• 10 Aug 2017

    Rapid7’s Insight platform provides focused analytics for your security program

    Fairly recently, Rapid7 took their vulnerability management platform up to the next level with their analytics platform called Rapid7 Insight. It's a beneficial for an independent consultant like myself and even more useful for enterprises with IT environments of growing complexity. Rapid7 Insight is marketed as a way to bring together the Nexpose vulnerability research, Metasploit exploits, global security intelligence and exposure analytics into a single system that can help ...

    Continue Reading...
  • 21 Jun 2017

    Using Centrifuge for IoT security testing

    I love hacking things, especially new things like what's showing up on networks around the globe in the form of IoT. If IoT security is anywhere on your radar, you're likely incorporating these devices into your security testing program. Well, there's a new IoT security assessment tool in town that you need to know about called Centrifuge brought to you by Tactical Network Solutions - makers of the former (and ...

    Continue Reading...
  • 06 Feb 2017

    Getting to know your network with Managed Switch Port Mapping Tool

    In my years performing independent network security assessments, one thing that has really stood out to me is the lack of network insight. Regardless of the size of the organization, the industry in which they operate, and the level of security maturity, in most cases, I see IT and security shops with very little:documentationinventoryconfiguration standardslogging and alerting outside of basic resource monitoringWhat this means – and what it can easily ...

    Continue Reading...
  • 05 Dec 2016

    Using NowSecure for automated mobile app testing

    As an independent information security consultant, I'm always looking for good testing tools to rely on for my work. These tools, such as vulnerability scanners, network analyzers/proxies, and related manual analysis tools, are not the be-all-end-all answer for uncovering security weaknesses, but they are a very important aspect of what I do. Be it more generic vulnerability scans, a targeted penetration test, or a broader, more in-depth, security assessment, I ...

    Continue Reading...
  • 24 Aug 2016

    A WordPress security resource for you: WP Security Audit Log

    WordPress has had its fair share of security flaws over the years. Arguably more than any other mainstream platform. A quick search of 'wordpress' at the National Vulnerability Database returns over 1,100 published vulnerabilities as old as 2004 and several as recent as this month. Despite all of the security issues, WordPress is a highly-popular platform for businesses and individuals alike to create their online presence.There are a lot of ...

    Continue Reading...
  • 20 Apr 2016

    What you need to know about Checkmarx CxSAST version 8

    Application security tool version upgrade usually don't excite me as it's often the same old, same old with a few new checks and niche features. However, the new version of Checkmarx CxSAST (formerly CxSuite, CxDeveloper, etc.) is spot-on. The next generation of the popular static source code analyzer - version 8 - was recently released and it contains some much-needed improvements over its predecessor. One thing that's glaringly evident in version 8 ...

    Continue Reading...
  • 25 Jan 2016

    LUCY – a very powerful email phishing tool

    If you're an IT or information security professional you need to know about a great - and relatively new - tool that you can use as part of your security assessment and/or user awareness and training programs...it's called LUCY. I came across a small online blurb about LUCY a few months ago and thought I would check it out. Having dealt with both open source and commercial email phishing tools ...

    Continue Reading...
  • 10 Mar 2015

    Using Checkmarx CxSuite to outline “the rest of the story” regarding application security

    When it comes to Web application and mobile app security, can you honestly say you know where everything stands...as American radio personality Paul Harvey used to proclaim -  the rest of the story?   You can run Web vulnerability scans, perform manual mobile app analysis, and the most in-depth penetration testing possible. You can look at things from the perspectives of unauthenticated attackers, trusted users, and all the angles in between ...

    Continue Reading...
  • 10 Sep 2014

    Magnasphere and the physical security vulnerability you may not know about

    If you have an alarm system that's dependent on the decades-old reed switches like the one pictured below, you should know they can be easily defeated with a mere compass and a magnet. It's pretty eye-opening...Certainly a good reason to have two, three, or (depending the country you live in and your stance on self-defense) more layers of security in your building or home! :-)A good option for beefing up ...

    Continue Reading...
  • 27 Aug 2014

    My new webcast on securing your Web environment against denial of service attacks

    I saw a recent study that found that distributed denial of service attacks are getting larger and larger.The thing you need to be thinking about is how you're going to prevent and respond when your Web presence becomes a target.Well, good timing, because I just recorded a new webcast for my friends at SearchSecurity.com on this very topic...In Proven Practices for Securing Your Website Against DDoS Attacks, I have a ...

    Continue Reading...

Success expert Brian Tracy shares his thoughts on Kevin:

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:


Hacking For Dummies, 8th edition penetration testing book

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO compliance coronavirus covid-19 cybersecurity data breaches discipline eagle syndrome hacking Hacking For Dummies health helmet communications incident response keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements tethered spinal cord tiktok time management underimplemented vulnerability and penetration testing web security willingness zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.