• 15 Mar 2012

    Flaws, compliance and the Cybersecurity Act of 2012

    Here are some new pieces I've recently written that you may be interested in...big things in security we need to have on our radar: Six Security Flaws on Your Network Right NowFind the Most Flaws By Balancing Automated Scans with Manual AnalysisCompliance is just the beginningNew and not-so-new security twists in the Cybersecurity Act of 2012Enjoy!Be sure to check out www.principlelogic.com/resources.html for links to all of my information security whitepapers, ...

    Continue Reading...
  • 23 Jan 2011

    Cybersecurity schmybersecurity

    Here are a couple of #cybersecurity pieces I authored for TechTarget's SearchCompliance.com regarding the proposed Rockefeller-Snowe Cybersecurity Act of 2009 (Senate Bill 773) and Lieberman-Collins-Carper Protecting Cyberspace as a National Asset Act of 2010 (Senate Bill 3480):Why the Cybersecurity Act is better for government than businessIs the latest cybersecurity bill an Internet takeover by the fed?You know how I am about government growth and its intrusion into the free market. ...

    Continue Reading...
  • 28 Sep 2010

    Cybersecurity Act of 2009 – It’s great for government growth!

    You may already know how I feel about our out of control government. Well here's a new piece I wrote about the Cybersecurity Act of 2009 - legislation that'll make your head spin.Why the Cybersecurity Act is better for government than businessIn subsequent edits to this article I had added some material on the new Lieberman-Carper-Collins legislation Protecting Cyberspace as a National Asset Act of 2010 (a.k.a. Senate Bill 3480) ...

    Continue Reading...
  • 20 Sep 2010

    Silent tyranny in the name of “cybersecurity”

    I just finished a new article on the Cybersecurity Act of 2009 (a.k.a. Rockefeller-Snowe Cybersecurity Act or S. 773) and the equally scary Protecting Cyberspace as a National Asset Act of 2010 (a.k.a. Lieberman-Carper-Collins or S. 3480).Goodness gracious folks. Have you read these pieces of legislation yet? Are you tracking what's going on?There's some serious government control headed our way if we sit back at let politicians force these policies ...

    Continue Reading...
  • 30 Apr 2021

    Networked IP cameras as vulnerable as ever…no excuses these days.

    You've likely heard the news about security cameras being vulnerable to exploits like what was covered in this piece: https://threatpost.com/breach-verkada-security-camera-tesla-cloudflare/164635/ I feel like I'm always talking in circles when it comes to security...stop repeating history, focus on the basics, do what you know needs to be done...It's especially true for vulnerabilities in network security cameras. A little over nine years ago I wrote about this problem with cameras that I ...

    Continue Reading...
  • 10 Feb 2021

    Review of Corporate Directors’ & Officers’ Legal Duties for Information Security and Privacy: A Turn-Key Compliance Audit Process

    One of the great tragedies impacting businesses today is the disconnection between executive leadership and the information security function. The general assumption has long been that technical staff have everything under control and, therefore, management doesn't need to get all that involved in IT security and compliance related initiatives. I first noticed this situation in the late 1990s working on information security security projects with clients. Shortly thereafter, I wrote ...

    Continue Reading...
  • 07 Mar 2020

    Speaking engagement for ALAS in Phoenix was a big success!

    I had the opportunity to be invited to speak at the Attorney's Liability Assurance Society (ALAS) 2020 Cybersecurity Conference in Phoenix, AZ last week, and it was awesome. With a great group of 220 law firm IT leaders and general counsel professionals, I presented Beyond the Policies: Top 5 Security Findings (that I see in literally every security assessment I perform). I also served as a panelist for a lively ...

    Continue Reading...
  • 30 Apr 2019

    Healthcare’s latest (ridiculous) proposal to improve security in that industry

    For years, I've ranted about the rebranding of information security to "cybersecurity". This strategy is nothing more than a means to redirect attention - even create confusion - over what we do so that something shiny, new, and sexy can be sold to those who are buying. It's bad for what we're trying to accomplish in this field. We need less confusion rather than more. Well, here's a new set ...

    Continue Reading...
  • 21 Jun 2018

    Testimonials

    Testimonials The following are testimonials from my Fortune 500, mid-market enterprise, Internet startup, software development, state and local government, and non-profit clients. Click here for testimonials on my speaking engagements. “I have known Kevin for over two decades now going back to our days working for VARs. He brings a wealth of experience ranging from penetration testing to many other security skillsets. My experience working with Kevin has been excellent. ...

    Continue Reading...
  • 21 Jun 2018

    Security Speaker

    Speaking Engagement Testimonials The following are testimonials on keynote presentations, seminars, webcasts and other talks I've given: “Kevin graciously assisted us at ASIS Hong Kong with a presentation focused on the key things that managers and physical security professionals could do to reduce the risk of cyber attack on our organisations. His advice was clear and focused and was grounded in technical facts and comprehensive research. His advice was well ...

    Continue Reading...