• 13 Mar 2017

    Web and mobile application security vulnerability and penetration testing resources

    Application security is no doubt one of the most important aspects of a security program. Here are some new pieces I've written that can help keep your web and mobile app vulnerabilities in check and your application security program on the right track...pay special attention to the last one regarding security assessments and reality:Keeping your Web applications in check with HIPAA complianceMobile app security risks could cost you millionsCommon oversights ...

    Continue Reading...
  • 03 Mar 2017

    Email phishing services: Just what you need to know to start mastering the task

    Got phished? Of course you have...whether you know it or not! As with penetration and vulnerability testing and any other form of security assessment, you need to be performing email phishing tests on your users – all of them, including executive management – on a periodic and consistent basis. I'm doing more and more of this work and the results that I'm finding are astounding...to the point that all other security ...

    Continue Reading...
  • 06 Feb 2017

    Getting to know your network with Managed Switch Port Mapping Tool

    In my years performing independent network security assessments, one thing that has really stood out to me is the lack of network insight. Regardless of the size of the organization, the industry in which they operate, and the level of security maturity, in most cases, I see IT and security shops with very little:documentationinventoryconfiguration standardslogging and alerting outside of basic resource monitoringWhat this means – and what it can easily ...

    Continue Reading...
  • 03 Feb 2017

    Prepping for – or dealing with – a computer security incident? Here are some resources for you.

    It's a reality of using computer systems today - the threats are out there waiting to pounce, especially onto that low-hanging fruit that so many businesses overlook. Here are some pieces I've written in the recent past that address incident response, data breaches, and the like: Figuring out what happened after a data breach Questions that must be answered once a security breach occurs Six endpoint management lessons from POS ...

    Continue Reading...
  • 19 Jan 2017

    Children’s Hospital Los Angeles breach reminds us that HIPAA means nothing if you ignore its requirements

    Back in 2007 I wrote a blog post on what's it going to take to encrypt laptop hard drives. After seeing this recent story about Children's Hospital Los Angeles, I can't help but shake my head.The 0 comments on this article says a lot as society is becoming immune to these breaches...I think I've heard it called breach fatigue - it's not unlike presidential politics as of late! In 2007, these ...

    Continue Reading...
  • 08 Jan 2017

    Hacking is not just an action, it’s an excuse

    Given all the ridiculous analyses and "findings" on Russian hacking as of late such as federal government bureaucrats who said there's no evidence to prosecute Clinton or who claim that the NSA does not collect data on America citizens yet they're certain that the Russians meddled in the U.S. election - many assertions of which are coming from talking heads with zero experience working in this field - I thought ...

    Continue Reading...
  • 03 Jan 2017

    Keys to a great 2017

    Welcome to 2017! It's another year and another great opportunity to get security right in your organization. As you return to work with a cleared mind and good intentions, building (or maintaining) an effective information security program in the New Year is not unlike my favorite passion: car racing. You not only need to get off to a good start but you also need to keep up your momentum...lap after lap ...

    Continue Reading...
  • 12 Dec 2016

    Trump’s an expert on hacking too, huh?

    Yesterday, soon-to-be President Donald Trump showed just how ignorant politicians can be when it comes to computer security, breaches, and hacking. Referring to the Russians interfering with our recent election, the Donald said:"Once they hack if you don't catch them in the act you're not going to catch them...They have no idea if it's Russia or China or somebody. It could be somebody sitting in a bed some place."It's interesting. ...

    Continue Reading...
  • 05 Dec 2016

    Using NowSecure for automated mobile app testing

    As an independent information security consultant, I'm always looking for good testing tools to rely on for my work. These tools, such as vulnerability scanners, network analyzers/proxies, and related manual analysis tools, are not the be-all-end-all answer for uncovering security weaknesses, but they are a very important aspect of what I do. Be it more generic vulnerability scans, a targeted penetration test, or a broader, more in-depth, security assessment, I ...

    Continue Reading...
  • 17 Nov 2016

    Careers in information security, dealing with ransomware, and more

    With the field information security as popular as ever, I thought this would be a good time to share some pieces I've written on breaking into the field along with a few more on information security leadership. Oh, and I've thrown in a couple of pieces and a webcast on ransomware since that's a big deal these days. Enjoy!10 Tips for Breaking into the Infosec Field What type of organization needs ...

    Continue Reading...

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including one of the best-sellers of all time:


Hacking For Dummies, 8th edition penetration testing book

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO CISSP cities coronavirus covid-19 cybersecurity data breaches eagle syndrome hacking Hacking For Dummies health helmet communications incident response keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements sql injection tethered spinal cord tiktok time management underimplemented vulnerability and penetration testing web security zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.