Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
A list of tools and services I use to help run my business

Tools and services I use to run 7 Minute Security, LLC

This gist complements a series of podcast episodes I do called How to Succeed in Business Without Really Crying. In part 6 of this series I list a bunch of tools and services I use to help me conduct security assessments and also balance the taxes/books. Here is that full list in all its gist-y glory:

Google Domains

There are lots of registrars out there, and as far as I can tell, they offer about the same amount of features and same pricing for each domain. Since I have such a large footprint already in Google services with my account, moving domains under their roof was pretty easy and made sense. I've also had to use their technical support a few times and found the response times - and level of service - to be stellar.

Microsoft Office

You know it and probably love or hate it. Lots of people tell me "Just use Google Docs! Just use Libre Office!" but I can't live without Outlook on the PC, so IMHO, my subscription is justified by this app alone.

Microsoft O365

A no-brainer (to me). A few dollars a month gets you email, SharePoint, OneDrive - the whole shootin' match.

NamicSoft

This little gem takes output data from Nessus and puts in in pretty graphs/reports that call out things orgs usually ask about, like:

  • Where are my most vulnerable hosts?
  • Which of my hosts have exploitable vulnerabilities?

It's $65/year for an unlimited use license.

Nessus

This is the popular vulnerability scanner from Tenable. I like it because it's affordable ($2k a year) for both me and my clients, and really easy to use. Only thing I don't love is the reporting (see NamicSoft above).

Network Detective

Network Detective does a nice job of scanning an AD environment (using a data-collecting .exe that doesn't leave a footprint in the environment) and spitting out some nice reports that give you insight into the AD layout, users, groups, etc. and also a peek into their group policy config. The thing I don't like is that there's really only 1-2 reports that I think have value - the other network diagrams and PowerPoint presentations contain a lot of fluff and less-than-valuable content. I also don't like that only the default domain and default domain controllers policy gets grabbed by the tool - not all GPOs.

Ninite Pro

Ninite is a 3rd-party patching tool that's dead simple to install and manage. Just run the .msi quick installer (takes a few seconds) and manage machine patches from a lightweight Web interface. You can easily "pin" certain software versions, assign tags to systems, or configure certain actions to happen automatically - such as the blocking or auto-updating of specific apps.

Quickbooks

I use QB + the payroll module to run the books. However, I also employ a tax guru to take care of all this for me, because I hate math. I'd rather be securing things.

Plextrac

I just started using this to write-up my assessments. The idea is you track all vulnerabilities in a Web portal, and then you can give your customers access to the report. That way their security assessment report is a living/breathing thing they can work on to actually make security better in their organization! Cool!

Proposify

Proposify makes it really easy to spin up a boilerplate SOW for a pentest, assessment, etc. and then easily customize it per-client. I now spend only a few minutes creating proposals rather than HOURS.

ShareFile

I use ShareFile to securely send/receive documents, contracts and deliverables from clients. One config change I'd seriously recommend you consider is setting a file expiration timeout for all your client folders. This way files naturally self-delete and you don't end up with an ever-growing pot of very sensitive information. I'm not saying Citrix would ever get hacked (cough) but it could happen.

Splashtop

This is pretty feature-rich remote access software ofr PC/Mac/Linux. I really like that you can enable 2FA and add a separate PIN/password to each individual machines you control as well. I use it mainly to control machines in my lab from anywhere (and, sadly, to continue my eternal role as tech support for my mom and dad).

Squarespace

This is where I host 7 Minute Security, LLC and I love that I can make a pretty site without being a Web design whiz. Many people say "Roll your own Web soluton for 10 cents a year on insert name of cheap hosting here!" I could definitely do that. But the ~$15/month investment to have Squarespace take care of the site, security certificate, uptime, backups and support is well worth it.

Zoom

I really, really like how easy Zoom makes it to schedule and conduct meetings. Plus it's a lot cheaper than GoToMeeting and other alternativies. Plus, they have a very affordable Webinar add-on.

@minelost15

This comment has been minimized.

Copy link

minelost15 commented Nov 13, 2019

Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.