Kevin Beaver, CISSP is an independent information security consultant, writer, and professional speaker with Atlanta, GA-based Principle Logic, LLC.
With over 33 years in IT and 27 years in security, Kevin specializes in vulnerability and penetration testing, security program reviews, and virtual CISO consulting work to help businesses uncheck the boxes that keep creating a false sense of security.
He has written 12 books on security including the best-selling Hacking For Dummies and The Practical Guide to HIPAA Privacy and Security Compliance. Kevin has written over 1,300 articles on security and regularly contributes to TechTarget’s SearchSecurity.com and Ziff Davis’ Toolbox.com.
He has a bachelor’s in Computer Engineering Technology from Southern College of Technology and a master’s in Management of Technology from Georgia Tech. In his free time, Kevin enjoys road racing his Mazda Miata in the Spec Miata class with the Sports Car Club of America (SCCA), riding dirt bikes, and snow skiing.
SAST has its place, DAST is great at finding the majority of flaws that the bad guys are going to uncover, and IAST offers unique approaches to complex situations. At a minimum, DAST should be your main focus. Step back and consider your application environment, your internal resources and expertise, as well as your budget.
When every security flaw is deemed important, it creates chaos at the business level. In the short term, precious resources are wasted addressing such findings. Longer-term, these things add up to create true dysfunction in an overall security program which, ironically, makes the organization more susceptible to the risks that matter.
Shift left security incorporates security and testing phases at the earliest stages in SDLC, which can be done by integrating security testing in CI/CD pipelines.
