• 26 May 2017

    From web to mobile to connected cars – here are some application security resources you need to check out

    Given all of the variables and complexities associated with information security, I still believe that application security is the biggest weakness in most organizations and the one area where we can truly effect the greatest change. Here are some pieces that I have written recently regarding web and mobile app security that you might enjoy:Identifying and addressing overlooked web security vulnerabilitiesWhat the end of hot patching mobile apps means for ...

    Continue Reading...
  • 17 May 2017

    My new content on preventing ransomware + infosec leadership and careers

    From ransomware to IT and security leadership and careers - they all sort of go hand-in-hand. Here's some new content for you to check out: Five ways to prevent a ransomware infection through network security An unfunded mandate is not a mandate How top IT pros stand apart Using unrealized IT talent to your advantage Great ways to get management on your side with application security The side-effects of miscommunication ...

    Continue Reading...
  • 15 May 2017

    The real reasons behind the WannaCry ransomware

    As we continue down the path of yet another major security breach - this time with the ransomware WannaCry - let us remember that it's not just about the criminal hackers, out-of-control government agencies such as the NSA, or vendors such as Microsoft putting out vulnerable software. Every single one of us working in IT, security, and business today are complicit in these challenges. Outdated/unsupported operating systems are running. We ...

    Continue Reading...
  • 08 May 2017

    My CSO interview/story: What it takes to be an independent information security consultant

    I'm very honored to have been interviewed recently for CSO Magazine about my background and what it takes to stand out - and survive - as an independent security consultant. Check it out here:Thanks for the nice write-up, Bob Violino!...

    Continue Reading...
  • 01 May 2017

    Thoughts on the 2017 Verizon DBIR, hacking security policies, breaking into the infosec field, ransomware and more

    Here are some recent pieces I've written for the good people at IANS: Verizon DBIR shows why we’re still struggling with security Security policies don’t get hacked. Why do they get all the attention? Strategies for Thwarting State-Sponsored Hacks Rooting out Ransomware Where, exactly, is your information? CEO Spoofing - Don't get fooled Take responsibility for vendor product security Are you making this mistake with your phishing awareness campaign? As ...

    Continue Reading...
  • 13 Apr 2017

    Why SOC audit reports can be misleading, mobile app security gotchas, and more…

    Here are some links to recent articles I've written regarding application security...if you take anything away from this, it's that you can't afford to take this part of your security program lightly. Dealing with vendors who want to push their SOC audit reports on you Explaining discrepancies in different security assessment reports Why DAST and SAST are necessary if software is solid from the get-go Nixing credential re-use across unrelated ...

    Continue Reading...
  • 03 Apr 2017

    People will violate your policies all day long…if you let them.

    I recently saw this out in front of a local restaurant where management was trying to resolve parking, sidewalk access, and traffic issues. Their "control" obviously doesn't work:Be it parking cars or using computers, instant gratification is the name of the game. People want what they want. They want it right now. And, they will take the path of least resistance - and violate your policies in the process to ...

    Continue Reading...
  • 31 Mar 2017

    Outsourcing security monitoring, guest wireless network risks, and more infosec content to help your business

    I can't believe that I recently submitted my 1,000th article...it's been a long time coming! I first started writing in 2001 and it has been one of the best things I ever did. Thanks so much for your support over the years!Here's some new content I've written for the nice folks over at Toolbox.com (Ziff Davis) that you might be interested in:  Outsource your security monitoring/alerting and be done with ...

    Continue Reading...
  • 13 Mar 2017

    Web and mobile application security vulnerability and penetration testing resources

    Application security is no doubt one of the most important aspects of a security program. Here are some new pieces I've written that can help keep your web and mobile app vulnerabilities in check and your application security program on the right track...pay special attention to the last one regarding security assessments and reality:Keeping your Web applications in check with HIPAA complianceMobile app security risks could cost you millionsCommon oversights ...

    Continue Reading...
  • 03 Mar 2017

    Email phishing services: Just what you need to know to start mastering the task

    Got phished? Of course you have...whether you know it or not! As with penetration and vulnerability testing and any other form of security assessment, you need to be performing email phishing tests on your users – all of them, including executive management – on a periodic and consistent basis. I'm doing more and more of this work and the results that I'm finding are astounding...to the point that all other security ...

    Continue Reading...

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including:

 

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO CISSP cities coronavirus covid-19 cybersecurity data breaches eagle syndrome hacking Hacking For Dummies health helmet communications incident response information risk keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements sql injection tethered spinal cord time management underimplemented vulnerability and penetration testing web security zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.