• 03 May 2012

    Video: The (partial) solution to information security denial

    ...

    Continue Reading...
  • 12 Feb 2012

    SQL injection cheatsheet & tips for getting management on board

    Here's a neat "cheatsheet" on SQL injection by NTObjectives that outlines some common attack strings, commands and so forth. Their SQL Invader SQL injection tool is worth checking out as well. If you're having trouble selling management on the dangers of SQL injection, check out this piece I wrote about it not long ago:SQL Injection – The Web Flaw That Keeps on GivingTen Ways to Sell Security to Management Happy ...

    Continue Reading...
  • 27 Sep 2011

    Web security essentials: something old and something new

    Here are some new bits I've written on Web security that you may be interested in. First a bit on SQL injection - the greatest Web flaw of all in my humble opinion:SQL Injection – The Web Flaw That Keeps on GivingAnd a bit on how to use your users to your advantage to minimize Web security risks:Getting users on your side to improve Web security...and finally a piece on ...

    Continue Reading...
  • 15 Sep 2011

    Your organization vs. BP: what will faulty decisions lead to in your business?

    Imagine a scenario where poor management, failure to take appropriate action, personnel changes and miscommunication about who's responsible for what leads to a catastrophic event at your business? That's exactly what the findings were of the BP oil spill.Sadly, 11 people died because of this incident. Luckily, our line of work isn't quite so risky but your business can still get in a bind when information security is mismanaged.Here's a ...

    Continue Reading...
  • 02 Aug 2011

    Indeed, many executives are insulated from reality

    Here's a piece where I, Richard Stiennon, Andrew Baker and others weigh on executive management's involvement in information security:Focus Experts’ Briefing: How CEOs Can Prepare for and Respond to CyberattacksUnless and until executives get on board with security - across the board - I'll continue reciting one of my favorite quotes:“Many executives are insulated from reality and consequently don’t know what the hell is going on.” -James Champy...

    Continue Reading...
  • 24 Aug 2010

    Selling security: To persuade to is succeed

    Okay, so your managers aren't getting security and your users aren't on board either. Security's not looking too good but you know it needs to happen. Just how can you "sell" security to those who matter most? Here's a collection of articles and blog posts I've written that address this very subject:How to get - and keep - user support with securityHow to get management on board with Web 2.0 ...

    Continue Reading...
  • 09 Aug 2010

    How you can get developers on board with security starting today

    Some people - including a brilliant colleague of mine - think security is not the job of software developers. In the grand scheme of things I think such an approach is shortsighted and bad for business. It's kind of like an auto assembly line worker not being responsible for the quality of his work or citizens not being responsible for their own healthcare (oh wait!) or why the bottom 50% ...

    Continue Reading...
  • 04 Jan 2010

    My latest security content

    Here's some more new information security content - stuff on network administration, employee monitoring, checklist audits, and more. Enjoy!How to get - and keep - user support with security How to get management on board with Web 2.0 security issues Underlying causes of inconsistent patch management Are your IT administrators trustworthy? Monitoring user activity with network analyzersPriorities for your sound regulatory compliance management policy Go beyond a checklist audit for ...

    Continue Reading...
  • 29 Sep 2009

    Know of anyone who is “ignorant of the facts”?

    British prime minister Benjamin Disraeli once said "To be conscious that you are ignorant of the facts is a great step to knowledge." What a great quote related to information security...in the context of both users and management. There are people out there who understand the basics of information security risks. It's all the other people you need to focus on. Here's how you can build credibility and get others ...

    Continue Reading...
  • 23 Jul 2009

    “Change” sells but who’s buying?

    So in the past year we've gone from:"global warming" to "climate change" (esp. with the ridiculous cap and trade bill that's going to further hurt our economy)Islamic terrorism to "man-caused disaster" ...and the latest in the Obamacare scam we heard about last night:healthcare reform to "health insurance reform"Boy are our so-called leaders sneaky! It's amazing how these politicians change their wording up ever so slightly to make their schemes sound ...

    Continue Reading...

Resources

view all

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including:

 

Tags

application security appsec basics books careers censorship CISO CISSP cities compliance coronavirus covid-19 cybersecurity data breaches hacking Hacking For Dummies heads in sand health incident response information risk keynote speaker leadership macOS networked cameras passwords patching racing resilience Russian hacking SDLC security culture security leadership security program management security speaker selling security social engineering speaking engagements spec miata sql injection tiktok time management training vulnerability and penetration testing web security

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.

For your convenience I accept