-
01 May 2017Thoughts on the 2017 Verizon DBIR, hacking security policies, breaking into the infosec field, ransomware and more
Here are some recent pieces I've written for the good people at IANS: Verizon DBIR shows why we’re still struggling with security Security policies don’t get hacked. Why do they get all the attention? Strategies for Thwarting State-Sponsored Hacks Rooting out Ransomware Where, exactly, is your information? CEO Spoofing - Don't get fooled Take responsibility for vendor product security Are you making this mistake with your phishing awareness campaign? As ...
Continue Reading... -
03 Mar 2017
Email phishing services: Just what you need to know to start mastering the task
Got phished? Of course you have...whether you know it or not! As with penetration and vulnerability testing and any other form of security assessment, you need to be performing email phishing tests on your users – all of them, including executive management – on a periodic and consistent basis. I'm doing more and more of this work and the results that I'm finding are astounding...to the point that all other security ...
Continue Reading... -
28 Jun 2016
Email phishing expertise: Lack of skills or just a lackadaisical approach to security?
I can't think of any current security test that's more important than email phishing. Yet, it seems that so few organizations actually include this phishing as part of their ongoing information security assessments and penetration tests. I suppose that's why we keep hearing about all of the Cryptolocker infections and crazy statistics being published by Verizon, Ponemon and others. Here are some articles that I have written that can help ...
Continue Reading... -
25 Jan 2016
LUCY – a very powerful email phishing tool
If you're an IT or information security professional you need to know about a great - and relatively new - tool that you can use as part of your security assessment and/or user awareness and training programs...it's called LUCY. I came across a small online blurb about LUCY a few months ago and thought I would check it out. Having dealt with both open source and commercial email phishing tools ...
Continue Reading... -
22 Dec 2014
Some vulnerability + penetration testing content to send off 2014
Here are some pieces I've written recently on determining just how "fit" your network and application environment really is. Whether you're an IT auditor, penetration tester, IT admin, or security consultant, there's some stuff for you:How to perform a (next-generation) network security audit Don’t overlook details when scoping your Web application security assessmentsTop gotchas when performing email phishing tests How to take a measured approach to automated penetration testingFive steps ...
Continue Reading... -
29 Oct 2010
The business side of Web security (you can’t afford to ignore)
Here's a new piece I wrote about the *other* aspects of Web security beyond the bits and bytes...Don't let this stuff catch you off guard.Preventing phishing attacks is not just a technical issue...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including one of the best-sellers of all time:
