-
28 Jan 2014My latest security content impacting everyone from CIOs to project managers to those who are “going green”
I thought you might be interested in these recent information security articles and webcasts I've written and recorded:Information security project considerations for project managersThe information security basics your organization should already knowHow VARs can help customers securely discard e-waste Regulatory compliance requirements for security solutions providersKeeping resilientExtending HIPAA Compliance from Electronic Health Records to Document and Data TransmissionsInformation Technology and Business Continuity – Filling the gaps to protect your businessBe ...
Continue Reading... -
13 Jan 2014
How do you exercise your “power” in IT?
My new favorite quote I came across recently is the following from Ayn Rand: "Economic power is exercised by means of a positive, by offering men a reward, an incentive, a payment, a value; political power is exercised by means of a negative, by the threat of punishment, injury, imprisonment, destruction. The businessman's tool is values; the bureaucrat's tool is fear."...interestingly, her quote applies directly to IT and security by ...
Continue Reading... -
13 Dec 2013
Remembering the guy who has made a huge impact: Richard Carlson
I read this week's blog post from Kristine Carlson - wife of the late Richard Carlson, author of the Don't Sweat the Small Stuff books - that outlined more about his passing, seven years ago to this date. It's an uplifting post yet sad story.I often quote Richard when I write and speak. It's odd that I'm able to use the ideas from such a prolific author on self-help and ...
Continue Reading... -
22 Nov 2013
A great infosec quote
The late (and great) Jim Rohn once said:“If you really want to do something, you'll find a way. If you don't, you'll find an excuse.” Oh my...so many information security tie-ins. ...
Continue Reading... -
13 Nov 2013
Reaver Pro: a simple tool for cracking WPA on a LOT of wireless networks
If wireless security testing is on your radar, you need to get Reaver Pro. As I outlined in this Hacking For Dummies, 4th edition chapter, Reaver Pro is a great tool for cracking the WPA pre-shared key on all those consumer-grade wireless APs/routers that everyone installs in the enterprise. The latest version of Reaver Pro is very simple to use. No live CDs or VMs to boot. You simply connect ...
Continue Reading... -
11 Nov 2013
My latest security content (lots of stuff on application security)
I thought you might be interested in my latest articles/tips on web and mobile application security:Why you need to pay attention to the slow HTTP attackLessons learned from a web security breachApplication security calls for a proactive approachUnderstanding the value of the OWASP Top 10 2013The Role Of An Automated Web Vulnerability Scanner In A Holistic Web Security AuditAre Obamacare’s health insurance exchanges secured? Likely not. Can software quality pros ...
Continue Reading... -
18 Oct 2013
What you need to know about security vulnerability assessments (that no one is willing to share)
I'd love it if you'd join me over at SearchSecurity.com next week where I'll be talking about the rest of the story regarding security assessments...You know the tools and you're probably familiar with the methodologies...that's why I'm going to share with you many other important aspects of security assessments that, unless someone tells you, you'll likely only learn the hard way. And that's no fun.In my webcast What you need ...
Continue Reading... -
08 Oct 2013
Windows 8.1 changes/enhancements, BitLocker’s improvements, and related Windows mobile/security tips
In addition to my independent information security assessments through my consultancy Principle Logic, I've been writing a ton...including a lot on Windows 8 and 8.1. Check out these new pieces published by my friends at TechTarget:What's old, what's new for the enterprise with Windows 8.1Understanding why Windows 8 for mobile is perfectly viable for enterprise use Don’t forget enterprise password protection in a merger or acquisition Three ways Sysinternals Process Explorer ...
Continue Reading... -
07 Oct 2013
Experiencing problems with authenticated web vulnerability scans? Try NTOSpider.
You're performing authenticated web vulnerability scans, right? If you're not, you're missing out...big time. When performing authenticated scans, you'll find a whole different set of security flaws likely consisting of session fixation, SQL injection (that often differs among user role levels), weak passwords, login mechanism flaws, and perhaps...just maybe that beloved cross-site request forgery flaw that may or may not be exploitable or even matter in the context of what ...
Continue Reading... -
06 Sep 2013
Sprechen Sie Deutsch? Hacking For Dummies now in German!
Check out the latest foreign-language edition of my book Hacking For Dummies:Hacking For Dummies is now in 6 languages: English, Estonian, German, Italian, Portuguese, and Simplified Chinese.Very cool. If you're like me and English is pretty much your only language, you can see more about that version here.Prost!...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including:
