• 13 Aug 2020

    TikTok app privacy. Is it really a big deal?

    I was recently interviewed for a news segment about privacy concerns over TikTok...is it a problem? What makes it different from typical social media data collection? First off, I'm still trying to figure out more about the story behind TikTok bypassing Android's controls and accessing MAC addresses....and why Google didn't do anything about it and, really, why that exploit is available in the first place...That could be a big deal. ...

    Continue Reading...
  • 03 Jul 2020

    The miracle of COVID-19 testing: more tests= more cases. (It works for security too!)

    I'm no jet fuel genius. Nor am I a statistician. I'm certainly no epidemiologist. I don't even consider myself to be one of the smartest people in my own field. But I do know enough to realize that when a problem exists (even if it's yet to be acknowledged), once it's sought after, it will be uncovered. And once it uncovered, does this newfound knowledge actually change anything? Not necessarily. ...

    Continue Reading...
  • 15 Apr 2020

    Security awareness/training and security policy tips for tough times

    It's a tired subject at this point. Still, I still wanted to share some pieces that I've written on security awareness/training and security policies over the years that your business might benefit from to help get (keep) your arms around your remote workforce and overall information security program...no need to buy anything or hire anyone to help. The following are all you need to get rolling and/or fine-tune: Security Awareness ...

    Continue Reading...
  • 20 Mar 2020

    Want to get better at (whatever)? Explain the concepts to others.

    I recently had the opportunity to write an article for Ross Bentley's Speed Secrets Weekly newsletter. It's one of the most popular newsletters in motorsports with a ton of visibility. Ross was kind enough to let me reshare my article here...I wanted to share it with you because it relates to IT and security just as much as it does to racing a car. Being a professional writer in information/computer ...

    Continue Reading...
  • 18 Mar 2020

    Look for the lessons and be a leader among the COVID-19 panic

    “The hardest thing to explain is the glaringly evident which everybody had decided not to see.” – Ayn Rand Interesting how the world has changed in the past couple of weeks, huh? Here in the U.S., we went from a thriving economy and living in what might be described as the best time to be alive to what seems like an abrupt halt - doom and gloom - all within a couple of ...

    Continue Reading...
  • 07 Mar 2020

    Speaking engagement for ALAS in Phoenix was a big success!

    I had the opportunity to be invited to speak at the Attorney's Liability Assurance Society (ALAS) 2020 Cybersecurity Conference in Phoenix, AZ last week, and it was awesome. With a great group of 220 law firm IT leaders and general counsel professionals, I presented Beyond the Policies: Top 5 Security Findings (that I see in literally every security assessment I perform). I also served as a panelist for a lively ...

    Continue Reading...
  • 26 Jan 2020

    Learning to be a better security speaker with Brian Tracy

    I recently had the most amazing opportunity to learn more about becoming a better speaker. I got to spend two full days sitting around a conference table and in the studio with the one and only Brian Tracy. I've been speaking professionally for the past decade and a half. As with many of the important things in my life such as information security consulting, car racing, and personal relationships, I've ...

    Continue Reading...
  • 30 Aug 2019

    SQL injection is lurking…Are you looking for it?

    I don't always find SQL injection vulnerabilities in the web applications I test but I have been seeing it more and more recently. I can't figure out why... When I do uncover this grandest of all vulnerabilities, it's usually pretty ugly as it was with this recent finding: Using Acunetix Web Vulnerability Scanner to uncover SQL injection across various web pages and parameters Look for this flaw. Use good tools ...

    Continue Reading...
  • 23 Aug 2019

    Cities + hacking & ransomware: what’s really going on?

    I do a lot of work for municipalities - cities, towns, and county governments - and I've concluded one thing: I don't envy those in charge of their IT and security. Apparently, municipal hacking is all the rage. At least that's what the media is currently portraying. For example, it's on the front page of today's New York Times: Ransomware Attacks Are Testing Resolve of Cities Across America The hacking ...

    Continue Reading...
  • 18 Jul 2019

    How does your incident response program measure up?

    I've heard it said that experience is something you don't get until just after you need it. Incident response is one of those things. How do you fully prepare for something that you've never had to deal with? Well, there are ways, but you have to prepare before the going gets rough. The best thing you can do is to define what "incident" means, think through the scenarios, and create ...

    Continue Reading...

Resources

view all

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including:

 

Tags

application security appsec basics books careers censorship CISO CISSP cities compliance coronavirus covid-19 cybersecurity data breaches hacking Hacking For Dummies heads in sand health incident response information risk keynote speaker leadership macOS networked cameras passwords patching racing resilience Russian hacking SDLC security culture security leadership security program management security speaker selling security social engineering speaking engagements spec miata sql injection tiktok time management training vulnerability and penetration testing web security

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.

For your convenience I accept