-
19 Jul 2025What do truckers in the inside lanes, the Georgia State Patrol, and infosec policies have in common?
Security policies are garbage unless someone actually enforces them. They exist to tick boxes, impress auditors, and give leadership a warm-and-fuzzy about “doing security.” But when nobody lives by them, they’re nothing but paperwork liabilities. Certainly not the safeguards many assume them to be. They're certainly not worth the paper on which they're printed, or the storage space they're occupying on the network. Security policies can be bad for business ...
Continue Reading... -
29 Apr 2019I’m IT…Respect my authoriTAH!
If you've watched the animated TV show, South Park, you'll appreciate this. I just came across an article titled The Importance of Respecting Expertise in IT Professionals by Michelle Rakoczy. It's a thoughtful and well-researched piece on why people outside of IT need to respect the guidance/opinions of IT professionals (yet often don't). In my years of information security consulting and observing human behaviors as they relate to the field, ...
Continue Reading... -
13 Aug 2018CNN news story on Omarosa getting fired from the White House that quotes me on the reality of security culture
Security culture is everything. If you work in security, you probably already know that...For business executives, though...well, that mindset is largely absent. In fact, as this new CNN piece I'm quoted in about Omarosa secretly recording her firing in the most "secure" room of the White House highlights, talk is cheap. IT and corporate security professionals can evangelize the importance of security - especially security culture - all day long, ...
Continue Reading... -
04 Jun 2014More Web security vulnerability assessment, audit, and pen testing resources
I've been busy in the world of Web security testing - both with work and with writing. Check out these new pieces on the subject. I suspect I'll tick off a "researcher" or two given my business angle and 80/20 Rule-approach of focusing on the most problematic areas of Web security...Still, I hope that these are beneficial to you and what you're trying to accomplish in your organization: Key Web ...
Continue Reading... -
16 Jul 2013
Never forget this
Although we strive to get others on our side, here's a good reminder from the late Richard Carlson that applies to IT and information security that we should always keep in mind:"The sooner we accept the inevitable dilemma of not being able to win the approval of everyone we meet, the easier our lives will become". Speaking of building your confidence and independence, here are some new articles I've written ...
Continue Reading... -
20 Jan 2012
Executives could learn a lot from Supernanny
We all have a lot to learn from Jo Frost, the Supernanny. In particular, when it comes to information security, IT management, employee computer usage and so on, business executives could benefit a ton. Here's how it'd go:Create a set of rules.Enforce your darned rules!...
Continue Reading... -
21 Nov 2011Don’t turn a blind eye on the basics
I'm all about shoring up the basics of Web security before throwing money at the situation. If you're interested in saving not only money but also time and effort, here are some new pieces I've written on Web security that you may be interested in: Explaining the why of Web application security Improving Web security by working with what you’ve got Not all Web vulnerability scans are created equal Why ...
Continue Reading... -
18 Jun 2011
When’s political correctness going to impact infosec?
Witnessing the Thought Police's handling of the Tracy Morgan debacle I can't help but wonder if political correctness is not the beginning of dictatorships, Communism, etc. where the population is not allowed to speak up or out against anything.Don't get me wrong. Being a libertarian, I'm pro-choice on everything...To each his own. As long as you're not affecting the life, liberty or property of someone else, then say what you ...
Continue Reading... -
28 Apr 2011
The mobile device free-for-all dilemma
From @ECIOForum, can you envision enterprises giving workers any desktop or mobile device they want to do their jobs?I think an important follow-up question is: does it really matter?People are going to do what they're going to do. Those of us in IT and infosec can scream No, No, No this or that mobile devices on the network at the top of our lungs; until eternity...But you know what? People ...
Continue Reading... -
27 Apr 2011
Novell, Utah and the Libertarian Party
Some new news out today was about Novell completing its sale to Attachmate. Wow, the end of an era...Novell really does have a special place in my heart - NetWare was the first network operating system I learned, way back in the version 2.15c days. Anyone remember those? Then I moved on to v2.2, 3.12, 4.0 and then 4.1. I obtained my first IT certification - the CNE - that ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
