• 26 Sep 2011

    Compliance or risk: what the real IT leaders focus on

    Whatever your approach to managing IT and information security, here's a new bit I wrote for Security Technology Executive magazine on fixing what needs to be fixed before you do ANYTHING else:Fix Your Low-Hanging Fruit or Forever Hold Your PeaceOnce you have the urgent flaws on your most important systems out of the out of the way, here are some pieces I wrote for SearchCompliance.com on dealing with compliance while, ...

    Continue Reading...
  • 21 Sep 2011

    Buying, selling & consigning used hardware great for IT budgets

    In IT and information security we're required to come up with creative ways to save money any way we can. Well, how about this novel idea: buy used network and computer hardware, or sell what you've already go so you can upgrade.A good friend of mine works at a company (Riverside) that does just that. They buy, sell and consign used network and computer hardware to help businesses save (or ...

    Continue Reading...
  • 20 Sep 2011

    Pick up that paper at your own peril

    From @Quotes4Writers on Twitter, this totally reminded me of me:"You have to be brave to take out that white sheet of paper and put on it words that could be evidence of your stupidity." - Sol Saks...

    Continue Reading...
  • 19 Sep 2011

    Windows ASLR, APTs, server malware protection and common patching gaps

    Here are some new pieces I've written for the TechTarget sites SearchWindowsServer.com and SearchEnterpriseDesktop.com on Windows (in)securities in the enterprise including a bit on the over-hyped and misunderstood APT threat (is that like "ATM machine"?) which I got to see first hand while working on a project that involved one of the Operation Shady Rat victims:The APT threat to Windows environmentsWhy you need address space layout randomization in Windows Server ...

    Continue Reading...
  • 16 Sep 2011

    No CPEs for you!

    I spoke at the @ISACAAtlanta GeekWeek show and all I got was this lousy notification ;-)Seriously, it was a good show that I recommend next time they have it....

    Continue Reading...
  • 16 Sep 2011

    My new paper on BitLocker’s hidden costs

    I've been a fan of Microsoft BitLocker since it first came out. It provides a cheap and easy way for users to lock down their laptops and mobile storage devices and is especially helpful in small businesses where security knowledge is scarce at best. Although BitLocker protection can be bypassed, it's still better than nothing - like WEP for wireless networks.Anyway, if you're considering BitLocker as your disk encryption solution, ...

    Continue Reading...
  • 16 Sep 2011

    I love solid state drives but I’m no fan of OCZ

    I tweeted about this the other day but though it deserved a longer post. If you do anything with IT/security tools such as vulnerability scanners, network analyzers and the like you HAVE to get a solid state drive.Hands down, installing solid state drives in my laptops has been the best computer upgrade I have ever made in 22 years of using computers. Better than doubling my RAM, better than upgrading ...

    Continue Reading...
  • 15 Sep 2011

    Your organization vs. BP: what will faulty decisions lead to in your business?

    Imagine a scenario where poor management, failure to take appropriate action, personnel changes and miscommunication about who's responsible for what leads to a catastrophic event at your business? That's exactly what the findings were of the BP oil spill.Sadly, 11 people died because of this incident. Luckily, our line of work isn't quite so risky but your business can still get in a bind when information security is mismanaged.Here's a ...

    Continue Reading...
  • 14 Sep 2011

    NetIQ’s file integrity monitoring solution

    A couple of weeks ago, I had the privilege of speaking at the Information Week / Dark Reading Virtual Trade Show How Security Breaches Happen and What Your Organization Can Do About It.In my presentation How to Win the War Against Cybercrime, I apparently had a brain-cramp moment and said that I'm not seeing anybody with good file integrity monitoring. Um, duh, Kevin (as I smack myself in the face), ...

    Continue Reading...
  • 13 Sep 2011

    Stephen Covey’s insight applies to information security

    I love the following quote...very applicable to what we do:"You can't talk yourself out of a problem you behave yourself into." - Stephen CoveyOkay, you may be able to talk your way out of bad security decisions with the right attorneys or a cybersecurity insurance policy. Having worked cases involving data breaches, compliance and intellectual property, I can say that it won't be a short-lived, inexpensive or painless ordeal....

    Continue Reading...

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including:

 

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO CISSP cities coronavirus covid-19 cybersecurity data breaches eagle syndrome hacking Hacking For Dummies health helmet communications incident response information risk keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements sql injection tethered spinal cord time management underimplemented vulnerability and penetration testing web security zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.