Rapid7 Blog

kevinbeaver  

AUTHOR STATS:

34

Stop aiming for security perfection—just do what's right

Guest author Kevin Beaver discusses 'relentless incrementalism' in building out and improving security programs.…

Filling big gaps in security programs

Guest author Kevin Beaver talks about helping organizations bridge policy-practice gaps in their security programs.…

Why you have to move beyond "We have a policy for that"

I've never been a big fan of – or have believed in the value of – security policies. Sure, they're necessary for setting expectations and auditors want to see them. They can also serve as a sort of insurance policy to fall back on when…

Want to bolster your security program? Keep users from making decisions.

How many times have you witnessed security problems caused by a user making bad decisions? I'd venture to guess at least a few dozen if not hundreds. We've all seen where the perfect storm forms through weaknesses in technical controls, user training, and – most…

Addressing the issue of misguided security spending

It's the $64,000 question in security – both figuratively and literally: where do you spend your money? Some people vote, at least initially, for risk assessment. Some for technology acquisition. Others for ongoing operations. Smart security leaders will cover all the above and more.…

Why Security Assessments are Often not a True Reflection of Reality

Inmates running the asylum. The fox guarding the henhouse. You've no doubt heard these terms before. They're clever phrases that highlight how the wrong people are often in charge of things. It's convenient to think that the wrong people are running the show elsewhere but…

A very predictable vulnerability on most networks – are you looking for it?

I've always believed that information security doesn't have to be that difficult. It's really not when you focus on the essentials. The problem is, many people continue to ignore the basics. In search of something bigger, better, and sexier, they look past the small number…

What's the root cause of your security challenges?

This is a guest post from our frequent contributor Kevin Beaver. You can read all of his previous guest posts here.My favorite lyricist, Neil Peart of Rush, once wrote “Why does it happen? Because it happens.” Some deep lyrics on life that…

The One Aspect of Selling Security That You Don't Want to Miss

This is a guest post from our frequent contributor Kevin Beaver. You can read all of his previous guest posts here.When it comes to being successful in security, you must master the ability to “sell” what you're doing. You must sell new…

SMB Security is so Simple - Take Advantage of it Now.

This is a guest post from our frequent contributor Kevin Beaver. You can read all of his previous guest posts here.Small and medium-sized businesses (SMBs) have it made in terms of security. No, I'm not referring to the threats, vulnerabilities, and business risks. Those…

Passwords and the Devolution of Computer Users

This is a guest post from our frequent contributor Kevin Beaver. You can read all of his previous guest posts here. Recently, I wrote about my thoughts on why we feel like we have to force short-term password changes in the name of “security.” Since…

Why do we keep forcing short-term password changes?

This is a guest post from our frequent contributor Kevin Beaver. You can read all of his previous guest posts here. I'm often asked by friends and colleagues: Why do I have to change my password every 30 or 60 days? My response is always…

Never Underestimate the Power of Relationships in IT & InfoSec

This is a guest post from our frequent contributor Kevin Beaver. You can read all of his previous guest posts here. 2016 marks the 15th year that I have been working for myself as an independent information security consultant. People who are interested in working…

It takes more than resolve to manage an effective security program

I've never been one for New Year's resolutions. I've seen how they tend to exist only for short-term motivation rather than long-term achievement. Resolutions are just not specific enough and there's no tangible means for accomplishing anything of real value. Just check out your local…

How to make your security assessments actionable

One of the greatest challenges in security is getting the right information so that educated decisions can be made. It happens across many facets of security such as network monitoring, incident response, and user training. However, there's one (big) exception: security assessments. Assuming you're using…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Podcast

Security Nation

Security Nation is a podcast dedicated to covering all things infosec – from what's making headlines to practical tips for organizations looking to improve their own security programs. Host Kyle Flaherty has been knee–deep in the security sector for nearly two decades. At Rapid7 he leads a solutions-focused team with the mission of helping security professionals do their jobs.

Listen Now