Who is Principle Logic
My name is Kevin Beaver and I am the founder and principal information security consultant of Principle Logic, LLC. I am an independent information security expert whom you can count on to help advise you on information security and compliance in order to protect your organization's network, computers, and information assets from from rogue employees and criminal hackers.

I focus on performing realistic information security assessments that will help you with compliance and minimize your business risks. I'll partner with you to come up with the right security solutions at sensible prices for these economic times. See what my clients have to say about my work.

See my bio page for more about my background and my resources page for links to the articles, whitepapers, webcasts, and books I've written about information security and compliance as well as links to my blogs and Twitter updates.

What I do
I am a consultant, speaker, and expert witness on information security and compliance and can help you with the following services:

  • Web site and application security assessments / penetration tests
  • Network vulnerability assessments and penetration tests
  • Information risk assessments, gap analyses, and pre-audits
  • Security breach analysis (if you've been hacked or had an internal security breach)
  • Security vulnerability scanning service (including PCI DSS scans)
  • Expert witness services (consulting and testimony)
  • Keynote speaking engagements
  • Information security seminars

If you want the services of an information security expert who can assess your organization's information security from an outsider's perspective, an expert witness to help you with your case, or a well-known speaker for a keynote address, seminar, or panel I can assist you. See my services page for more details on how I can help onsite or over the Internet.

Who typically hires me
My clients include internal auditors, IT managers, compliance officers, business owners, and CTOs/CIOs at Fortune 1000 corporations, banks, non-profits, software development firms, security vendors, credit unions, small businesses, universities, and municipal government agencies. I also perform subcontract work for IT and security systems integrators and consulting firms. Generally, people who need specific expertise on navigating the information security and compliance puzzles with the longer-term goal of minimizing business risks.

How I'm different
I focus on being practical in my work. I'm a technical engineer at heart that equally understands the business side of information security. I don't claim to be everything to everyone. I don't do forensics work and I don't sell or install security products. I focus solely on performing security assessments in the context of compliance and business risk management. This allows me to keep up with the latest vulnerabilities, hacker/rogue insider techniques, and testing tools to ensure you get the most current and comprehensive services possible. It also eliminates any conflicts of interest.

Rather than perform a checklist audit or run simple scans and hand over the reports, I'll provide a custom analysis of the weaknesses that matter in your environment - the ones that the regulators, your business partners, and your customers want to know about.. The good news is that you won't have to worry about completely retooling your systems and operations based on what I find. Contrary to common auditor recommendations, most information risks have simple solutions that don't have to complicate matters. I won't deliver a thick, fluffed-up report that looks pretty on the outside but doesn't contain much substance on the inside. I'll tell you just what you need to know - in a way that's easy for you and your team to understand. Nothing more and nothing less.

My formal education in engineering and business management combined with over two decades of hands-on technical experience allows me to provide practical recommendations that make good long-term business sense. No theoretical quadrant charts and no "the sky is falling" type predictions to lock down everything beyond reason. I've been doing my own thing since 2001. I'm going to keep it that way so you'll know I'll be around for the long haul. Finally, I'm also a Certified Information Systems Security Professional - CISSP - the industry standard and highest-level certification in my field.

When it comes to my expert witness work and speaking engagements I'm also a great communicator who can filter reality and facts from the hype and noise and present it in a way that everyone understands. Don't take my word for any of this. See what my clients have to say.

I've also authored/co-authored seven books on information security as follows:

Hacking For Dummies Hacking Wireless Networks For Dummies Securing the Mobile Enterprise For Dummies Laptop Encryption For Dummies

The Definitive Guide to Email Management and Security The Practical Guide to HIPAA Privacy and Security Compliance Healthcare Information Systems, 2nd edition

What you can expect when working with me
I'm committed to being an information security expert who provides a human touch, is easy to reach, and is enjoyable to do business with before, during, and after the sale. When you bring me on board as your information security expert you're going to get:

  • Fair pricing relative to the market and the expertise I bring to the table - you'll go into the engagement knowing my fees and your investment - and not get caught off-guard at the end
  • A highly-technical engineer that equally understands the business side of information security and compliance
  • Small business flexibility and response time - all with minimal overhead. This way you'll pay for knowledge, tools, and experience - not overhead for sales, marketing, operations, brand name, etc.
  • Personal touch service that the big guys can't offer - you'll have the same consultant working with you on an ongoing basis rather than a different person for each project - and no separate sales people or project managers to deal with either
  • Contextual insight into the security issues that really matter - not just someone who works off a checklist or claims everything is at risk because of unimportant issues discovered
  • Leading security testing tools including freeware, open source, and commercial products from reputable vendors.
  • Professional security assessment advice and reports containing unbiased insight and real-world recommendations that all key players in your organization can benefit from
  • A well-known leader in the industry, professional work, and unmatched information security credentials that you can share with your customers, business partners, shareholders, etc. proving that you've got the right person for the job

You'll start and end up with someone that knows your business, your network, and your needs and offers practical advice on dealing with the information security risks at hand. If we determine that your project requires greater resources than one person can handle, I'll pull in other industry leaders I've worked with and have grown to trust to ensure your work is completed in a prompt and professional manner. Either way, you'll deal with one email address, one phone number, and one person - period.

The bottom line is that I have performed the hands-on work, written the books, given the speeches, and taught the classes to form a solid reputation for my information security expertise, leadership in the industry, and ongoing customer loyalty. You'll be truly pleased.

Kevin Beaver Twitter

atlanta, georgia, incident response, hack assistance, pci expert, data security consultant, computer security consultant, security audit, compliance audit, security pre-audit, information risk assessment, security policy documentation, independent information security audit, information security seminar, expert witness, computer security expert witness, information security expert witness, daubert, compliance expert witness, hacking expert, keynote speaker, security keynote speaker, well-known security expert, web security consultant, web security assessment, independent web security audit, independent web application testing, security testing, penetration testing, software security expert, web application security, vulnerability testing, vulnerability scan, security scan, information security pre-audit, security gap analysis, qualysguard, qualys, webinspect, web inspect, PCI audit, PCI assessment, PCI scan, HIPAA consultant, GLBA consultant, got hacked, got hacked now what, security breach analysis, computer hack analysis, web site security consultant, network analyzer, sniffer, WebInspect expert, WebInspect consultant