• 22 Mar 2022

    Security assessment interviews/questionnaires versus reality

    Not long ago, I performed what I call a security operations review where I asked various questions about how IT and security are managed within an organization I was working with. One of the topics was on patching and vulnerability management. I got a lot of good information, including specific details on how Windows, macOS, and even third-party patches are taken care of. Everything sounded great and I expected to ...

    Continue Reading...
  • 11 May 2021

    A great read on the Great Reset

    Here on my blog, I normally post about information security...often with a sprinkling of psychology and the political nonsense of the world and how they impact security in business. Now, though, I want to share what I believe is a great read on this "Great Reset" that's going on in society right now. I can't share it on social media - Big Tech likes to block stuff like this for ...

    Continue Reading...
  • 15 May 2017

    The real reasons behind the WannaCry ransomware

    As we continue down the path of yet another major security breach - this time with the ransomware WannaCry - let us remember that it's not just about the criminal hackers, out-of-control government agencies such as the NSA, or vendors such as Microsoft putting out vulnerable software. Every single one of us working in IT, security, and business today are complicit in these challenges. Outdated/unsupported operating systems are running. We ...

    Continue Reading...
  • 01 May 2017

    Thoughts on the 2017 Verizon DBIR, hacking security policies, breaking into the infosec field, ransomware and more

    Here are some recent pieces I've written for the good people at IANS: Verizon DBIR shows why we’re still struggling with security Security policies don’t get hacked. Why do they get all the attention? Strategies for Thwarting State-Sponsored Hacks Rooting out Ransomware Where, exactly, is your information? CEO Spoofing - Don't get fooled Take responsibility for vendor product security Are you making this mistake with your phishing awareness campaign? As ...

    Continue Reading...
  • 13 Apr 2017

    Why SOC audit reports can be misleading, mobile app security gotchas, and more…

    Here are some links to recent articles I've written regarding application security...if you take anything away from this, it's that you can't afford to take this part of your security program lightly. Dealing with vendors who want to push their SOC audit reports on you Explaining discrepancies in different security assessment reports Why DAST and SAST are necessary if software is solid from the get-go Nixing credential re-use across unrelated ...

    Continue Reading...
  • 13 Mar 2017

    Web and mobile application security vulnerability and penetration testing resources

    Application security is no doubt one of the most important aspects of a security program. Here are some new pieces I've written that can help keep your web and mobile app vulnerabilities in check and your application security program on the right track...pay special attention to the last one regarding security assessments and reality:Keeping your Web applications in check with HIPAA complianceMobile app security risks could cost you millionsCommon oversights ...

    Continue Reading...
  • 03 Mar 2017

    Email phishing services: Just what you need to know to start mastering the task

    Got phished? Of course you have...whether you know it or not! As with penetration and vulnerability testing and any other form of security assessment, you need to be performing email phishing tests on your users – all of them, including executive management – on a periodic and consistent basis. I'm doing more and more of this work and the results that I'm finding are astounding...to the point that all other security ...

    Continue Reading...
  • 08 Jan 2017

    Hacking is not just an action, it’s an excuse

    Given all the ridiculous analyses and "findings" on Russian hacking as of late such as federal government bureaucrats who said there's no evidence to prosecute Clinton or who claim that the NSA does not collect data on America citizens yet they're certain that the Russians meddled in the U.S. election - many assertions of which are coming from talking heads with zero experience working in this field - I thought ...

    Continue Reading...
  • 12 Dec 2016

    Trump’s an expert on hacking too, huh?

    Yesterday, soon-to-be President Donald Trump showed just how ignorant politicians can be when it comes to computer security, breaches, and hacking. Referring to the Russians interfering with our recent election, the Donald said:"Once they hack if you don't catch them in the act you're not going to catch them...They have no idea if it's Russia or China or somebody. It could be somebody sitting in a bed some place."It's interesting. ...

    Continue Reading...
  • 19 Sep 2016

    People Behaving Badly and information security’s tie-in

    Last week, I had the opportunity to travel to the Bay Area in California to record an information security video (thanks Intel and TechTarget!). Of course, I couldn't travel across the country and not see the sights of San Francisco. A most excellent highlight of the trip was for my son and I to meet television and social media celebrity, Stanley Roberts. My son is a huge fan of Stanley's, ...

    Continue Reading...

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including one of the best-sellers of all time:


Hacking For Dummies, 8th edition penetration testing book

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO compliance coronavirus covid-19 cybersecurity data breaches discipline eagle syndrome hacking Hacking For Dummies health helmet communications incident response keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements tethered spinal cord tiktok time management underimplemented vulnerability and penetration testing web security willingness zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.