Kevin Beaver's Security Blog

Wednesday (early) morning’s webcast: State of Cyber Security 2013

ISACA and TechTarget are putting it on...It starts tomorrow (Wednesday) morning at 7:45am ET.Several thousand people will be in attendance...it's the largest crowd I've ever spoken to.It'll be engaging. It'll be informative. You'll hear what I really think about Obama's Cybersecurity mandates. You can't miss it.I'll be kicking things off with the keynote...then I'll be followed by some true information security experts:Theresa M. Grafenstine, Inspector General U.S. House of RepresentativesDr. ...

Got Compliance? Here’s my way of reducing your pain just a bit.

It's been a while and the content is stacking up, so here's the first of many upcoming posts on new content I've written. This time up, it's a set of tips I've written for Ben Cole at SearchCompliance.com about that dreaded subject...you guessed it....compliance.Enjoy!Considering a career in compliance? Heed these warnings firstAudits, maintenance crucial to business continuity policy successControl, visibility essential to records management and complianceBeware the perils of organization-wide ...

Mobile app security testing – are you checking for all the flaws?

I plan to write a related post soon on my mobile app security assessments. In the meantime, I wanted to share a tool with you that plays a key role in mobile app security: Checkmarx CxDeveloper (or perhaps more appropriately called CxSuite).If you're a developer, QA professional, security manager, or IT generalist, this is a good tool to have for all of those gotta-have-now apps that everyone is throwing together ...

Reactive security, eh? How’s that workin’ for ya?

Every time I browse the Chronology of Data Breaches and read the headlines coming out from Dark Reading, threatpost, and the like, I can't help but shake my head. What is it really going to take to get people - mostly management, but some in IT - to fix the stupid, silly, low-hanging fruit that's plaguing so many networks today...? Well, here's a new piece I wrote for the nice ...

IT security careers, committees, and corruption

Here are some new pieces I've written on IT and security leadership (or lack thereof). Enjoy!What to do when the CIO gets in the way of enterprise IT securityHow to form a functional enterprise IT security committeeUnderstanding management gets your IT department what it needsFive Concepts for IT Security SuccessAs always, check out principlelogic.com/resources for links to all of my information security whitepapers, podcasts, webcasts, books, and more....

What do credibility, BYOD, & mobile security have in common?

They're the topics of three new pieces I've written!I can't believe I've been writing more than ever lately but haven't kept up with my posts accordingly. In the interest of catching up, here's some new content I've written on mobile security, BYOD, and IT/security careers:Credibility is the cornerstone of your careerAs BYOD, cloud change networking, VPN management still indispensibleTop 10 reasons we have our heads in the sand over mobile ...

Windows server and workstation security essentials

Over the past couple of months I was so focused on writing new content that I've been remiss in posting it online. Here are some tips, thoughts and general opinions around Windows server and workstation security:Desktop backup oversights that can get you into a bindFree open source security tools for finding and fixing Windows flawsMobile security and how you can no longer ignore its impact on enterprise desktop management Why ...

This week’s webcast on common sense security

Join me and Phil Owens of GFI tomorrow (Wednesday July 24, 2012) as we wax poetic about what it really takes to have a reasonable layered security defense against malware:Defense in Depth: The Layered Approach to IT Security Crashed systems, data theft, decreased productivity, revenue loss, reputation loss – today’s malware threats can cause critical damage to your business. IT professionals, now more than ever, need a method of in-depth protection ...

With all the recent hype and hoopla over Windows 8 and Server 2012, I thought I'd throw in my two cents into the Microsoft analysis arena...here are some recent pieces I've written that you may be interested in:Thoughts and considerations around the forthcoming System Center 2012 Configuration ManagerWhy the simple Windows 8 Metro interface may not benefit usersMicrosoft Security Compliance Manager enhances desktop securityA first look at Microsoft Office 15 ...

Focus on yourself and reap the rewards in IT & infosec

If you're in to big-picture IT and information security stuff like, say, your career and focusing on what matters, here are some new bits I've written for TechTarget and Security Technology Executive magazine that you may be interested in:Five habits of highly-successful IT prosSocial networking strategies to further your IT careerFive ways to advance your Windows careerUnderstanding management gets your IT department what it needsRSA's look at the big pictureEnjoy! ...