Hello CTEM Community!

Introducing the CTEM.org Working Group: A Labor of Love (and Maybe a Little Bit of Madness)

This project is a labor of love—and maybe a slightly maniacal drive to bring some order to the infinite landscape that CTEM is. After two years of offering our Continuous Threat Exposure Management (CTEM) service, we feel like we've only scratched the surface. But every journey starts with a first step, and this one starts with building a community-driven standard.

I've been around the cybersecurity block (hello, grey beard!). I spent my first decade in cybersecurity contracting for the government (pentesting, compliance, all the fun stuff). Then I moved on to running SecureCoders, my boutique cybersecurity consulting firm, for the last ten-plus years. Somewhere in the middle, I got very involved with MITRE and worked on SCAP and OCIL standards. I know, I know—standards aren't the most glamorous, but hey, I love a good framework.

Fast forward to today: we practice CTEM with a dedication bordering on obsession. For two years, I resisted the urge to start building a framework because I didn't feel like I knew enough yet. But now, I think it's time. So, I'm throwing this out into the world, hoping we can build something together that makes CTEM more accessible, understandable, and useful for everyone.

I invite you to look around, get involved, and tell us what you think. My hope is that this framework will help anyone who stumbles across CTEM in their cybersecurity journey. Let's make something great together—and have a little fun while we're at it.