• 22 Mar 2022

    Security assessment interviews/questionnaires versus reality

    Not long ago, I performed what I call a security operations review where I asked various questions about how IT and security are managed within an organization I was working with. One of the topics was on patching and vulnerability management. I got a lot of good information, including specific details on how Windows, macOS, and even third-party patches are taken care of. Everything sounded great and I expected to ...

    Continue Reading...
  • 16 Feb 2022

    Macs are secure…no need to test them?? You might want to rethink that approach.

    Macs are secure! Right...? They don't really need to be tested...including them in an overall vulnerability management program is likely overkill. It's an age-old philosophy coming from those who need some enlightenment...perhaps get caught up on their reading. The next time someone tells you that macOS is secure, respectfully push back and ask: How do you know? Here's a screenshot of the Tenable.io findings from just one scan of a ...

    Continue Reading...
  • 24 Mar 2021

    If you mastered nothing else but this one thing, you’d be ahead of the security curve

    In my virtual CISO consulting engagements and vulnerability and penetration testing, the process of patch management ALWAYS comes up for discussion. Given the threats, the vulnerabilities, and the risks – everything that's at stake – I cannot think of any single aspect of a well-functioning information security program that's more important than patch management. It's one of a few things in security that you CAN control! The absolute last thing you ...

    Continue Reading...
  • 31 Jan 2014

    Some stuff you need to know about Windows 8.x, Internet Explorer, BYOD/MDM, and malware removal

    My goodness, I've let a lot of my articles on Windows 8, 8.1, patching, malware, and related desktop security topics stack up! Check these out:Don't ignore Windows 8 security when reviewing desktop vulnerabilitiesIT can tackle Windows configuration with a well-planned desktop auditWindows Server Update Services weaknesses you may not know about <=this is BIG, seriously!Why a Windows security scan is not enough to protect your workstationsFive steps to successful bot ...

    Continue Reading...
  • 05 Dec 2011

    What happens when third-party patches are ignored

    The majority of people I speak with claim they have no means for patching third-party software. As Kelly Jackson Higgins mentions in her recent Dark Reading blog post regarding the rash of Java exploitations, when third-party software goes unmanaged, bad things can happen.It's great that Metasploit has a a module for Java exploitation - something that'll not only benefit me in my security assessments but will also help bring to ...

    Continue Reading...
  • 17 Feb 2011

    Not surprised by the Wells Fargo ATM outage based on what I see

    Here's an interesting story about the widespread Wells Fargo ATM outage that occurred last week. There's speculation around the cause of the outage. Was it a hack? Was the system inadvertently taken down during system upgrades? Who knows...What I can say is that virtually every ATM I've come across in my work performing internal security assessments in/around the financial industry has been riddled with security holes. I've seen weak OS ...

    Continue Reading...
  • 12 Feb 2011

    Windows 7, Windows Phone 7, & Windows Firewall

    Be it smartphones or desktops, when it comes to securing Windows you've got to look at both. Here are some new pieces I wrote for SearchEnterpriseDesktop.com that you may be interested in:Security considerations for Windows Phone 7Should you use third-party patching tools to keep Windows 7 secure?Weighing Windows Firewall for enterprise desktop protection...

    Continue Reading...
  • 28 Jan 2011

    Take patch management out of IT’s hands completely?

    Here's a piece by CNET's Stephen Shankland on continuously updating software and patch management. Not sure where things will end up (we're already halfway there with this technology) but it's something that certainly couldn't hurt security....

    Continue Reading...
  • 04 Jan 2010

    My latest security content

    Here's some more new information security content - stuff on network administration, employee monitoring, checklist audits, and more. Enjoy!How to get - and keep - user support with security How to get management on board with Web 2.0 security issues Underlying causes of inconsistent patch management Are your IT administrators trustworthy? Monitoring user activity with network analyzersPriorities for your sound regulatory compliance management policy Go beyond a checklist audit for ...

    Continue Reading...
  • 16 Sep 2009

    Third-party apps still a big security issue

    A while back I wrote about the importance of patching third-party software on your enterprise desktops. Apparently third-party applications are still out of the security loop. It's a seemingly small problem but it can have pretty big consequences....

    Continue Reading...

A word about Kevin from well-known success expert Brian Tracy:

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:


Hacking For Dummies, 8th edition penetration testing book

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO compliance coronavirus covid-19 cybersecurity data breaches discipline eagle syndrome hacking Hacking For Dummies health helmet communications incident response keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements tethered spinal cord tiktok time management underimplemented vulnerability and penetration testing web security willingness zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.