• 25 Apr 2012

    My webcast on software source code analysis

    Here's a recent webcast I put together with the folks at Checkmarx (makers of a dandy source code analyzer) that you may be interested in:The business value of partial code scanningEnjoy!...

    Continue Reading...
  • 23 Apr 2012

    How are you spending your time?

    Not long ago I had a conversation with a colleague of mine who's also a consultant. We were discussing the topic of how, even with today's shaky economy, people still goof off on the job as if they had nothing to lose.Are you seeing this too? I wrote about this phenomenon over three years ago. Funny how not much changes internally given all the external forces pressing down on us.Not ...

    Continue Reading...
  • 16 Apr 2012

    Basic features of WebInspect – the kind of stuff great scanners are made of

    Wondering what helps minimize the pain, stress and time required to run effective Web vulnerability scans? It's the things you can see in the toolbar of HP's WebInspect: Start/Resume, Pause - because you're going to need to pause and resume your scans at some point.Rescan - because you're going to want to re-run the scan again or re-test for the flaws uncovered previously.Compare - because you're going to have a ...

    Continue Reading...
  • 09 Apr 2012

    Video: Here’s the one thing you can do to improve #infosec right now

    ...

    Continue Reading...
  • 08 Apr 2012

    Disk encryption for HIPAA + HITECH & why BitLocker may not be the solution

    I'm finally back in the swing of things after taking some time off for Spring Break. I hope you're enjoying your Spring as well.Here are two articles I've recently written about full disk encryption...arguably the greatest missing link in any given business's information security program.Things you need to think about regarding disk encryption and data protection for HIPAA and HITECHBitLocker’s improvements leave gaps to be aware ofEnjoy!As always, be sure ...

    Continue Reading...
  • 31 Mar 2012

    Video: Don’t worry about your title, focus on this instead

    My thoughts on why you need not worry about how people address you. [Hint: it's not about you.] There are bigger things to be concerned with....

    Continue Reading...
  • 28 Mar 2012

    This is your crazy JetBlue captain speaking

    Anyone is capable of doing anything...that's what comes to mind when I think about the JetBlue captain going mad on a flight yesterday. Here's what I know...Just because someone has passed a background check, has a good references and has created a good track record for himself doesn't mean he's not capable of flying off the hook and doing bad things. This applies to pilots as in this situation and ...

    Continue Reading...
  • 22 Mar 2012

    Don’t underestimate the value of firewall rulebase analysis

    Are firewalls sexy? No...but you must understand that they're an integral part of your overall information risk equation. From configuration flaws to rulebase anomalies to overall system inefficiencies, your firewall rulebases can make or break security, business continuity and other critical parts of your IT operations.Last week, AlgoSec's Nimmy Reichenberg and I recorded a webinar titled How to Automate Firewall Operations, Simplify Compliance Audits and Reduce Risk that you may ...

    Continue Reading...
  • 22 Mar 2012

    An interesting Microsoft tool to help with data classification

    Have you ever heard of Microsoft's Data Classification Toolkit for Windows Server 2008 R2? Me either. But it may be worth taking a look at. The lack of data classification and proper retention is at the core of many IT risks not to mention legal and compliance issues. You can't secure (or protect, or retain, or dispose of) what you don't acknowledge. If the Data Classification Toolkit is anything like ...

    Continue Reading...
  • 19 Mar 2012

    Neat tools to seek out sensitive files on laptops & websites

    "Oh yeah, I forgot about all of those files." I've never had a security tool lead to these predictable words regarding sensitive files being stored on unencrypted laptops as much as Identity Finder has. You may have seen Identity Finder in my previous post and related articles and presentations where I've mentioned or demonstrated it. Identity Finder is a commercial product that IT and information security professionals can use to ...

    Continue Reading...

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including:

 

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO CISSP cities coronavirus covid-19 cybersecurity data breaches eagle syndrome hacking Hacking For Dummies health helmet communications incident response information risk keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements sql injection tethered spinal cord time management underimplemented vulnerability and penetration testing web security zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.