-
21 Sep 2016Join me along with ISACA and TechTarget today to learn about how to advance your infosec career!
I'm happy to announce that I'll be joining ISACA and TechTarget for their annual online security seminar - a day-long learning event for IT and information security professionals. My session this afternoon, which starts at 3:30pm ET, will be I Can Do versus I Have Done...Certification, Experience, and the Information Security Career Path. You can register by clicking the image or via this link: http://www.bitpipe.com/data/document.do?res_id=1469026420_560 I hope to ...
Continue Reading... -
19 Sep 2016
People Behaving Badly and information security’s tie-in
Last week, I had the opportunity to travel to the Bay Area in California to record an information security video (thanks Intel and TechTarget!). Of course, I couldn't travel across the country and not see the sights of San Francisco. A most excellent highlight of the trip was for my son and I to meet television and social media celebrity, Stanley Roberts. My son is a huge fan of Stanley's, ...
Continue Reading... -
19 Sep 2016
What, exactly, is reasonable security? The state of California knows!
With all that's happening in the world of information security, it seems that there's never enough regulation. From to HIPAA to the state breach notification laws to PCI DSS and beyond, there are rules - and guidance - around every corner. Oddly enough the breaches keep occurring. As if what we've been told up to this point is not reasonable enough. Some people, mostly federal government bureaucrats and lawyers who ...
Continue Reading... -
09 Sep 2016
How to (finally) get your information security program on track
Here's some of my latest content...this time on running a well-oiled information security program. Enjoy!Core reasons why information security programs failHow to stick to your IT security planIt takes more than resolve to manage an effective security programThe one thing that criminal hackers have on their side that you don't Setting and achieving realistic information security program goals for 2016Waiting until the last minute to implement long-term security measuresIT turnover ...
Continue Reading... -
24 Aug 2016
A WordPress security resource for you: WP Security Audit Log
WordPress has had its fair share of security flaws over the years. Arguably more than any other mainstream platform. A quick search of 'wordpress' at the National Vulnerability Database returns over 1,100 published vulnerabilities as old as 2004 and several as recent as this month. Despite all of the security issues, WordPress is a highly-popular platform for businesses and individuals alike to create their online presence.There are a lot of ...
Continue Reading... -
12 Aug 2016
Penetration Testing and Security Assessment Essentials…Don’t ignore this stuff.
Want tips on how to perform better security assessments and penetration tests? Here you go:What are the most important security testing basics?Determining your scope of security testingBest Practices and Tips for Choosing Application Security Testing ToolsWhy ALL of your Web applications need security testingIt can be dangerous assuming a vulnerability is not a vulnerabilityWhat constitutes a “critical” security flaw?Rely on data center audits alone and you’ll get hit eventually What ...
Continue Reading... -
28 Jun 2016
Email phishing expertise: Lack of skills or just a lackadaisical approach to security?
I can't think of any current security test that's more important than email phishing. Yet, it seems that so few organizations actually include this phishing as part of their ongoing information security assessments and penetration tests. I suppose that's why we keep hearing about all of the Cryptolocker infections and crazy statistics being published by Verizon, Ponemon and others. Here are some articles that I have written that can help ...
Continue Reading... -
05 May 2016
Twitter hack–NFL draft consequences
I recently received this press release regarding Ole Miss offensive tackle Laremy Tunsil's Twitter account and how it affected his NFL draft:Amazing.Will someone please tell me how the consequences of basic security weaknesses surrounding social media, passwords, and malware do not impact us all personally and professionally....
Continue Reading... -
04 May 2016
Yet another over-hyped security flaw making the headlines
For years now, I've ranted here and elsewhere about the nonsensical niche security "flaws" uncovered by researchers and academic scholars that often have no real bearing on business or society. There are always caveats, always reasons why these super-complicated exploits won't work, yet they make the headlines time and again. The recent Waze app discovery is a great example:Vulnerability in Google's Waze app could let hackers track you, researchers sayLook ...
Continue Reading... -
25 Apr 2016
New content on web application security testing
Here are a two brand new pieces I've written on web application security recently for the nice folks at TechBeacon:Why ALL of your apps need security testing4 insider tips for choosing application security testing toolsMore to come - you can link/subscribe to my author page here. Enjoy!...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including one of the best-sellers of all time:
