Podcast: Talking about CAASM and Community

By

Christian Buckley from the CollabTalk Podcast reached out to me to discuss building communities, given my involvement in supporting massive initiatives within multiple industry communities. We talked about the process and the ideas behind building large communities and how to build communities from scratch.

Our discussion led us to the concept of CAASM (Cyber Asset Attack Surface Management) and how to build a community around that concept. Listen to the full podcast (below), or jump directly to our talk about CAASM

The CollabTalk Podcast · Episode 34 | The Role of DevOps in Collaboration Culture with Mark Miller

Two types of communities

There are two types of communities at a basic level: those that supply a collaborative platform to an underlying group of people with similar interests and those that start from scratch with a new concept and no organized user base.

 I've been involved with three large communities: SharePoint, DevOps, and DevSecOps. These communities had massive uptake in engagement because there was already an underlying group of people looking for a central location to exchange ideas. These types of communities are relatively easy to build because the audience already exists. 

How to build a community... from scratch

The main issue Christian and I tackle is, "How do you build a community around a topic that doesn't have traction yet? How do you build a community from scratch?" Our discussion focused on a community approach to CAASM (Cyber Asset Attack Surface Management)

Asset visibility, especially as it pertains to attack surface management, will play a major role in building and maintaining software security. CAASM is positioned to be a critical concept, acting as the unifying factor between various communities of practice that are concerned with cyber asset management.  In a larger context, the assets themselves, are just the start. A much larger concern to CAASM advocates is evaluating and understanding the unintended consequences created by the relationships between those assets. 

The start of a CAASM community 

DevOps and DevSecOps principles were in use years before communities were built around them ... they just didn't have a name. So, just as Patrick Debois did with DevOps in 2009 and Shannon Lietz did with DevSecOps in 2015, we need to find a core group of people who are already using the principles of CAASM to create a community of recognition and support.

As Christian and I talked about how communities form, using CAASM as an example, we concluded  we need to invest time in finding CAASM advocates. We at JupiterOne are looking for like-minded voices working with the principles of CAASM, who want to collaborate in the exchange of ideas and work towards establishing the foundation of a CAASM community. 

An invitation to talk

I'd like to hear from you and talk about what you're working on. Let's begin the dialog by discovering who is using the concepts of CAASM and give their work wider exposure to the general security community. Is that you? If so, let's talk.

You can reach me personally at champions@jupiterone.com.  

Resources

Mark Miller
Mark Miller

Mark Miller speaks and writes extensively on DevSecOps and Cybersecurity. He has published 9 books, including "Modern Cybersecurity: Tales from the Near-Distant Future"

Keep Reading

What’s new in JupiterOne: Reducing time to value with the new Query Builder (Part 2)
February 6, 2023
Blog
What’s new in JupiterOne: Reducing time to value with the new Query Builder (Part 2)

The new JupiterOne Query Builder streamlines your querying experience by eliminating errors, simplifying query builds, and reducing time to value.

The top 10 questions that every engineering leader should be able to answer
February 2, 2023
Blog
The top 10 questions that every engineering leader should be able to answer

We polled some of our engineering leaders to see what it takes to succeed. In part two, we see if their answers align with the CISOs we talked to.

Identify compromised versions of Github using JupiterOne
January 31, 2023
Blog
Identify compromised versions of GitHub apps using JupiterOne

As a preventative measure, Github will be deprecating the Mac and Windows signing certificates used to sign Desktop app versions 3.0.2-3.1.2 and Atom versions 1.63.0-

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.