• 26 Aug 2025

    Leverage MSSPs where it makes sense, but do your due diligence

    It seems that more and more businesses are leveraging managed security service providers (MSSPs) to help with ongoing security improvements. I think this is a positive sign that both IT professionals and business leaders are realizing that they can't do it all in terms of security. There’s no shame in that game if outsourcing managed security services is done for the right reasons. No doubt, some businesses wish to engage ...

    Continue Reading...
  • 29 Jul 2025

    Don’t let your security program fail like a bad relationship

    TL;DR - Just like a relationship, a security program needs honesty, maintenance, and timely conflict resolution...or it will collapse under neglect.  Success expert Brendon Burchard said that avoidance is the best short-term strategy to escape conflict, and the best long-term strategy to ensure suffering. I've seen it countless times over the years...companies that keep kicking security problems down the road. That is, until one day, those problems explode into things ...

    Continue Reading...
  • 21 Jul 2025

    Harvard Business Review article nails the challenges with underimplemented security tools

    Harvard Business Review (HBR) just published a great piece that covers the challenges associated with information security tools and highlights many of the reasons that security programs often fail. Here’s the essence of the piece: Despite spending billions on tools, most organizations are seeing modest results. Nearly half the tools companies invest in go unused. Sound familiar? It gets better. Or worse. The article highlights various reasons why tools fail to ...

    Continue Reading...
  • 19 Jul 2025

    What do truckers in the inside lanes, the Georgia State Patrol, and infosec policies have in common?

    Security policies are garbage unless someone actually enforces them. They exist to tick boxes, impress auditors, and give leadership a warm-and-fuzzy about “doing security.” But when nobody lives by them, they’re nothing but paperwork liabilities. Certainly not the safeguards many assume them to be. They're certainly not worth the paper on which they're printed, or the storage space they're occupying on the network. Security policies can be bad for business ...

    Continue Reading...
  • 05 Jul 2025

    CIOs: You can’t afford to sit out on security (especially with AI in the mix!)

    As an information security consultant, I’ve worked with many CIOs over the years. Some get it when it comes to security… and some not so much. Those who don’t are often the ones calling me in after the fact, cleaning up breaches that could have been prevented with stronger executive engagement. I've actually seen people in this role run interference with security. I'm assuming so they weren't made to look ...

    Continue Reading...
  • 18 Jun 2025

    Revisiting an article on the security basics I wrote over two decades ago

    This article is from 2004. Tell me what has changed or is outdated...Perhaps my reference to "SSL" VPNs or "anti-virus" software? ;) Information security isn’t what it’s cracked up to be these days.  Sure, there are vendors out there pushing faster, better, cheaper security products.  And, we have all these new fancy systems to protect our digital assets like SSL VPNs, email and wireless LAN firewalls, intellectual property “leakage” appliances ...

    Continue Reading...
  • 15 Jun 2025

    My guide for building out your incident response plan and program

    Security incidents are a case of when not if. Whether it’s ransomware, information theft, denial of service - you name it, you need a structured and practical approach to incident response without the fluff and vendor noise. Is TechTarget asked me to put such a guide together a few years back...but, don't worry, it's every bit as relevant today since most things with security haven't changed in decades. Sure, the ...

    Continue Reading...
  • 12 Jun 2025

    A look at Charles Cresson Wood’s Internal Policies for Artificial Intelligence Risk Management

    I’ve known Charles Cresson Wood for a long time, both as a trusted business colleague and a friend. You may know him as the creator of the original masterpiece on information security policies over two decades ago: Information Security Policies Made Easy. Charles and I have worked together on a few projects over the years, and what’s always stood out to me is his ability to tie together security, legal, ...

    Continue Reading...
  • 28 Apr 2025

    Adoption, perception, strategy…how businesses are struggling with AI

    Inc.com had a piece on AI adoption/perception/strategy recently. I feel that it provides some interesting insight into what's to come as it relates to dealing with employees working for - and against - the business...especially as it relates to sabotaging AI efforts. Lots of things for IT and security leaders and admins to pay attention to that I've summarized here: Challenges in Adoption 72% of C-suite leaders reported significant challenges ...

    Continue Reading...
  • 23 Apr 2025

    The new realities of career networking

    They say your network is everything. I’d argue that what truly matters is your time and your knowledge - those are the real currencies in today’s business world. Still, there’s no denying that staying connected, especially online, plays a critical role in your long-term success. The old saying “It’s who you know” has evolved into “It’s who knows you.” In our hyperconnected reality - where virtual presence carries as much ...

    Continue Reading...

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including:

 

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO CISSP cities coronavirus covid-19 cybersecurity data breaches eagle syndrome hacking Hacking For Dummies health helmet communications incident response information risk keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements sql injection tethered spinal cord time management underimplemented vulnerability and penetration testing web security zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.