• 21 Jul 2025

    Harvard Business Review article nails the challenges with underimplemented security tools

    Harvard Business Review (HBR) just published a great piece that covers the challenges associated with information security tools and highlights many of the reasons that security programs often fail. Here’s the essence of the piece: Despite spending billions on tools, most organizations are seeing modest results. Nearly half the tools companies invest in go unused. Sound familiar? It gets better. Or worse. The article highlights various reasons why tools fail to ...

    Continue Reading...
  • 17 Sep 2018

    Crashing race cars and preparing for incidents that have never happened

    Just over 17 years ago, on 9/11, we witnessed what it was like dealing with something that had never occurred. I remember thinking at the time and it still rings true – it's hard to protect against something that's never happened. Little to no clues, as far as we know...massive destruction on a scale we never expected. That's the tricky thing about terrorist threats and, on a much smaller scale, ...

    Continue Reading...
  • 10 Aug 2017

    Rapid7’s Insight platform provides focused analytics for your security program

    Fairly recently, Rapid7 took their vulnerability management platform up to the next level with their analytics platform called Rapid7 Insight. It's a beneficial for an independent consultant like myself and even more useful for enterprises with IT environments of growing complexity. Rapid7 Insight is marketed as a way to bring together the Nexpose vulnerability research, Metasploit exploits, global security intelligence and exposure analytics into a single system that can help ...

    Continue Reading...
  • 02 Mar 2016

    A patch for stupid, PCI DSS penetration testing tips, and focusing on what matters in security

    Here are some articles and guest blog posts I've written for my friends at TechTarget, Ziff Davis, AlgoSec, and Rapid7: - See more at: http://securityonwheels.blogspot.com/#sthash.QOKy5qXt.dpuThe follare some articles and guest blog posts I've written for my friends at TechTarget, Ziff Davis, AlgoSec, and Rapid7:The following are some new articles I've written for TechTarget and Ziff Davis. Enjoy!Maybe there is a patch for stupidSix areas of importance in the PCI Penetration ...

    Continue Reading...
  • 22 Dec 2014

    Some vulnerability + penetration testing content to send off 2014

    Here are some pieces I've written recently on determining just how "fit" your network and application environment really is. Whether you're an IT auditor, penetration tester, IT admin, or security consultant, there's some stuff for you:How to perform a (next-generation) network security audit Don’t overlook details when scoping your Web application security assessmentsTop gotchas when performing email phishing tests How to take a measured approach to automated penetration testingFive steps ...

    Continue Reading...
  • 28 Aug 2014

    The latest Android / Gmail security flaw & why people don’t take IT & security seriously

    You may have heard about the recently-discovered Android exploit that makes Gmail vulnerable to criminal hackers. I read it over and realized that I have to use this opportunity share an example of what I talk about when "researchers" claim that all is bad in the world because of the latest and greatest exploit impacting whatever software or device they've discovered.This Android/Gmail finding in particular is a great example of ...

    Continue Reading...
  • 28 Mar 2012

    This is your crazy JetBlue captain speaking

    Anyone is capable of doing anything...that's what comes to mind when I think about the JetBlue captain going mad on a flight yesterday. Here's what I know...Just because someone has passed a background check, has a good references and has created a good track record for himself doesn't mean he's not capable of flying off the hook and doing bad things. This applies to pilots as in this situation and ...

    Continue Reading...
  • 22 Mar 2012

    An interesting Microsoft tool to help with data classification

    Have you ever heard of Microsoft's Data Classification Toolkit for Windows Server 2008 R2? Me either. But it may be worth taking a look at. The lack of data classification and proper retention is at the core of many IT risks not to mention legal and compliance issues. You can't secure (or protect, or retain, or dispose of) what you don't acknowledge. If the Data Classification Toolkit is anything like ...

    Continue Reading...
  • 20 Jan 2012

    The role of IT in fighting today’s malware

    It seems ever since I wrote my paper The Malware Threat Businesses are Ignoring and How Damballa Failsafe Fits In I’m seeing more and more vendors jump on the bandwagon. Today’s malware impacts everything from the network infrastructure to the endpoint and everyone wants a piece of the pie. I know the market is growing so I can’t blame people for wanting to capitalize on the opportunity.Vendors aside, what is ...

    Continue Reading...
  • 26 Sep 2011

    Common firewall management challenges whitepaper

    Here's a new whitepaper I recently wrote on the ins and outs - and dos and don'ts - of managing enterprise firewalls:Firewall Management: 5 Challenges Every Company Must AddressIn the paper I cover things such as rules and regulations impacting firewall management, assessing firewall policy risks, managing changes and being able to prove where things stand with your firewalls at any given point in time.Enjoy!...

    Continue Reading...

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including one of the best-sellers of all time:


Hacking For Dummies, 8th edition penetration testing book

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO compliance coronavirus covid-19 cybersecurity data breaches discipline eagle syndrome hacking Hacking For Dummies health helmet communications incident response keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements tethered spinal cord tiktok time management underimplemented vulnerability and penetration testing web security willingness zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.