• 14 Jan 2013

    How are you getting your points across?

    Here's a great point to remember regarding information security:"A mediocre person tells. A good person explains. A superior person demonstrates. A great person inspires others to see for themselves." -Harvey Mackay...

    Continue Reading...
  • 21 Dec 2012

    IT security careers, committees, and corruption

    Here are some new pieces I've written on IT and security leadership (or lack thereof). Enjoy!What to do when the CIO gets in the way of enterprise IT securityHow to form a functional enterprise IT security committeeUnderstanding management gets your IT department what it needsFive Concepts for IT Security SuccessAs always, check out principlelogic.com/resources for links to all of my information security whitepapers, podcasts, webcasts, books, and more....

    Continue Reading...
  • 09 Dec 2012

    What do credibility, BYOD, & mobile security have in common?

    They're the topics of three new pieces I've written!I can't believe I've been writing more than ever lately but haven't kept up with my posts accordingly. In the interest of catching up, here's some new content I've written on mobile security, BYOD, and IT/security careers:Credibility is the cornerstone of your careerAs BYOD, cloud change networking, VPN management still indispensibleTop 10 reasons we have our heads in the sand over mobile ...

    Continue Reading...
  • 26 Nov 2012

    Fix for painful authenticated web vulnerability scans requiring MFA

    Authenticated web security scans are one of the most frustrating parts of web security assessments. I mean they're downright painful, oftentimes seemingly impossible - especially if multi-factor authentication (MFA) technology is in use. Yet authenticated scans are critically important. It's scary how many times I uncover serious flaws (i.e. SQL injection) while logged-in as a typical user of a web site/application. That is if I can get my web vulnerability ...

    Continue Reading...
  • 13 Nov 2012

    Are you doing enough to protect your secrets? It’s unlikely.

    If the person who heads the CIA can't keep his "secrets"; nothing's secret. It's as simple as that.What are you doing to ensure your intellectual property is protected?Lawyers will claim their contracts are enough. Management will leave their heads in the sand and claim their IT folks are handling it. Neither are enough.Fix the silly/ridiculous/inexcusable low-hanging fruit on your network and then put the proper technologies and procedures in place ...

    Continue Reading...
  • 10 Oct 2012

    Arguing for infosec’s limitations

    Here's a powerful information security-related quote that underscores many of the challenges we face:"Some men have thousands of reasons why they cannot do what they want to, when all they need is one reason why they can." -Willis R. Whitney Is your management on board with security or not? They're either part of the solution or part of the problem. It's up to you to take the appropriate steps to ...

    Continue Reading...
  • 04 Oct 2012

    Calling all executives and managers…

    For all those who don't quite "get" information security...You've heard the saying: It's not what happens to you in life that is important - what matters is how you react to what happens. Don't let this be your mantra for managing information risks!It DOES matter what happens to you...figure out where you're weak and don't let it happen. Oh, and, have a Plan B....

    Continue Reading...
  • 02 Oct 2012

    Windows server and workstation security essentials

    Over the past couple of months I was so focused on writing new content that I've been remiss in posting it online. Here are some tips, thoughts and general opinions around Windows server and workstation security:Desktop backup oversights that can get you into a bindFree open source security tools for finding and fixing Windows flawsMobile security and how you can no longer ignore its impact on enterprise desktop management Why ...

    Continue Reading...
  • 01 Oct 2012

    One-sided information risk management doesn’t work

    ...

    Continue Reading...
  • 25 Sep 2012

    Be it in healthcare or infosec, the short term is for losers

    With all the doctor & hospital visits I've gone (and am still going) through with family members in the past few years, I've come to the conclusion that many (most?) healthcare providers - especially those smart doctors society holds on a pedestal - absolutely cannot see the big picture. They can't think past the appointment time slot in which they're currently working, much less next year and beyond.Adding to the ...

    Continue Reading...

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including one of the best-sellers of all time:


Hacking For Dummies, 8th edition penetration testing book

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO compliance coronavirus covid-19 cybersecurity data breaches discipline eagle syndrome hacking Hacking For Dummies health helmet communications incident response keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements tethered spinal cord tiktok time management underimplemented vulnerability and penetration testing web security willingness zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.