• 19 Sep 2016

    What, exactly, is reasonable security? The state of California knows!

    With all that's happening in the world of information security, it seems that there's never enough regulation. From to HIPAA to the state breach notification laws to PCI DSS and beyond, there are rules - and guidance - around every corner. Oddly enough the breaches keep occurring. As if what we've been told up to this point is not reasonable enough. Some people, mostly federal government bureaucrats and lawyers who ...

    Continue Reading...
  • 09 Sep 2016

    How to (finally) get your information security program on track

    Here's some of my latest content...this time on running a well-oiled information security program. Enjoy!Core reasons why information security programs failHow to stick to your IT security planIt takes more than resolve to manage an effective security programThe one thing that criminal hackers have on their side that you don't Setting and achieving realistic information security program goals for 2016Waiting until the last minute to implement long-term security measuresIT turnover ...

    Continue Reading...
  • 24 Aug 2016

    A WordPress security resource for you: WP Security Audit Log

    WordPress has had its fair share of security flaws over the years. Arguably more than any other mainstream platform. A quick search of 'wordpress' at the National Vulnerability Database returns over 1,100 published vulnerabilities as old as 2004 and several as recent as this month. Despite all of the security issues, WordPress is a highly-popular platform for businesses and individuals alike to create their online presence.There are a lot of ...

    Continue Reading...
  • 12 Aug 2016

    Penetration Testing and Security Assessment Essentials…Don’t ignore this stuff.

    Want tips on how to perform better security assessments and penetration tests? Here you go:What are the most important security testing basics?Determining your scope of security testingBest Practices and Tips for Choosing Application Security Testing ToolsWhy ALL of your Web applications need security testingIt can be dangerous assuming a vulnerability is not a vulnerabilityWhat constitutes a “critical” security flaw?Rely on data center audits alone and you’ll get hit eventually What ...

    Continue Reading...
  • 28 Jun 2016

    Email phishing expertise: Lack of skills or just a lackadaisical approach to security?

    I can't think of any current security test that's more important than email phishing. Yet, it seems that so few organizations actually include this phishing as part of their ongoing information security assessments and penetration tests. I suppose that's why we keep hearing about all of the Cryptolocker infections and crazy statistics being published by Verizon, Ponemon and others. Here are some articles that I have written that can help ...

    Continue Reading...
  • 05 May 2016

    Twitter hack–NFL draft consequences

    I recently received this press release regarding Ole Miss offensive tackle Laremy Tunsil's Twitter account and how it affected his NFL draft:Amazing.Will someone please tell me how the consequences of basic security weaknesses surrounding social media, passwords, and malware do not impact us all personally and professionally....

    Continue Reading...
  • 04 May 2016

    Yet another over-hyped security flaw making the headlines

    For years now, I've ranted here and elsewhere about the nonsensical niche security "flaws" uncovered by researchers and academic scholars that often have no real bearing on business or society. There are always caveats, always reasons why these super-complicated exploits won't work, yet they make the headlines time and again. The recent Waze app discovery is a great example:Vulnerability in Google's Waze app could let hackers track you, researchers sayLook ...

    Continue Reading...
  • 25 Apr 2016

    New content on web application security testing

    Here are a two brand new pieces I've written on web application security recently for the nice folks at TechBeacon:Why ALL of your apps need security testing4 insider tips for choosing application security testing toolsMore to come - you can link/subscribe to my author page here. Enjoy!...

    Continue Reading...
  • 20 Apr 2016

    What you need to know about Checkmarx CxSAST version 8

    Application security tool version upgrade usually don't excite me as it's often the same old, same old with a few new checks and niche features. However, the new version of Checkmarx CxSAST (formerly CxSuite, CxDeveloper, etc.) is spot-on. The next generation of the popular static source code analyzer - version 8 - was recently released and it contains some much-needed improvements over its predecessor. One thing that's glaringly evident in version 8 ...

    Continue Reading...
  • 14 Apr 2016

    Will the DBIR include Verizon’s latest breach?

    I'm a little late to pull the trigger on this but felt compelled to ask the question nonetheless:Will Verizon include it's recent breach in its (presumably) forthcoming Data Breach Investigations Report? ...It's related to this press release I received ~3 weeks ago:...

    Continue Reading...

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including:

 

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO CISSP cities coronavirus covid-19 cybersecurity data breaches eagle syndrome hacking Hacking For Dummies health helmet communications incident response information risk keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements sql injection tethered spinal cord time management underimplemented vulnerability and penetration testing web security zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.