-
03 Jan 2012Great quote to live by
Here's one of my favorite #quotes you can apply to your career, regardless of which field you're in:"A successful life is one that is lived through understanding and pursuing one's own path, not chasing after the dreams of others." -Chin-Ning Chu...
Continue Reading... -
03 Jan 2012
Damballa’s Fight Against Advanced Malware
Malware being out of sight and out of mind often creates the perception that risks aren't present. Just because there’s no perceived risk, doesn’t mean it’s not there. Heads buried in the sand over the real malware threat leads to breaches that most organizations aren't prepared to handle. Having worked on a project involving an APT infection, I’ve seen first-hand how ugly this stuff can get.Endpoint protection isn’t enough. Analyzing ...
Continue Reading... -
02 Jan 2012
Let’s make 2012 the year we get past “compliance” as we’ve known it
I hope your 2012 has gotten off to a grand start! Mine has. I believe this year is going to further demonstrate why we're working in one of the best possible fields in the world.To get things rolling this year, I wanted to share with you a few new pieces I've written for TechTarget's SearchCompliance.com regarding...well, compliance. It's one of those topics that tends to infuriate me when it comes ...
Continue Reading... -
20 Dec 2011
Holiday wishes and what’s in store for 2012
I'd like to send out a special holiday wish to everyone: Merry Christmas, Happy Hanukkah and Happy New Year!This year has been extraordinarily great for me in my business and I owe it all to my clients, presentation and seminar participants, and purchasers of my books and audio content. Thank you very much!I have lots of neat things right around the corner including a YouTube video channel and new Security ...
Continue Reading... -
17 Dec 2011
WebInspect: How SQL injection testing *should* be done
SQL injection is arguably the grandest of all security vulnerabilities. It can be exploited anonymously over the Internet to gain full access to sensitive information - and no one will ever know it occurred. Yet time and again it's either: overlooked by people who don't test all of their critical systems from every possible angle overlooked by people who haven't learned how to properly use their Web vulnerability scanners overlooked ...
Continue Reading... -
16 Dec 2011
AlgoSec & what happens when you don’t look for flaws from every angle
I recently had the opportunity to see how well AlgoSec's Firewall Analyzer performs in a real-world security assessment. Long story short, Firewall Analyzer found a weak password on an Internet-facing firewall that would've gone undetected otherwise. A traditional vulnerability scanner didn't find it nor did two different Web vulnerability scanners. Nothing was uncovered via manual analysis either.Only AlgoSec's Firewall Analyzer found the weakness...no doubt a flaw that would've been exploited ...
Continue Reading... -
15 Dec 2011
Big-data-retention-storage-security…what a mess!
I've written some new bits on storage security and data retention that you may be interested in...especially as your move your "big data" to the cloud in 2012. You are going to do that, right? ;-) Enjoy!Data security and backup encryption remain criticalSecure data storage strategies and budget-friendly security tools for SMBsHeading in the Wrong Direction with Data Protection?As always, be sure to check out www.principlelogic.com/resources.html for links to all ...
Continue Reading... -
15 Dec 2011
Going green’s tie-in with infosec
If you've been following my blog and my principles for even a short period of time you've probably figured out that I pull no punches when it comes to personal responsibility and limited government. There's hardly anywhere I'm more passionate in this regard than the marketing smoke and mirrors of "Going Green" and the religion of "global warming". I should say "climate change"; that covers warming and cooling for the ...
Continue Reading... -
12 Dec 2011
Why uninterruptible power supplies have higher quality than Web apps
I recently purchased an APC uninterruptible power supply for my office and noticed something peculiar in the packaging. It was a small piece of paper that says "QUALITY ASSURANCE TEST". It has the time, date, operator ID and other identifying information for the specific piece of hardware.As you can see in the image, this QA test sheet has 33 unique tests that were performed on the unit presumably before it ...
Continue Reading... -
11 Dec 2011
Windows security exploits, all over again
There's a good bit brewing in the Windows world regarding security and I suspect 2012 will make for an interesting year...Here are some new pieces I've written for TechTarget along these lines where I cover Windows 8 and SharePoint security, using Metasploit to exploit flaws as well as some Windows security oversights I see in practically every internal security assessment I do. Enjoy!Patching and continuous availability in Windows Server 8SharePoint ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including:
