• 21 Nov 2011

    Don’t turn a blind eye on the basics

    I'm all about shoring up the basics of Web security before throwing money at the situation. If you're interested in saving not only money but also time and effort, here are some new pieces I've written on Web security that you may be interested in: Explaining the why of Web application security Improving Web security by working with what you’ve got Not all Web vulnerability scans are created equal Why ...

    Continue Reading...
  • 04 Oct 2011

    Should You Ban Facebook at the Office?

    In the whitepaper To Block or Not. Is that the Question?, Palo Alto Networks explores the issue of "Enterprise 2.0" applications such as Facebook, Skype, Twitter and YouTube and how users are now in control of the network. Meanwhile, IT staff is saying "just block it!" and users say "just don't block it!," but it's not that simple. As the whitepaper points out, the real answer lies in your ability ...

    Continue Reading...
  • 12 Sep 2011

    Microsoft Exchange Data Retention, Incident Response & Other Gotchas

    Depending on where you're at with your Exchange "maturity model", here are a few pieces I've written for SearchExchange.com about Microsoft Exchange security oversights, policies and plans to help you along the way:How to write an effective data retention policy for ExchangeSolidify Your Exchange Server Incident Response PlanCommon Exchange Security OversightsEnjoy!As always, be sure to check out www.principlelogic.com/resources.html for links to my additional information security articles, whitepapers, podcasts, webcasts, books ...

    Continue Reading...
  • 31 Aug 2011

    Talk is cheap: Time to rethink your data retention strategy (or lack thereof)?

    Here's a fascinating story about a court case involving data retention you need to read. And pass it along to your management as well. It talks about how businesses aren't doing what they need to be doing with regard to data retention and how decisions are being made for us by the courts. Interestingly most businesses I come across (large and small) don't have any semblance of a data retention ...

    Continue Reading...
  • 28 Apr 2011

    The mobile device free-for-all dilemma

    From @ECIOForum, can you envision enterprises giving workers any desktop or mobile device they want to do their jobs?I think an important follow-up question is: does it really matter?People are going to do what they're going to do. Those of us in IT and infosec can scream No, No, No this or that mobile devices on the network at the top of our lungs; until eternity...But you know what? People ...

    Continue Reading...
  • 24 Jan 2011

    Web application security testing: how much is enough?

    How often should you test your Web sites and apps for #security flaws? Well, it depends of course! Here's a new bit I wrote where I delve into the different variables and things you need to be thinking about:How often should you test your web applications?Enjoy....

    Continue Reading...
  • 23 Nov 2010

    Windows and Linux management tips and tricks

    From Windows to Linux - desktops to mobile devices - here are some recent pieces I've written for TechTarget that you may be interested in:Devise a Windows XP end-of-life strategy before migrating to Windows 7Troubleshooting Windows 7 with built-in tools and online resourcesSecuring the new desktop: enterprise mobile devicesCommon Linux Security policy management gaps...

    Continue Reading...
  • 11 Oct 2010

    Got compliance? Here are some tips for moving ahead.

    Tired of "compliance"? Me too. But, it's still one of those necessary (arguably sometimes unnecessary) evils we must deal with in business today.Here are some new pieces I've written for the fine folks at SearchCompliance.com that will hopefully be of some benefit to you and your business.:Priorities for your sound regulatory compliance management policyPut compliance management back into server virtualizationAchieving compliance is about more than secure data encryptionWhat compliance professionals ...

    Continue Reading...
  • 16 Sep 2010

    Article 2, Section 1: Employees shall not be allowed to defend themselves

    Here's an interesting scenario of company policy versus state law. Regardless of the interpretation and how it turns out, way to go Iron Mountain for making it known your employees are unarmed!In the same spirit of those "zero tolerance" school zones that tell the bad guys that there's no one there to defend themselves, this kind of stuff is absolutely mindless....

    Continue Reading...
  • 09 Jul 2010

    The reactive nature of policies that people ignore

    I got stuck in a traffic jam while passing through the famous and lovely town of Kennesaw, GA yesterday because of this unattentive truck driver trying to cross a raised railroad crossing:I wonder what part of the No Trucks sign he didn't understand. There's another sign out of the frame that warns truckers of a $1,000 fine if they cross there. Ouch!This situation can be compared to the disconnected and ...

    Continue Reading...

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including:

 

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO CISSP cities coronavirus covid-19 cybersecurity data breaches eagle syndrome hacking Hacking For Dummies health helmet communications incident response information risk keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements sql injection tethered spinal cord time management underimplemented vulnerability and penetration testing web security zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.