• 26 Nov 2012

    Fix for painful authenticated web vulnerability scans requiring MFA

    Authenticated web security scans are one of the most frustrating parts of web security assessments. I mean they're downright painful, oftentimes seemingly impossible - especially if multi-factor authentication (MFA) technology is in use. Yet authenticated scans are critically important. It's scary how many times I uncover serious flaws (i.e. SQL injection) while logged-in as a typical user of a web site/application. That is if I can get my web vulnerability ...

    Continue Reading...
  • 13 Nov 2012

    Are you doing enough to protect your secrets? It’s unlikely.

    If the person who heads the CIA can't keep his "secrets"; nothing's secret. It's as simple as that.What are you doing to ensure your intellectual property is protected?Lawyers will claim their contracts are enough. Management will leave their heads in the sand and claim their IT folks are handling it. Neither are enough.Fix the silly/ridiculous/inexcusable low-hanging fruit on your network and then put the proper technologies and procedures in place ...

    Continue Reading...
  • 10 Oct 2012

    Arguing for infosec’s limitations

    Here's a powerful information security-related quote that underscores many of the challenges we face:"Some men have thousands of reasons why they cannot do what they want to, when all they need is one reason why they can." -Willis R. Whitney Is your management on board with security or not? They're either part of the solution or part of the problem. It's up to you to take the appropriate steps to ...

    Continue Reading...
  • 04 Oct 2012

    Calling all executives and managers…

    For all those who don't quite "get" information security...You've heard the saying: It's not what happens to you in life that is important - what matters is how you react to what happens. Don't let this be your mantra for managing information risks!It DOES matter what happens to you...figure out where you're weak and don't let it happen. Oh, and, have a Plan B....

    Continue Reading...
  • 02 Oct 2012

    Windows server and workstation security essentials

    Over the past couple of months I was so focused on writing new content that I've been remiss in posting it online. Here are some tips, thoughts and general opinions around Windows server and workstation security:Desktop backup oversights that can get you into a bindFree open source security tools for finding and fixing Windows flawsMobile security and how you can no longer ignore its impact on enterprise desktop management Why ...

    Continue Reading...
  • 01 Oct 2012

    One-sided information risk management doesn’t work

    ...

    Continue Reading...
  • 25 Sep 2012

    Be it in healthcare or infosec, the short term is for losers

    With all the doctor & hospital visits I've gone (and am still going) through with family members in the past few years, I've come to the conclusion that many (most?) healthcare providers - especially those smart doctors society holds on a pedestal - absolutely cannot see the big picture. They can't think past the appointment time slot in which they're currently working, much less next year and beyond.Adding to the ...

    Continue Reading...
  • 21 Sep 2012

    Perhaps the biggest & most widespread security gaffe of all

    ...

    Continue Reading...
  • 11 Sep 2012

    GoDaddy: ‘Malfunction’ as the new scapegoat?

    We've been hearing about 'computer glitch' for a while. That's what the talking heads on the news always cite when something goes awry with a computer system. Perhaps 'malfunction' is the new scapegoat? That's the route GoDaddy is taking. They say it was a 'malfunction', not hacking, that took them and presumably hundreds of thousands (millions?) of other systems offline for hours yesterday.I'm sure it had nothing to do with ...

    Continue Reading...
  • 16 Aug 2012

    You can’t buy security for $1, but some people will fall for it

    I recently deposited a check at a giant monster mega bank that's continually trying to sell me new services and the teller asked: "Would you like to buy identity theft protection for just $1 today?"Wow, really...so you're saying my personal information will be safe and secure for a mere $1...!? Amazing...but no thanks. Sadly, many in management are like the average consumer: they just don't realize what it takes to ...

    Continue Reading...

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including:

 

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO CISSP cities coronavirus covid-19 cybersecurity data breaches eagle syndrome hacking Hacking For Dummies health helmet communications incident response information risk keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements sql injection tethered spinal cord time management underimplemented vulnerability and penetration testing web security zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.