-
28 Feb 20243 resources to help with the SEC’s cybersecurity ruling on incident reporting
There's been a lot of buzz in recent months regarding the new US Securities and Exchange Commission (SEC) cybersecurity ruling involving incident resporting. Check out the following resources I created for the folks at web application and API vulnerability scanning vendor Probely. We help you cut through the noise and understand what really matters in the context of incident reporting/response and, especially, its impact on overall application security. SEC Cybersecurity ...
Continue Reading... -
01 Jul 2021People talking used to be a phishing defense…what can you do now?
I was speaking with a client recently about when their users receive phishing emails, they will typically yell to others across the room and down the hallway to be on the lookout. But, the days of everyone being in the office at the same time and users having that luxury are gone. At least for now... As we get back to our old normal (I refuse to refer to it ...
Continue Reading... -
23 Aug 2019Cities + hacking & ransomware: what’s really going on?
I do a lot of work for municipalities - cities, towns, and county governments - and I've concluded one thing: I don't envy those in charge of their IT and security. Apparently, municipal hacking is all the rage. At least that's what the media is currently portraying. For example, it's on the front page of today's New York Times: Ransomware Attacks Are Testing Resolve of Cities Across America The hacking ...
Continue Reading... -
30 May 2019Networking + learning at the 2019 SecureWorld Atlanta show
Before I went out on my own and started my own information security consulting business, I learned two things: 1) I work in information security but I'm really a sales professional (everyone is in sales whether they like to believe it or not) 2) It's not about who I know but also who knows me I found that practicing and growing these aspects of my career is as important as ...
Continue Reading... -
19 Mar 2019
Good, old-fashioned, boring passwords – the key to good security
Many people are quick to proclaim that passwords are dead...that SSO, MFA, and related technologies are THE solution. Not so fast. Passwords, as we've known them for decades, are not going away anytime soon. Sure, I'll embrace the technologies that help take the pain out of passwords and password management. Hopefully we will be password-free in the next few decades. Still, pragmatism will win out over presumed quick fixes every ...
Continue Reading... -
13 Jul 2018
Introducing my brand new vulnerability and penetration testing book: Hacking For Dummies, 6th edition
Want to learn the essentials of vulnerability and penetration testing? Looking for insight into which testing tools you need to use to get the job done right? Maybe you need help in determining the difference between the vital few security vulnerabilities and the trivial many that sidetrack so many people? Perhaps you need help selling information security to management and keeping them on board with what you're doing? Well, if ...
Continue Reading... -
21 Feb 2013Yet another reason to get more in tune w/mobile & the cloud
Here's a good post from Elcomsoft's Vladimir Katalov that underscores the dangers of many things I've written and spoken about in recent years: Cloud security - especially as it relates to mobile apps (and in the case of this piece, iCloud) Mobile control - BYOD, MDM and all those buzzwords sound nice but what exactly are you doing to ensure the business information that's being carelessly handled by your employees ...
Continue Reading... -
18 May 2012
-
20 Jan 2012
My articles & webcasts on hacking, incident response, compliance & IAM
I wanted to share with you a few new pieces I've written for TechTarget and Cygnus on incident response, compliance for systems integrators and the not-so-sexy but all-too-important technology, identity and access management:The importance of incident response plans in disaster recoveryRegulatory compliance requirements for security solutions providersIdentity Management’s great bang for the buckAlso, here are some webcasts I recorded for TechTarget, Information Week/Dark Reading and SecurityInfoWatch.com that you may be ...
Continue Reading... -
20 Mar 2009
Another Web security scanner to check out
OK, I covered Acunetix Web Vulnerability Scanner in a previous post and now it's time to share a bit about another Web vulnerability scanner called N-Stalker Web Application Security Scanner 2009. I've used N-Stalker for a while dating back to when it was a free product nearly 10 years ago. Compared to the competition I must to admit that I haven't been really impressed with the tool until now. Thiago ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
