Welcome to the 7MinSec club!

Well here we go - the first of many (hopefully) posts about hacking, running a cyber security SMB, and cool projects we’re working on here at 7 Minute Security.

The resurrection of 7MinSec get-togethers?

Did you ever come to one of our pre-COVID get-togethers in the southern suburbs of Minnesota? In 2025 I’m trying to gauge interest about bringing that group back to life (perhaps under the new “7MinSec Club” label?). Would you be interested in attending and/or speaking at an evening (90-120 minutes) of security presentations and pizza (or some food) provided by us? We used to have 2-3 shorter security talks, time to network and/or do a hands-on hacking activity like building a Pwnagotchi or hacking wifi (with permission). What do you think? And (perhaps most importantly) would you be interested in flying if we hosted it at iFly? Let me know by leaving a comment:

Leave a comment

Or you can always:

Cisco Meraki upgrade fun (and headaches)!

This week we upgraded the 7MinSec home office from a Meraki MX64 to a MX67. And good heavens did it bring back good and bad memories of my days as a systems engineer. First of all, my wife and sons felt like they needed to weigh in on the scheduling of this event (“Internet is down for a while? How will we live?!”), but they all had the burning question: “How long will we be down for?”

I read through the upgrade documentation and it seemed straightforward enough. I figured I’d have everything up and running in an hour. And I did….kinda. The swap itself went smooth (Cisco backs up the existing config in the cloud, you remove the MX64 from the tenancy, add the MX67 and then plug in all cables in the same port numbers they had when they were living on the MX64). But then I realized I overlooked a very important (and obvious in hindsight) detail:

When the MX got swapped out, my home IP changed. That home IP was statically mapped to two site-to-site VPNs. One of those sites houses a system with some credential information I needed to complete the upgrade. But since my IP changed, the tunnels were broken. And because I had no alternate “backdoor” to that critical site, I had to warm the car up and head out to the main office HQ. That’s not a big deal (it’s just a few miles away) but it happened to be during the heaviest snowfall of the season. So what would normally be a “Drive over to the office, fix a static IP entry and drive home” 15-minute run turned into an hour of white-knuckle slipping and sliding.

All said and done though, you can sleep well tonight knowing that the Internet is now fully upgraded and available at Johnson HQ. My wife can go back to streaming annoying shows filled with accents and ratchetry, and my boys can resume pwning newbs on their video game consoles with nearly no lag.

Oh what, you totally wanted to see a picture of the MX64 in all its bit-blasting glory? Here you go:

Eating the security dog food

I know I’m a broken record about this, but 7MinSec really is trying to eat its own security dog food and we’ve partnered with a security company to perform a critical security controls audit against our company/environment.

The “problem” is that I know what the assessor will look for and I want our environment to be in fighting shape before the assessment starts! Part of that (and you know this if you’ve been through an assessment) involves a lot of documentation. I’ve wrestled with internal wikis, Word docs and spreadsheets, and even have an Atlassian subscription to try to pool my assets and documentation into one place. Those tools are all workable, but this week I hit a frustration point where I was spending most of my time fudging around with the tools and very little time actually producing the required documentation!

By accident I found Retype and oh boy, I’m in love. They’re not a sponsor or anything. But with just the creation of a GitHub repo, the firing of a workload file, and tinkering with a DNS entry, you can have the start of a gorgeous-looking documentation site in about 5 minutes. Check out our (in progress) knowledge base site: https://kb.7minsec.com. This is eventually going to replace our Intercom instance, which is ~$1,000 per year. I talk about this in more detail on this past week’s podcast episode.

The Strangers: Prey at Night - a must-skip

I thought it would be fun to close each post (or at least some of them) with more of a personal share or link. I downgraded my fancy-for-no-reason personal WordPress blog to a barebones, no-frills Docusaurus instance. My latest post is a review of The Strangers: Prey at Night. TLDR: it’s garbage.

What else would you like to see in this Substack?

Thanks for checking out the first-ever 7MinSec Substack post. Are there topics you’d like to see covered in future posts and/or questions you’d like answered?

Leave a comment