People, Process, Technology: The Missing Factor


You’ve heard it before, “People, Process, and Technology”. It’s become a meme and a mantra that has lost meaning through overuse. It headlines hundreds of slide presentations, a talking point when trying to convince someone you understand the underlying structure of a complex systems problem, a way to convince an audience you know what you’re talking about. Pull out the “People, Process, and Technology” card and you’re home free.

Here’s the problem: where is the connection between these three parts? When we talk about people, we just focus on people. When we talk about process, we just focus on a process. Then when we talk about technology, we focus exclusively on technology. There isn’t anything that connects all three as a unified whole. 

When we think about cyber asset discovery and management, and the resulting glob of entities and relationships, what JupiterOne is thinking about behind the scenes is People, Process, and Technology. Cyber assets exist in all three forms and the combination of the three is what makes up your business’s digital operations. 

Traditionally, the idea of unifying and managing all three as a single system is seen as too big and too vast to be solved. There are many CISOs who would say that it’s an impossible problem. Companies are constrained by resources because people are a valuable commodity that don’t scale for problems of this size. They’ve tried different tools and teams. They have vulnerability management teams, they have incident response teams, they have cloud infrastructure teams, they have compliance and governance teams, they have identity and access teams, and they all operate with their own set of People, Process, and Technology.

There is no unifying platform to show shared relationships and assets. There is no unified view, not just from an asset infrastructure standpoint, but one that includes people and processes as well.

Enter: J1 and The Power of the Graph

Solving the previously unsolvable problem of discovery, management, and relationships across the three big silos of People, Process, and Technology is the vision for JupiterOne. We don’t see this issue as an impossible problem, we see it as a wicked problem that must be solved.

At JupiterOne, we have created a unifying platform that acts as a dynamic knowledge-base and dashboard for all of your cyber assets and their relationships, no matter where or with which team they reside. The JupiterOne “Data as a Graph” concept, creates a visual representation of your People, Process, and Technology. That’s our vision. It’s what we believe in and are working on every single day.

Think of it this way – People, Process, and Technology are not three things, it is one thing. It’s a single thing. It is your company. The JupiterOne Platform allows you to view your company’s cyber assets as a unified system, while helping you deal with relationships and events that affect things within that system, no matter where they reside.

Entity Relationship Graph - JupiterOne

Example: Unified Relationship Graph

In this real world example, an enterprise is struggling with removing vulnerabilities from code they were developing. The incompletion of security training assigned to a developer resulted in specific vulnerabilities being repeatedly introduced into the code base. Simply remediating the scanning results will not fix the root cause. What is needed is a complete picture of People (the developer), Process (security training and software development lifecycle), and Technology (code scanning).

This example applies to vulnerability management and secure coding, but is similar in all aspects of security and governance — identity and access governance, compliance reporting and evidence collection, endpoint security management, etc. — each of these programs can be broken down into the interaction of people, Process, and Technology.

Customized J1 Graphs for Your Company

In the coming weeks, the team at JupiterOne are going to create graphs and examples that you can use to discover and explore the relationships within your systems. We’ll provide queries for you to run, starting with examples on how to explore your AWS environments. We’ll then move on to Google Cloud, and then Azure. The series will continue with an examination of People and Process queries, with an examination of the resulting graphs.

Since JupiterOne has a free version, you’re welcome to use the JupiterOne platform to run the queries featured in the series to examine your own environment.

“The Power of the Graph” Workshop Series

We are scheduling a live, hands-on workshop, Graphing Your AWS Environment, at the conclusion of the first series. The workshop will walk you through each of the queries featured in the series, doing a deep dive into what is exposed in each query and how you can tweak the query to answer your specific requests. At the conclusion of the workshop, you’ll know how to interrogate your AWS environments using the free JupiterOne platform, and have a set of pre-configured queries you can apply immediately.

If you’d like to participate in “The Power of the Graph” Workshop Series, fill out the short form at the bottom of this page, and we’ll notify you when the workshop is scheduled. There will be limited seating, even though the workshop will be delivered online. Each workshop will have a maximum of 25 seats, so we can handle questions and help you get the most from JupiterOne.

Join Us for The Power of the Graph

We believe there is a better way to expose, monitor and manage your cyber assets using the Power of the Graph. Follow along with the series and join us for the workshop. We’re building a community of users who will be part of the first generation of cyber professionals who finally have visibility into their entire system through a unified, graph driven system.

We look forward to having you join us in this new paradigm. Fill out the form and become a participant in our growing community.

— The Team at JupiterOne


Posted By Mark Miller

Mark Miller speaks and writes extensively on DevOps and Security, hosting panel discussions on tools and processes within the DevOps Software Supply Chain.

Mark actively participates in the DevOps/DevSecOps community by building DevSecOps tracks at security conferences such as RSA Conference, InfoSec Europe, CD Summit, AppSec USA and AppSec EU. He is the Senior Storyteller and Senior Director of Community and Content at JupiterOne.

As well, Mark is Executive Producer of the DevSecOps Podcast Series (300K+ listens), and the Executive Editor of the LinkedIn DevOps Group (124K+ members).

To hear more from Mark, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.


cyber-security 1

Ad Title Placeholder

Lorem ipsum dolor sit amet, consectetur adipiscing elit.