• 22 Mar 2022

    Security assessment interviews/questionnaires versus reality

    Not long ago, I performed what I call a security operations review where I asked various questions about how IT and security are managed within an organization I was working with. One of the topics was on patching and vulnerability management. I got a lot of good information, including specific details on how Windows, macOS, and even third-party patches are taken care of. Everything sounded great and I expected to ...

    Continue Reading...
  • 20 Jun 2021

    The 21 Best Ways to Lose Your Information, revisited

    With all the crazy incidents and breaches brought about by so many unfortunate "glitches" combined with how I continually harp on the importance of mastering the information security basics, I thought it'd be appropriate to re-post the content of an article I wrote for Computerworld back in 2002... This piece was the second article I ever wrote. Little did I know that, nearly two decades later, every single one of ...

    Continue Reading...
  • 30 Apr 2021

    Networked IP cameras as vulnerable as ever…no excuses these days.

    You've likely heard the news about security cameras being vulnerable to exploits like what was covered in this piece: https://threatpost.com/breach-verkada-security-camera-tesla-cloudflare/164635/ I feel like I'm always talking in circles when it comes to security...stop repeating history, focus on the basics, do what you know needs to be done...It's especially true for vulnerabilities in network security cameras. A little over nine years ago I wrote about this problem with cameras that I ...

    Continue Reading...
  • 24 Mar 2021

    If you mastered nothing else but this one thing, you’d be ahead of the security curve

    In my virtual CISO consulting engagements and vulnerability and penetration testing, the process of patch management ALWAYS comes up for discussion. Given the threats, the vulnerabilities, and the risks – everything that's at stake – I cannot think of any single aspect of a well-functioning information security program that's more important than patch management. It's one of a few things in security that you CAN control! The absolute last thing you ...

    Continue Reading...
  • 03 Jul 2020

    The miracle of COVID-19 testing: more tests= more cases. (It works for security too!)

    I'm no jet fuel genius. Nor am I a statistician. I'm certainly no epidemiologist. I don't even consider myself to be one of the smartest people in my own field. But I do know enough to realize that when a problem exists (even if it's yet to be acknowledged), once it's sought after, it will be uncovered. And once it uncovered, does this newfound knowledge actually change anything? Not necessarily. ...

    Continue Reading...
  • 18 Mar 2020

    Look for the lessons and be a leader among the COVID-19 panic

    “The hardest thing to explain is the glaringly evident which everybody had decided not to see.” – Ayn Rand Interesting how the world has changed in the past couple of weeks, huh? Here in the U.S., we went from a thriving economy and living in what might be described as the best time to be alive to what seems like an abrupt halt - doom and gloom - all within a couple of ...

    Continue Reading...
  • 23 Aug 2019

    Cities + hacking & ransomware: what’s really going on?

    I do a lot of work for municipalities - cities, towns, and county governments - and I've concluded one thing: I don't envy those in charge of their IT and security. Apparently, municipal hacking is all the rage. At least that's what the media is currently portraying. For example, it's on the front page of today's New York Times: Ransomware Attacks Are Testing Resolve of Cities Across America The hacking ...

    Continue Reading...
  • 30 Apr 2019

    Healthcare’s latest (ridiculous) proposal to improve security in that industry

    For years, I've ranted about the rebranding of information security to "cybersecurity". This strategy is nothing more than a means to redirect attention - even create confusion - over what we do so that something shiny, new, and sexy can be sold to those who are buying. It's bad for what we're trying to accomplish in this field. We need less confusion rather than more. Well, here's a new set ...

    Continue Reading...
  • 27 Sep 2017

    SEC, Equifax, what’s next? Focus on – and fix – the stuff that matters in security.

    I recently consulted with a client on the SEC and Equifax breaches and had some thoughts that I left with that I wanted to share here: Your security program is only as good as your day-to-day processes and people. No amount of policies, plans, and technologies is going to prevent you from getting hit. Reactive security is apparently the new norm, at least according to SEC chairman Jay Clayton. I ...

    Continue Reading...
  • 15 May 2017

    The real reasons behind the WannaCry ransomware

    As we continue down the path of yet another major security breach - this time with the ransomware WannaCry - let us remember that it's not just about the criminal hackers, out-of-control government agencies such as the NSA, or vendors such as Microsoft putting out vulnerable software. Every single one of us working in IT, security, and business today are complicit in these challenges. Outdated/unsupported operating systems are running. We ...

    Continue Reading...

Resources

view all

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including:

 

Tags

application security appsec basics books careers censorship CISO CISSP cities compliance coronavirus covid-19 cybersecurity data breaches hacking Hacking For Dummies heads in sand health incident response information risk keynote speaker leadership macOS networked cameras passwords patching racing resilience Russian hacking SDLC security culture security leadership security program management security speaker selling security social engineering speaking engagements spec miata sql injection tiktok time management training vulnerability and penetration testing web security

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.

For your convenience I accept