• 28 Nov 2007

    Welcome to my new blogging platform

    You may have noticed a lull since my last posting. Believe it or not, I've been fighting and fighting and fighting some more with my previous blog software/platform that I was hosting on my own to get it to do what I needed. After many iterations of trying to edit templates, change styles, installing and re-installing MySQL, PHP, Apache, Perl...you name it, I realized that I wasn't spending my time ...

    Continue Reading...
  • 26 Oct 2007

    My articles from this week

    A new thing I'm going to start doing on my blog is linking to any articles I've recently written for TechTarget and other trade publications. Sort of an added bonus to what I write here in my blog. For all of my past content be sure to check out www.principlelogic.com/resources.html. Here are this week's entries: Eight reasons to do source code analysis on your web application Database security testing terms: ...

    Continue Reading...
  • 17 Oct 2007

    Don’t test your Web applications because they’re too critical…? What!?

    I can't tell you how many times I've come across network managers who choose to ignore their most critical business applications - all in the name of system uptime. I had a recent event that sparked this very post. The general perception is "We haven't tested our e-commerce/online banking/employee portal/ fill-in-the-blank Web application for security vulnerabilities - we're afraid it may go down if it's hit too hard..." My initial ...

    Continue Reading...
  • 11 Oct 2007

    The industry’s first patch management program?

    Apparently I was ahead of my time. Way back in 1996 I wrote and sold a program called LANUP through a consulting company a buddy of mine and I ran on the side. LANUP - short for local area network update - was designed for NetWare operating systems. I wrote it out of desperation because I was administering so many NetWare servers at the time - I needed some automation. ...

    Continue Reading...
  • 08 Oct 2007

    Are you open minded?

    One thing I talk about when speaking on information security careers is something that many overlook yet it can make or break our success in this field. It's learning from others and continually educating yourself throughout your career. A lot of us in IT are pretty closed-minded. It's not just toddlers and teenagers that think they know it all - it's often ourselves and our peers. A typical mindset is ...

    Continue Reading...
  • 02 Oct 2007

    What’s it going to take to encrypt laptop drives?!

    So, the latest in the lost laptop world is that 800,000 job applicants of Gap, Inc. now have their personal information exposed. Apparently the laptop was stolen from the office of an "experience third-party vendor". Experienced in what? Not taking security seriously? Apparently the contractor wasn't using encryption which was in violation of an agreement it had with Gap, Inc. You mean contracts aren't enough to protect information? Go figure.Gee ...

    Continue Reading...
  • 28 Sep 2007

    Is Your Wireless Encryption Enough?

    After reading this piece about the recently released report on the TJX breach from the Office of the Privacy Commissioner of Canada and the office of the Information and Privacy Commissioner of Alberta, I had a thought about the false sense of security that wireless encryption gives us. TJX was apparently using both WPA and WEP for wireless encyrption but it was the WEP that got them into trouble. The ...

    Continue Reading...
  • 27 Sep 2007

    Security is a Choice

    As the saying goes, the more things change they more they stay the same. It suits what's happening with security just perfectly. It's common knowledge that computer security is a problem that affects every business and every individual in some way. Security best practices are available. The rules have been laid down. Why are breaches still occurring?I think to myself, on the surface there's:information systems complexityuntrained IT staffpeople not using ...

    Continue Reading...
  • 07 Sep 2007

    How secure is your law firm’s extranet?

    Do you work for a law firm that provides a client Web portal that houses extremely sensitive case information (or other similar system that allows a client to manage their own data)? If so, chances are there are weaknesses in the system waiting to be exploited. Be it the commonly-used SharePoint or any other commercial or home-grown system, all it takes for someone with ill intentions to create a problem ...

    Continue Reading...
  • 06 Sep 2007

    Is it too much to expect the best?

    There's something that's coming up more and more that I'm building a stronger opinion about each year. It's expecting the best of ourselves and others. We're coming to a point in our society where it's inappropriate, offensive, and politically incorrect to demand the best from our ourselves and others in literally every aspect of our personal lives and our careers. This is especially true in our society where those who ...

    Continue Reading...

Resources

view all

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including:

 

Tags

application security appsec basics books careers censorship CISO CISSP cities compliance coronavirus covid-19 cybersecurity data breaches hacking Hacking For Dummies heads in sand health incident response information risk keynote speaker leadership macOS networked cameras passwords patching racing resilience Russian hacking SDLC security culture security leadership security program management security speaker selling security social engineering speaking engagements spec miata sql injection tiktok time management training vulnerability and penetration testing web security

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.

For your convenience I accept