-
15 Jul 2009One of the best infosec books ever written
I had the opportunity and pleasure to do the technical editing on this book by my friend and colleague Becky Herold:The Shortcut Guide to Understanding Data Protection from Four Critical PerspectivesThis book is hands-down one of the best books out there on information security and why it matters to the business. Becky doesn't simply regurgitate the same old stuff either (not that I would expect her to). She has many ...
Continue Reading... -
22 Jun 2009
Web application security – ignorance or idiocy?
You've heard me rant about common management and developer views of Web security here and in the articles I write for TechTarget. Here's some third-party validation of my thoughts. Entertaining yet sad....
Continue Reading... -
16 Jun 2009
Getting back to the basics – what’s it going to take?
With all the worry about budgets and all the marketing hype over some of these fancy vendor security solutions, I still see so many simple/silly/stupid things related to IT that need to be fixed before a penny is ever spent or a single new technology is ever deployed. Things like: --Network shares sharing out entire drives full of sensitive files - accessible by anyone with just a basic network login ...
Continue Reading... -
04 Jun 2009
My new security vulnerability scanning service
Well, I'm officially on the SaaS market. I've just launched my security vulnerability scanning service for both basic external security scans as well as the PCI Council's mandated Authorized Scanning Vendor (ASV) scans.Here's what I just posted on my Web site:Whether you need to minimize your investment in information security and compliance, you’re in need of an easy way to discover the low-hanging vulnerabilities, or you need help certifying your ...
Continue Reading... -
25 May 2009
My latest security content
Here's my latest information security content you may be interested in:How to forge an IT consulting careerHow to maintain IT shop efficiency when you're the last man standingDesktop security preparation for a new wave of Windows appsAs always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts and more....
Continue Reading... -
18 May 2009
Tips on keeping your job these days
I recently wrote about How to maintain IT shop efficiency when you're the last man standing (which reminds me I forgot to post this on my new content updates!).Well, here are some more tips that Linda Tucci with SearchCIO.com just wrote about.So there you go...two reading assignments. :-)...
Continue Reading... -
11 May 2009
My latest security content
Here's my latest information security content - more from the queue coming soon...just waiting for it to be published.Here's a webcast I recorded for SearchCIO.com:Continuous Data Protection (CDP) Strategies for the EnterpriseHere are two whitepapers I wrote for Realtimepublishers.com on behalf of Credant:Navigate the Future of HIPAA ComplianceData Protection for the Evolving WorkforceAs always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts ...
Continue Reading... -
27 Apr 2009
My latest security content
Here's my latest information security content for your perusal.For starters, here's an article I wrote for Security Technology Executive magazine:Social Engineering: The big risk no one's thinking aboutHere's an article I re-published for a local Atlanta site called TechLINKs:How's your information security culture?Here's a bit I wrote for SearchDataBackup.com:Data security concerns with online backup...and here's a podcast I recorded for SearchCompliance.com:The future of compliance policy managementAs always, be sure to ...
Continue Reading... -
20 Apr 2009
Neat open source SIM tool
I attended a local networking event here in town last week where a representative from AlienVault presented their open source security incident/event management tool called OSSIM. I had to endure a painful sales pitch (that wasn't supposed to be a sales pitch, mind you) and a simple-minded "use this product for all your needs" approach to information security...but the tool actually looks promising. It's a "free" way to pull together ...
Continue Reading... -
16 Apr 2009
Someting you need to know about all-in-one scanners
I've been approached a couple of times in the past few weeks regarding the "scanner" and "vulnerability management" vendors that are touting their all-in-one approach to security vulnerability assessments and compliance scans. The interest has been around PCI DSS and specifically Rapid7's solutions (apparently their marketing folks are doing a good job). There are other vendors coming into the space as well including a big one being announced at RSA ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
