence for their position, in this case, using tweets from other social media users (Figure 7). Here, this security influencer's behaviour is more like vernacular theories of security where social media users engage in a 'flatter' exchange.
Significant in this discussion is that the security influencer continues to debate, engaging in countering comments negative towards Muslims and Islam, for example Figure 7.
Yet, continued input structured around external empirical evidence does not aid in gaining traction for a particular message. Neither does (Figure 7) making a discursive shift towards depicting Muslims in banal terms as a social group away from religion.

The cross-platform engager
As seen earlier in the discussion of security broadcasters who use existing social media influence capital from another domain to become influential in the security debate, a similar trend occurs with security engagers. In this case, a Manchester United fan account with significant existing influence in the domain of sports pivots to engage in the security debate. This influencer couches discussion of Muslims in banal, local, social roles and specifically counter addresses abuses to Muslims in Manchester (Figure 8).
This banal message seeks to situate discussions about Muslims in the immediate local, human context of Manchester as non-violent seeking to differentiate their message from the dominant discursive context of the United Kingdom where Muslims are securitised (Moore et al., 2008;Poole, 2002). This meets with majority agreement (53%) in line with the previous influencers' tweet that took banal, social approaches (Table 5).
Interestingly, a theme of agreement explicitly connects terrorism and Muslim roles to larger nuancing of relationships between terror and identity; Manchester was victim of IRA attacks, which has not resulted in collective blaming of the Catholic population. Here, users are specifically engaging with labelling and construction of terror events central to critical terrorism studies (Gunning and Jackson, 2011); thus, this opens up the possibility of a larger dialogue between CTS and vernacular security studies in how everyday voices conceive of, and construct, terrorism. @TheManUtdWay engages with the conversation rebutting anti-Muslim sentiment (Figure 9). This brings further users into the debate, prompting discussions of Muslim victims within the attack, juxtaposed with perpetrators of violence. This is an explicit attempt to re-construct the meaning of the violent act to engage with the social and cultural context of terrorism (Gunning and Jackson, 2011). Here, Muslims are not just perpetrators of violence, or banal social actors who are first responders, but also victims of violence overtly perpetrated in the name of their religion.

Conclusion
This article sought to account for the emergence of security influencers through building a typology of their activities on social media. This engaged with conceptions of the structured and hierarchical Copenhagen School and less structured, flatter vernacular security studies literature to understand how security speak on social media is neither flat, nor rigidly hierarchical. Rather, social media exhibits dynamic properties of both in unpredictable ways. In particular, it is important to note here that none of the four influencers have previous security field experience yet influence the debate. The influence is also ephemeral; security influencers and the unlikely individuals becoming important structuring security speak on social media rise from positions of security obscurity and in two cases from positions of having little existing influence on social media. Essentially for 48 hours after the Manchester bombing, the four most influential actors, and four most active conversations about Muslims were created and structured by actors without security credentials, expertise nor influence in political, social or security arenas.
This study also aimed to demonstrate the contested nature of even influential security speech on social media and that contestation is an important contributing factor to the influence of the security broadcaster. Thus, it is not because one is unanimously or even migratorially agreed with that they become influential. Indeed, in part, these messages become influential, because they are contested, because contestation is an important part of engagement making the message more visible and driving engagement. A difference emerges when one considers ways in which these influencers structure discussions of the place of Muslims in light of Manchester. The two formulating messages situating Muslims in 'banal' everyday roles receive higher degrees of agreement. These messages connect Muslims to the local context and not initially to the global religion Islam or Muslims as a global social group. This is significant, offering insight into ways marginalisation of Muslims is considered and benefits in high-security contexts of focusing on local opportunities for structuring identities.
The contestation of this security speak offers important insights for how debates about terrorism, security and Muslims are structured. Importantly, becoming an influencer does not mean you are agreed with and terms of disagreement are enlightening. The micro-discourse mirrors ongoing social and political debate about terrorism, security and integration. Emergence of an anti-Liberalism discourse is interesting although only in one conversation, demonstrating that while illiberal, alt-right, discourse emerges, it is of fairly small magnitude. Far more common is discourse around Islam and Muslims being inherently violent and Islam and liberal society irreconcilability as common themes emerging through all contestation across all actors. An important area of agreement is couched in terms nuancing terrorism and identity with the example of the IRA bombings and how the city's ethnic and religious mix was not disrupted by previous sectarian violence, or were particular communities punished for being co-religionists with terrorists.