-
24 Jul 2012Interesting quote on human psyche that relates to infosec
I just saw the following quote from publisher Malcolm Forbes that underscores the very essence of the problems we see in information security, business and life in general:"Too many people overvalue what they are not and undervalue what they are."Indeed, so many people want to control or break down (they're one in the same) others because their own lives are out of control. They simply don't believe in themselves. Like ...
Continue Reading... -
07 Jun 2012
The weakness of vulnerability scans that people (sadly) ignore
Those of us who live and breathe information security on a daily basis understand that vulnerability scans are only part of the information security assessment equation. We can't live without them but as I've outlined here we by all means cannot rely on them completely.I was just speaking with a colleague about this and came up with an analogy for our overdependence on external vulnerability scans in the name of ...
Continue Reading... -
21 May 2012
Real-life example of people not seeing the big picture
The inability to think long-term, to see the bigger picture consequences of our choices, is no doubt at the root of most information security problems. Here's an example of what I'm talking about...what's wrong with this car?No, this isn't a race car with Hoosier racing slicks...it's a street car owned by someone working or shopping at a Wal-Mart who has chosen to drive with improper equipment. Like many people who ...
Continue Reading... -
15 May 2012
IT’s malignant narcissism and what you can do to rise above the noise
IT department optimism does not translate into IT department budget. That's what Jonathan Feldman wrote about in this Information Week piece. Their study provides lots of interesting insight into how many working in IT see things compared to, well, the rest of the business. I'm not surprised. While we're on the subject, I've recorded a video on IT's role in fixing this problem and wrote a new piece for TechTarget's ...
Continue Reading... -
28 Mar 2012
This is your crazy JetBlue captain speaking
Anyone is capable of doing anything...that's what comes to mind when I think about the JetBlue captain going mad on a flight yesterday. Here's what I know...Just because someone has passed a background check, has a good references and has created a good track record for himself doesn't mean he's not capable of flying off the hook and doing bad things. This applies to pilots as in this situation and ...
Continue Reading... -
15 Mar 2012
Flaws, compliance and the Cybersecurity Act of 2012
Here are some new pieces I've recently written that you may be interested in...big things in security we need to have on our radar: Six Security Flaws on Your Network Right Now Find the Most Flaws By Balancing Automated Scans with Manual Analysis Compliance is just the beginning New and not-so-new security twists in the Cybersecurity Act of 2012 Enjoy! Be sure to check out www.principlelogic.com/resources.html for links to all ...
Continue Reading... -
09 Feb 2012
Video: My new whitepaper on advanced malware and how Damballa Failsafe fits in
Introduction to the threat we're facing and my new whitepaper The Malware Threat Businesses are Ignoring and How Damballa Failsafe Fits In: ...
Continue Reading... -
08 Feb 2012
What’s it going to take for police departments to secure their websites?
Here's yet another story about a police department website being compromised by criminal hackers. When a regular citizen's home address is exposed, that's one thing. But when the addresses of police chiefs are published online, that opens up an entirely new set of risks for their personal safety. Sad. Hey, at least the police chiefs I know are armed and well-trained experts. Would be pretty foolish to try and attack ...
Continue Reading... -
27 Jan 2012
You cannot multiple security by dividing it – Infosec’s relationship with Socialism
I'm not much into urban legends and the like but came across this bit the other day and it really made me think. What a great analogy that impacts all of us both personally and professionally with some interesting information security and compliance tie-ins that I see all the time:An economics professor at a local college made a statement that he had never failed a single student before, but had ...
Continue Reading... -
05 Jan 2012
My Web app security epiphany: The Lysol Effect
I just had an epiphany in the bathroom. I know, I know...bear with me.I thought to myself, Why is it people use Lysol to cover up, um, smells and such in the bathroom?? Sure Lysol kills the problem at the source but, goodness gracious, there are other means of consideration than to merely cloud up the bathroom covering up something that probably shouldn't be there in the first place! Know ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
