-
03 Apr 2013Regardless of the subject, people see what they want to see
Here's a great quote by Jay Abraham that resonates with IT, information security, politics - you name it:"An amazing thing, the human brain. Capable of understanding incredibly complex and intricate concepts. Yet at times unable to recognize the obvious and simple."...
Continue Reading... -
28 Mar 2013
The idiocy of gun control summarized in a single graphic
I reference "heads in sand" quite often regarding information security but no subject better summarizes this concept than people's willingness to let the government tell them when and where they can defend themselves and their families from criminal thugs. This graphic (source unknown) says it all:Ask anyone who's against self-defense, personal responsibility, and free will if they'd consider putting a sign in their yard or on their door that says ...
Continue Reading... -
25 Mar 2013
Default to F.U.D. and everything’ll be okay
If you can't convince them, confuse them. That's what Harry Truman once said and it reminds me of many IT and information security professionals. They struggle to communicate effectively so they just take the lawyer route and attempt to make things even more confusing...and we wonder why many people outside of IT don't take us very seriously....
Continue Reading... -
07 Mar 2013
Got Compliance? Here’s my way of reducing your pain just a bit.
It's been a while and the content is stacking up, so here's the first of many upcoming posts on new content I've written. This time up, it's a set of tips I've written for Ben Cole at SearchCompliance.com about that dreaded subject...you guessed it....compliance.Enjoy!Considering a career in compliance? Heed these warnings firstAudits, maintenance crucial to business continuity policy successControl, visibility essential to records management and complianceBeware the perils of organization-wide ...
Continue Reading... -
01 Mar 2013
Got WordPress? You’d better secure it.
If you use WordPress, take note. My colleague Robert Abela, one of the foremost experts on WordPress security, has a new course at Udemy.com on Securing a WordPress Blog or Website for Beginners that you should check out. The course costs $15. When you use the coupon code OnWheels, you'll receive a $5 (33%) discount. Don't let your guard down because "it's just a marketing site". WordPress-based sites can have ...
Continue Reading... -
28 Feb 2013
Mobile app security assessments
I wrote recently about performing source code analysis for mobile apps. I'm seeing some crazy stuff that I didn't think I'd see in mobile apps (but I'm not really surprised) related to session manipulation, hard-coded cryptographic keys and the like which underscores the importance of the exercise.But there's another side to mobile app security assessments - it's simply manual analysis. That is poking around with the apps and the mobile ...
Continue Reading... -
21 Feb 2013
Yet another reason to get more in tune w/mobile & the cloud
Here's a good post from Elcomsoft's Vladimir Katalov that underscores the dangers of many things I've written and spoken about in recent years: Cloud security - especially as it relates to mobile apps (and in the case of this piece, iCloud) Mobile control - BYOD, MDM and all those buzzwords sound nice but what exactly are you doing to ensure the business information that's being carelessly handled by your employees ...
Continue Reading... -
18 Feb 2013
Self-delusion + infosec= foolishness
I thought this quote from Ronald Reagan was quite fitting for President's Day:"If history teaches anything, it teaches that self-delusion in the face of unpleasant facts is folly."...
Continue Reading... -
12 Feb 2013
Mobile app security testing – are you checking for all the flaws?
I plan to write a related post soon on my mobile app security assessments. In the meantime, I wanted to share a tool with you that plays a key role in mobile app security: Checkmarx CxDeveloper (or perhaps more appropriately called CxSuite).If you're a developer, QA professional, security manager, or IT generalist, this is a good tool to have for all of those gotta-have-now apps that everyone is throwing together ...
Continue Reading... -
06 Feb 2013
Reactive security, eh? How’s that workin’ for ya?
Every time I browse the Chronology of Data Breaches and read the headlines coming out from Dark Reading, threatpost, and the like, I can't help but shake my head. What is it really going to take to get people - mostly management, but some in IT - to fix the stupid, silly, low-hanging fruit that's plaguing so many networks today...? Well, here's a new piece I wrote for the nice ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
