Tools and services I use to run 7 Minute Security, LLC
This gist complements a series of podcast episodes I do called How to Succeed in Business Without Really Crying. In part 6 of this series I list a bunch of tools and services I use to help me conduct security assessments and also balance the taxes/books. Here is that full list in all its gist-y glory:
Docusign is a great way to not exhaust yourself printing, scanning, re-uploading and emailing documentation back and forth with your customers. I pay ~$10/month and that gets you 5 scans/sends per month.
Yeah, there are cheaper conf call/video solutions out there, but I've never had an issue with people setting it up and using it, and the call and screen share quality has always been solid.
This little gem takes output data from Nessus and puts in in pretty graphs/reports that call out things orgs usually ask about, like:
- Where are my most vulnerable hosts?
- Which of my hosts have exploitable vulnerabilities?
It's $65/year for an unlimited use license.
This is the popular vulnerability scanner from Tenable. I like it because it's affordable ($2k a year) for both me and my clients, and really easy to use. Only thing I don't love is the reporting (see NamicSoft above).
Network Detective does a nice job of scanning an AD environment (using a data-collecting .exe that doesn't leave a footprint in the environment) and spitting out some nice reports that give you insight into the AD layout, users, groups, etc. and also a peek into their group policy config. The thing I don't like is that there's really only 1-2 reports that I think have value - the other network diagrams and PowerPoint presentations contain a lot of fluff and less-than-valuable content. I also don't like that only the default domain and default domain controllers policy gets grabbed by the tool - not all GPOs.
You know it and probably love or hate it. Lots of people tell me "Just use Google Docs! Just use Libre Office!" but I can't live without Outlook on the PC, so IMHO, my subscription is justified by this app alone.
A no-brainer (to me). A few dollars a month gets you email, SharePoint, OneDrive - the whole shootin' match.
I use QB + the payroll module to run the books. However, I also employ a tax guru to take care of all this for me, because I hate math. I'd rather be securing things.
I just started using this to write-up my assessments. The idea is you track all vulnerabilities in a Web portal, and then you can give your customers access to the report. That way their security assessment report is a living/breathing thing they can work on to actually make security better in their organization! Cool!
This is where I host 7 Minute Security, LLC and I love that I can make a pretty site without being a Web design whiz. Many people say "Roll your own Web soluton for 10 cents a year on insert name of cheap hosting here!" I could definitely do that. But the ~$15/month investment to have Squarespace take care of the site, security certificate, uptime, backups and support is well worth it.
I use Voltage (about $99/year) as my secure email solution. It plugs right into Outlook and gives me a separate "Send securely" button I can use when I want to send a secure email to clients. On their end, they get a link to retreive the message from a portal. It works just like Zix, Barracuda, etc. which also seem to provide good solutions but are more priced for the 10+ employee companies.