• 17 Feb 2011

    Are you focusing on the infosec basics where it counts?

    Here's a good read from @arstechnica on the HBGary story. It's a fascinating story in and of itself. But the oversights related to information security "best practices" is amazing. What is it going to take to get people to focus on the basics? Seriously, folks...Forget about all the fancy hack attacks and complex exploits for now and fix the low-hanging fruit. It's basic triage - stop the bleeding first. Focus ...

    Continue Reading...
  • 07 Aug 2017

    How to gain control & become an IoT security expert

    You've no doubt heard the vendor spiels and seen their solutions for gaining control of your Internet of Things environment. But do you truly have IoT under control? Like other things in IT, it can be pretty overwhelming, especially when you're struggling to keep your arms around your traditional network environment with cloud and mobile and all the complexities they bring. Well, IoT security doesn't have to be that difficult. It's ...

    Continue Reading...
  • 06 Feb 2017

    Getting to know your network with Managed Switch Port Mapping Tool

    In my years performing independent network security assessments, one thing that has really stood out to me is the lack of network insight. Regardless of the size of the organization, the industry in which they operate, and the level of security maturity, in most cases, I see IT and security shops with very little:documentationinventoryconfiguration standardslogging and alerting outside of basic resource monitoringWhat this means – and what it can easily ...

    Continue Reading...
  • 03 Jan 2017

    Keys to a great 2017

    Welcome to 2017! It's another year and another great opportunity to get security right in your organization. As you return to work with a cleared mind and good intentions, building (or maintaining) an effective information security program in the New Year is not unlike my favorite passion: car racing. You not only need to get off to a good start but you also need to keep up your momentum...lap after lap ...

    Continue Reading...
  • 19 Sep 2016

    People Behaving Badly and information security’s tie-in

    Last week, I had the opportunity to travel to the Bay Area in California to record an information security video (thanks Intel and TechTarget!). Of course, I couldn't travel across the country and not see the sights of San Francisco. A most excellent highlight of the trip was for my son and I to meet television and social media celebrity, Stanley Roberts. My son is a huge fan of Stanley's, ...

    Continue Reading...
  • 19 Sep 2016

    What, exactly, is reasonable security? The state of California knows!

    With all that's happening in the world of information security, it seems that there's never enough regulation. From to HIPAA to the state breach notification laws to PCI DSS and beyond, there are rules - and guidance - around every corner. Oddly enough the breaches keep occurring. As if what we've been told up to this point is not reasonable enough. Some people, mostly federal government bureaucrats and lawyers who ...

    Continue Reading...
  • 04 May 2016

    Yet another over-hyped security flaw making the headlines

    For years now, I've ranted here and elsewhere about the nonsensical niche security "flaws" uncovered by researchers and academic scholars that often have no real bearing on business or society. There are always caveats, always reasons why these super-complicated exploits won't work, yet they make the headlines time and again. The recent Waze app discovery is a great example:Vulnerability in Google's Waze app could let hackers track you, researchers sayLook ...

    Continue Reading...
  • 28 Aug 2014

    The latest Android / Gmail security flaw & why people don’t take IT & security seriously

    You may have heard about the recently-discovered Android exploit that makes Gmail vulnerable to criminal hackers. I read it over and realized that I have to use this opportunity share an example of what I talk about when "researchers" claim that all is bad in the world because of the latest and greatest exploit impacting whatever software or device they've discovered.This Android/Gmail finding in particular is a great example of ...

    Continue Reading...
  • 09 Apr 2014

    Windows XP: Goodbye my love…well, not really.

    Windows XP...ah, the memories!I wrote many of my books including the first two editions of Hacking For Dummies and the first edition of The Practical Guide to HIPAA Privacy and Security Compliance originally on Windows XP - not to mention countless articles, security assessment reports and more over a 7-8 year span.It was nice working with you XP!I waited to write this post today, the day after all the Windows ...

    Continue Reading...
  • 29 Jan 2013

    Introducing the brand new Hacking For Dummies, 4th edition

    Well, it's here...the fourth edition of my book Hacking For Dummies is officially available today!Starting summer of 2012 and ending just before Christmas, I put in over 200 hours of blood, sweat, tears, and occasional cussing into this edition...more than any previous updates to the book. That said, my savvy technical editor, Peter Davis, and the wonderful editors at Wiley, Becky Huehls, Virginia Sanders, and Amy Fandrei were the real ...

    Continue Reading...

Resources

view all

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including:

 

Tags

application security appsec basics books careers censorship CISO CISSP cities compliance coronavirus covid-19 cybersecurity data breaches hacking Hacking For Dummies heads in sand health incident response information risk keynote speaker leadership macOS networked cameras passwords patching racing resilience Russian hacking SDLC security culture security leadership security program management security speaker selling security social engineering speaking engagements spec miata sql injection tiktok time management training vulnerability and penetration testing web security

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.

For your convenience I accept