• 10 Sep 2014

    Magnasphere and the physical security vulnerability you may not know about

    If you have an alarm system that's dependent on the decades-old reed switches like the one pictured below, you should know they can be easily defeated with a mere compass and a magnet. It's pretty eye-opening...Certainly a good reason to have two, three, or (depending the country you live in and your stance on self-defense) more layers of security in your building or home! :-)A good option for beefing up ...

    Continue Reading...
  • 02 Sep 2014

    Bits & pieces on the 2014 Home Depot data breach

    The news of the new Home Depot credit card breach combined with me being based in Atlanta as well, I feel compelled to share some links to some of the recent pieces I've written about point-of-sale and retail information security in hopes that a nugget or two might prove beneficial to someone out there...here they are:The Target Breach – Can It Be Prevented?Six endpoint management lessons from POS security breachesSecurity ...

    Continue Reading...
  • 28 Aug 2014

    The latest Android / Gmail security flaw & why people don’t take IT & security seriously

    You may have heard about the recently-discovered Android exploit that makes Gmail vulnerable to criminal hackers. I read it over and realized that I have to use this opportunity share an example of what I talk about when "researchers" claim that all is bad in the world because of the latest and greatest exploit impacting whatever software or device they've discovered.This Android/Gmail finding in particular is a great example of ...

    Continue Reading...
  • 27 Aug 2014

    My new webcast on securing your Web environment against denial of service attacks

    I saw a recent study that found that distributed denial of service attacks are getting larger and larger.The thing you need to be thinking about is how you're going to prevent and respond when your Web presence becomes a target.Well, good timing, because I just recorded a new webcast for my friends at SearchSecurity.com on this very topic...In Proven Practices for Securing Your Website Against DDoS Attacks, I have a ...

    Continue Reading...
  • 22 Aug 2014

    CISOs, lawyers, awareness training, and other infosec blunders you need to know about

    I've been super busy putting my twisted thoughts on paper...here are a few pieces you might enjoy:When your lawyer becomes your CISO  The compliance crutch holding up Corporate AmericaThe fallacy of information security awareness and trainingThe one skill worth mastering in ITQuantifying the disconnect between the business and securityThe critical item that’s missing from most IT security programsWhat's your one hot button security item? Top detractors of security oversight The funny ...

    Continue Reading...
  • 19 Aug 2014

    CommView for WiFi – a great option for wireless network analysis

    Several years ago I wrote about the neat WEP/WPA recovery tools offered as part of TamoSoft's wireless network analyzer called CommView for WiFi. Well, those tools are no longer available but CommView for WiFi is as relevant as ever. I've been using it for years. It seems that it hasn't changed a ton other than some UI and packet analysis enhancements - probably just oversights on my part since I ...

    Continue Reading...
  • 18 Aug 2014

    A resource to help with PCI DSS 3.0’s penetration testing methodology requirements

    PCI DSS has been getting a lot of buzz lately and the latest version 3.0 will continue gaining momentum until the many small and medium-sized businesses get their arms around the new requirements. Of particular interest is the updated requirement 11.3 (below) which is much more prescriptive on how to find the actual security flaws that matter. I've always believe that you can't secure what you don't acknowledge...PCI DSS 3.0 ...

    Continue Reading...
  • 05 Aug 2014

    Are you stuck in this information security rut?

    Here's a new post I wrote for Rapid7's blog that I think you might like...There’s nothing really new in the world in which we work. Every problem you face in information security has already been solved by someone else. Why not use that to your advantage? There’s no time for baby steps in security. Sure, you need to “walk before you run” by thinking before you act. That comes in ...

    Continue Reading...
  • 18 Jul 2014

    How to communicate Web security to management, must-have security testing tools, and compliance in the cloud

    Check out these new pieces I've written and recorded on Web application and cloud security. If you follow the things I recommend on communication (first three links), you can absolutely transform your information security program and the way that people perceive you as an IT professional.Communicating with Management about Web Security, Part 1 - Knowing What You're Up AgainstCommunicating with Management about Web Security, Part 2 - Prioritization and Sending ...

    Continue Reading...
  • 10 Jun 2014

    Pitching your ideas in IT

    If you work in IT, your communication and selling skills are more important than anything you can ever do technically. This includes "pitching" your ideas to your audience - typically management and users. As a speaker, I often struggle with new approaches for pitching my ideas.Here's a good Success.com Q&A with Shark Tank's Daymond John to help remind us of what people are looking for. I especially like where Daymond ...

    Continue Reading...

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including one of the best-sellers of all time:


Hacking For Dummies, 8th edition penetration testing book

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO compliance coronavirus covid-19 cybersecurity data breaches discipline eagle syndrome hacking Hacking For Dummies health helmet communications incident response keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements tethered spinal cord tiktok time management underimplemented vulnerability and penetration testing web security willingness zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.