You can't secure what you don't acknowledge.SM

Wednesday, September 17, 2008

Great quote related to information security careers

We tend to focus so much on our education and training and ignore something the one thing that's even more important: goal setting. Keep this in mind when it comes time to actually making the rubber meet the road.

"Education is of no value and talent is worthless - unless you have an unwavering aim. Never find yourself without a compass." - Condoleezza Rice

Press release about my upcoming ISSA keynote

Here's a recent announcement of mine regarding my upcoming keynote presentation I'm giving for ISSA:

Principle Logic announced that Kevin Beaver has been chosen to speak at the ISSA conference. Kevin will apply his practical and no-nonsense approach to information security in his discussion titled Staying Ahead of the Security Curve. He will share his experiences in the field of information security, the traits required to become a successful security professional, and also outline what IT professionals can do to take their security careers to the next level.

“I’m excited and extremely honored to have been invited to kick-off this conference for ISSA.” says Beaver. “I can relate very closely to ISSA members and what they’re up against. My presentation on enhancing your information security career fits nicely with the theme of the show regarding managing security in dynamic environments.”

"As we approach our 6th annual InfoSec conference, the Kentuckiana Chapter of ISSA is proud to see such nationally renowned IS/IT professionals as Kevin Beaver coming to the Louisville area to share in the education and awareness of information security.” says Cindy Woods, Kentuckiana ISSA Secretary & 2008 InfoSec Conference Chairperson.

For more information visit the ISSA conference site at and Principle Logic’s Web site at

About Principle Logic, LLC and Kevin Beaver

As the sole-proprietor of Principle Logic, LLC, Kevin Beaver performs security-related keynote speaking engagements, expert witness services, independent security assessments of networks and Web applications, and information security pre-audits and gap analyses. Kevin has authored/co-authored seven books on information security including Hacking For Dummies, Hacking Wireless Networks For Dummies, Laptop Encryption For Dummies, Securing the Mobile Enterprise For Dummies, and The Practical Guide to HIPAA Privacy and Security Compliance. He is a regular contributor to,,, and Security Technology & Design magazine. Kevin is also the creator and producer of the Security On Wheels audio programs and blog providing security learning for IT professionals on the go. For more information, please visit

Just throw some more money at the problem - that'll fix it

Yesterday, the Cobb County government school system - the county where I make 99% of my retail purchases - had their wish fulfilled when voters passed to renew the current special purpose local option sales tax (SPLOST). This in a county where the government schools are wrought with fierce politics and wasteful spending. I know not only because of the stories I read but also because I've seen it first hand. I know some former employees as well. I've also worked in several other government school systems in the Atlanta area and I know what takes place at the central office level. The stories of poor leadership and disdain for taxpayers are unbelievable.

Anyway, the mentality behind the renewal of this tax in here locally for me - and all across the nation - is "if we spend more on students we'll get better results". This myth has been busted over and over again. The same goes for information security. Very often I see organizations with fancy firewalls, patch management systems, employee monitoring software, wireless IPSs, network access control systems, and more. But these same organizations very often have firewall change management issues, exploitable patch-related vulnerabilities, users doing whatever they want when they want, rogue wireless systems, no proactive monitoring or systems disabled altogether - you name it. If a technical control is in place another vulnerability is right around the corner basically negating all the money that was spent to make things seem more secure.

Furthermore, based on experience the only people that really vote for more taxes on themselves in a SPLOST scenario are school system employees and certain parents that are blind to how money is being wasted in so many other places. This ignorance reminds me of how management often overlooks informations security. As with lazy voters on SPLOST voting day, management's perception of the value and importance of information security doesn't motivate them enough to get up and do something about it.

Very frustrating....

Monday, September 15, 2008

My latest security content

Here's an article I wrote for!

How SMBs can ensure storage security

As always, be sure to check out for all of my information security articles, podcast interviews, webcasts, screencasts and more.