• 19 Jul 2025

    What do truckers in the inside lanes, the Georgia State Patrol, and infosec policies have in common?

    Security policies are garbage unless someone actually enforces them. They exist to tick boxes, impress auditors, and give leadership a warm-and-fuzzy about “doing security.” But when nobody lives by them, they’re nothing but paperwork liabilities. Certainly not the safeguards many assume them to be. They're certainly not worth the paper on which they're printed, or the storage space they're occupying on the network. Security policies can be bad for business ...

    Continue Reading...
  • 13 Aug 2018

    CNN news story on Omarosa getting fired from the White House that quotes me on the reality of security culture

    Security culture is everything. If you work in security, you probably already know that...For business executives, though...well, that mindset is largely absent. In fact, as this new CNN piece I'm quoted in about Omarosa secretly recording her firing in the most "secure" room of the White House highlights, talk is cheap. IT and corporate security professionals can evangelize the importance of security - especially security culture - all day long, ...

    Continue Reading...
  • 03 Apr 2017

    People will violate your policies all day long…if you let them.

    I recently saw this out in front of a local restaurant where management was trying to resolve parking, sidewalk access, and traffic issues. Their "control" obviously doesn't work:Be it parking cars or using computers, instant gratification is the name of the game. People want what they want. They want it right now. And, they will take the path of least resistance - and violate your policies in the process to ...

    Continue Reading...
  • 13 Apr 2016

    Why data classification is a joke

    I just saw this post on Slashdot about 0bama saying that classified means whatever it needs to mean. It reminds me of how data classification is treated as an information risk management function in the enterprise: mostly non-existent:Data classification programs that do exist are typically a joke whereby IT and security handles everything with no involvement from the business or legal or legal handles everything with IT and security being ...

    Continue Reading...
  • 20 Jan 2016

    Worst passwords (on your network right now)

    The fifth-annual Worst Passwords List put out by SplashData is here and the findings aren't terribly surprising. Here are the top five:#1: 123456#2: password#3: 12345#4: 12345678#5: qwerty  Good stuff! What's that quote about insanity? One of those security basics that we'll likely continue to ignore until the end of time. That's alright, as some of the best sideline analysts will proclaim: we need not focus on such trivial things. Well, they ...

    Continue Reading...
  • 16 Jan 2016

    Tips for taking your information security program to the top

    Ready to make some changes to your information security program for 2016? You need to read these pieces I've recently written: Setting and achieving realistic information security program goals for 2016 Information security's chicken and egg problem (formerly published at toolbox.com) Security's gaping hole - policy enforcement (formerly published at toolbox.com) Four reasons people aren't buying what you're selling in IT (formerly published at toolbox.com) When security policies are bad ...

    Continue Reading...
  • 20 Jan 2012

    Executives could learn a lot from Supernanny

    We all have a lot to learn from Jo Frost, the Supernanny. In particular, when it comes to information security, IT management, employee computer usage and so on, business executives could benefit a ton. Here's how it'd go:Create a set of rules.Enforce your darned rules!...

    Continue Reading...
  • 06 Dec 2011

    School staff members and porn – Why you should care

    Here's an interesting read on government employees trying to make an extra buck by serving up pornography on their high school-issued computers. What a lovely story.Don't think this kind of behavior is random. I've seen this very thing at the university level during a security assessment I did early on in my information security consulting venture.You see, one thing I do during my internal security assessments is connect a network ...

    Continue Reading...
  • 04 Oct 2011

    Should You Ban Facebook at the Office?

    In the whitepaper To Block or Not. Is that the Question?, Palo Alto Networks explores the issue of "Enterprise 2.0" applications such as Facebook, Skype, Twitter and YouTube and how users are now in control of the network. Meanwhile, IT staff is saying "just block it!" and users say "just don't block it!," but it's not that simple. As the whitepaper points out, the real answer lies in your ability ...

    Continue Reading...
  • 18 Jun 2011

    When’s political correctness going to impact infosec?

    Witnessing the Thought Police's handling of the Tracy Morgan debacle I can't help but wonder if political correctness is not the beginning of dictatorships, Communism, etc. where the population is not allowed to speak up or out against anything.Don't get me wrong. Being a libertarian, I'm pro-choice on everything...To each his own. As long as you're not affecting the life, liberty or property of someone else, then say what you ...

    Continue Reading...

A word about Kevin from well-known success expert Brian Tracy:

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:


Hacking For Dummies, 8th edition penetration testing book

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO compliance coronavirus covid-19 cybersecurity data breaches discipline eagle syndrome hacking Hacking For Dummies health helmet communications incident response keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements tethered spinal cord tiktok time management underimplemented vulnerability and penetration testing web security willingness zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.