• 12 Jul 2008

    My security content from this week

    ...well, there is none. Two weeks in a row! I have written several articles recently, though, that will be published soon.BTW, sorry for being out of touch recently. Vacation and playing catch-up has set me back a bit!Until later......

    Continue Reading...
  • 08 Jul 2008

    Interesting stats from Information Security Breaches Survey 2008

    First of all, for those of you reading this in the U.S., welcome back from the 4th of July holiday!I just came across some statistics in the U.K.-based Information Security Breaches Survey 2008 that provides some insight and clarity into why we still (and always will) have security breaches:98% of respondents scan for spyware...55% have a documented security policy.97% filter for spam...40% provide security awareness training.Only 6% have suffered a ...

    Continue Reading...
  • 02 Jul 2008

    Funny view of ridicously unsecure Web apps

    My colleague Mike Rothman has a great post at SecurityIncite about Web application security and the "beta" mindset. I couldn't agree more....Just slap a beta tag on everything like Google does and you're off the hook!...

    Continue Reading...
  • 01 Jul 2008

    Getting the IT blues because of gas prices…watch this.

    So many of us here in the U.S. are being affected - both personally and professionally - but these outrageous gas prices we have....I'm seeing stories about IT job losses and IT budget cuts in the name of ridiculous fuel costs. This is especially true when you have ignorant and controlling managers who won't let you telecommute. Heck, I'm cutting back on the number of networking events and lunch meetings ...

    Continue Reading...
  • 30 Jun 2008

    My new Security On Wheels audio program is out

    I wanted to let you know that my new Security On Wheels mini audio program is now produced and ready to go. It's called Certifications, Degrees, or Experience - What's Best for Your Security Career? This audio program (which comes packaged in a 24 minute MP3 file) addresses what you need to focus on in order to properly educate yourself and stay sharp so you can work more effectively, earn ...

    Continue Reading...
  • 27 Jun 2008

    What does “qualified third party” mean in PCI 6.6?

    There's been a lot of hoopla surrounding the PCI DSS requirement 6.6 compliance next week. Even with all the noise, there is some good news for both covered entities and independent security professionals such as yours truly. In the PCI DSS requirement 6.6 Information Supplement document, the first sentence at the top of page 3 states "Manual reviews/assessments may be performed by a qualified internal resource or a qualified third ...

    Continue Reading...
  • 26 Jun 2008

    Does FACTA really exist? Send up a Red Flag!

    I spoke recently for a group of technically-savvy accountants. Out of the 120 or so people in the audience, 2 raised their hands when I asked if anyone was aware of the impending FACTA requirements for identity theft protection measures for financial institutions. Two people folks! OUCH.Sign of the times in information security I suppose......

    Continue Reading...
  • 26 Jun 2008

    Good management yet bad results? No way!

    I was watching my favorite TV channel yesterday (SPEED) and heard well-known racer Tommy Kendall say something that struck a cord. He was actually quoting Carlos Ghosn, head of Renault, who said:"There's no such thing as good management with bad results."I immediately thought, hey, this ties into what I do for a living.Many, many people believe they have information security under control yet time and time again they come up ...

    Continue Reading...
  • 25 Jun 2008

    Ignorance is bliss when it comes to patching database servers

    I just saw this bit today on SearchSecurity.com about admins not patching database servers. So, it's not just me that sees ignorance in action when it comes to admins not wanting to patch their database servers. I can't tell you how many times I've found database flaws directly-exploitable from the inside all because an admin didn't want to patch the system. I'm talking about full command prompt access to database ...

    Continue Reading...
  • 24 Jun 2008

    Good security resource worthing checking out

    If you haven't been over to NIST's National Vulnerability Database site lately, it's worth checking out. There's tons of good info on system hardening, vulnerability research, and more. If you're here in the U.S., you helped fund it so you might as well use it, right?...

    Continue Reading...

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including one of the best-sellers of all time:


Hacking For Dummies, 8th edition penetration testing book

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO compliance coronavirus covid-19 cybersecurity data breaches discipline eagle syndrome hacking Hacking For Dummies health helmet communications incident response keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements tethered spinal cord tiktok time management underimplemented vulnerability and penetration testing web security willingness zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.