-
11 Jun 2012Focus on yourself and reap the rewards in IT & infosec
If you're in to big-picture IT and information security stuff like, say, your career and focusing on what matters, here are some new bits I've written for TechTarget and Security Technology Executive magazine that you may be interested in:Five habits of highly-successful IT prosSocial networking strategies to further your IT careerFive ways to advance your Windows careerUnderstanding management gets your IT department what it needsRSA's look at the big pictureEnjoy! ...
Continue Reading... -
15 Mar 2012
Flaws, compliance and the Cybersecurity Act of 2012
Here are some new pieces I've recently written that you may be interested in...big things in security we need to have on our radar: Six Security Flaws on Your Network Right Now Find the Most Flaws By Balancing Automated Scans with Manual Analysis Compliance is just the beginning New and not-so-new security twists in the Cybersecurity Act of 2012 Enjoy! Be sure to check out www.principlelogic.com/resources.html for links to all ...
Continue Reading... -
01 Mar 2012
My final takeaway from #RSAC
I said my farewell to the RSA Conference Tuesday evening but had some final thoughts about the show that I wanted to share with you.In addition to the keynotes I talked about, I attended a mock trial session involving malware, a digital certificate acquired for ill-gotten gains, and a healthcare company that ignored all things HIPAA (heard that a million times!) as well as a session by HP's Jacob West ...
Continue Reading... -
08 Feb 2012
What’s it going to take for police departments to secure their websites?
Here's yet another story about a police department website being compromised by criminal hackers. When a regular citizen's home address is exposed, that's one thing. But when the addresses of police chiefs are published online, that opens up an entirely new set of risks for their personal safety. Sad. Hey, at least the police chiefs I know are armed and well-trained experts. Would be pretty foolish to try and attack ...
Continue Reading... -
06 Feb 2012
My new material on Web application & website security
Here are several new pieces I've written on Web site/application security. Lots of angles and considerations:There’s more to web security than meets the eyeWeb passwords are often the weakest linkTo validate or not, is that the question?Protecting FTP services running on your Web serverThe critical Web-based systems that are going untested and unsecuredGood Web Security Tools and Why They MatterWhy you need intruder lockoutWeb security is like the layers of ...
Continue Reading... -
16 Dec 2011
AlgoSec & what happens when you don’t look for flaws from every angle
I recently had the opportunity to see how well AlgoSec's Firewall Analyzer performs in a real-world security assessment. Long story short, Firewall Analyzer found a weak password on an Internet-facing firewall that would've gone undetected otherwise. A traditional vulnerability scanner didn't find it nor did two different Web vulnerability scanners. Nothing was uncovered via manual analysis either.Only AlgoSec's Firewall Analyzer found the weakness...no doubt a flaw that would've been exploited ...
Continue Reading... -
15 Dec 2011
Going green’s tie-in with infosec
If you've been following my blog and my principles for even a short period of time you've probably figured out that I pull no punches when it comes to personal responsibility and limited government. There's hardly anywhere I'm more passionate in this regard than the marketing smoke and mirrors of "Going Green" and the religion of "global warming". I should say "climate change"; that covers warming and cooling for the ...
Continue Reading... -
21 Nov 2011Don’t turn a blind eye on the basics
I'm all about shoring up the basics of Web security before throwing money at the situation. If you're interested in saving not only money but also time and effort, here are some new pieces I've written on Web security that you may be interested in: Explaining the why of Web application security Improving Web security by working with what you’ve got Not all Web vulnerability scans are created equal Why ...
Continue Reading... -
04 Sep 2011
DNS hack: UPS, National Geographic, Acer, etc. websites affected
Happy (almost) Labor Day...here's the latest from the criminal hackers: a DNS hack has redirected numerous websites of UPS, National Geographic, Acer, The Register and more. Nice. Betcha it was some low-hanging fruit someone, somewhere overlooked....
Continue Reading... -
08 Jun 2011
Weiner fallout: “I got hacked” is the new scapegoat
I recently met up with some technology lawyer colleagues after work and we shared our thoughts on the Anthony Weiner "incident". We were talking about how early on in the saga no one but Weiner and the lucky recipients of his tweets really knew what the truth was. Predictably, as we're seeing and hearing more and more these days, Weiner came out and said "I was hacked. It happens to ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including one of the best-sellers of all time:
