-
26 Sep 2011Compliance or risk: what the real IT leaders focus on
Whatever your approach to managing IT and information security, here's a new bit I wrote for Security Technology Executive magazine on fixing what needs to be fixed before you do ANYTHING else:Fix Your Low-Hanging Fruit or Forever Hold Your PeaceOnce you have the urgent flaws on your most important systems out of the out of the way, here are some pieces I wrote for SearchCompliance.com on dealing with compliance while, ...
Continue Reading... -
25 Aug 2011
Join me live today at Dark Reading’s webinar #iwkdrbreaches
I'm speaking at the #Information Week/Dark Reading Virtual Trade Show How Security Breaches Happen and What Your Organization Can Do About It. My session is titled How to Win the War Against Cybercrime and starts at 2:30pm ET. Here are a few words about it: What are you doing to avoid becoming the next Wikileaks, Google, or Sony? Despite the fact that businesses will spend over 50 billion dollars worldwide ...
Continue Reading... -
10 Aug 2011
My webcast/Q&A today on managing network threats
Join me today in TechTarget's SearchCompliance.com virtual tradeshow: Enterprise Risk Management: Mitigation Strategies for Today's Global Enterprise My presentation "Managing Network Security Threats with an ERM Strategy" starts around 3pm ET and I'll be doing a live Q&A just after....
Continue Reading... -
28 Feb 2011
Security talent ≠ security success
Here's one of those great quotes that applies directly to infosec:“Talent is cheaper than table salt. What separates the talented individual from the successful one is a lot of hard work.” -Stephen KingThere are plenty of people who understand security architecture, hacking and related technical issues but few who really get the essence of risk and have taken the necessary steps to make information security work in support of the ...
Continue Reading... -
11 Oct 2010
Got compliance? Here are some tips for moving ahead.
Tired of "compliance"? Me too. But, it's still one of those necessary (arguably sometimes unnecessary) evils we must deal with in business today.Here are some new pieces I've written for the fine folks at SearchCompliance.com that will hopefully be of some benefit to you and your business.:Priorities for your sound regulatory compliance management policyPut compliance management back into server virtualizationAchieving compliance is about more than secure data encryptionWhat compliance professionals ...
Continue Reading... -
02 Sep 2010
Crunch risk numbers or fix the obvious?
My colleague Ben Rothke (@benrothke) recently wrote a good piece on basing information security decisions on good data. I like his approach - it'll make you think. It's true we do need good data so we can make better decisions. Sadly, we often don't have the data or, if we do, we're not qualified to interpret it.Maybe it's just me but I don't believe my degrees in computer engineering and ...
Continue Reading... -
28 Jun 2010
Mobile security problems & solutions: our podcast from Gartner
Eric Green has put together a very-well produced podcast from last week's Gartner conference where Larry Ponemon, Stan Gatewood, and I discussed mobile security risks and metrics on the show floor.Also, check out Eric's other podcasts on his site...very sharp guy....
Continue Reading... -
17 Jun 2010
Looking under the hood of the new OWASP Top 10 for 2010
While I'm on a roll posting some recent content I thought I'd list this one as well:The new OWASP Top 10 for 2010 – Risk and RealitiesIn this piece I wrote for Acunetix's blog I talk about what the new OWASP Top 10 for 2010 is about, what it's not, and some considerations for leveraging it to help you minimize your business risks....
Continue Reading... -
23 Apr 2010
Re-post of my update on CSRF
I was just informed by my editor at SearchSoftwareQuality.com that they're going to take my Ask the Expert response regarding CSRF (referred to in this post) offline until they've had a chance to review it. In the interest of not letting this fizzle out without people knowing what happened as well as maintaining my stance on the topic and further clarifying what I meant, here's the original question along with ...
Continue Reading... -
15 Apr 2010
CSRF doesn’t matter?? The sky is falling!
Here's a great piece where something I wrote put a grown man with a hacker handle's boxers in a bunch. With all due respect to what Robert has contributed to our field, he is missing the point of my 8 sentence statement about cross-site request forgery (CSRF) not being a top priority (formerly published on SearchSoftwareQuality.com). It reminds of me when I wrote about Changes coming to the OWASP Top ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
