Employees are both the first line of defence in organisations as well as a significant source of vulnerability. Behavioural research in information security (InfoSec) has studied compliance of employees with organisational directives. Less understood are ‘shadow security practices’–a related category of behaviour where employees invent InfoSec workarounds albeit with the intention of still complying with organisational InfoSec directives. In this research-in-progress paper, we present the theoretical development of a model, by conducting in-depth reviews of the relevant and multidisciplinary literatures, to identify the potential antecedents of the employees' intention to perform shadow security.