• 29 Aug 2008

    Talk is cheap

    In watching the clips from Obama's Adult American Idol speech last night (I couldn't bear to watch it all live) I was reminded of previous bosses I've had and other people I've seen regarding their "support" of information security:Posturing and pandering and spouting out whatever makes people feel good is very, very easy.Just like certain people are good at manipulating others negatively for their own gains, anyone (Obama, McCain, your ...

    Continue Reading...
  • 29 Aug 2008

    Who needs life vests anyway?

    Jazz Airlines (subsidiary of Air Canada) has removed life vests from their airplanes in the name of saving weight and fuel. So, increase the risk of your passengers at whatever cost...?? I'm sure the savings of 83 pounds per flight should more than outweigh any risk. Sounds like the typical risk management decisions being made in all too many businesses out there.I suspect we'll start seeing this kind of nonsense ...

    Continue Reading...
  • 28 Aug 2008

    Want to try some ‘sploits but don’t have anything to ‘sploit?

    If you've ever wanted to play around with Metasploit - the free pen test/exploitation toolkit - but you didn't know where to start....well, here's an interesting site I came across that hosts free trial versions of software known to be vulnerable to attack using Metasploit, etc..Oh, if you need a quick primer, check out the following articles I've written on Metasploit as well:Metasploit 3.1 updates improve Windows penetration testingMetasploit 3.0 ...

    Continue Reading...
  • 28 Aug 2008

    Crazy things people do to get a Wi-Fi connection

    Here's a funny bit about things people have done to get wireless Internet access. Some of these are pretty stupid when you consider the consequences of connecting to a rogue AP where someone's watching your every move on the other end (i.e. web sites browsed, passwords entered, emails sent, etc.). Not to mention exploiting your system for remote access.Reminds me of how much I love my air card.......

    Continue Reading...
  • 27 Aug 2008

    Do developers really think of security this way?

    I was just perusing the latest Programmer's Paradise catalog. The catalog is chock full of developer tools - everything you need for application lifecycle management. Well almost. Their Security section of products made me laugh. I was expecting to see products like DevInspect, Ounce 6, and Fortify 360. But no, what's in there is what all too many developers still see as "security": Reflex Security's VSA Firewall, GFI EndPointSecurity, PGP ...

    Continue Reading...
  • 27 Aug 2008

    A chronology of HIPAA convictions

    Does HIPAA affect your organization? It probably does somehow some way at least indirectly. If not, we're all affected personally. Well, my friend and brilliant colleague, Becky Herold, has kept up with HIPAA-related convictions over the past few years. I'm surprised that only seven convictions have taken place. There's no doubt that more violations have occurred...Interestingly, there's only been one sanction given for noncompliance. Only one healthcare organization out of ...

    Continue Reading...
  • 27 Aug 2008

    Gotta love the overused “computer glitch” excuse

    Here we go again with a "computer glitch" causing a big problem - this time with the FAA's flight plan tracking system.Last time I checked, computers are told what to do...I studied computers at the bit level for way too many years in college to know that PEOPLE cause computer problems. It's easier to blame computers though. They don't argue back. Yet....

    Continue Reading...
  • 26 Aug 2008

    Finally…someone gets their Web security policy right!

    When most companies claim Web "security" they tout SSL like I mentioned here. I've had trouble figuring out why the buck stops there...maybe because they're being written by people in marketing??Anyway, LinkedIn finally got it right. The security stipulation in their privacy policy goes beyond SSL:In order to secure your personal information, access to your data on LinkedIn is password-protected, and sensitive data (such as credit card information) is protected ...

    Continue Reading...
  • 26 Aug 2008

    Great quotes related to information security management

    ...or mismanagement if you will:The first quote relates to management's responsibility and using wisely their power of choice when it comes to doing poorly on a security assessment, failing an audit, experiencing a security breach, and falling out of compliance:"Failure to hit the bullseye is never the fault of the target." - Gilbert ArlandThe second one relates to management not supporting information initiatives year after year and then, once a ...

    Continue Reading...
  • 25 Aug 2008

    My security content from last week – chock full of good stuff

    OK - I finally got the links to my latest material. Here are some articles about getting management on board with security (one of the hardest things we face) , controlling unstructured information, Web apps, storage, and more that you may be interested in checking out: Making the Business Case for Information Security Document Security - Protecting sensitive information both inside and outside of the firewall 7 Essentials for Selecting ...

    Continue Reading...

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including one of the best-sellers of all time:


Hacking For Dummies, 8th edition penetration testing book

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO compliance coronavirus covid-19 cybersecurity data breaches discipline eagle syndrome hacking Hacking For Dummies health helmet communications incident response keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements tethered spinal cord tiktok time management underimplemented vulnerability and penetration testing web security willingness zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.