-
26 Jul 201110 years working for myself
This month marks 10 years since I started my information security consulting business Principle Logic. I cannot express to you how grateful I am to be so blessed.Like many businesses, things weren't all rosy from the get-go. My wife, Amy, and I worked very hard to build up the business through networking, fostering relationships and little bit of marketing sprinkled in here and there. We did that over and over ...
Continue Reading... -
21 Jul 2011
Solid IT and infosec content to check out
I just got back in town from doing a video shoot on cloud security with my friends and colleagues at TechTarget in Boston (man, I love that city). Anyway, I feel compelled to share with you a few of TechTarget's websites that I write for and I know they have lots of others with all sorts of information security, compliance and IT content. Here you go:SearchCompliance.comSearchEnterpriseDesktop.comSearchEnterpriseLinux.comSearchWinIT.comSearchSQLServer.comSearchMobileComputing.comSearchSoftwareQuality.comSearchNetworking.comSearchSecurityChannel.com...all of their sites are ...
Continue Reading... -
21 Jul 2011
Thomas Paine knew his infosec
Here's a great infosec quote from statesman Thomas Paine:"Our greatest enemies, the ones we must fight most often, are within."This applies to both malicious insiders and ourselves as each of us certainly tend to get in our own way when it comes to making things happen with security....
Continue Reading... -
18 Jul 2011
If only “they” could understand us
You know how most people don't really understand the professions of others with whom they mingle or interact with? You know, retail clerks typically don't understand IT, doctors don't understand accountants, used car salesmen don't get landscaping and so on. Information security is arguably one of the cloudiest and least understood for those who aren't exposed to it on a daily basis.After reviewing the headlines of my emails today I ...
Continue Reading... -
14 Jul 2011
eEye’s Metasploit integration – we need more of this!
Kudos to eEye Digital Security for integrating Metasploit within their Retina vulnerability scanner. According to this recent press release:"Using the free Retina Community scanner or the Retina Network Security Scanner (version 5.13.0 or higher), users can see whether a vulnerability has an associated exploit from Core Impact, Metasploit, or Exploit-db.com, allowing IT Security professionals to better prioritize vulnerabilities and fix the biggest risks first. In addition, if a Metasploit exploit ...
Continue Reading... -
12 Jul 2011
How smartphones can make us look dumb
Not long ago I heard a gentleman speaking with radio show host Clark Howard about a phone he purchased online. He said it had all sorts of personal information belonging to the previous owner including her healthcare records. Ouch.If I understood the caller correctly it sounded like this personal information was sent to the previous owner by her doctor. A doctor who I'm sure is HIPAA compliant...after all, as most ...
Continue Reading... -
04 Jul 2011
Cloud insecurities, when are they going to end?
This week's post is about cloud security - technically, lack thereof...Check out these new pieces I've written for Security Technology Executive and Acunetix:Dark Cloud Looming?What’s your take on cloud security?Enjoy!As always, be sure to check out www.principlelogic.com/resources.html for links to my 500+ articles, whitepapers, podcasts, webcasts, books and more....
Continue Reading... -
01 Jul 2011
Get over yourself
The late, great Richard Carlson once said:"Humility and inner peace go hand in hand. The less compelled you are to try to prove yourself to others, the easier it is to feel peaceful inside." I believe this theory explains why so many people in IT and information security are so stressed out. I'm also convinced that this concept is the basis for all the bad choices and negative behavior we've ...
Continue Reading... -
27 Jun 2011
The value of partial code scanning, now
Check out my new piece on the business value of partial code scanning where I outline why it's better to start your source code analysis now instead of waiting around until certain milestones of your development projects are reached or your software applications are completed altogether.It's kind of funny and ironic that we humans are all about instant gratification, yet with information risk issues such as source code analysis, we ...
Continue Reading... -
27 Jun 2011
Dropbox “bug” = why the cloud cannot be blindly trusted
I've been ranting about "the cloud" (what a tired term) for a couple of years now. As if we haven't seen enough examples lately of why we cannot put all our eggs in the cloud basket, here's one more with the "code bug" that impacted Dropbox's authentication mechanism over the weekend.Sure, Dropbox isn't an enterprise cloud app per se but I'll guarantee you it's impacting your enterprise this very moment. ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including one of the best-sellers of all time:
