Tools and services I use to run 7 Minute Security, LLC
This gist complements a series of podcast episodes I do called How to Succeed in Business Without Really Crying. In part 6 of this series I list a bunch of tools and services I use to help me conduct security assessments and also balance the taxes/books. Here is that full list in all its gist-y glory:
Docusign is a great way to not exhaust yourself printing, scanning, re-uploading and emailing documentation back and forth with your customers. I pay ~$10/month and that gets you 5 scans/sends per month.
There are lots of registrars out there, and as far as I can tell, they offer about the same amount of features and same pricing for each domain. Since I have such a large footprint already in Google services with my account, moving domains under their roof was pretty easy and made sense. I've also had to use their technical support a few times and found the response times - and level of service - to be stellar.
This little gem takes output data from Nessus and puts in in pretty graphs/reports that call out things orgs usually ask about, like:
- Where are my most vulnerable hosts?
- Which of my hosts have exploitable vulnerabilities?
It's $65/year for an unlimited use license.
This is the popular vulnerability scanner from Tenable. I like it because it's affordable ($2k a year) for both me and my clients, and really easy to use. Only thing I don't love is the reporting (see NamicSoft above).
Network Detective does a nice job of scanning an AD environment (using a data-collecting .exe that doesn't leave a footprint in the environment) and spitting out some nice reports that give you insight into the AD layout, users, groups, etc. and also a peek into their group policy config. The thing I don't like is that there's really only 1-2 reports that I think have value - the other network diagrams and PowerPoint presentations contain a lot of fluff and less-than-valuable content. I also don't like that only the default domain and default domain controllers policy gets grabbed by the tool - not all GPOs.
You know it and probably love or hate it. Lots of people tell me "Just use Google Docs! Just use Libre Office!" but I can't live without Outlook on the PC, so IMHO, my subscription is justified by this app alone.
A no-brainer (to me). A few dollars a month gets you email, SharePoint, OneDrive - the whole shootin' match.
I use QB + the payroll module to run the books. However, I also employ a tax guru to take care of all this for me, because I hate math. I'd rather be securing things.
I just started using this to write-up my assessments. The idea is you track all vulnerabilities in a Web portal, and then you can give your customers access to the report. That way their security assessment report is a living/breathing thing they can work on to actually make security better in their organization! Cool!
This is pretty feature-rich remote access software ofr PC/Mac/Linux. I really like that you can enable 2FA and add a separate PIN/password to each individual machines you control as well. I use it mainly to control machines in my lab from anywhere (and, sadly, to continue my eternal role as tech support for my mom and dad).
This is where I host 7 Minute Security, LLC and I love that I can make a pretty site without being a Web design whiz. Many people say "Roll your own Web soluton for 10 cents a year on insert name of cheap hosting here!" I could definitely do that. But the ~$15/month investment to have Squarespace take care of the site, security certificate, uptime, backups and support is well worth it.
I use Voltage (about $99/year) as my secure email solution. It plugs right into Outlook and gives me a separate "Send securely" button I can use when I want to send a secure email to clients. On their end, they get a link to retreive the message from a portal. It works just like Zix, Barracuda, etc. which also seem to provide good solutions but are more priced for the 10+ employee companies.
I really, really like how easy Zoom makes it to schedule and conduct meetings. Plus it's a lot cheaper than GoToMeeting and other alternativies. Plus, they have a very affordable Webinar add-on.