-
25 May 2011Web appsec compliance & low-hanging fruit – it’s all up to us!
Here are some recent pieces I wrote on Web application security common sense for my colleagues at Acunetix that you may be interested in:But Compliance is Someone Else’s Job!Low-hanging fruit becomes big news with the 2011 Verizon Data Breach reportGoing Beyond Confirmed Web Security FlawsEnjoy!As always, be sure to check out www.principlelogic.com/resources.html for links to my 500+ articles, whitepapers, podcasts, webcasts, books and more....
Continue Reading... -
04 May 2011
From culture to products to malware to breaches – where do you stand?
Here are some new opinion pieces on information security management that I wrote for Security Technology Executive magazine that you may be interested in:Don’t end up on the wrong side of a data breachFighting the malware fight all over again9 good reasons not to buy information security productsSecurity best practices without question?How's your security culture?Enjoy!As always, be sure to check out www.principlelogic.com/resources.html for links to all of my information security ...
Continue Reading... -
04 May 2011
SecureWorld Expo better than ever
I attended this week's SecureWorld Expo in Atlanta and must say that the show is better now than ever before. I cut my professional speaking teeth with these guys speaking at dozens of their events between 2003 and 2007. I've taken some time off since but going back and seeing some of the same friendly faces brought back good memories.The best session I attended was William Hugh Murray's keynote on ...
Continue Reading... -
17 Feb 2011Are you focusing on the infosec basics where it counts?
Here's a good read from @arstechnica on the HBGary story. It's a fascinating story in and of itself. But the oversights related to information security "best practices" is amazing. What is it going to take to get people to focus on the basics? Seriously, folks...Forget about all the fancy hack attacks and complex exploits for now and fix the low-hanging fruit. It's basic triage - stop the bleeding first. Focus ...
Continue Reading... -
09 Feb 2011
Is it possible to do more with less?
In this era of limited budgets and "wait and see" leadership you still have to do something to manage IT and information security. I've always had trouble understanding why people can't focus on the basics and solve these problems using solutions already at their disposal. I guess the marketing machine is just doing its job.Here's a good article about this very thing written by my colleague and publisher Steve Lasky ...
Continue Reading... -
02 Sep 2010
Crunch risk numbers or fix the obvious?
My colleague Ben Rothke (@benrothke) recently wrote a good piece on basing information security decisions on good data. I like his approach - it'll make you think. It's true we do need good data so we can make better decisions. Sadly, we often don't have the data or, if we do, we're not qualified to interpret it.Maybe it's just me but I don't believe my degrees in computer engineering and ...
Continue Reading... -
15 Apr 2010
CSRF doesn’t matter?? The sky is falling!
Here's a great piece where something I wrote put a grown man with a hacker handle's boxers in a bunch. With all due respect to what Robert has contributed to our field, he is missing the point of my 8 sentence statement about cross-site request forgery (CSRF) not being a top priority (formerly published on SearchSoftwareQuality.com). It reminds of me when I wrote about Changes coming to the OWASP Top ...
Continue Reading... -
08 Nov 2009
The real deal with the SSL/TLS flaw
Over the past few days Twitter, security blogs, and news columns have been going crazy with the newly-discovered SSL/TLS flaw. Man, you'd think it's the next WEP exploit discovery. The security sky is falling...we must retreat.Seriously, is this thing a big deal? Not in my opinion - at least not in all but 99.9% of any given situation. But what do I know? I'm just the security guy that sees ...
Continue Reading... -
27 Jul 2009
My latest security content
Here's my latest information security article I wrote for SearchSMBStorage.com you may be interested in:Making sense of regulatory compliance and data storage for SMBs As always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts, my Twitter updates, and more....
Continue Reading... -
16 Jun 2009
Getting back to the basics – what’s it going to take?
With all the worry about budgets and all the marketing hype over some of these fancy vendor security solutions, I still see so many simple/silly/stupid things related to IT that need to be fixed before a penny is ever spent or a single new technology is ever deployed. Things like: --Network shares sharing out entire drives full of sensitive files - accessible by anyone with just a basic network login ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including one of the best-sellers of all time:
