• 29 Nov 2011

    HDMoore’s Law, revisited

    Here's a good read by Mike Rothman (@securityincite) on how we tend to bury our heads in the sand over the most obvious things including HD Moore's Law. For years, I've had a slide in my presentations titled "Future Trends" where I've talked about how exploits are getting easier for those with ill intent:Easier access to toolsLittle knowledge neededLess elaborate “hacks”More internal breachesMobile business → less controlGreater complexity → more ...

    Continue Reading...
  • 21 Nov 2011

    Don’t turn a blind eye on the basics

    I'm all about shoring up the basics of Web security before throwing money at the situation. If you're interested in saving not only money but also time and effort, here are some new pieces I've written on Web security that you may be interested in: Explaining the why of Web application security Improving Web security by working with what you’ve got Not all Web vulnerability scans are created equal Why ...

    Continue Reading...
  • 10 Nov 2011

    Why compliance is a threat

    Compliance as we know it is arguably one of the greatest threats to enterprise security. Here's why:It creates a heightened sense of self for those responsible for accomplishing a state of compliance.It can cost more to become "compliant" than it does to create a reasonably secure environment.It empowers government.All of the above create complacency and a false sense of security. Please tell me I'm wrong....

    Continue Reading...
  • 09 Nov 2011

    Wooo…HIPAA audits are coming & the irony of KPMG’s involvement

    I've always believed that compliance is a threat to business [hence why I help businesses take the pain out of compliance by addressing their actual information security issues] and this new bit from HHS's Office of Civil Rights is no different. Apparently the HIPAA audits are coming...KPMG - an audit firm that has already proven they have trouble implementing the basic security controls they audit others against - scored a ...

    Continue Reading...
  • 08 Nov 2011

    One of my pet peeves: relying on users to wipe out wimpy passwords

    You cannot - and should never - rely on your users for complete security...yet they're often the first or last line of defense - sometimes both. I wrote about this a while back but it's a problem that's still rampant in IT so I had to bring it up again. It's probably my biggest pet peeves with security. Simply telling users that they need to select strong passwords on their ...

    Continue Reading...
  • 21 Oct 2011

    Users making security decisions is your Achilles’ heel

    I recently came across some content in a book outlining the benefits of SSL. The author depicted a scenario where SSL is in place to help the user authenticate the server/site he's connecting to and if a certificate-related error popped up in the browser then the user would know that the site was malicious and (presumably) not continue on with the connection. This very situation is an example of how ...

    Continue Reading...
  • 26 Sep 2011

    Compliance or risk: what the real IT leaders focus on

    Whatever your approach to managing IT and information security, here's a new bit I wrote for Security Technology Executive magazine on fixing what needs to be fixed before you do ANYTHING else:Fix Your Low-Hanging Fruit or Forever Hold Your PeaceOnce you have the urgent flaws on your most important systems out of the out of the way, here are some pieces I wrote for SearchCompliance.com on dealing with compliance while, ...

    Continue Reading...
  • 15 Sep 2011

    Your organization vs. BP: what will faulty decisions lead to in your business?

    Imagine a scenario where poor management, failure to take appropriate action, personnel changes and miscommunication about who's responsible for what leads to a catastrophic event at your business? That's exactly what the findings were of the BP oil spill.Sadly, 11 people died because of this incident. Luckily, our line of work isn't quite so risky but your business can still get in a bind when information security is mismanaged.Here's a ...

    Continue Reading...
  • 04 Sep 2011

    DNS hack: UPS, National Geographic, Acer, etc. websites affected

    Happy (almost) Labor Day...here's the latest from the criminal hackers: a DNS hack has redirected numerous websites of UPS, National Geographic, Acer, The Register and more. Nice. Betcha it was some low-hanging fruit someone, somewhere overlooked....

    Continue Reading...
  • 31 Aug 2011

    Talk is cheap: Time to rethink your data retention strategy (or lack thereof)?

    Here's a fascinating story about a court case involving data retention you need to read. And pass it along to your management as well. It talks about how businesses aren't doing what they need to be doing with regard to data retention and how decisions are being made for us by the courts. Interestingly most businesses I come across (large and small) don't have any semblance of a data retention ...

    Continue Reading...

Success expert Brian Tracy shares his thoughts on Kevin:

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:


Hacking For Dummies, 8th edition penetration testing book

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO compliance coronavirus covid-19 cybersecurity data breaches discipline eagle syndrome hacking Hacking For Dummies health helmet communications incident response keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements tethered spinal cord tiktok time management underimplemented vulnerability and penetration testing web security willingness zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.