-
25 Mar 201468% of workers do this…and we wonder why we have security problems!
I've always believed that information security is a people problem that goes deep into the psychology of how we think. Here's a great example...starting at 0:24:http://johnmaxwellteam.com/industrious/This is the basis for why our so-called leaders rise to power, why there's a gap between the haves and have-nots, and why so many "ailments" afflict society. Many people simply don't believe in themselves and have no desire or motivation to get any better. ...
Continue Reading... -
03 Mar 2014
Interesting sights at #RSAC 2014
I attended the RSA Conference last week...there was a lot of the same security nonsense (see my posts below) but a very good show nonetheless. You should attend next year, especially if you've never been. With 25,000+ attendees and more vendors than you can ever imagine in this space, it's a spectacle.Speaking of "vendors", one thing that struck me as interesting - what government employee was ballsy enough to use ...
Continue Reading... -
19 Feb 2014
Step up or step aside, somebody needs to fix your security woes
I just got off of phone call with some friends/colleagues where we were discussing the latest security trends. After talking it occurred to me that we're basically going backwards in time with information security. It seems with the Target breach, stupid passwords people are still using in 2014, and even today's new SANS-Norse healthcare security report, it just keeps piling up as if nothing works.But it can work - if ...
Continue Reading... -
04 Feb 2014
The power of how we *think* about information security
Here's a good piece on coping with stress - something all of us in IT know all too well. One thing in particular caught my eye that meditation expert Jon Kabat-Zinn said - it's something that may help explain the common approach many people take to information security..He said:We may find ourselves resisting innovation and change and becoming overly protective of what we have built because we feel threatened by ...
Continue Reading... -
13 Jan 2014
How do you exercise your “power” in IT?
My new favorite quote I came across recently is the following from Ayn Rand: "Economic power is exercised by means of a positive, by offering men a reward, an incentive, a payment, a value; political power is exercised by means of a negative, by the threat of punishment, injury, imprisonment, destruction. The businessman's tool is values; the bureaucrat's tool is fear."...interestingly, her quote applies directly to IT and security by ...
Continue Reading... -
13 Dec 2013
Remembering the guy who has made a huge impact: Richard Carlson
I read this week's blog post from Kristine Carlson - wife of the late Richard Carlson, author of the Don't Sweat the Small Stuff books - that outlined more about his passing, seven years ago to this date. It's an uplifting post yet sad story.I often quote Richard when I write and speak. It's odd that I'm able to use the ideas from such a prolific author on self-help and ...
Continue Reading... -
22 Nov 2013
A great infosec quote
The late (and great) Jim Rohn once said:“If you really want to do something, you'll find a way. If you don't, you'll find an excuse.” Oh my...so many information security tie-ins. ...
Continue Reading... -
14 Aug 2013
Municipal information security weaknesses, hacking, careers, & committees
Here's some new content I've written recently on various information security topics you might be interested in:Government Security: Uncovering Your Weaknesses (common vulnerabilities I see when performing security assessments for municipalities)Eight questions to ask yourself before moving to C-suite management (are you really sure you want to do this!?)IT career paths: Working for yourself is an attainable dream (if you want to stop working for the man)Top 9 ways to ...
Continue Reading... -
12 Aug 2013
You can’t see the light ’til you open your eyes…
I noticed a lot of interesting topics/news coming from the Black Hat conference last week such as: SSH Communications Security Unveils General Availability Of SSH Risk Assessor ToolPreparing For Possible Future Crypto AttacksCrack of mobile SIM card crypto and virtual machine features could let an attacker target and clone a phone HTTPS Hackable In 30 Seconds: DHS AlertNo doubt, these are all worthy topics that will help improve information security over the ...
Continue Reading... -
18 Jul 2013
Authenticated vulnerability scan pains…Rapid7 to the rescue.
Apparently the folks at Rapid7 have people working on their Nexpose team that have actually performed security assessments for a living. You see, Nexpose has this seemingly trivial feature that can create a world of difference in the life of a security practitioner - it's part of the Site Configuration (i.e. scan settings) called Test Credentials as seen in the following screenshot: Sanity brought about by people who use their own ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
