• 18 Aug 2014

    A resource to help with PCI DSS 3.0’s penetration testing methodology requirements

    PCI DSS has been getting a lot of buzz lately and the latest version 3.0 will continue gaining momentum until the many small and medium-sized businesses get their arms around the new requirements. Of particular interest is the updated requirement 11.3 (below) which is much more prescriptive on how to find the actual security flaws that matter.I've always believe that you can't secure what you don't acknowledge...PCI DSS 3.0 now ...

    Continue Reading...
  • 03 Mar 2014

    Interesting sights at #RSAC 2014

    I attended the RSA Conference last week...there was a lot of the same security nonsense (see my posts below) but a very good show nonetheless. You should attend next year, especially if you've never been. With 25,000+ attendees and more vendors than you can ever imagine in this space, it's a spectacle.Speaking of "vendors", one thing that struck me as interesting - what government employee was ballsy enough to use ...

    Continue Reading...
  • 19 Feb 2014

    Step up or step aside, somebody needs to fix your security woes

    I just got off of phone call with some friends/colleagues where we were discussing the latest security trends. After talking it occurred to me that we're basically going backwards in time with information security. It seems with the Target breach, stupid passwords people are still using in 2014, and even today's new SANS-Norse healthcare security report, it just keeps piling up as if nothing works.But it can work - if ...

    Continue Reading...
  • 23 Apr 2013

    Wednesday (early) morning’s webcast: State of Cyber Security 2013

    ISACA and TechTarget are putting it on...It starts tomorrow (Wednesday) morning at 7:45am ET.Several thousand people will be in attendance...it's the largest crowd I've ever spoken to.It'll be engaging. It'll be informative. You'll hear what I really think about Obama's Cybersecurity mandates. You can't miss it.I'll be kicking things off with the keynote...then I'll be followed by some true information security experts:Theresa M. Grafenstine, Inspector General U.S. House of RepresentativesDr. ...

    Continue Reading...
  • 21 Feb 2013

    Yet another reason to get more in tune w/mobile & the cloud

    Here's a good post from Elcomsoft's Vladimir Katalov that underscores the dangers of many things I've written and spoken about in recent years: Cloud security - especially as it relates to mobile apps (and in the case of this piece, iCloud)  Mobile control - BYOD, MDM and all those buzzwords sound nice but what exactly are you doing to ensure the business information that's being carelessly handled by your employees ...

    Continue Reading...
  • 13 Sep 2011

    Stephen Covey’s insight applies to information security

    I love the following quote...very applicable to what we do:"You can't talk yourself out of a problem you behave yourself into." - Stephen CoveyOkay, you may be able to talk your way out of bad security decisions with the right attorneys or a cybersecurity insurance policy. Having worked cases involving data breaches, compliance and intellectual property, I can say that it won't be a short-lived, inexpensive or painless ordeal....

    Continue Reading...
  • 13 Jun 2011

    IT careers, compliance & the Internet “Freedom” Act

    Here are some recent pieces I wrote on IT and security careers and compliance that you may be interested in...content that likely applies to your very situation:Career networking dos and don’ts But Compliance is Someone Else’s Job!Cybersecurity and Internet Freedom Act – New name, same gameEnjoy!As always, be sure to check out www.principlelogic.com/resources.html for links to my 500+ articles, whitepapers, podcasts, webcasts, books and more....

    Continue Reading...
  • 31 Jan 2011

    The Egyptian uprising tie-in with the U.S. Internet kill switch

    The people rioting in Egypt against their oppressive government and the subsequent blocking of the Internet is an interesting issue that has a global reach. Foreign policy aside, have you stopped to think about the ramifications of the cybersecurity "kill switch" bills that our measly politicians are trying to force upon us?As I wrote previously, the proposed Rockefeller-Snowe Cybersecurity Act of 2009 (Senate Bill 773) and Lieberman-Collins-Carper Protecting Cyberspace as ...

    Continue Reading...
  • 24 Jun 2010

    Responsibility & action come from individuals not government

    Being in DC and Chicago this week watching local news and observing all the bumper sticker slogans reminds me of the saddening enormity of how all this change we can believe in is impacting our country and the future of our families. The thing that stands out the most is the lack of personal responsibility and the dependence on government to handle all our woes - both in our personal ...

    Continue Reading...
  • 03 Apr 2009

    Restating the obvious?

    This just in (OK, it's really from a couple of days ago): Cybersecurity hearing highlights inadequacy of PCI DSS.But I thought compliance = security!? And anything forced down our throats at the hand of industry bodies and government goons is all we need to manage business risks!? Seriously...how long do you think we'll continue to hear about this...ay yay yay?...

    Continue Reading...

Resources

view all

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including:

 

Tags

application security basics books careers CISO CISSP cities compliance coronavirus covid-19 data breaches hacking Hacking For Dummies heads in sand incident response information risk keynote speaker leadership macOS networked cameras patching racing resilience SDLC security culture security leadership security program management security speaker selling security social engineering speaking engagements spec miata sql injection tiktok training vulnerability and penetration testing web security

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.

For your convenience I accept