Principle Logic, LLC - Information security assessments, speaking engagements, writing, and expert witness services

Security Assessments

Web Site and Application Vulnerability Assessments and Penetration Tests
Independent vulnerability assessments of your Web sites or applications are a great way to uncover some of the greatest risks to your business. Whether it's an in-depth look at all of your Web-based server systems, a penetration test of a specific Web application, or source code review this assessment is beneficial for product marketing, regulatory and business partner contract compliance, and general improvement of the end product. Or, if your organization falls under the PCI Data Security Standard requirements, I can help you with your security assessments. Using well-known and widely-accepted commercial tools such as HP's WebInspect and Acunetix Web Vulnerability Scanner combined with in-depth manual analysis I will look at your Web site/application from an untrusted outsider, trusted insider or both. I'll provide you with a detailed report* on exactly what you need to focus your efforts on to reduce your risks. I can also perform a remediation validation assessment and deliver a summary report outlining which of the initial assessment findings have been resolved for you to share with your customers or business partners. Consider this type of testing if you're an organization with a Web presence, software vendor or development firm looking to enhance your application or product positioning from an information security or compliance perspective, responsible for the security of in-house applications, or you're looking to evaluate third-party software before making an investment.

Network Vulnerability Assessments and Penetration Tests
Network vulnerability assessments are great for discovering technical weaknesses that exist in your computers, wireless systems, and overall network. Sometimes referred to as penetration tests and vulnerability assessments, I can tailor this type of testing based on exactly what you need. Using well-known and widely-accepted commercial tools such as QualysGuard as well as in-depth manual analysis I will look at your external and/or internal systems from the perspective of an untrusted outsider, trusted insider, or both. I'll provide you with a detailed report* on exactly what you need to focus your efforts on to reduce your risks. Consider this type of testing if you wish to determine where your systems are currently vulnerable or wish to have periodic assessments (i.e. quarterly, bi-annually, etc.) to ensure no new vulnerabilities have cropped up and to help your organization meet the various regulatory requirements for ongoing security evaluations.

Phishing and Social Engineering Assessments
Phishing and related social engineering tests will help you see where your technical controls stop and apathy, carelessness and lack of awareness on the part of your employees begins. I've found that relatively simple phishing tests create eye-opening results but will work with you to come up with any additional tests you think are needed beyond that. Consider this type of assessment if you're wanting to find the "soft" security issues in your business that traditional technical and operational security assessments may not uncover.

Incident Response and Security Breach Analysis
If your business has been hacked or you suspect some form of security breach (internal or external) has occured, I can help you find the operational and technical security weaknesses that may have been exploited and consult with you on how you can improve your technical controls and/or IT operations to prevent future breaches from occuring. I don't do formal forensics analyses but, just as importantly, I can validate that what you're doing - or have done - to resolve the issues that led up to the breach is proper and reasonable in the context of information security.

*My security assessment reports typically include:

Listing of existing information security controls I find that support your organization's information security in a positive way
A detailed report outlining all potential and exploitable vulnerabilities discovered ranked by priority
Practical advice for addressing each finding
Screenshots and other findings uncovered during the manual assessment phase
Organizational/business process risks ranked by priority
Timeline and mitigation resource recommendations
Critical success factors to help with your overall information security strategy
Vulnerability scanner reports

Expert Witness and Litigation Support

Consulting and Testimony
For legal matters related to computer and information security, regulatory compliance, or general IT governance, I can serve as your consulting expert and/or testifying expert. My specific areas of knowledge include regulatory compliance (HIPAA, HITECH, GLBA, PCI DSS, and more), operating systems (Windows and NetWare), directory services (eDirectory and Active Directory), messaging systems (general email, Voice over IP, instant messaging, and peer to peer file [P2P] sharing systems), content filtering, security policies, remote access, mobile computing, laptop encryption, wireless network security, software security, identity theft, as well as hacking concepts, techniques, and tools. I can also perform peer reviews of security assessment reports, security audit reports, or forensics reports to help you and your client determine whether or not proper and reasonable steps were taken to minimize future information risks. I've got the expert witness experience, technical expertise, business knowledge, speaking skills, as well as industry respect and recognition to help you with your case or incident.

Speaking, Training, and Writing

Speaking Engagements
If you're putting together an IT or security-related show or conference and are looking to bring in a thought-leader and well-known expert on information security and compliance, I can help. I've keynoted conferences for Hewlett-Packard, IDC, ISSA and others and speak on engaging and timely information security topics. I can perform a keynote address, lead a seminar or serve as a panelist on the following topics that I'm passionate about:

Mobile security (smartphones, tablets, laptops, etc.)
Ethical hacking and information security testing
Web and cloud security
Information security/IT leadership and careers

Please contact me to discuss these further, throw around some new ideas, and hear about my reasonable and competitive speaking fee. In the meantime, you can see what others are saying about my abilities as a professional speaker and seminar leader .

Information Security Webcasts and Podcasts
If you're a publisher, media-based organization or technology vendor and you're looking for a thought-leader and well-known expert on information security and compliance to present a webcast / webinar or record a podcast, I can help. Please contact me to discuss this further and hear about my reasonable pricing. In the meantime, click here to see what others are saying about my speaking abilities in past seminars and keynote presentations.
_____________________________________________

Please contact me and I can help you determine which information security service is best for your organization as well as provide client references and testimonials, specific pricing for your needs, and even presentation/seminar outlines or sample assessment reports so you'll know what you'll be investing in. See what my clients are saying about me.

For your convenience I accept:

phishing test, social engineering, incident response, litigation support, hack assistance, pci expert, data security consultant, computer security consultant, security audit, compliance audit, security pre-audit, information risk assessment, security policy documentation, independent information security audit, information security seminar, expert witness, computer security expert witness, information security expert witness, daubert, compliance expert witness, hacking expert, professional speaker, keynote speaker, security keynote speaker, security panelist, well-known security expert, web security consultant, web security assessment, independent web security audit, independent web application testing, security testing, penetration testing, software security expert, web application security, vulnerability testing, vulnerability scan, security scan, information security pre-audit, security gap analysis, qualysguard, qualys, webinspect, web inspect, PCI audit, PCI assessment, PCI scan, HIPAA consultant, GLBA consultant, got hacked, security breach analysis, wireless security expert, computer hack analysis, web site security consultant, network analyzer, sniffer, WebInspect expert, WebInspect consultant, whitepaper author, whitepaper development