-
04 Mar 2011My upcoming information security speaker roadshow
Thanks to TechTarget and CDW starting this month I'm embarking on an 11 city speaking tour across the U.S. Along with my colleague Pete Lindstrom, we'll be speaking/ranting about all sorts of network security and data protection stuff including:Embedding Security into the Network—Building Defense in DepthSecuring your Presence at the Perimeter: Contrary to Popular Belief, you do still have a Network PerimeterLocking Down Server and Workstation Operating Systems: A Critical ...
Continue Reading... -
02 Mar 2011
Data breach statistics show that problems still exist
Have you checked out the Chronology of Data Breaches lately?...Very interesting stats on known data breaches. I peruse the site through every now and then and it seems that every time I do there's an organization that 1) I've done business with (for personal stuff) or 2) as in the case of MicroBilt Corporation's breach posted last week they're right down the road from me.Does the six degrees of separation ...
Continue Reading... -
02 Mar 2011
Two career essentials: time management & hands-on experience
If I had to choose two things that IT and information security pros need to focus on more than anything else, it'd be learning how to manage your time and continually fine-tuning your technical skills.Well here are two pieces I wrote for SearchWinIT.com that that delve into these topics:Time management strategies for the IT proLow-cost ways to get the IT skills you need...learn these skills and practice them over and ...
Continue Reading... -
02 Mar 2011
My roundtable tomorrow on the state of IT compliance
Join me and my colleagues/friends Becky Herold (The Privacy Professor) and Scott Woodison (security manager extraordinaire) on Focus.com tomorrow at 2pm ET where we'll be talking about:Compliance vs. managing information risks - there is a differenceCommon compliance-related mistakesRecent changes to information security and privacy regulations and how they affect youRecommendations on what your business can do to get its arms around the compliance beastIt'll be laid back yet informative...we'll no ...
Continue Reading... -
02 Mar 2011
The real numbers behind lost laptops
Here's a recent piece I wrote for my friends at SearchCompliance.com regarding the lost laptop problem and what it's costing businesses:The Billion Dollar Lost Laptop – What’s it costing your business?I've seen some naysayers out there stating that there's no way a lost laptop could match up to Ponemon's figures. I say why find out!? Whatever the cost, the solutions for laptop security are simple once the choice is made ...
Continue Reading... -
28 Feb 2011
Security talent ≠ security success
Here's one of those great quotes that applies directly to infosec:“Talent is cheaper than table salt. What separates the talented individual from the successful one is a lot of hard work.” -Stephen KingThere are plenty of people who understand security architecture, hacking and related technical issues but few who really get the essence of risk and have taken the necessary steps to make information security work in support of the ...
Continue Reading... -
21 Feb 2011
New issue of Security Technology Executive @secinfowatch
The new edition of a very solid and unique magazine on security (both physical and IT) - Security Technology Executive - is now online.Be sure to check out the column I wrote in this issue entitled "Fighting the Malware Fight All Over Again" on page 21....
Continue Reading... -
17 Feb 2011Are you focusing on the infosec basics where it counts?
Here's a good read from @arstechnica on the HBGary story. It's a fascinating story in and of itself. But the oversights related to information security "best practices" is amazing. What is it going to take to get people to focus on the basics? Seriously, folks...Forget about all the fancy hack attacks and complex exploits for now and fix the low-hanging fruit. It's basic triage - stop the bleeding first. Focus ...
Continue Reading... -
17 Feb 2011
Not surprised by the Wells Fargo ATM outage based on what I see
Here's an interesting story about the widespread Wells Fargo ATM outage that occurred last week. There's speculation around the cause of the outage. Was it a hack? Was the system inadvertently taken down during system upgrades? Who knows...What I can say is that virtually every ATM I've come across in my work performing internal security assessments in/around the financial industry has been riddled with security holes. I've seen weak OS ...
Continue Reading... -
12 Feb 2011
Windows 7, Windows Phone 7, & Windows Firewall
Be it smartphones or desktops, when it comes to securing Windows you've got to look at both. Here are some new pieces I wrote for SearchEnterpriseDesktop.com that you may be interested in:Security considerations for Windows Phone 7Should you use third-party patching tools to keep Windows 7 secure?Weighing Windows Firewall for enterprise desktop protection...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including:
