CNAPPs and CSPMs are extremely common tools in cybersecurity. This is my concern. If you're in cyber and don't have knowledge of these things you're either in something insanely niche, in research of some sort, or lack critical knowledge that you should have. There's a big responsibility as a security practitioner to stay up to date on new tools and techniques. CNAPP and CSPM is not some new thing that was invented last year. It's been around for a decade.
> . If you're in cyber and don't have knowledge of these things you're either in something insanely niche, in research of some sort, or lack critical knowledge that you should have
I’ve never heard or seen either of those terms before reading this thread. What you’re calling “CNAPP” I’ve been calling “endpoint security”. I’ve been building internal “CSPM” tooling since 2014 with like raw cloud api calls feeding into graphviz, CI-like tests in a terraform repo, transforming the state of a set of cloud accounts into a form I can shove into z3 and ask questions about, that kind of thing, but never heard it called that.
I suppose if your company prefers to build over buy, you won’t be exposed to the kind of knowledge and vocabulary that buyers in the space use to orient themselves.
CSPM solutions are what corporate buys when they don't want to invest in security. It is rubber-stamping and ass covering. From my experience most people involved with such platforms are rather technical sales people than actual security experts.
