Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
A list of tools and services I use to help run my business

Tools and services I use to run 7 Minute Security, LLC

This gist complements a series of podcast episodes I do called How to Succeed in Business Without Really Crying. In part 6 of this series I list a bunch of tools and services I use to help me conduct security assessments and also balance the taxes/books. Here is that full list in all its gist-y glory:

Google Domains

There are lots of registrars out there, and as far as I can tell, they offer about the same amount of features and same pricing for each domain. Since I have such a large footprint already in Google services with my account, moving domains under their roof was pretty easy and made sense. I've also had to use their technical support a few times and found the response times - and level of service - to be stellar.

Microsoft Office

You know it and probably love or hate it. Lots of people tell me "Just use Google Docs! Just use Libre Office!" but I can't live without Outlook on the PC, so IMHO, my subscription is justified by this app alone.

Microsoft O365

A no-brainer (to me). A few dollars a month gets you email, SharePoint, OneDrive - the whole shootin' match.

NamicSoft

This little gem takes output data from Nessus and puts in in pretty graphs/reports that call out things orgs usually ask about, like:

  • Where are my most vulnerable hosts?
  • Which of my hosts have exploitable vulnerabilities?

It's $65/year for an unlimited use license.

Nessus

This is the popular vulnerability scanner from Tenable. I like it because it's affordable ($2k a year) for both me and my clients, and really easy to use. Only thing I don't love is the reporting (see NamicSoft above).

Network Detective

Network Detective does a nice job of scanning an AD environment (using a data-collecting .exe that doesn't leave a footprint in the environment) and spitting out some nice reports that give you insight into the AD layout, users, groups, etc. and also a peek into their group policy config. The thing I don't like is that there's really only 1-2 reports that I think have value - the other network diagrams and PowerPoint presentations contain a lot of fluff and less-than-valuable content. I also don't like that only the default domain and default domain controllers policy gets grabbed by the tool - not all GPOs.

Ninite Pro

Ninite is a 3rd-party patching tool that's dead simple to install and manage. Just run the .msi quick installer (takes a few seconds) and manage machine patches from a lightweight Web interface. You can easily "pin" certain software versions, assign tags to systems, or configure certain actions to happen automatically - such as the blocking or auto-updating of specific apps.

Quickbooks

I use QB + the payroll module to run the books. However, I also employ a tax guru to take care of all this for me, because I hate math. I'd rather be securing things.

Plextrac

I just started using this to write-up my assessments. The idea is you track all vulnerabilities in a Web portal, and then you can give your customers access to the report. That way their security assessment report is a living/breathing thing they can work on to actually make security better in their organization! Cool!

Proposify

Proposify makes it really easy to spin up a boilerplate SOW for a pentest, assessment, etc. and then easily customize it per-client. I now spend only a few minutes creating proposals rather than HOURS.

ShareFile

I use ShareFile to securely send/receive documents, contracts and deliverables from clients. One config change I'd seriously recommend you consider is setting a file expiration timeout for all your client folders. This way files naturally self-delete and you don't end up with an ever-growing pot of very sensitive information. I'm not saying Citrix would ever get hacked (cough) but it could happen.

Splashtop

This is pretty feature-rich remote access software ofr PC/Mac/Linux. I really like that you can enable 2FA and add a separate PIN/password to each individual machines you control as well. I use it mainly to control machines in my lab from anywhere (and, sadly, to continue my eternal role as tech support for my mom and dad).

Squarespace

This is where I host 7 Minute Security, LLC and I love that I can make a pretty site without being a Web design whiz. Many people say "Roll your own Web soluton for 10 cents a year on insert name of cheap hosting here!" I could definitely do that. But the ~$15/month investment to have Squarespace take care of the site, security certificate, uptime, backups and support is well worth it.

Zoom

I really, really like how easy Zoom makes it to schedule and conduct meetings. Plus it's a lot cheaper than GoToMeeting and other alternativies. Plus, they have a very affordable Webinar add-on.

@minelost15

This comment has been minimized.

Copy link

minelost15 commented Nov 13, 2019

Thank you

@Sydorov47

This comment has been minimized.

Copy link

Sydorov47 commented Jan 14, 2020

Interesting list. Especially Namichost. Thank you.
Do you use Plextrac SaaS? I could not find their pricelist anywhere.
I use Attackforge for my report writing and overall pentesting management.

@braimee

This comment has been minimized.

Copy link
Owner Author

braimee commented Jan 21, 2020

Hi @Sydorov47, yes I do use Plextrac and could connect you directly with the folks there. Do you want to ping me at https://7ms.us/contact/ and I can setup an e-intro?

@Horshizzle

This comment has been minimized.

Copy link

Horshizzle commented Jan 21, 2020

@Sydorov47 - Would be happy to chat with you about our pricing and perhaps show you a little of the platform. Drop us a line at sales@plextrac.com or simply fill out the web form here and we will reach out: https://plextrac.com/pricing/
Cheers!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.