• 05 Apr 2024

    Find at-risk internal user accounts with myNetWatchman’s Active Directory Audit tool

    I'm always on the lookout for new tools that can do new and interesting things for those of us working in information security. They are few and far between, it seems, at least in the context of vulnerability and penetration testing. However, I've found one that can pay huge dividends. It's called Active Directory Audit by threat intelligence company, myNetWatchman. You know how threat intelligence vendors can find compromised login ...

    Continue Reading...
  • 15 Apr 2020

    Security awareness/training and security policy tips for tough times

    It's a tired subject at this point. Still, I still wanted to share some pieces that I've written on security awareness/training and security policies over the years that your business might benefit from to help get (keep) your arms around your remote workforce and overall information security program...no need to buy anything or hire anyone to help. The following are all you need to get rolling and/or fine-tune: Security Awareness ...

    Continue Reading...
  • 07 Aug 2017

    How to gain control & become an IoT security expert

    You've no doubt heard the vendor spiels and seen their solutions for gaining control of your Internet of Things environment. But do you truly have IoT under control? Like other things in IT, it can be pretty overwhelming, especially when you're struggling to keep your arms around your traditional network environment with cloud and mobile and all the complexities they bring. Well, IoT security doesn't have to be that difficult. It's ...

    Continue Reading...
  • 01 May 2017

    Thoughts on the 2017 Verizon DBIR, hacking security policies, breaking into the infosec field, ransomware and more

    Here are some recent pieces I've written for the good people at IANS: Verizon DBIR shows why we’re still struggling with security Security policies don’t get hacked. Why do they get all the attention? Strategies for Thwarting State-Sponsored Hacks Rooting out Ransomware Where, exactly, is your information? CEO Spoofing - Don't get fooled Take responsibility for vendor product security Are you making this mistake with your phishing awareness campaign? As ...

    Continue Reading...
  • 03 Feb 2017

    Prepping for – or dealing with – a computer security incident? Here are some resources for you.

    It's a reality of using computer systems today - the threats are out there waiting to pounce, especially onto that low-hanging fruit that so many businesses overlook. Here are some pieces I've written in the recent past that address incident response, data breaches, and the like: Figuring out what happened after a data breach Questions that must be answered once a security breach occurs Six endpoint management lessons from POS ...

    Continue Reading...
  • 13 Apr 2016

    Why data classification is a joke

    I just saw this post on Slashdot about 0bama saying that classified means whatever it needs to mean. It reminds me of how data classification is treated as an information risk management function in the enterprise: mostly non-existent:Data classification programs that do exist are typically a joke whereby IT and security handles everything with no involvement from the business or legal or legal handles everything with IT and security being ...

    Continue Reading...
  • 17 Sep 2014

    What if The Home Depot looked to their own store policies for help with infosec?

    If The Home Depot's management were as strict with information security as they are with store policies I'm confident they could've avoided their data breach.Have you heard their policy monger guy on their intercom system while shopping?? He sounds like that guy we've seen in those disturbing Allstate commercials. A bit creepy. It's also quite uninviting - certainly doesn't make you feel welcome in their stores.At least they've covered their ...

    Continue Reading...
  • 07 Mar 2013

    Got Compliance? Here’s my way of reducing your pain just a bit.

    It's been a while and the content is stacking up, so here's the first of many upcoming posts on new content I've written. This time up, it's a set of tips I've written for Ben Cole at SearchCompliance.com about that dreaded subject...you guessed it....compliance.Enjoy!Considering a career in compliance? Heed these warnings firstAudits, maintenance crucial to business continuity policy successControl, visibility essential to records management and complianceBeware the perils of organization-wide ...

    Continue Reading...
  • 03 May 2012

    The funny thing about iPhones & airplane toilets

    My Delta co-passengers and I recently had the opportunity to experience a near 1-hour flight delay due to, none other than, some dude dropping his iPhone into the aft toilet on our fancy Boeing 757. I'm not making this up...Yep, there we were sitting at the gate and this guy comes up to the flight attendants to ask for some help getting his iPhone out of the crapper. Yuck! The ...

    Continue Reading...
  • 02 Jan 2012

    Let’s make 2012 the year we get past “compliance” as we’ve known it

    I hope your 2012 has gotten off to a grand start! Mine has. I believe this year is going to further demonstrate why we're working in one of the best possible fields in the world.To get things rolling this year, I wanted to share with you a few new pieces I've written for TechTarget's SearchCompliance.com regarding...well, compliance. It's one of those topics that tends to infuriate me when it comes ...

    Continue Reading...

Resources

view all

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including:

 

Tags

application security appsec basics books careers censorship CISO CISSP cities compliance coronavirus covid-19 cybersecurity data breaches hacking Hacking For Dummies heads in sand health incident response information risk keynote speaker leadership macOS networked cameras passwords patching racing resilience Russian hacking SDLC security culture security leadership security program management security speaker selling security social engineering speaking engagements spec miata sql injection tiktok time management training vulnerability and penetration testing web security

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.

For your convenience I accept