Tools and services I use to run 7 Minute Security, LLC
This gist complements a series of podcast episodes I do called How to Succeed in Business Without Really Crying. In part 6 of this series I list a bunch of tools and services I use to help me conduct security assessments and also balance the taxes/books. Here is that full list in all its gist-y glory:
There are lots of registrars out there, and as far as I can tell, they offer about the same amount of features and same pricing for each domain. Since I have such a large footprint already in Google services with my account, moving domains under their roof was pretty easy and made sense. I've also had to use their technical support a few times and found the response times - and level of service - to be stellar.
You know it and probably love or hate it. Lots of people tell me "Just use Google Docs! Just use Libre Office!" but I can't live without Outlook on the PC, so IMHO, my subscription is justified by this app alone.
A no-brainer (to me). A few dollars a month gets you email, SharePoint, OneDrive - the whole shootin' match.
This little gem takes output data from Nessus and puts in in pretty graphs/reports that call out things orgs usually ask about, like:
- Where are my most vulnerable hosts?
- Which of my hosts have exploitable vulnerabilities?
It's $65/year for an unlimited use license.
This is the popular vulnerability scanner from Tenable. I like it because it's affordable ($2k a year) for both me and my clients, and really easy to use. Only thing I don't love is the reporting (see NamicSoft above).
Network Detective does a nice job of scanning an AD environment (using a data-collecting .exe that doesn't leave a footprint in the environment) and spitting out some nice reports that give you insight into the AD layout, users, groups, etc. and also a peek into their group policy config. The thing I don't like is that there's really only 1-2 reports that I think have value - the other network diagrams and PowerPoint presentations contain a lot of fluff and less-than-valuable content. I also don't like that only the default domain and default domain controllers policy gets grabbed by the tool - not all GPOs.
Ninite is a 3rd-party patching tool that's dead simple to install and manage. Just run the .msi quick installer (takes a few seconds) and manage machine patches from a lightweight Web interface. You can easily "pin" certain software versions, assign tags to systems, or configure certain actions to happen automatically - such as the blocking or auto-updating of specific apps.
I use QB + the payroll module to run the books. However, I also employ a tax guru to take care of all this for me, because I hate math. I'd rather be securing things.
I just started using this to write-up my assessments. The idea is you track all vulnerabilities in a Web portal, and then you can give your customers access to the report. That way their security assessment report is a living/breathing thing they can work on to actually make security better in their organization! Cool!
Proposify makes it really easy to spin up a boilerplate SOW for a pentest, assessment, etc. and then easily customize it per-client. I now spend only a few minutes creating proposals rather than HOURS.
I use ShareFile to securely send/receive documents, contracts and deliverables from clients. One config change I'd seriously recommend you consider is setting a file expiration timeout for all your client folders. This way files naturally self-delete and you don't end up with an ever-growing pot of very sensitive information. I'm not saying Citrix would ever get hacked (cough) but it could happen.
This is pretty feature-rich remote access software ofr PC/Mac/Linux. I really like that you can enable 2FA and add a separate PIN/password to each individual machines you control as well. I use it mainly to control machines in my lab from anywhere (and, sadly, to continue my eternal role as tech support for my mom and dad).
This is where I host 7 Minute Security, LLC and I love that I can make a pretty site without being a Web design whiz. Many people say "Roll your own Web soluton for 10 cents a year on insert name of cheap hosting here!" I could definitely do that. But the ~$15/month investment to have Squarespace take care of the site, security certificate, uptime, backups and support is well worth it.
I really, really like how easy Zoom makes it to schedule and conduct meetings. Plus it's a lot cheaper than GoToMeeting and other alternativies. Plus, they have a very affordable Webinar add-on.