Posts by kevinbeaver

3 min Compliance

HIPAA Security Compliance Fallacies (And How To Avoid Them)

Health Insurance Portability and Accountability Act (HIPAA) compliance hasn’t been what I thought it was going to be. When I first started out as an independent security consultant, I was giddy over the business opportunities that I just knew HIPAA compliance was going to bring. Around that time, I learned something from sales expert, Jeffrey Gitomer, that has had a profound impact on my career. He said that if you work for yourself and are in sales, which I am, that you must write and speak if

2 min Endpoint Security

Addressing the issue of misguided security spending

It's the $64,000 question in security – both figuratively and literally: where do you spend your money? Some people vote, at least initially, for risk assessment. Some for technology acquisition. Others for ongoing operations. Smart security leaders will cover all the above and more. It's interesting though – according to a recent study titled the 2017 Thales Data Threat Report [

2 min Security Strategy

The One Aspect of Selling Security That You Don't Want to Miss

This is a guest post from our frequent contributor Kevin Beaver [/author/kevinbeaver/]. You can read all of his previous guest posts here [/author/kevinbeaver/]. When it comes to being successful in security, you must master the ability to “sell” what you're doing. You must sell new security initiatives to executive management. You must sell security policies and controls to users. You even have to sell your customers and business partners on what you're doing to minimize information risks. Thi

2 min

SMB Security is so Simple - Take Advantage of it Now.

This is a guest post from our frequent contributor Kevin Beaver [/author/kevinbeaver/]. You can read all of his previous guest posts here [/author/kevinbeaver/]. Small and medium-sized businesses (SMBs) have it made in terms of security. No, I'm not referring to the threats, vulnerabilities, and business risks. Those are the same regardless of the size of the organization. Instead, I'm talking about how relatively easy it is to establish and build out core information security functions and o

2 min

Famous quotes and their bearing on information security

I love reading the works of the achievement and leadership greats. Their words, some of which date back centuries, not only provide insight and motivation for my career, they also validate many of the challenges we face in IT and information security today. These ideas are great additions to my writing and speaking and they're also, arguably, the one shoe-in we have with management on the points we're trying to convey. Here are some great quotes from some famous people that you might find benef

2 min

Network complexity: Bad for Business, Great for Job Security

For years I've written about how dangerous network complexity is for business. [] It's simple math. The crazier things are in your environment, the less control you have. In other words, the more applications, computers, network segments, people, policies, cloud service providers, and so on in your environment the harder it is to manage the risks. It's a direct, quantifiable, and predictable inverse relationship. Yet, no matter the degree of complexity n

2 min Rapid7 Perspective

If you can't explain it simply, you don't understand it well enough

You may have heard “If you can't explain it simply, you don't understand it well enough.” This is a quote attributed to Albert Einstein that I immediately thought of when I read about the newly-published risk metrics findings of the Ponemon Institute study The State of Risk-Based Security Management. Of the 1,320 IT and security professionals surveyed, 59% said that security metrics information is too technical to be understood by non-technical management. Really!? There's not a single thing as