-
06 Feb 2017Getting to know your network with Managed Switch Port Mapping Tool
In my years performing independent network security assessments, one thing that has really stood out to me is the lack of network insight. Regardless of the size of the organization, the industry in which they operate, and the level of security maturity, in most cases, I see IT and security shops with very little:documentationinventoryconfiguration standardslogging and alerting outside of basic resource monitoringWhat this means – and what it can easily ...
Continue Reading... -
03 Feb 2017
Prepping for – or dealing with – a computer security incident? Here are some resources for you.
It's a reality of using computer systems today - the threats are out there waiting to pounce, especially onto that low-hanging fruit that so many businesses overlook. Here are some pieces I've written in the recent past that address incident response, data breaches, and the like: Figuring out what happened after a data breach Questions that must be answered once a security breach occurs Six endpoint management lessons from POS ...
Continue Reading... -
19 Jan 2017
Children’s Hospital Los Angeles breach reminds us that HIPAA means nothing if you ignore its requirements
Back in 2007 I wrote a blog post on what's it going to take to encrypt laptop hard drives. After seeing this recent story about Children's Hospital Los Angeles, I can't help but shake my head.The 0 comments on this article says a lot as society is becoming immune to these breaches...I think I've heard it called breach fatigue - it's not unlike presidential politics as of late! In 2007, these ...
Continue Reading... -
08 Jan 2017
Hacking is not just an action, it’s an excuse
Given all the ridiculous analyses and "findings" on Russian hacking as of late such as federal government bureaucrats who said there's no evidence to prosecute Clinton or who claim that the NSA does not collect data on America citizens yet they're certain that the Russians meddled in the U.S. election - many assertions of which are coming from talking heads with zero experience working in this field - I thought ...
Continue Reading... -
03 Jan 2017
Keys to a great 2017
Welcome to 2017! It's another year and another great opportunity to get security right in your organization. As you return to work with a cleared mind and good intentions, building (or maintaining) an effective information security program in the New Year is not unlike my favorite passion: car racing. You not only need to get off to a good start but you also need to keep up your momentum...lap after lap ...
Continue Reading... -
12 Dec 2016
Trump’s an expert on hacking too, huh?
Yesterday, soon-to-be President Donald Trump showed just how ignorant politicians can be when it comes to computer security, breaches, and hacking. Referring to the Russians interfering with our recent election, the Donald said:"Once they hack if you don't catch them in the act you're not going to catch them...They have no idea if it's Russia or China or somebody. It could be somebody sitting in a bed some place."It's interesting. ...
Continue Reading... -
05 Dec 2016
Using NowSecure for automated mobile app testing
As an independent information security consultant, I'm always looking for good testing tools to rely on for my work. These tools, such as vulnerability scanners, network analyzers/proxies, and related manual analysis tools, are not the be-all-end-all answer for uncovering security weaknesses, but they are a very important aspect of what I do. Be it more generic vulnerability scans, a targeted penetration test, or a broader, more in-depth, security assessment, I ...
Continue Reading... -
17 Nov 2016
Careers in information security, dealing with ransomware, and more
With the field information security as popular as ever, I thought this would be a good time to share some pieces I've written on breaking into the field along with a few more on information security leadership. Oh, and I've thrown in a couple of pieces and a webcast on ransomware since that's a big deal these days. Enjoy!10 Tips for Breaking into the Infosec Field What type of organization needs ...
Continue Reading... -
21 Sep 2016
Join me along with ISACA and TechTarget today to learn about how to advance your infosec career!
I'm happy to announce that I'll be joining ISACA and TechTarget for their annual online security seminar - a day-long learning event for IT and information security professionals. My session this afternoon, which starts at 3:30pm ET, will be I Can Do versus I Have Done...Certification, Experience, and the Information Security Career Path. You can register by clicking the image or via this link: http://www.bitpipe.com/data/document.do?res_id=1469026420_560 I hope to ...
Continue Reading... -
19 Sep 2016
People Behaving Badly and information security’s tie-in
Last week, I had the opportunity to travel to the Bay Area in California to record an information security video (thanks Intel and TechTarget!). Of course, I couldn't travel across the country and not see the sights of San Francisco. A most excellent highlight of the trip was for my son and I to meet television and social media celebrity, Stanley Roberts. My son is a huge fan of Stanley's, ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including:
