• 15 Apr 2020

    Security awareness/training and security policy tips for tough times

    It's a tired subject at this point. Still, I still wanted to share some pieces that I've written on security awareness/training and security policies over the years that your business might benefit from to help get (keep) your arms around your remote workforce and overall information security program...no need to buy anything or hire anyone to help. The following are all you need to get rolling and/or fine-tune: Security Awareness ...

    Continue Reading...
  • 20 Mar 2020

    Want to get better at (whatever)? Explain the concepts to others.

    I recently had the opportunity to write an article for Ross Bentley's Speed Secrets Weekly newsletter. It's one of the most popular newsletters in motorsports with a ton of visibility. Ross was kind enough to let me reshare my article here...I wanted to share it with you because it relates to IT and security just as much as it does to racing a car. Being a professional writer in information/computer ...

    Continue Reading...
  • 18 Mar 2020

    Look for the lessons and be a leader among the COVID-19 panic

    “The hardest thing to explain is the glaringly evident which everybody had decided not to see.” – Ayn Rand Interesting how the world has changed in the past couple of weeks, huh? Here in the U.S., we went from a thriving economy and living in what might be described as the best time to be alive to what seems like an abrupt halt - doom and gloom - all within a couple of ...

    Continue Reading...
  • 07 Mar 2020

    Speaking engagement for ALAS in Phoenix was a big success!

    I had the opportunity to be invited to speak at the Attorney's Liability Assurance Society (ALAS) 2020 Cybersecurity Conference in Phoenix, AZ last week, and it was awesome. With a great group of 220 law firm IT leaders and general counsel professionals, I presented Beyond the Policies: Top 5 Security Findings (that I see in literally every security assessment I perform). I also served as a panelist for a lively ...

    Continue Reading...
  • 26 Jan 2020

    Learning to be a better security speaker with Brian Tracy

    I recently had the most amazing opportunity to learn more about becoming a better speaker. I got to spend two full days sitting around a conference table and in the studio with the one and only Brian Tracy. I've been speaking professionally for the past decade and a half. As with many of the important things in my life such as information security consulting, car racing, and personal relationships, I've ...

    Continue Reading...
  • 30 Aug 2019

    SQL injection is lurking…Are you looking for it?

    I don't always find SQL injection vulnerabilities in the web applications I test but I have been seeing it more and more recently. I can't figure out why... When I do uncover this grandest of all vulnerabilities, it's usually pretty ugly as it was with this recent finding: Using Acunetix Web Vulnerability Scanner to uncover SQL injection across various web pages and parameters Look for this flaw. Use good tools ...

    Continue Reading...
  • 23 Aug 2019

    Cities + hacking & ransomware: what’s really going on?

    I do a lot of work for municipalities - cities, towns, and county governments - and I've concluded one thing: I don't envy those in charge of their IT and security. Apparently, municipal hacking is all the rage. At least that's what the media is currently portraying. For example, it's on the front page of today's New York Times: https://www.nytimes.com/2019/08/22/us/ransomware-attacks-hacking.html Ransomware Attacks Are Testing Resolve of Cities Across America The ...

    Continue Reading...
  • 18 Jul 2019

    How does your incident response program measure up?

    I've heard it said that experience is something you don't get until just after you need it. Incident response is one of those things. How do you fully prepare for something that you've never had to deal with? Well, there are ways, but you have to prepare before the going gets rough. The best thing you can do is to define what "incident" means, think through the scenarios, and create ...

    Continue Reading...
  • 13 Jul 2019

    IT and computer security career tips & resources

    In preparation for my upcoming webinar on information security careers (check that out, by the way!), I was updating my website with IT and security career-related articles. Since I last updated my careers page, I've written 35 new pieces...35! Wow, apparently I need to go back and read some of my own tips on time management. :-) Enjoy and I hope to see you this coming Tuesday (July 16, 2019) ...

    Continue Reading...
  • 04 Jun 2019

    Here’s a BIG mobile security exposure you may be overlooking

    With security, if your goal is to minimize your maximum regret, there's a lot to be thinking about. User behaviors involving mobile devices are at the heart of some of the larger business risks, especially if you're like the majority of businesses I see and support bring your own device (BYOD) For phones and tablets. Well, here's something that you may have thought about in passing but haven't done anything ...

    Continue Reading...

Resources

view all

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including:

 

Tags

application security basics books careers censorship CISO CISSP cities compliance coronavirus covid-19 cybersecurity data breaches hacking Hacking For Dummies heads in sand health incident response information risk keynote speaker leadership macOS networked cameras patching racing resilience Russian hacking SDLC security culture security leadership security program management security speaker selling security social engineering speaking engagements spec miata sql injection tiktok time management training vulnerability and penetration testing web security

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.

For your convenience I accept