• 16 Feb 2022

    Macs are secure…no need to test them?? You might want to rethink that approach.

    Macs are secure! Right...? They don't really need to be tested...including them in an overall vulnerability management program is likely overkill. It's an age-old philosophy coming from those who need some enlightenment...perhaps get caught up on their reading. The next time someone tells you that macOS is secure, respectfully push back and ask: How do you know? Here's a screenshot of the Tenable.io findings from just one scan of a ...

    Continue Reading...
  • 24 Mar 2021

    If you mastered nothing else but this one thing, you’d be ahead of the security curve

    In my virtual CISO consulting engagements and vulnerability and penetration testing, the process of patch management ALWAYS comes up for discussion. Given the threats, the vulnerabilities, and the risks – everything that's at stake – I cannot think of any single aspect of a well-functioning information security program that's more important than patch management. It's one of a few things in security that you CAN control! The absolute last thing you ...

    Continue Reading...
  • 02 Mar 2016

    A patch for stupid, PCI DSS penetration testing tips, and focusing on what matters in security

    Here are some articles and guest blog posts I've written for my friends at TechTarget, Ziff Davis, AlgoSec, and Rapid7: - See more at: http://securityonwheels.blogspot.com/#sthash.QOKy5qXt.dpuThe follare some articles and guest blog posts I've written for my friends at TechTarget, Ziff Davis, AlgoSec, and Rapid7:The following are some new articles I've written for TechTarget and Ziff Davis. Enjoy!Maybe there is a patch for stupidSix areas of importance in the PCI Penetration ...

    Continue Reading...
  • 31 Jan 2014

    Some stuff you need to know about Windows 8.x, Internet Explorer, BYOD/MDM, and malware removal

    My goodness, I've let a lot of my articles on Windows 8, 8.1, patching, malware, and related desktop security topics stack up! Check these out:Don't ignore Windows 8 security when reviewing desktop vulnerabilitiesIT can tackle Windows configuration with a well-planned desktop auditWindows Server Update Services weaknesses you may not know about <=this is BIG, seriously!Why a Windows security scan is not enough to protect your workstationsFive steps to successful bot ...

    Continue Reading...
  • 19 Sep 2011

    Windows ASLR, APTs, server malware protection and common patching gaps

    Here are some new pieces I've written for the TechTarget sites SearchWindowsServer.com and SearchEnterpriseDesktop.com on Windows (in)securities in the enterprise including a bit on the over-hyped and misunderstood APT threat (is that like "ATM machine"?) which I got to see first hand while working on a project that involved one of the Operation Shady Rat victims:The APT threat to Windows environmentsWhy you need address space layout randomization in Windows Server ...

    Continue Reading...
  • 12 Feb 2011

    Windows 7, Windows Phone 7, & Windows Firewall

    Be it smartphones or desktops, when it comes to securing Windows you've got to look at both. Here are some new pieces I wrote for SearchEnterpriseDesktop.com that you may be interested in:Security considerations for Windows Phone 7Should you use third-party patching tools to keep Windows 7 secure?Weighing Windows Firewall for enterprise desktop protection...

    Continue Reading...
  • 28 Jan 2011

    Take patch management out of IT’s hands completely?

    Here's a piece by CNET's Stephen Shankland on continuously updating software and patch management. Not sure where things will end up (we're already halfway there with this technology) but it's something that certainly couldn't hurt security....

    Continue Reading...
  • 26 Oct 2007

    My articles from this week

    A new thing I'm going to start doing on my blog is linking to any articles I've recently written for TechTarget and other trade publications. Sort of an added bonus to what I write here in my blog. For all of my past content be sure to check out www.principlelogic.com/resources.html. Here are this week's entries: Eight reasons to do source code analysis on your web application Database security testing terms: ...

    Continue Reading...

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including one of the best-sellers of all time:


Hacking For Dummies, 8th edition penetration testing book

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO compliance coronavirus covid-19 cybersecurity data breaches discipline eagle syndrome hacking Hacking For Dummies health helmet communications incident response keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements tethered spinal cord tiktok time management underimplemented vulnerability and penetration testing web security willingness zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.