Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

kevinbeaver  

AUTHOR STATS:

36

Just a little more may be all you need for great security

The following is a guest post from Kevin Beaver. See all of Kevin’s guest writing here. Thomas Edison once said that many of life's failures are experienced by people who did not realize how close they were to success when they gave up. Thinking…

HIPAA Security Compliance Fallacies (And How To Avoid Them)

Health Insurance Portability and Accountability Act (HIPAA) compliance hasn’t been what I thought it was going to be. When I first started out as an independent security consultant, I was giddy over the business opportunities that I just knew HIPAA compliance was going to…

Stop aiming for security perfection—just do what's right

Guest author Kevin Beaver discusses 'relentless incrementalism' in building out and improving security programs.…

Filling big gaps in security programs

Guest author Kevin Beaver talks about helping organizations bridge policy-practice gaps in their security programs.…

Why you have to move beyond "We have a policy for that"

I've never been a big fan of – or have believed in the value of – security policies. Sure, they're necessary for setting expectations and auditors want to see them. They can also serve as a sort of insurance policy to fall back on when…

Want to bolster your security program? Keep users from making decisions.

How many times have you witnessed security problems caused by a user making bad decisions? I'd venture to guess at least a few dozen if not hundreds. We've all seen where the perfect storm forms through weaknesses in technical controls, user training, and – most…

Addressing the issue of misguided security spending

It's the $64,000 question in security – both figuratively and literally: where do you spend your money? Some people vote, at least initially, for risk assessment. Some for technology acquisition. Others for ongoing operations. Smart security leaders will cover all the above and more.…

Why Security Assessments are Often not a True Reflection of Reality

Inmates running the asylum. The fox guarding the henhouse. You've no doubt heard these terms before. They're clever phrases that highlight how the wrong people are often in charge of things. It's convenient to think that the wrong people are running the show elsewhere but…

A very predictable vulnerability on most networks – are you looking for it?

I've always believed that information security doesn't have to be that difficult. It's really not when you focus on the essentials. The problem is, many people continue to ignore the basics. In search of something bigger, better, and sexier, they look past the small number…

What's the root cause of your security challenges?

This is a guest post from our frequent contributor Kevin Beaver. You can read all of his previous guest posts here.My favorite lyricist, Neil Peart of Rush, once wrote “Why does it happen? Because it happens.” Some deep lyrics on life that…

The One Aspect of Selling Security That You Don't Want to Miss

This is a guest post from our frequent contributor Kevin Beaver. You can read all of his previous guest posts here.When it comes to being successful in security, you must master the ability to “sell” what you're doing. You must sell new…

SMB Security is so Simple - Take Advantage of it Now.

This is a guest post from our frequent contributor Kevin Beaver. You can read all of his previous guest posts here.Small and medium-sized businesses (SMBs) have it made in terms of security. No, I'm not referring to the threats, vulnerabilities, and business risks. Those…

Passwords and the Devolution of Computer Users

This is a guest post from our frequent contributor Kevin Beaver. You can read all of his previous guest posts here. Recently, I wrote about my thoughts on why we feel like we have to force short-term password changes in the name of “security.” Since…

Why do we keep forcing short-term password changes?

This is a guest post from our frequent contributor Kevin Beaver. You can read all of his previous guest posts here. I'm often asked by friends and colleagues: Why do I have to change my password every 30 or 60 days? My response is always…

Never Underestimate the Power of Relationships in IT & InfoSec

This is a guest post from our frequent contributor Kevin Beaver. You can read all of his previous guest posts here. 2016 marks the 15th year that I have been working for myself as an independent information security consultant. People who are interested in working…

Featured Research

National Exposure Index 2018

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Featured Research

Quarterly Threat Report

Rapid7’s Quarterly Threat Report leverages intelligence from our extensive network—including the Insight platform, managed detection and response engagements, Project Sonar, Heisenberg Cloud, and the Metasploit community—to put today’s shifting threat landscape into perspective. It gives you a clear picture of the threats that you face within your unique industry, and how those threats change throughout the year.

Learn More