• 18 Jun 2025

    Revisiting an article on the security basics I wrote over two decades ago

    This article is from 2004. Tell me what has changed or is outdated...Perhaps my reference to "SSL" VPNs or "anti-virus" software? ;) Information security isn’t what it’s cracked up to be these days.  Sure, there are vendors out there pushing faster, better, cheaper security products.  And, we have all these new fancy systems to protect our digital assets like SSL VPNs, email and wireless LAN firewalls, intellectual property “leakage” appliances ...

    Continue Reading...
  • 09 Feb 2015

    Back to basics in information security? Proven year after year but (apparently) unattainable for many.

    I'm often wrong about many things in life...just ask my wife. However, I'm feeling a bit vindicated regarding my long-standing approach to information security: address the basics, minimize your risks. You see, more and more research is backing up what I've been saying for over a decade. It what was uncovered in the new Cisco 2015 Annual Security Report. [i.e. "Less than 50 percent of respondents use standard tools such ...

    Continue Reading...
  • 21 Nov 2011

    Don’t turn a blind eye on the basics

    I'm all about shoring up the basics of Web security before throwing money at the situation. If you're interested in saving not only money but also time and effort, here are some new pieces I've written on Web security that you may be interested in: Explaining the why of Web application security Improving Web security by working with what you’ve got Not all Web vulnerability scans are created equal Why ...

    Continue Reading...
  • 17 Feb 2011

    Are you focusing on the infosec basics where it counts?

    Here's a good read from @arstechnica on the HBGary story. It's a fascinating story in and of itself. But the oversights related to information security "best practices" is amazing. What is it going to take to get people to focus on the basics? Seriously, folks...Forget about all the fancy hack attacks and complex exploits for now and fix the low-hanging fruit. It's basic triage - stop the bleeding first. Focus ...

    Continue Reading...
  • 16 Jun 2009

    Getting back to the basics – what’s it going to take?

    With all the worry about budgets and all the marketing hype over some of these fancy vendor security solutions, I still see so many simple/silly/stupid things related to IT that need to be fixed before a penny is ever spent or a single new technology is ever deployed. Things like: --Network shares sharing out entire drives full of sensitive files - accessible by anyone with just a basic network login ...

    Continue Reading...
  • 26 Jan 2026

    Security’s defensibility problem. Can you truly defend what you’ve built?

    You've secured the budget. You've implemented the program. You've checked every box on the information security checklist. Frameworks? Followed. Best practices? Established. Policies? Written and approved. The technology stack is humming along, auditors are nodding approvingly, and consultants are signing off on your approach. Everything suggests your network and information assets are locked down tight. Then the breach happens. The investigation reveals gaps you never saw coming. How did this ...

    Continue Reading...
  • 27 Oct 2025

    Doing the Hard Things (in security, and in life)

    Everything is easy, until it's not... When you start a new relationship, everything feels easy. It’s exciting. It’s fresh. You want to impress. You like being impressed. You want to explore. Every day feels like a new adventure. But then reality sets in. The fun stuff gives way to routine, and routine takes work. You start learning nuances and dynamics. You have to show up. You have to communicate. You ...

    Continue Reading...
  • 29 Jul 2025

    Don’t let your security program fail like a bad relationship

    TL;DR - Just like a relationship, a security program needs honesty, maintenance, and timely conflict resolution...or it will collapse under neglect.  Success expert Brendon Burchard said that avoidance is the best short-term strategy to escape conflict, and the best long-term strategy to ensure suffering. I've seen it countless times over the years...companies that keep kicking security problems down the road. That is, until one day, those problems explode into things ...

    Continue Reading...
  • 21 Jul 2025

    Harvard Business Review article nails the challenges with underimplemented security tools

    Harvard Business Review (HBR) just published a great piece that covers the challenges associated with information security tools and highlights many of the reasons that security programs often fail. Here’s the essence of the piece: Despite spending billions on tools, most organizations are seeing modest results. Nearly half the tools companies invest in go unused. Sound familiar? It gets better. Or worse. The article highlights various reasons why tools fail to ...

    Continue Reading...
  • 05 Jul 2025

    CIOs: You can’t afford to sit out on security (especially with AI in the mix!)

    As an information security consultant, I’ve worked with many CIOs over the years. Some get it when it comes to security… and some not so much. Those who don’t are often the ones calling me in after the fact, cleaning up breaches that could have been prevented with stronger executive engagement. I've actually seen people in this role run interference with security. I'm assuming so they weren't made to look ...

    Continue Reading...

Success expert Brian Tracy shares his thoughts on Kevin:

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:


Hacking For Dummies, 8th edition penetration testing book

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO compliance confidentiality coronavirus covid-19 cybersecurity data breaches defensibility discipline eagle syndrome hacking Hacking For Dummies helmet communications incident response keynote speaker leadership NCAA football networking outsourcing passwords patching policy enforcement Power Four rare diseases resilience Russian hacking security security leadership social engineering tethered spinal cord tiktok time management underimplemented vulnerability and penetration testing web security willingness zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.