Podcast: Talking about CAASM and Community

by

Christian Buckley from the CollabTalk Podcast reached out to me to discuss building communities, given my involvement in supporting massive initiatives within multiple industry communities. We talked about the process and the ideas behind building large communities and how to build communities from scratch.

Our discussion led us to the concept of CAASM (Cyber Asset Attack Surface Management) and how to build a community around that concept. Listen to the full podcast (below), or jump directly to our talk about CAASM

The CollabTalk Podcast · Episode 34 | The Role of DevOps in Collaboration Culture with Mark Miller

Two types of communities

There are two types of communities at a basic level: those that supply a collaborative platform to an underlying group of people with similar interests and those that start from scratch with a new concept and no organized user base.

 I've been involved with three large communities: SharePoint, DevOps, and DevSecOps. These communities had massive uptake in engagement because there was already an underlying group of people looking for a central location to exchange ideas. These types of communities are relatively easy to build because the audience already exists. 

How to build a community... from scratch

The main issue Christian and I tackle is, "How do you build a community around a topic that doesn't have traction yet? How do you build a community from scratch?" Our discussion focused on a community approach to CAASM (Cyber Asset Attack Surface Management)

Asset visibility, especially as it pertains to attack surface management, will play a major role in building and maintaining software security. CAASM is positioned to be a critical concept, acting as the unifying factor between various communities of practice that are concerned with cyber asset management.  In a larger context, the assets themselves, are just the start. A much larger concern to CAASM advocates is evaluating and understanding the unintended consequences created by the relationships between those assets. 

The start of a CAASM community 

DevOps and DevSecOps principles were in use years before communities were built around them ... they just didn't have a name. So, just as Patrick Debois did with DevOps in 2009 and Shannon Lietz did with DevSecOps in 2015, we need to find a core group of people who are already using the principles of CAASM to create a community of recognition and support.

As Christian and I talked about how communities form, using CAASM as an example, we concluded  we need to invest time in finding CAASM advocates. We at JupiterOne are looking for like-minded voices working with the principles of CAASM, who want to collaborate in the exchange of ideas and work towards establishing the foundation of a CAASM community. 

An invitation to talk

I'd like to hear from you and talk about what you're working on. Let's begin the dialog by discovering who is using the concepts of CAASM and give their work wider exposure to the general security community. Is that you? If so, let's talk.

You can reach me personally at champions@jupiterone.com.  

Resources

Mark Miller
Mark Miller

Mark Miller speaks and writes extensively on DevSecOps and Cybersecurity. He has published 9 books, including "Modern Cybersecurity: Tales from the Near-Distant Future"

Keep Reading

Proactive IAM Security: Transforming Identity Security with Actionable Insights | Okta Integration with JupiterOne
December 19, 2024
Blog
Unlocking Proactive Security: How Okta and JupiterOne Elevate IAM Insights

Unlock proactive IAM security with Okta and JupiterOne, gaining real-time insights, enforcing least privilege, and reducing risks in dynamic cloud environments.

Transitioning from Vulnerability Management to Exposure Management | JupiterOne
December 13, 2024
Blog
Transitioning from Vulnerability Management to Exposure Management with JupiterOne

Explore Gartner's latest report on Exposure Management and learn how your organization can prioritize vulnerabilities and minimize exposures.

The Ultimate CAASM Guide for 2025 | JupiterOne
November 20, 2024
Blog
The Ultimate CAASM Guide for 2025

Discover how Cyber Asset Attack Surface Management (CAASM) is providing enhanced visibility of internal and external assets in 2025.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.