Who is Principle Logic

My name is Kevin Beaver and I am the founder and principal consultant of Principle Logic, LLC. I am an independent information security (a.k.a. cybersecurity) expert and I solve problems. I help my clients protect their network systems, applications, and information assets from malicious or careless employees, criminal hackers, and unforeseen events.

I’ve always believed that you can’t secure what you don’t acknowledgeSM. I focus on performing realistic information security assessments that help you find the weaknesses that count – the vital few rather than the trivial many. This approach will help you take the pain out of your compliance requirements, and most importantly, minimize your business risks. See what my clients have to say about my work.

I have over 36 years of experience in IT – the last 30 of which have been in information security. For the past two decades I’ve worked for myself full-time as an information security consultant, writer, professional speaker, and expert witness. See my bio page for more about my background and my resources page for links to the books, articles, whitepapers, webcasts, and videos I’ve written and recorded. You can also view my information security blog here.

What I do

I can help you with the following:

  • Network vulnerability and penetration testing
  • Website, web application, and API vulnerability and penetration testing
  • Mobile app vulnerability and penetration testing
  • Internet of Things (IoT) vulnerability and penetration testing
  • Social engineering, including email phishing, as part of vulnerability and penetration testing or to augment existing awareness/training efforts
  • Periodic (or one-off) vulnerability scans (directly for my business clients as well as MSPs and their customers, re-branded if needed)
  • Network and cloud security architecture reviews and configuration assessments
  • Information risk assessments/security operations reviews (policies, plans, and processes)
  • Information security consulting and virtual CISO services
  • Security questionnaires
  • Incident response planning and tabletop exercises
  • Speaking engagements (keynotes, seminars, panel discussions and webinars)
  • Expert witness consulting and litigation support services

If you want the services of an information security expert who can assess your business’s information security from an unbiased outsider’s perspective, an expert witness to help you with your case, a writer to help you develop information security content, or a well-known speaker for a keynote address, seminar, panel, or webcast I can assist you. See my services page for more details.

Who typically hires me

The people who hire me need specific expertise and assistance navigating the information security and compliance puzzles with the longer-term goal of minimizing business risks. My clients include internal auditors, IT managers, compliance officers, business owners and CTOs/CIOs/CISOs across all types of business. My client base ranges from Fortune 500 corporations to mid-market enterprises and small businesses. My clients include banks, credit unions, non-profits, software development firms, cloud service (SaaS) providers, manufacturing, biotech, IT and security products, law firms, as well as state and municipal government agencies. I also perform subcontract work for IT and security systems integrators and consulting firms, including whitelabeled vulnerability and penetration testing and virtual CISO work. I’ve gained a ton of insight and experience working for very large corporations to very small startups across every major industry – and I bring that wisdom to the work I’ll do for you.

How I’m different

In my work, I focus on “er”…I help my clients faster, better, simpler, nicer, and smarter.

I sell advice. I’ll show you where you are now and where you need to be. You’ll see immediate payback and dramatic improvements in your information security program over the long haul like my other clients have. The good news is that you won’t have to worry about completely retooling your systems and operations based on what I find. Contrary to common recommendations, most security weaknesses have simple solutions that don’t have to be complicated or expensive. I’ll educate you on what’s relevant now and, more importantly, what you actually need in order to minimize your security risks.

I don’t chase trends or fads in security. I’ll help you with the proven information security principles – many of which have been around for decades – so you can build out your information security program without having to recreate the wheel.

I don’t have “CEO” or “President” on my business card. I’m not a hands-off “analyst” calling the shots from the sidelines either. I’m a hands-on practitioner. I focus on being street smart and practical in my work. I’m a technical engineer at heart that equally understands the business side of IT and information security. I don’t sell or install security products. I focus solely on consulting and performing security assessments, making recommendations for remediation and then stepping away. This eliminates any conflicts of interest. I don’t claim to be everything to everyone but I am confident in my information security skills.

I’m not an auditor. I come in peace. I won’t beat you up but rather show you what you’re not seeing. I deliver reports to make you look good – and help you get better. I go beyond the checklists and basic vulnerability scans. I provide a custom analysis of the weaknesses that matter in your environment – the ones that your business partners, your auditors, your customers, and the regulators want to know about.

My security assessments are different from commoditized (crowdsourced) vulnerability scans or niche pen tests that are of minimal value. I’m of the belief that quality work and deliverables make all the difference – just like what my clients are saying. Proper security testing can’t be outsourced to a third-party cloud service or overseas techies who don’t understand your business and goals.

My formal education in engineering and business management combined with over three decades of hands-on technical experience allows me to provide practical recommendations that make good long-term business sense. I won’t deliver a thick, fluffed-up report that looks pretty on the outside with no substance on the inside. I’ll tell you just what you need to know – in a way that’s easy for you and your team to understand. There’s a reason I’ve written so many of those For Dummies books.

I’m a Certified Information Systems Security Professional – CISSP – the industry standard and highest-level certification in my field. When it comes to my speaking engagements I’m also a great communicator who can filter reality and facts from the hype and noise and present it in a way that everyone understands.

Don’t just take my word for any of this. See what my clients have to say.

Perhaps most importantly, I’ve been doing my own thing working for myself since 2001. I’m going to keep it that way so you’ll know I’ll be around for the long haul.

What you can expect when working with me

I’m committed to being an information security expert who provides a human touch, is easy to reach, and is enjoyable to do business with before, during and after the sale. When you bring me on board you’re going to get:

  • A well-known leader in the industry, professional work, and unmatched information security credentials that you can share with your customers, business partners, shareholders, etc. proving that you’ve got the right person for the job
  • Fair pricing relative to the market and the expertise I bring to the table – you’ll go into the engagement knowing my fees and your investment – and not get caught off-guard at the end of the project
  • A highly-technical engineer that equally understands the business side of information security and compliance
  • Someone who requires minimal time on your part. I know you’ve got audits and other projects to tend to so I’ll stay out of your way as much as I can.
  • Small business flexibility and response time – all with minimal overhead. This way you’ll pay for knowledge, tools, and experience – not overhead for sales, marketing, operations, brand name, etc.
  • Personal touch service that the big guys can’t offer – you’ll have the same consultant working with you on an ongoing basis rather than a different person for each project – and no separate sales people or project managers to deal with either.
  • Contextual insight into the security issues that really matter – not just someone who works off a checklist or claims everything is at risk because of unimportant issues discovered
  • Leading security testing tools including freeware, open source, and (mostly) commercial products from reputable vendors
  • Professional security assessment advice and reports containing unbiased insight and real-world recommendations that all key players in your organization can benefit from
  • Accessibility and responsiveness for questions that arise after your work is complete

You’ll start and end up with someone that knows your business, your network, and your needs and offers practical advice on dealing with the information security risks at hand. If we determine that your project requires greater resources than one person can handle, I’ll pull in other industry leaders I’ve worked with and have grown to trust to ensure your work is completed in a prompt and professional manner. Either way, you’ll deal with one email address, one phone number, and one person period.

The bottom line is that I have performed the hands-on work , written the books, given the speeches, and taught the classes to form a solid reputation for my information security expertise, leadership in the industry, and ongoing customer loyalty. You’ll be truly pleased.

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)

 

I’ve written/co-written 12 books on information security including: