-
01 Apr 2011Web security tidbits on developers, leadership, weak passwords & more
Here are a few pieces I've written recently on Web application security you may be interested in...things that affect each and every one of us working in IT and infosec:I wouldn’t want to be a developer these daysDon’t overlook the importance of authenticated testingYou can’t change what you tolerateTesting for weak passwords: a common oversight without a great solutionHow often should you test your web applications?Notable changes in the PCI ...
Continue Reading... -
01 Apr 2011
Time management + getting over your job title in IT
Here are some IT career bits I wrote for TechTarget's SearchWinIT.com that you may be interested in:Time management strategies for the IT proYour title is worthless; your value is priceless This is the best time ever to focus on these things.Enjoy!Also, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts and more....
Continue Reading... -
28 Mar 2011
A quick review of WebInspect 9 shows HP’s still got it
It's been a long time coming but it's finally here: HP's WebInspect version 9. I've been using WebInspect for nearly 10 years now and I believe this new version of WebInspect is one of the most significant upgrades they've put out. They've essentially taken what was already one of the best Web vulnerability scanners and have made it better, especially when it comes to workflow and streamlined usability.A few things ...
Continue Reading... -
26 Mar 2011
Viewfinity’s latest privilege management offering
I had the opportunity to meet up with my colleague Matt Stubbs with SnappConner on a recent visit to Salt Lake City. One of the things we discussed was Viewfinity's new privilege management software release.Viewfinity provides a public or private cloud solution to locking down Windows desktops including:getting your arms around administrator-level privileges (perhaps once and for all?)allowing users to install permitted applications, printers, etc.blocking/whitelisting of applicationsCheck out this screencast ...
Continue Reading... -
20 Mar 2011
Getting your ducks in a row with cloud compliance
Cloud, cloud, cloud - it's all we're hearing about these days. Frankly I'm over the hype - have been for a while...But whether or not we buy into all this hoopla over "the cloud", the technologies and associated security risks and compliance headaches aren't going anywhere. With that here are a couple of new pieces I've written for SearchCompliance.com that you may be interested in:The cloud’s compliance complexities you cannot ...
Continue Reading... -
15 Mar 2011
Discount code for SecureWorld Expo Atlanta
Have you ever attended SecureWorld Expo? It's a neat security conference that travels around the U.S. bringing content to you. I traveled around and spoke at their shows for years and can attest that it's a very good value - especially when you can't afford or otherwise justify going to RSA, CSI and related shows.The folks that run SecureWorld Expo have setup a discount code for me (SWEBEAV) that will ...
Continue Reading... -
15 Mar 2011
Perhaps the goofing off is justified
I've written in the past about how little we utilize our brain capacity - especially at it relates to goofing off on the job...Well perhaps those folks goofing off know something that I didn't. According to the Department of Labor and BTN Research:The average productivity of the American worker (defined as output per hour of work) has increased 30 percent over the past decade (i.e., 2001-2010). Mathematically this means the ...
Continue Reading... -
07 Mar 2011
The real secret to career success…in any market
I often hear stories and radio commercials about the tough time college graduates are having right now finding work. In a recent bit, some recommendations were to work harder and get online because you've got to find a way to stand out in the eyes of potential employers in this market.Yeah, yeah...anybody can do those two things. But let's back up. There's one thing that most people don't do: it's ...
Continue Reading... -
07 Mar 2011
CLEAR’s customer no-service
CLEARly incompetent - that's how I rate @CLEAR Wireless' customer service. I signed up for their service about 6 weeks ago. It actually works pretty well. Great download speeds and so-so upload speeds. Still, overall, WiMax is an amazing technology.As much as I liked it I just couldn't bear the slow upload speeds so I decided to take the hit on the two months of service I prepaid for and ...
Continue Reading... -
07 Mar 2011
Disaster recovery & security plus e-discovery & records management
Here are some recent articles I wrote for TechTarget's SearchDisasterRecovery.com and SearchCompliance.com on the relationships between DR planning and information security as well as records management and the dreaded e-discovery process. Serving as an expert witness on various information security cases, I can assure you that you'll want to be prepared for both - especially the latter:Disaster recovery security: The importance of addressing data security issues in DR plansLeaning on ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including:
