-
13 Apr 2017Why SOC audit reports can be misleading, mobile app security gotchas, and more…
Here are some links to recent articles I've written regarding application security...if you take anything away from this, it's that you can't afford to take this part of your security program lightly. Dealing with vendors who want to push their SOC audit reports on you Explaining discrepancies in different security assessment reports Why DAST and SAST are necessary if software is solid from the get-go Nixing credential re-use across unrelated ...
Continue Reading... -
06 Feb 2017
Getting to know your network with Managed Switch Port Mapping Tool
In my years performing independent network security assessments, one thing that has really stood out to me is the lack of network insight. Regardless of the size of the organization, the industry in which they operate, and the level of security maturity, in most cases, I see IT and security shops with very little:documentationinventoryconfiguration standardslogging and alerting outside of basic resource monitoringWhat this means – and what it can easily ...
Continue Reading... -
03 Jan 2017
Keys to a great 2017
Welcome to 2017! It's another year and another great opportunity to get security right in your organization. As you return to work with a cleared mind and good intentions, building (or maintaining) an effective information security program in the New Year is not unlike my favorite passion: car racing. You not only need to get off to a good start but you also need to keep up your momentum...lap after lap ...
Continue Reading... -
19 Sep 2016
People Behaving Badly and information security’s tie-in
Last week, I had the opportunity to travel to the Bay Area in California to record an information security video (thanks Intel and TechTarget!). Of course, I couldn't travel across the country and not see the sights of San Francisco. A most excellent highlight of the trip was for my son and I to meet television and social media celebrity, Stanley Roberts. My son is a huge fan of Stanley's, ...
Continue Reading... -
19 Sep 2016
What, exactly, is reasonable security? The state of California knows!
With all that's happening in the world of information security, it seems that there's never enough regulation. From to HIPAA to the state breach notification laws to PCI DSS and beyond, there are rules - and guidance - around every corner. Oddly enough the breaches keep occurring. As if what we've been told up to this point is not reasonable enough. Some people, mostly federal government bureaucrats and lawyers who ...
Continue Reading... -
05 May 2016
Twitter hack–NFL draft consequences
I recently received this press release regarding Ole Miss offensive tackle Laremy Tunsil's Twitter account and how it affected his NFL draft:Amazing.Will someone please tell me how the consequences of basic security weaknesses surrounding social media, passwords, and malware do not impact us all personally and professionally....
Continue Reading... -
04 May 2016
Yet another over-hyped security flaw making the headlines
For years now, I've ranted here and elsewhere about the nonsensical niche security "flaws" uncovered by researchers and academic scholars that often have no real bearing on business or society. There are always caveats, always reasons why these super-complicated exploits won't work, yet they make the headlines time and again. The recent Waze app discovery is a great example:Vulnerability in Google's Waze app could let hackers track you, researchers sayLook ...
Continue Reading... -
14 Apr 2016
Will the DBIR include Verizon’s latest breach?
I'm a little late to pull the trigger on this but felt compelled to ask the question nonetheless:Will Verizon include it's recent breach in its (presumably) forthcoming Data Breach Investigations Report? ...It's related to this press release I received ~3 weeks ago:...
Continue Reading... -
02 Mar 2016
A patch for stupid, PCI DSS penetration testing tips, and focusing on what matters in security
Here are some articles and guest blog posts I've written for my friends at TechTarget, Ziff Davis, AlgoSec, and Rapid7: - See more at: http://securityonwheels.blogspot.com/#sthash.QOKy5qXt.dpuThe follare some articles and guest blog posts I've written for my friends at TechTarget, Ziff Davis, AlgoSec, and Rapid7:The following are some new articles I've written for TechTarget and Ziff Davis. Enjoy!Maybe there is a patch for stupidSix areas of importance in the PCI Penetration ...
Continue Reading... -
15 Apr 2015
Don’t get blinded by the “small stuff” that’s hard to notice
One of the core challenges you face in information security is getting so caught up in the minutiae of your network environment and day-to-day work that you end up not being able to see the bigger picture: what's really going on, what really needs attention, and what really matters. I've been writing about this for over a decade and I've yet to stop spreading the word...it's just too important a ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including:
Tags
For your convenience I accept
