Podcast: Talking about CAASM and Community

by

Christian Buckley from the CollabTalk Podcast reached out to me to discuss building communities, given my involvement in supporting massive initiatives within multiple industry communities. We talked about the process and the ideas behind building large communities and how to build communities from scratch.

Our discussion led us to the concept of CAASM (Cyber Asset Attack Surface Management) and how to build a community around that concept. Listen to the full podcast (below), or jump directly to our talk about CAASM

The CollabTalk Podcast · Episode 34 | The Role of DevOps in Collaboration Culture with Mark Miller

Two types of communities

There are two types of communities at a basic level: those that supply a collaborative platform to an underlying group of people with similar interests and those that start from scratch with a new concept and no organized user base.

 I've been involved with three large communities: SharePoint, DevOps, and DevSecOps. These communities had massive uptake in engagement because there was already an underlying group of people looking for a central location to exchange ideas. These types of communities are relatively easy to build because the audience already exists. 

How to build a community... from scratch

The main issue Christian and I tackle is, "How do you build a community around a topic that doesn't have traction yet? How do you build a community from scratch?" Our discussion focused on a community approach to CAASM (Cyber Asset Attack Surface Management)

Asset visibility, especially as it pertains to attack surface management, will play a major role in building and maintaining software security. CAASM is positioned to be a critical concept, acting as the unifying factor between various communities of practice that are concerned with cyber asset management.  In a larger context, the assets themselves, are just the start. A much larger concern to CAASM advocates is evaluating and understanding the unintended consequences created by the relationships between those assets. 

The start of a CAASM community 

DevOps and DevSecOps principles were in use years before communities were built around them ... they just didn't have a name. So, just as Patrick Debois did with DevOps in 2009 and Shannon Lietz did with DevSecOps in 2015, we need to find a core group of people who are already using the principles of CAASM to create a community of recognition and support.

As Christian and I talked about how communities form, using CAASM as an example, we concluded  we need to invest time in finding CAASM advocates. We at JupiterOne are looking for like-minded voices working with the principles of CAASM, who want to collaborate in the exchange of ideas and work towards establishing the foundation of a CAASM community. 

An invitation to talk

I'd like to hear from you and talk about what you're working on. Let's begin the dialog by discovering who is using the concepts of CAASM and give their work wider exposure to the general security community. Is that you? If so, let's talk.

You can reach me personally at champions@jupiterone.com.  

Resources

Mark Miller
Mark Miller

Mark Miller speaks and writes extensively on DevSecOps and Cybersecurity. He has published 9 books, including "Modern Cybersecurity: Tales from the Near-Distant Future"

Keep Reading

How CTEM Prioritizes Critical Threats and Safeguards Your Most Valuable Assets | JupiterOne
October 9, 2024
Blog
How CTEM Prioritizes Critical Threats and Safeguards Your Most Valuable Assets

Learn how CTEM helps organizations reduce their attack surface, protect valuable assets, and stay ahead of attackers. Download our white paper to get started with CTE

Cybersecurity Awareness Month: Fix Your Flaws Before You Celebrate
October 3, 2024
Blog
Marketing wouldn't let me call this "Before Preaching, Stop Punching Yourself"

It’s Cybersecurity Awareness Month, but before you send out those animated videos and "helpful" phishing tips, take a hard look at your own practices.

Mitigating Cloud Risks: How CAASM Helps Manage Permissions and Stop Privilege Escalation | JupiterOne
September 26, 2024
Blog
Mitigating Cloud Risks: How CAASM Helps Manage Permissions and Stop Privilege Escalation

JupiterOne helps organizations manage cloud permissions and prevent privilege escalation across AWS, Azure, and Google Cloud.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.