Software Engineering Institute (SEI) Podcast Series
By Members of Technical Staff at the Software Engineering Institute
To listen to an audio podcast, mouse over the title and click Play. Open iTunes to download and subscribe to podcasts.
Description
The SEI Podcast Series presents conversations in software engineering, cybersecurity, and future technologies.
Name | Description | Released | Price | ||
---|---|---|---|---|---|
1 |
CleanMy Story in Computing with Sam Procter | Sam Procter started out studying computer science at the University of Nebraska, but he didn’t love it. It wasn’t until he took his first software engineering course that he knew he’d found his career path. In this podcast from the Carnegie... | 4/24/2024 | Free | View in iTunes |
2 |
CleanDeveloping and Using a Software Bill of Materials Framework | With the increasing complexity of software systems, the use of third-party components has become a widespread practice. Cyber disruptions, such as SolarWinds and Log4j, demonstrate the harm that can occur when organizations fail to manage third-party... | 4/4/2024 | Free | View in iTunes |
3 |
CleanThe Importance of Diversity in Cybersecurity: Carol Ware | In this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Ware, a senior cybersecurity engineer in the SEI’s CERT Division, discusses her career path, the value of mentorship, and the importance of diversity in... | 3/21/2024 | Free | View in iTunes |
4 |
CleanThe Importance of Diversity in Software Engineering: Suzanne Miller | In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Suzanne Miller, a principal researcher in the SEI’s Software Solutions Division, discusses her career path, the value of mentorship, and the... | 3/20/2024 | Free | View in iTunes |
5 |
CleanThe Importance of Diversity in Artificial Intelligence: Violet Turri | Across the globe, women account for less than 30 percent of professionals in technical fields. That number drops to 22 percent in the field of Artificial Intelligence (AI). In this podcast from the Carnegie Mellon University Software Engineering... | 3/15/2024 | Free | View in iTunes |
6 |
CleanUsing Large Language Models in the National Security Realm | At the request of the White House, the Office of the Director of National Intelligence (ODNI) began exploring use cases for large language models (LLMs) within the Intelligence Community (IC). As part of this effort, ODNI sponsored the Mayflower... | 2/15/2024 | Free | View in iTunes |
7 |
CleanAtypical Applications of Agile and DevSecOps Principles | Modern software engineering practices of and have provided a foundation for producing working software products faster and more reliably than ever before. Far too often, however, these practices do not address the non-software concerns of business... | 2/9/2024 | Free | View in iTunes |
8 |
CleanWhen Agile and Earned Value Management Collide: 7 Considerations for Successful Interaction | Increasingly in government acquisition of software-intensive systems, we are seeing programs using Agile development methodology and earned value management. While there are many benefits to using both Agile and EVM, there are important considerations.. | 1/31/2024 | Free | View in iTunes |
9 |
CleanThe Impact of Architecture on Cyber-Physical Systems Safety | As developers continue to build greater autonomy into (CPSs), such as unmanned aerial vehicles (UAVs) and automobiles, these systems aggregate data from an increasing number of sensors. However, more sensors not only create more data and... | 1/24/2024 | Free | View in iTunes |
10 |
CleanChatGPT and the Evolution of Large Language Models: A Deep Dive into 4 Transformative Case Studies | To better understand the potential uses of large language models (LLMs) and their impact, a team of researchers at the Carnegie Mellon University Software Engineering Institute CERT Division conducted four in-depth case studies. The case studies span... | 12/14/2023 | Free | View in iTunes |
11 |
CleanThe Cybersecurity of Quantum Computing: 6 Areas of Research | Research and development of quantum computers continues to grow at a rapid pace. The U.S. government alone spent more than $800 million on quantum information science research in 2022. Thomas Scanlon, who leads the data science group in the SEI CERT... | 11/28/2023 | Free | View in iTunes |
12 |
CleanUser-Centric Metrics for Agile | Far too often software programs continue to collect metrics for no other reason than that is how it has always been done. This leads to situations where, for any given environment, a metrics program is defined by a list of metrics that must be... | 11/16/2023 | Free | View in iTunes |
13 |
CleanThe Product Manager’s Evolving Role in Software and Systems Development | In working with software and systems teams developing technical products, Judy Hwang, a senior software engineer in the SEI CERT Division, observed that teams were not investing the time, resources and effort required to manage the product lifecycle... | 11/9/2023 | Free | View in iTunes |
14 |
CleanMeasuring the Trustworthiness of AI Systems | The ability of artificial intelligence (AI) to partner with the software engineer, doctor, or warfighter depends on whether these end users trust the AI system to partner effectively with them and deliver the outcome promised. To build appropriate... | 10/12/2023 | Free | View in iTunes |
15 |
CleanActionable Data in the DevSecOps Pipeline | In this podcast from the Carnegie Mellon University Software Engineering Institute, Bill Nichols and Julie Cohen talk with Suzanne Miller about how automation within DevSecOps product-development pipelines provides new opportunities for program... | 9/13/2023 | Free | View in iTunes |
16 |
CleanInsider Risk Management in the Post-Pandemic Workplace | In the wake of the COVID pandemic, the workforce decentralized and shifted toward remote and hybrid environments. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Dan Costa, technical manager of enterprise... | 9/8/2023 | Free | View in iTunes |
17 |
CleanAn Agile Approach to Independent Verification and Validation | Independent verification and validation (IV&V) is a significant step in the process of deploying systems for mission-critical applications in the Department of Defense (DoD). In this podcast from the Carnegie Mellon University Software Engineering... | 8/9/2023 | Free | View in iTunes |
18 |
CleanZero Trust Architecture: Best Practices Observed in Industry | Zero trust architecture has the potential to improve an enterprise’s security posture. There is still considerable uncertainty about the zero trust transformation process, however, as well as how zero trust architecture will ultimately appear in... | 7/26/2023 | Free | View in iTunes |
19 |
CleanAutomating Infrastructure as Code with Ansible and Molecule | In Ansible, roles allow system administrators to automate the loading of certain variables, tasks, files, templates, and handlers based on a known file structure. Grouping content by roles allows for easy sharing and reuse. When developing roles,... | 7/10/2023 | Free | View in iTunes |
20 |
CleanIdentifying and Preventing the Next SolarWinds | In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Gregory J. Touhill, director of the SEI CERT Division, talks with principal researcher Suzanne Miller about the 2020 attack on Solar Winds software and how to... | 6/20/2023 | Free | View in iTunes |
21 |
CleanA Penetration Testing Findings Repository | In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI) Marisa Midler and Samantha Chaves, penetration testers with the SEI’s CERT Division, talk with Suzanne Miller about a penetration-testing repository that... | 6/13/2023 | Free | View in iTunes |
22 |
CleanUnderstanding Vulnerabilities in the Rust Programming Language | While the of the Rust programming language can be effective in many situations, Rust’s compiler is very particular on what constitutes good software design practices. Whenever design assumptions disagree with real-world data and assumptions, there.. | 6/8/2023 | Free | View in iTunes |
23 |
CleanWe Live in Software: Engineering Societal-Scale Systems | Societal-scale software systems, such as today’s commercial social media platforms, are among the most widely used software systems in the world, with some platforms reporting billions of daily active users. These systems have created new mechanisms.. | 5/18/2023 | Free | View in iTunes |
24 |
CleanSecure by Design, Secure by Default | In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI) Gregory J. Touhill, director of the SEI CERT Division, talks with Suzanne Miller about secure by design, secure by default, a longstanding tenet of the work... | 5/10/2023 | Free | View in iTunes |
25 |
CleanKey Steps to Integrate Secure by Design into Acquisition and Development | Secure by design means performing more security and assurance activities earlier in the product and system lifecycles. A secure-by-design mindset addresses the security of systems during the requirements, design, and development phases of lifecycles... | 5/2/2023 | Free | View in iTunes |
26 |
CleanAn Exploration of Enterprise Technical Debt | Like all technical debt, enterprise technical debt consists of choices expedient in the short term, but often problematic over the long term. In enterprise technical debt, the impact reaches beyond the scope of a single system or project. Because... | 4/18/2023 | Free | View in iTunes |
27 |
CleanThe Messy Middle of Large Language Models | The recent growth of applications that leverage large language models, including ChatGPT and Copilot, has spurred reactions ranging from fear and uncertainty to adoration and lofty expectations. In this podcast from the Carnegie Mellon University... | 3/29/2023 | Free | View in iTunes |
28 |
CleanAn Infrastructure-Focused Framework for Adopting DevSecOps | DevSecOps practices, including continuous-integration/continuous-delivery (CI/CD) pipelines, enable organizations to respond to security and reliability events quickly and efficiently and to produce resilient and secure software on a predictable... | 3/21/2023 | Free | View in iTunes |
29 |
CleanSoftware Security in Rust | Rust is growing in popularity. Its unique security model promises memory safety and concurrency safety, while providing the performance of C/C++. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), David Svoboda... | 3/15/2023 | Free | View in iTunes |
30 |
CleanImproving Interoperability in Coordinated Vulnerability Disclosure with Vultron | Coordinated vulnerability disclosure (CVD) begins when at least one individual becomes aware of a vulnerability, but it can’t proceed without the cooperation of many. Software supply chains, software libraries, and component vulnerabilities have... | 2/24/2023 | Free | View in iTunes |
31 |
CleanAsking the Right Questions to Coordinate Security in the Supply Chain | In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Dr. Carol Woody, a principal researcher in the SEI's CERT Division, talks with Suzanne Miller about the SEI’s newly released Acquisition Security Framework,... | 2/7/2023 | Free | View in iTunes |
32 |
CleanSecuring Open Source Software in the DoD | In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Scott Hissam, a researcher within the SEI’s Software Solutions Division who works on software assurance in Department of Defense (DoD) systems, talks with... | 1/26/2023 | Free | View in iTunes |
33 |
CleanA Model-Based Tool for Designing Safety-Critical Systems | In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Dr. Sam Procter and Lutz Wrage, researchers with the SEI, discuss the Guided Architecture Trade Space Explorer (GATSE), a new SEI-developed model-based tool to... | 12/13/2022 | Free | View in iTunes |
34 |
CleanManaging Developer Velocity and System Security with DevSecOps | In aiming for correctness and security of product, as well as for development speed, software development teams often face tension in their objectives. During a recent customer engagement that involved the development of a continuous-integration (CI)... | 12/7/2022 | Free | View in iTunes |
35 |
CleanA Method for Assessing Cloud Adoption Risks | The shift to a cloud environment provides significant benefits. Cloud resources can be scaled quickly, updated frequently, and widely accessed without geographic limitations. Realizing these benefits, however, requires organizations to manage... | 11/17/2022 | Free | View in iTunes |
36 |
CleanSoftware Architecture Patterns for Deployability | Competitive pressures in many domains, as well as development paradigms such as and , have led to the increasingly common practice of where frequent updates to software systems are rapidly and reliably fielded. In today’s systems, releases can... | 11/15/2022 | Free | View in iTunes |
37 |
CleanML-Driven Decision Making in Realistic Cyber Exercises | In this podcast from the Carnegie Mellon University Software Engineering Institute, Thomas Podnar and Dustin Updyke, both senior cybersecurity engineers with the SEI’s CERT Division, discuss their work to apply machine learning to increase the... | 10/13/2022 | Free | View in iTunes |
38 |
CleanA Roadmap for Creating and Using Virtual Prototyping Software | In this podcast from the Carnegie Mellon University Software Engineering Institute, Douglass Post and Richard Kendall, authors of "Creating and Using Virtual Prototyping Software: Principles and Practices" discuss with principal researcher Suzanne... | 10/6/2022 | Free | View in iTunes |
39 |
CleanSoftware Architecture Patterns for Robustness | In this podcast from the Carnegie Mellon University Software Engineering Institute, visiting scientist Rick Kazman and principal researcher Suzanne Miller discuss software architecture patterns and the effect that certain architectural patterns have... | 9/15/2022 | Free | View in iTunes |
40 |
CleanA Platform-Independent Model for DevSecOps | DevSecOps encompasses all the best software engineering principles known today with an emphasis on faster delivery through increased collaboration of all stakeholders resulting in more secure, useable, and higher-quality software systems. In this... | 9/8/2022 | Free | View in iTunes |
41 |
CleanUsing the Quantum Approximate Optimization Algorithm (QAOA) to Solve Binary-Variable Optimization Problems | In this podcast from the Carnegie Mellon University Software Engineering Institute, Jason Larkin and Daniel Justice, researchers in the SEI’s AI Division, discuss a paper outlining their efforts to simulate the performance of Quantum Approximate... | 8/18/2022 | Free | View in iTunes |
42 |
CleanTrust and AI Systems | To ensure trust, artificial intelligence systems need to be built with fairness, accountability, and transparency at each step of the development cycle. In this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Smith, a.. | 8/5/2022 | Free | View in iTunes |
43 |
CleanA Dive into Deepfakes | In this podcast from the Carnegie Mellon University Software Engineering Institute, Shannon Gallagher, a data scientist with SEI’s CERT Division, and Dominic Ross, multimedia team lead for the SEI, discuss deepfakes, their exponential growth in... | 7/28/2022 | Free | View in iTunes |
44 |
CleanChallenges and Metrics in Digital Engineering | Digital engineering uses digital tools and representations in the process of developing, sustaining, and maintaining systems, including requirements, design, analysis, implementation, and test. The digital modeling approach is intended to establish an.. | 7/13/2022 | Free | View in iTunes |
45 |
CleanThe 4 Phases of the Zero Trust Journey | Over the past several years, zero trust architecture has emerged as an important topic within the field of cybersecurity. Heightened federal requirements and pandemic-related challenges have accelerated the timeline for zero trust adoption within the... | 7/5/2022 | Free | View in iTunes |
46 |
CleanDevSecOps for AI Engineering | In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Hasan Yasar, technical director, Continuous Deployment of Capability at the SEI, and Jay Palat, interim director of AI for Mission in the SEI’s AI Division,... | 6/21/2022 | Free | View in iTunes |
47 |
CleanUndiscovered Vulnerabilities: Not Just for Critical Software | In this podcast from the Carnegie Mellon University Software Engineering Institute, Jonathan Spring, a senior vulnerability researcher, discusses with Suzanne Miller the findings in a paper he published recently analyzing the number of ... | 6/2/2022 | Free | View in iTunes |
48 |
CleanExplainable AI Explained | As the field of artificial intelligence (AI) has matured, increasingly complex opaque models have been developed and deployed to solve hard problems. Unlike many predecessor models, these models, by the nature of their architecture, are harder to... | 5/16/2022 | Free | View in iTunes |
49 |
CleanModel-Based Systems Engineering Meets DevSecOps | In this podcast from the Carnegie Mellon University Software Engineering Institute, senior researchers Jerome Hugues and Joe Yankel discuss ModDevOps, an extension of DevSecOps that embraces model-based systems engineering (MBSE) practices and... | 4/5/2022 | Free | View in iTunes |
50 |
CleanIncorporating Supply-Chain Risk and DevSecOps into a Cybersecurity Strategy | Organizations are turning to DevSecOps to produce code faster and at lower cost, but the reality is that much of the code is actually coming from the software supply chain through code libraries, open source, and third-party components where reuse is... | 3/22/2022 | Free | View in iTunes |
51 |
CleanSoftware and Systems Collaboration in the Era of Smart Systems | In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), director Paul Nielsen talks with principal researcher Suzanne Miller about how the advent of smart systems has led to a growing need for effective collaboration... | 3/9/2022 | Free | View in iTunes |
52 |
CleanSecuring the Supply Chain for the Defense Industrial Base | In this podcast from the Carnegie Mellon University Software Engineering Institute, Gavin Jurecko, who leads the Resilience Diagnostics Team, talks with Katie Stewart about risks associated with the supply chains of the defense industrial base (DIB),... | 2/22/2022 | Free | View in iTunes |
53 |
CleanBuilding on Ghidra: Tools for Automating Reverse Engineering and Malware Analysis | In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Jeffrey Gennari, a senior malware reverse engineer, and Garret Wassermann, a vulnerability analyst, both with the SEI’s CERT Division, discuss Kaiju, a series... | 2/8/2022 | Free | View in iTunes |
54 |
CleanEnvisioning the Future of Software Engineering | In this SEI Podcast, Anita Carleton, director of the Software Solutions Division at the SEI, and Forrest Shull, lead for defense software acquisition policy research in the Software Solutions Division of the SEI, discuss the recently published SEI-led.. | 1/20/2022 | Free | View in iTunes |
55 |
CleanImplementing the DoD's Ethical AI Principles | In this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Smith, a senior research scientist in Human Machine Interaction, and Alexandrea Van Deusen, an assistant design researcher, both with the SEI’s AI Division,... | 1/11/2022 | Free | View in iTunes |
56 |
CleanWalking Fast Into the Future: Evolvable Technical Reference Frameworks for Mixed-Criticality Systems | In this SEI Podcast, Nickolas Guertin, a senior systems engineer with the SEI’s Software Solutions Division, and Douglas Schmidt, associate provost of research at Vanderbilt University and former chief technical officer at the SEI, discuss... | 12/3/2021 | Free | View in iTunes |
57 |
CleanSoftware Engineering for Machine Learning: Characterizing and Understanding Mismatch in ML Systems | Mismatches between the perspectives and practices of the roles involved in the development and fielding of ML systems—data scientists, software engineers, and operations personnel—can affect the ability of systems to achieve their intended... | 11/18/2021 | Free | View in iTunes |
58 |
CleanA Discussion on Automation with Watts Humphrey Award Winner Rajendra Prasad | In this SEI Podcast, Mike Konrad, a principal researcher in the SEI's Software Solutions Division, talks with 2020 IEEE Computer Society SEI Watts Humphrey Software Quality Award winner Rajendra Prasad of Accenture about automation and how... | 11/11/2021 | Free | View in iTunes |
59 |
CleanEnabling Transition From Sustainment to Engineering Within the DoD | Organic software sustainment organizations within the Department of Defense are expanding beyond their traditional purview of software maintenance into software engineering and development. Instead of repairing and maintaining legacy software in... | 11/3/2021 | Free | View in iTunes |
60 |
CleanThe Silver Thread of Cyber in the Global Supply Chain | The global supply chain touches every aspect of our lives, from fuel prices to the availability of computer chips and supermarket products. In out latest podcast, Matt Butkovic, technical director of risk and resilience , discusses with Suzanne Miller.. | 10/25/2021 | Free | View in iTunes |
61 |
CleanMeasuring DevSecOps: The Way Forward | In this SEI Podcast, Bill Nichols and Hasan Yasar, both with the Carnegie Mellon University Software Engineering Institute, discuss DevSecOps metrics with Suzanne Miller. DevSecOps practices, made possible by improvements in underlying technology that.. | 10/15/2021 | Free | View in iTunes |
62 |
CleanBias in AI: Impact, Challenges, and Opportunities | In this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Smith, a senior research scientist in human-machine interaction, and Jonathan Spring, a senior vulnerability researcher, discuss the hidden sources of bias in... | 9/23/2021 | Free | View in iTunes |
63 |
CleanMy Story in Computing with Dr. Rachel Dzombak | In this SEI Podcast in the “My Story in Computing” series, Rachel Dzombak discusses her journey integrating biomedical, mechanical, and civil engineering to her current leadership role at the SEI as digital transformation lead in... | 9/17/2021 | Free | View in iTunes |
64 |
CleanAgile Strategic Planning: Concepts and Methods for Success | The rapid pace of change in software development, in business, and in the world has many organizations struggling to execute daily operations, wrangle big projects, and feel confident that there is a long-term strategy at play. Incorporating agile... | 9/9/2021 | Free | View in iTunes |
65 |
CleanApplying Scientific Methods in Cybersecurity | In this SEI Podcast, Dr. Leigh Metcalf and Dr. Jonathan Spring, both researchers with the Carnegie Mellon University Software Engineering Institute’s CERT Division, discuss the application of scientific methods to cybersecurity. As described in... | 8/24/2021 | Free | View in iTunes |
66 |
CleanZero Trust Adoption: Benefits, Applications, and Resources | Zero trust adoption is a security initiative that an enterprise must understand, interpret, and implement. Enterprise security initiatives are never simple, and their goal to improve cybersecurity posture requires the alignment of multiple... | 8/13/2021 | Free | View in iTunes |
67 |
CleanUncertainty Quantification in Machine Learning: Measuring Confidence in Predictions | In this SEI Podcast, Dr. Eric Heim, a senior machine learning research scientist at Carnegie Mellon University's Software Engineering Institute (SEI), discusses the quantification of uncertainty in machine-learning (ML) systems. ML systems can make... | 8/6/2021 | Free | View in iTunes |
68 |
Clean11 Rules for Ensuring a Security Model with AADL and Bell–LaPadula | In this SEI Podcast, Aaron Greenhouse, a senior architecture researcher with Carnegie Mellon University’s Software Engineering Institute, talks with principal researcher Suzanne Miller about use of the Bell–LaPadula mathematical security model in... | 7/29/2021 | Free | View in iTunes |
69 |
CleanBenefits and Challenges of Model-Based Systems Engineering | Nataliya (Natasha) Shevchenko and Mary Popeck, both senior researchers in the CERT Division at Carnegie Mellon University’s Software Engineering Institute, discuss the use of model-based systems engineering (MBSE), which, in contrast to... | 7/23/2021 | Free | View in iTunes |
70 |
CleanFostering Diversity in Software Engineering | In this SEI Podcast, Grace Lewis hosts a panel discussion with Ipek Ozkaya, Nathan West, and Jay Palat about diversity in software engineering. The panelists, all researchers with the Carnegie Mellon University Software Engineering Institute, share... | 7/16/2021 | Free | View in iTunes |
71 |
CleanCan DevSecOps Make Developers Happier? | Author Daniel H. Pink recently examined the factors that lead to job satisfaction among knowledge workers and summarized them in three components: autonomy, skill mastery, and purpose. In this SEI Podcast, Hasan Yasar, technical director of Continuous.. | 6/24/2021 | Free | View in iTunes |
72 |
CleanIs Your Organization Ready for AI? | In this SEI Podcast, digital transformation lead Dr. Rachel Dzombak and research scientist Carol Smith, both with the SEI’s Emerging Technology Center at Carnegie Mellon University, discuss how AI Engineering can support organizations to implement... | 6/22/2021 | Free | View in iTunes |
73 |
CleanMy Story in Computing with Marisa Midler | In this SEI Podcast, the latest in the My Story in Computing series, Marisa Midler, a cybersecurity engineer in the SEI’s CERT Division, discusses her career path. After growing up on a farm in Pennsylvania, Midler graduated from college with a... | 6/11/2021 | Free | View in iTunes |
74 |
CleanManaging Vulnerabilities in Machine Learning and Artificial Intelligence Systems | The robustness and security of artificial intelligence, and specifically machine learning (ML), is of vital importance. Yet, ML systems are vulnerable to adversarial attacks. These can range from an attacker attempting to make the ML system learn the... | 6/4/2021 | Free | View in iTunes |
75 |
CleanAI Workforce Development | In this SEI Podcast, Rachel Dzombak and Jay Palat discuss growth in the field of artificial intelligence (AI) and how organizations can hire and train staff to take advantage of the opportunities afforded by AI and machine learning—and the critical... | 5/20/2021 | Free | View in iTunes |
76 |
CleanMoving from DevOps to DevSecOps | DevSecOps is a set of principles and practices that provide faster delivery of secure software capabilities by improving the collaboration and communication between software development teams, IT operations, and security staff within an organization,... | 5/13/2021 | Free | View in iTunes |
77 |
CleanMy Story in Computing with David Zubrow | In this SEI Podcast, the latest in the “My Story in Computing” series, which explores the unique paths people take into the field of computing, David Zubrow discusses his path from a PhD in applied history and social sciences and an administrative.. | 4/29/2021 | Free | View in iTunes |
78 |
CleanMission-Based Prioritization: A New Method for Prioritizing Agile Backlogs | In this SEI Podcast, Keith Korzec discusses the Mission-Based Prioritization method for prioritizing Agile backlogs. This method overcomes the shortcomings of prioritization based on “weighted shortest job first” and utilizes objective,... | 4/23/2021 | Free | View in iTunes |
79 |
CleanMy Story in Computing with Carol Smith | Those who work in computing today bring a wide array of backgrounds and experiences to the profession. In this podcast, part of the My Story in Computing series, learn how Carol Smith, who trained as a photojournalist, discusses how a love of telling... | 4/9/2021 | Free | View in iTunes |
80 |
CleanDigital Engineering and DevSecOps | Digital engineering is an integrated digital approach that uses authoritative sources of systems data and models as a continuum across disciplines to support lifecycle activities from concept through disposal. With digital engineering, models are... | 3/16/2021 | Free | View in iTunes |
81 |
CleanA 10-Step Framework for Managing Risk | Brett Tucker, a technical manager for cyber risk in the SEI CERT Division, discusses the Operationally Critical Threat, Asset, and Vulnerability Evaluation for the Enterprise (OCTAVE FORTE) Model, which helps organizations evaluate security risks and... | 3/9/2021 | Free | View in iTunes |
82 |
Clean7 Steps to Engineer Security into Ongoing and Future Container Adoption Efforts | If organizations take more steps to address security-related activities now, they will be less likely to encounter security incidents in the future. When it comes to application containers, security is achieved through adopting a series of best... | 2/23/2021 | Free | View in iTunes |
83 |
CleanRansomware: Evolution, Rise, and Response | In this SEI Podcast, Marisa Midler and Tim Shimeall, network defense analysts within the SEI's CERT Division, discuss the growing problem of ransomware including the rise of ransomware as a service threats. Ransom payments from Quarter 3 of 2019 were... | 2/16/2021 | Free | View in iTunes |
84 |
CleanVINCE: A Software Vulnerability Coordination Platform | Software vulnerability coordination at the CERT Coordination Center (CERT/CC) has traditionally relied on a hub-and-spoke model, with reports submitted to analysts at the CERT/CC analysts who would then work with contact affected vendors. To scale... | 1/21/2021 | Free | View in iTunes |
85 |
CleanWork From Home: Threats, Vulnerabilities, and Strategies for Protecting Your Network | The COVID-19 pandemic has forced significant changes in enterprise work practices, including an increased use of telecommunications technologies required by the new work-from-home policies that most organizations have instituted in response. In this... | 1/6/2021 | Free | View in iTunes |
86 |
CleanAn Introduction to CMMC Assessment Guides | The Cybersecurity Maturity Model Certification (CMMC) 1.0 for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are... | 12/8/2020 | Free | View in iTunes |
87 |
CleanThe CMMC Level 3 Assessment Guide: A Closer Look | The Cybersecurity Maturity Model Certification (CMMC) 1.0 for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are... | 12/7/2020 | Free | View in iTunes |
88 |
CleanThe CMMC Level 1 Assessment Guide: A Closer Look | The Cybersecurity Maturity Model Certification (CMMC) 1.0 for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are... | 12/7/2020 | Free | View in iTunes |
89 |
CleanAchieving Continuous Authority to Operate (ATO) | Authority to Operate (ATO) is a process that certifies a system to operate for a certain period of time by evaluating the risk of the system's security controls. ATO is based on the National Institute of Standards and Technology’s Risk Management... | 11/24/2020 | Free | View in iTunes |
90 |
CleanChallenging the Myth of the 10x Programmer | A pervasive belief in software engineering is that some programmers are much, much better than others (the times-10, or 10x, programmer), and that the skills, abilities, and talents of these programmers exert an outsized influence on that... | 11/9/2020 | Free | View in iTunes |
91 |
CleanA Stakeholder-Specific Approach to Vulnerability Management | Many organizations use the Common Vulnerability Scoring System (CVSS) to prioritize actions during vulnerability management. This podcast—which highlights the latest work in prioritizing actions during vulnerability management—presents a testable... | 10/27/2020 | Free | View in iTunes |
92 |
CleanOptimizing Process Maturity in CMMC Level 5 | The Cybersecurity Maturity Model Certification (CMMC) 1.0 for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are... | 10/13/2020 | Free | View in iTunes |
93 |
CleanReviewing and Measuring Activities for Effectiveness in CMMC Level 4 | The Cybersecurity Maturity Model Certification (CMMC) 1.0 for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are... | 10/7/2020 | Free | View in iTunes |
94 |
CleanSituational Awareness for Cybersecurity: Beyond the Network | Situational awareness makes it possible to get relevant information from across an organization, to integrate that information, and to disseminate it to help leaders make more informed decisions. In this SEI Podcast, Angela Horneman and Timothy... | 9/30/2020 | Free | View in iTunes |
95 |
CleanQuantum Computing: The Quantum Advantage | While actual quantum computers are available from several different companies, we are currently in the Noisy Intermediate-Scale Quantum (NISQ) era. Working in the NISQ era presents a number of challenges, and the SEI is working to use NISQ devices not.. | 9/17/2020 | Free | View in iTunes |
96 |
CleanCMMC Scoring 101 | The Cybersecurity Maturity Model Certification (CMMC) 1.0 for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are... | 9/2/2020 | Free | View in iTunes |
97 |
CleanDeveloping an Effective CMMC Policy | The Cybersecurity Maturity Model Certification (CMMC) 1.0 for the Defense Industrial Base (DIB) defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized... | 8/17/2020 | Free | View in iTunes |
98 |
CleanThe Future of Cyber: Educating the Cybersecurity Workforce | The culture of computers and information technology changes quickly. The Future of Cyber Podcast series explores the future of cyber and whether we can use the innovations of the past to address the problems of the future. In our latest episode,... | 8/10/2020 | Free | View in iTunes |
99 |
CleanDocumenting Process for CMMC | The Cybersecurity Maturity Model Certification (CMMC) 1.0 for the Defense Industrial Base (DIB) defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized... | 7/30/2020 | Free | View in iTunes |
100 |
CleanAgile Cybersecurity | Software development is shifting to incremental delivery to meet the demand for software quicker and at lower costs. With the current cyber threat climate, the demand for cybersecurity is growing but existing compliance processes focus on a completed... | 7/20/2020 | Free | View in iTunes |
101 |
CleanCMMC Levels 1-3: Going Beyond NIST SP-171 | The Cybersecurity Maturity Model Certification (CMMC) 1.0 defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model... | 7/1/2020 | Free | View in iTunes |
102 |
CleanThe Future of Cyber: Secure Coding | For more than 30 years, the cybersecurity community has worked to increase the effectiveness of our cybersecurity and resilience efforts. Today we face an explosion of devices, the pervasiveness of software, the threat of adversarial capability, and... | 6/15/2020 | Free | View in iTunes |
103 |
CleanChallenges to Implementing DevOps in Highly Regulated Environments | In this SEI podcast, Hasan Yasar and Jose Morales discuss challenges to implementing DevOps in highly regulated environments (HREs), exploring issues such as environment parity, the approval process, and compliance. This podcast is the second to... | 5/28/2020 | Free | View in iTunes |
104 |
CleanThe Future of Cyber: Cybercrime | The culture of computers and information technology evolves quickly. In this environment, how can we build a culture of security through regulations and best practices when technology can move so much faster than legislative bodies? The Future of... | 5/7/2020 | Free | View in iTunes |
105 |
CleanAn Ethical AI Framework | Artificially intelligent (AI) systems hold great promise to empower us with knowledge and enhance human effectiveness. As a senior research scientist in human-machine interaction at the Software Engineering Institute's Emerging Technology Center,... | 4/28/2020 | Free | View in iTunes |
106 |
CleanMy Story in Computing: Madison Quinn Oliver | Those who work in computing today bring a wide array of backgrounds and experiences to the profession. In this podcast learn how Madison Quinn Oliver, who wanted to work at Carnegie Mellon University since childhood, relied on a strong work ethic and... | 4/13/2020 | Free | View in iTunes |
107 |
CleanThe CERT Guide to Coordinated Vulnerability Disclosure | In this podcast, Allen Householder and David Warren discuss the CERT Guide to Coordinated Vulnerability Disclosure, which is intended for use by security researchers, software vendors, and other stakeholders in navigating the complexities of informing.. | 3/26/2020 | Free | View in iTunes |
108 |
CleanWomen in Software and Cybersecurity: Dr. April Galyardt | Dr. April Galyardt, a machine learning research scientist at the SEI, discusses her career journey, challenges, and lessons learned along the way. This episode is the latest installment in our series highlighting the work of women in software and... | 3/11/2020 | Free | View in iTunes |
109 |
CleanThe Future of Cyber: Security and Privacy | Computers and information technology are getting more and more integrated into our daily lives, so they need to be easy to use. But recent, historically large data breaches have demonstrated the need to make systems more secure and to protect... | 2/26/2020 | Free | View in iTunes |
110 |
CleanThe Future of Cyber: Security and Resilience | For more than 30 years, the cybersecurity community has worked to increase the effectiveness of our cybersecurity and resilience efforts. Today we face an explosion of devices, the pervasiveness of software, the threat of adversarial capability, and... | 2/14/2020 | Free | View in iTunes |
111 |
CleanReverse Engineering Object-Oriented Code with Ghidra and New Pharos Tools | In this podcast, Jeff Gennari and Cory Cohen discuss updates to the Pharos Binary Analysis Framework in GitHub, including a new plug-in to import OOAnalyzer analysis into the NSA's recently released Ghidra software reverse engineering tool suite. | 2/7/2020 | Free | View in iTunes |
112 |
CleanWomen in Software and Cybersecurity: Dr. Carol Woody | Dr. Carol Woody discusses the career path that led to her current role as technical manager for the Cybersecurity Engineering (CSE) team in the SEI’s CERT Division. | 1/29/2020 | Free | View in iTunes |
113 |
CleanBenchmarking Organizational Incident Management Practices | Successful management of incidents that threaten an organization's computer security is a complex endeavor. Frequently an organization's primary focus is on the response aspects of security incidents, which results in its failure to manage incidents... | 12/17/2019 | Free | View in iTunes |
114 |
CleanMachine Learning in Cybersecurity: 7 Questions for Decision Makers | April Galyardt, Angela Horneman, and Jonathan Spring discuss seven key questions that managers and decision makers should ask about machine learning to effectively solve cybersecurity problems. | 12/11/2019 | Free | View in iTunes |
115 |
CleanWomen in Software and Cybersecurity: Kristi Roth | Women in Software and Cybersecurity: Kristi Roth | 11/26/2019 | Free | View in iTunes |
116 |
CleanHuman Factors in Software Engineering | Solving the technical aspects isn’t enough to build reliable, enduring, resilient software and systems. Human decision making, behavioral factors, and cultural factors influence software engineering, acquisition, and cybersecurity. In this podcast... | 11/12/2019 | Free | View in iTunes |
117 |
CleanWomen in Software and Cybersecurity: Anita Carleton | Women in Software and Cybersecurity: Anita Carleton | 10/15/2019 | Free | View in iTunes |
118 |
CleanImproving the Common Vulnerability Scoring System | In this podcast, the authors discuss a 2019 paper that outlines challenges with the Common Vulnerability Scoring System (CVSS) and proposes changes to improve it. | 10/4/2019 | Free | View in iTunes |
119 |
CleanWhy Software Architects Must Be Involved in the Earliest Systems Engineering Activities | Today's major defense systems rely heavily on software-enabled capabilities. However, many defense programs acquiring new systems first determine the physical items to develop, assuming the contractors for those items will provide all needed software... | 10/1/2019 | Free | View in iTunes |
120 |
CleanSelecting Metrics for Software Assurance | The Software Assurance Framework (SAF) is a collection of cybersecurity practices that programs can apply across the acquisition lifecycle and supply chain. The SAF can be used to assess an acquisition program’s current cybersecurity practices and... | 9/24/2019 | Free | View in iTunes |
121 |
CleanAI in Humanitarian Assistance and Disaster Response | In 2017 and 2018, the world witnessed a record number of climate and weather-related disasters. Government agencies are increasingly interested in the use of artificial intelligence (AI) to help first responders in locating survivors, identifying... | 9/18/2019 | Free | View in iTunes |
122 |
CleanThe AADL Error Library: 4 Families of Systems Errors | Classifying errors in a component-based system is challenging. Components, and the systems that rely on them, can fail in myriad, unpredictable ways. It is nonetheless a challenge that should be addressed because component-based, software-driven... | 8/30/2019 | Free | View in iTunes |
123 |
CleanWomen in Software and Cybersecurity: Suzanne Miller | As a principle researcher at the SEI, Suzanne Miller works to help the Department of Defense develop and field software to the warfighter. In this SEI Podcast, the latest highlighting the work of women in software and cybersecurity, Miller discusses... | 8/22/2019 | Free | View in iTunes |
124 |
CleanPrivacy in the Blockchain Era | In this SEI Podcast, Dr. Giulia Fanti, an assistant professor of Electrical and Computer Engineering at Carnegie Mellon University, discusses her latest research including privacy problems in the cryptocurrency and blockchain space and generative... | 7/29/2019 | Free | View in iTunes |
125 |
CleanCyber Intelligence: Best Practices and Biggest Challenges | Cyber Intelligence is a rapidly changing field, and many organizations do not have the people, time, and funding in place to build a cyber intelligence team, according to a report on cyber intelligence released in late May by researchers in the... | 7/25/2019 | Free | View in iTunes |
126 |
CleanAssessing Cybersecurity Training | Simulation environments allow people to practice skills such as setting up and defending networks. If we can record informative traces of activity in these online environments and draw accurate inferences about trainee capabilities, then we can... | 7/12/2019 | Free | View in iTunes |
127 |
CleanDevOps in Highly Regulated Environments | Highly regulated environments (HREs), such as finance and healthcare, are mandated by policies for various reasons, most often general security and protection of intellectual property. These policies make the sharing and open access principles of... | 6/27/2019 | Free | View in iTunes |
128 |
CleanWomen in Software and Cybersecurity: Dr. Ipek Ozkaya | After earning a degree in architecture, Dr. Ipek Ozkaya studied computational design at Carnegie Mellon University. Now at the Software Engineering Institute, Ozkaya researches better ways for designing software and helping organizations manage... | 6/20/2019 | Free | View in iTunes |
129 |
CleanThe Role of the Software Factory in Acquisition and Sustainment | Dr. Paul Nielsen discusses his involvement on a Defense Science Board Task Force that concluded that the software factory should be a key player in the acquisition and sustainment of software for defense. “This is one case where the military or the.. | 6/11/2019 | Free | View in iTunes |
130 |
CleanDefending Your Organization Against Business Email Compromise | Operation Wire Wire, a coordinated law enforcement effort by the U.S. Department of Justice, U.S. Department of Homeland Security, U.S. Department of the Treasury, and the U.S. Postal Inspection Service, was conducted over a six-month period and... | 5/30/2019 | Free | View in iTunes |
131 |
CleanMy Story in Computing with Dr. Eliezer Kanal | Those who work in computing today bring a wide array of backgrounds and experiences to the profession. In this podcast, the first in a series, Dr. Eliezer Kanal—a former premed student, computational neuroscientist, health-care technical manager,... | 5/21/2019 | Free | View in iTunes |
132 |
CleanWomen in Software and Cybersecurity: Eileen Wrubel | In this SEI Podcast, which highlights the work of Women in Software and Cybersecurity, Eileen Wrubel, co-lead of the SEI’s Agile/DevOps Transformation directorate, discusses her career journey. | 4/19/2019 | Free | View in iTunes |
133 |
CleanManaging Technical Debt: A Focus on Automation, Design, and Architecture | Technical debt communicates the tradeoff between the short-term benefits of rapid delivery and the long-term value of developing a software system that is easy to evolve, modify, repair, and sustain. In this SEI Podcast, Rod Nord and Ipek Ozkaya... | 3/21/2019 | Free | View in iTunes |
134 |
CleanWomen in Software and Cybersecurity: Grace Lewis | In her work at the SEI, Grace Lewis focuses on securely pushing cloud resources to the edge and integrating IoT devices into systems. Lewis’s research helps soldiers in the field access cloud resources even if they are not fully connected to the... | 3/14/2019 | Free | View in iTunes |
135 |
CleanWomen in Software and Cybersecurity: Bobbie Stempfley | In this SEI Podcast interview, Roberta (Bobbie) Stempfley discusses her career and journey to becoming the director of the SEI’s CERT Division. This podcast is one of the inaugural interviews in our Women in Software and Cybersecurity podcast series. | 3/1/2019 | Free | View in iTunes |
136 |
CleanWomen in Software and Cybersecurity: Dr. Lorrie Cranor | In this SEI Podcast, Dr. Lorrie Cranor, director of CyLab, discusses her career, her work in privacy and security, and her upcoming keynote at the 2019 Women in Cybersecurity Conference, March 28-30 in Pittsburgh. This podcast is one of the inaugural... | 3/1/2019 | Free | View in iTunes |
137 |
CleanLeading in the Age of Artificial Intelligence | Tom Longstaff, who in 2018 was hired as the SEI’s chief technology officer, discusses the challenges of leading a technical organization in the age of artificial intelligence. | 3/1/2019 | Free | View in iTunes |
138 |
CleanApplying Best Practices in Network Traffic Analysis | In today's operational climate, threats and attacks against network infrastructures have become far too common. Researchers in the SEI’s CERT Division work with organizations and large enterprises, many of whom analyze their network traffic data for.. | 2/27/2019 | Free | View in iTunes |
139 |
Clean10 Types of Application Security Testing Tools and How to Use Them | Bugs and weaknesses in software are common: 84 percent of system breaches exploit vulnerabilities at the application layer. The prevalence of software-related problems is a key motivation for using application security testing tools. With a growing... | 2/25/2019 | Free | View in iTunes |
140 |
CleanUsing Test Suites for Static Analysis Alert Classifiers | Static analysis tools used to identify potential vulnerabilities in source code produce a large number of alerts with high false-positive rates that engineers must painstakingly examine to find legitimate flaws. Researchers in the SEI’s CERT... | 2/18/2019 | Free | View in iTunes |
141 |
CleanBlockchain at CMU and Beyond | Beyond its financial hype, researchers are exploring and understanding the promise of Blockchain technologies. In this SEI Podcast, Eliezer Kanal and Eugene Leventhal discuss blockchain research at Carnegie Mellon University and beyond. | 2/18/2019 | Free | View in iTunes |
142 | CleanVideoLeading in the Age of Artificial Intelligence | Tom Longstaff, who in 2018 was hired as the SEI’s chief technology officer, discusses the challenges of leading a technical organization in the age of artificial intelligence. | 2/15/2019 | Free | View in iTunes |
143 |
CleanDeep Learning in Depth: The Future of Deep Learning | Ritwik Gupta and Carson Sestili discuss the future of deep learning. “Here is amazing research being done all over the world on how we make what is called explainable AI. How do we explain what the deep learning is trying to do? This is a problem... | 11/28/2018 | Free | View in iTunes |
144 |
CleanDeep Learning in Depth: Adversarial Machine Learning | Ritwik Gupta of the SEI’s Emerging Technology Center and Carson Sestili, formerly of the SEI’s CERT Division and now with Google, discuss adversarial machine learning. | 11/27/2018 | Free | View in iTunes |
145 |
CleanSystem Architecture Virtual Integration: ROI on Early Discovery of Defects | Peter Feiler discusses the cost savings (26.1 percent) realized when using the System Architecture Virtual Integration approach on the development of software-reliant systems for aircraft. “If you discover [software defects] at system integration... | 11/15/2018 | Free | View in iTunes |
146 |
CleanDeep Learning in Depth: The Importance of Diverse Perspectives | Ritwik Gupta of the SEI’s Emerging Technology Center and Carson Sestili, formerly of the SEI’s CERT Division and now with Google, discuss the importance of diverse perspectives in deep learning. “If you feel like I am an OK programmer, but I am.. | 11/7/2018 | Free | View in iTunes |
147 |
CleanA Technical Strategy for Cybersecurity | Roberta “Bobbie” Stempfley, who was appointed director of the SEI’s CERT Division in June 2017, discusses a technical strategy for cybersecurity. “There is never enough time, money, power, resources—whatever it is—and we make design... | 11/4/2018 | Free | View in iTunes |
148 |
CleanBest Practices for Security in Cloud Computing | Don Faatz and Tim Morrow, researchers with the SEI’s CERT Division, outline best practices that organizations should use to address the vulnerabilities and risks in moving applications and data to cloud services. | 10/26/2018 | Free | View in iTunes |
149 |
CleanRisks, Threats, and Vulnerabilities in Moving to the Cloud | Tim Morrow and Donald Faatz outline the risks, threats, and vulnerabilities that organizations face when moving applications or data to the cloud. “If you look at large organizations like the DoD, they have embraced this. They are looking to buy... | 10/22/2018 | Free | View in iTunes |
150 |
CleanDeep Learning in Depth: IARPA's Functional Map of the World Challenge | Ritwik Gupta and Carson Sestili describe their use of deep learning in IARPA’s Functional Map of the World Challenge. “The idea is how can you take these very minute differences, not only in scale, but also in landscape, the buildings on there,... | 10/12/2018 | Free | View in iTunes |
151 |
CleanDeep Learning in Depth: Deep Learning versus Machine Learning | In this podcast excerpt, Ritwik Gupta and Carson Sestili describe deep learning and how it differs from machine learning. “As you compose more and more non-linear functions together, you can represent a much wider function space than you could with.. | 10/5/2018 | Free | View in iTunes |
152 |
CleanHow to Be a Network Traffic Analyst | Tim Shimeall and Timur Snoke, researchers in the SEI’s CERT Division, examine the role of the network traffic analyst in capturing and evaluating ever-increasing volumes of network data. “Part of it is the ability to use a wide variety of tools... | 9/14/2018 | Free | View in iTunes |
153 |
CleanWorkplace Violence and Insider Threat | Tracy Cassidy and Carrie Gardner, researchers with the CERT National Insider Threat Center, discuss research on using technology to detect an employee’s intent to cause physical harm. “A chronology naturally fell out that gave a temporal... | 8/28/2018 | Free | View in iTunes |
154 |
CleanWhy Does Software Cost So Much? | Mike Konrad and Bob Stoddard discuss an approach known as causal learning that can help the Department of Defense identify which factors cause software costs to escalate and, therefore, serve as a better basis for guidance on how to intervene. | 8/2/2018 | Free | View in iTunes |
155 |
CleanCybersecurity Engineering & Software Assurance: Opportunities & Risks | Carol Woody discusses opportunities and risks in cybersecurity engineering, software assurance, and the resulting CERT Cybersecurity Engineering and Software Assurance Professional Certificate. | 7/26/2018 | Free | View in iTunes |
156 |
CleanSoftware Sustainment and Product Lines | Mike Phillips and Harry Levinson examine the intersection of three themes that emerged during the SEI’s work with one government program: product line practices, software sustainment, and public-private partnerships. | 7/10/2018 | Free | View in iTunes |
157 |
CleanBest Practices in Cyber Intelligence | Jared Ettinger describes preliminary findings and best practices in cyber intelligence identified through a study sponsored by the U.S. Office of the Director of National Intelligence. | 6/25/2018 | Free | View in iTunes |
158 |
CleanDeep Learning in Depth: The Good, the Bad, and the Future | Ritwik Gupta and Carson Sestili describe deep learning, a popular and quickly growing subfield of machine learning. | 6/7/2018 | Free | View in iTunes |
159 |
CleanThe Evolving Role of the Chief Risk Officer | Summer Fowler and Ari Lightman discuss the evolving role of the chief risk officer and a Chief Risk Officer Program that is developed and delivered jointly by CMU’s Heinz College of Information Systems and the SEI’s CERT Division. | 5/24/2018 | Free | View in iTunes |
160 |
CleanObsidian: A Safer Blockchain Programming Language | Eliezer Kanal and Michael Coblenz discuss the creation of Obsidian, a novel programming language specifically tailored to secure blockchain software development that significantly reduces the risk of coding errors. | 5/10/2018 | Free | View in iTunes |
161 |
CleanAgile DevOps | Eileen Wrubel and Hasan Yasar discuss how Agile and DevOps can be deployed together to meet organizational needs. | 4/19/2018 | Free | View in iTunes |
162 |
CleanKicking Butt in Computer Science: Women in Computing at Carnegie Mellon University | Carol Frieze, Grace Lewis, and Jeria Quesenberry discuss CMU’s approach to creating a more inclusive environment for all computer science students, regardless of gender. | 4/5/2018 | Free | View in iTunes |
163 |
CleanIs Software Spoiling Us? Technical Innovations in the Department of Defense | In this podcast, the panel discusses technical innovations that can be applied to the Department of Defense including improved situational awareness, human-machine interactions, artificial intelligence, machine learning, data, and continuous integration | 3/15/2018 | Free | View in iTunes |
164 |
CleanIs Software Spoiling Us? Innovations in Daily Life from Software | In this podcast, which was excerpted from the webinar Is Software Spoiling Us?, the panel discusses awesome innovations in daily life that are made possible because of software. | 2/8/2018 | Free | View in iTunes |
165 |
CleanHow Risk Management Fits into Agile & DevOps in Government | In this podcast, Eileen Wrubel, technical lead for the SEI's Agile-in-Government program leads a roundtable discussion into how Agile, DevOps, and the Risk Management Framework can work together. | 2/1/2018 | Free | View in iTunes |
166 |
Clean5 Best Practices for Preventing and Responding to Insider Threat | Randy Trzeciak, technical manager of the CERT National Insider Threat Center, discusses five best practices for preventing and responding to insider threat. | 12/28/2017 | Free | View in iTunes |
167 |
CleanPharos Binary Static Analysis: An Update | Jeff Gennari discusses updates to the Pharos framework, which automates reverse engineering of malware analysis, including new tools, improvements, and bug fixes. | 12/12/2017 | Free | View in iTunes |
168 |
CleanPositive Incentives for Reducing Insider Threat | Andrew Moore and Daniel Bauer highlight results from our recent research that suggests organizations need to take a more holistic approach to mitigating insider threat. | 11/30/2017 | Free | View in iTunes |
169 |
CleanMission-Practical Biometrics | Satya Venneti presents exploratory research undertaken by the SEI's Emerging Technology Center to design algorithms to extract heart rate from video capture of non-stationary subjects in real-time. | 11/16/2017 | Free | View in iTunes |
170 |
CleanAt Risk Emerging Technology Domains | In this podcast, CERT vulnerability analyst Dan Klinedinst discusses research aimed at helping the Department of Homeland Security United States Computer Emergency Readiness Team (US-CERT) understand future technologies and their risks. | 10/24/2017 | Free | View in iTunes |
171 |
CleanDNS Blocking to Disrupt Malware | In this podcast, CERT researcher Vijay Sarvepalli explores Domain Name System or DNS Blocking, the idea of disrupting communications from malicious code such as ransomware that is used to lock up your digital assets. | 10/12/2017 | Free | View in iTunes |
172 |
CleanBest Practices: Network Border Protection | In this podcast, the latest in a series on best practices for network security, Rachel Kartch explores best practices for network border protection at the Internet router and firewall. | 9/21/2017 | Free | View in iTunes |
173 |
CleanVerifying Software Assurance with IBM’s Watson | In this podcast, Mark Sherman discusses research aimed at examining whether developers could build an IBM Watson application to support an assurance review. | 9/7/2017 | Free | View in iTunes |
174 |
CleanThe CERT Software Assurance Framework | In this podcast, Carol Woody and Christopher Alberts introduce the prototype Software Assurance Framework, a collection of cybersecurity practices that programs can apply across the acquisition lifecycle and supply chain. | 8/31/2017 | Free | View in iTunes |
175 |
CleanScaling Agile Methods | In this podcast, Will Hayes and Eileen Wrubel present five perspectives on scaling Agile from leading thinkers in the field, including Scott Ambler, Steve Messenger, Craig Larman, Jeff Sutherland, and Dean Leffingwell. | 8/3/2017 | Free | View in iTunes |
176 |
CleanRansomware: Best Practices for Prevention and Response | In this podcast, CERT researchers spell out several best practices for prevention and response to a ransomware attack. | 7/14/2017 | Free | View in iTunes |
177 |
CleanIntegrating Security in DevOps | In this podcast, Hasan Yasar discusses how Secure DevOps attempts to shift the paradigm for tough security problems from following rules to creatively determining solutions. | 6/29/2017 | Free | View in iTunes |
178 |
CleanSEI Fellows Series: Peter Feiler | Peter Feiler was named an SEI Fellow in August 2016. This podcast is the second in a series highlighting interviews with SEI Fellows. | 6/15/2017 | Free | View in iTunes |
179 |
CleanNTP Best Practices | In this podcast, Timur Snoke explores the challenges of NTP and prescribes some best practices for securing accurate time with this protocol. | 5/25/2017 | Free | View in iTunes |
180 |
CleanEstablishing Trust in Disconnected Environments | In this podcast, Grace Lewis presents a solution for establishing trusted identities in disconnected environments based on secure key generation and exchange in the field, as well as an evaluation and implementation of the solution. | 5/18/2017 | Free | View in iTunes |
181 |
CleanDistributed Artificial Intelligence in Space | In this podcast, James Edmondson discusses his work to bring distributed artificial intelligence to a next generation, renewable power grid in space. | 4/20/2017 | Free | View in iTunes |
182 |
CleanVerifying Distributed Adaptive Real-Time Systems | In this podcast, James Edmondson and Sagar Chaki describe an architecture and approach to engineering high-assurance software for Distributed Adaptive Real-Time (DART) systems. | 3/27/2017 | Free | View in iTunes |
183 |
Clean10 At-Risk Emerging Technologies | Researchers in the SEI's CERT Division recently examined the security of a large swath of technology domains being developed in industry and maturing over the next five years. | 3/23/2017 | Free | View in iTunes |
184 |
CleanTechnical Debt as a Core Software Engineering Practice | In this podcast, Ipek Ozkaya talks about managing technical debt as a core software engineering practice and its importance in the education of future software engineers. | 2/27/2017 | Free | View in iTunes |
185 |
CleanDNS Best Practices | In this podcast, Mark Langston discusses best practices for designing a secure, reliable DNS infrastructure. | 2/23/2017 | Free | View in iTunes |
186 |
CleanThree Roles and Three Failure Patterns of Software Architects | This podcast explores three roles and three failure patterns of software architects that he has observed working with industry and government software projects. | 1/26/2017 | Free | View in iTunes |
187 |
CleanSecurity Modeling Tools | In this podcast, Julien Delange discusses security modeling tools that his team developed and how to use them to capture vulnerabilities and their propagation path in an architecture. | 1/12/2017 | Free | View in iTunes |
188 |
CleanBest Practices for Preventing and Responding to Distributed Denial of Service (DDoS) Attacks | In this podcast, CERT researcher Rachel Kartch provides an overview of DDoS attacks and best practices for mitigating and responding to them. | 12/19/2016 | Free | View in iTunes |
189 |
CleanCyber Security Engineering for Software and Systems Assurance | In this podcast Nancy Mead and Carol Woody discuss their new book, Cyber Security Engineering: A Practical Approach for Systems and Software Assurance, which introduces a set of seven principles for software assurance. | 12/8/2016 | Free | View in iTunes |
190 |
CleanMoving Target Defense | In this podcast, Andrew Mellinger, a senior software developer in the SEI's Emerging Technology Center discusses work to develop a platform to organize dynamic defenses. | 11/30/2016 | Free | View in iTunes |
191 |
CleanImproving Cybersecurity Through Cyber Intelligence | In this podcast, Jared Ettinger of the SEI's Emerging Technology Center (ETC) talks about the ETC's work in cyber intelligence as well as the Cyber Intelligence Research Consortium. | 11/10/2016 | Free | View in iTunes |
192 |
CleanA Requirement Specification Language for AADL | In this podcast, Peter Feiler describes a textual requirement specification language for the Architecture Analysis & Design Language (AADL) called ReqSpec. | 10/27/2016 | Free | View in iTunes |
193 |
CleanBecoming a CISO: Formal and Informal Requirements | In this podcast, Darrell Keeling, Vice President of Information Security and HIPAA Security Officer at Parkview Health, discusses the knowledge, skills, and abilities needed to become a CISO in today's fast-paced cybersecurity field. | 10/19/2016 | Free | View in iTunes |
194 |
CleanPredicting Quality Assurance with Software Metrics and Security Methods | In this podcast, Dr. Carol Woody explores the connection between measurement, methods for software assurance, and security. | 10/13/2016 | Free | View in iTunes |
195 |
CleanNetwork Flow and Beyond | In this podcast, Timothy Shimeall discusses approaches for analyzing network security using and going beyond network flow data to gain situational awareness to improve security. | 9/29/2016 | Free | View in iTunes |
196 |
CleanA Community College Curriculum for Secure Software Development | In this podcast, Girish Seshagiri discusses a two-year community college software assurance program that he developed and facilitated with SEI Fellow Nancy Mead at Illinois Central College. | 9/15/2016 | Free | View in iTunes |
197 |
CleanSecurity and the Internet of Things | In this podcast, CERT researcher Art Manion discusses work that his team is doing with the Department of Homeland Security to examine and secure IoT devices. | 8/25/2016 | Free | View in iTunes |
198 |
CleanThe SEI Fellow Series: Nancy Mead | This podcast is the first in a series highlighting interviews with SEI Fellows. | 8/10/2016 | Free | View in iTunes |
199 |
CleanAn Open Source Tool for Fault Tree Analysis | In this podcast, Dr. Julien Delange discusses fault tree analysis and introduces a new tool to design and analyze fault trees. | 7/28/2016 | Free | View in iTunes |
200 |
CleanGlobal Value Chain – An Expanded View of the ICT Supply Chain | In this podcast, Edna Conway and John Haller discuss the global value chain for organizations and critical infrastructures and how this expanded view can be used to improve ICT supply chain management, including risks to the supply chain. | 7/18/2016 | Free | View in iTunes |
201 |
CleanIntelligence Preparation for Operational Resilience | In this podcast, Douglas Gray, a member of the CERT Cyber Risk Management team, discusses how to operationalize intelligence products to build operational resilience of organizational assets and services using IPOR. | 6/21/2016 | Free | View in iTunes |
202 |
CleanEvolving Air Force Intelligence with Agile Techniques | In this podcast, Harry Levinson discusses the SEI's work with the Air Force to further evolve the AF DCGS system using Agile techniques working in incremental, iterative approaches to deliver more frequent, more manageable deliveries of capability. | 5/26/2016 | Free | View in iTunes |
203 |
CleanThreat Modeling and the Internet of Things | Art Manion and Allen Householder of the CERT Vulnerability Analysis team, talk about threat modeling and its use in improving the security of the Internet of Things (IoT). | 5/12/2016 | Free | View in iTunes |
204 |
CleanOpen Systems Architectures: When & Where to Be Closed | Don Firesmith discusses how acquisition professionals and system integrators can apply OSA practices to effectively decompose large, monolithic business and technical architectures into manageable and modular solutions. | 4/14/2016 | Free | View in iTunes |
205 |
CleanEffective Reduction of Avoidable Complexity in Embedded Systems | Dr. Julien Delange discusses the Effective Reduction of Avoidable Complexity in Embedded Systems (ERACES) project, which aims to identify and remove complexity in software models. | 3/18/2016 | Free | View in iTunes |
206 |
CleanToward Efficient and Effective Software Sustainment | Mike Phillips discusses effective sustainment engineering efforts in the Army and Air Force, using examples from across their software engineering centers and how they tie in to SEI research. | 3/18/2016 | Free | View in iTunes |
207 |
CleanQuality Attribute Refinement and Allocation | Dr. Neil Ernst discusses industry practices such as slicing and ratcheting used to develop business capabilities and suggests approaches to enable large-scale iteration. | 3/8/2016 | Free | View in iTunes |
208 |
CleanIs Java More Secure Than C? | In this podcast, CERT researcher David Svoboda analyzes secure coding rules for both C and Java to determine if they indeed refute the conventional wisdom that Java is more secure than C. | 2/19/2016 | Free | View in iTunes |
209 |
CleanIdentifying the Architectural Roots of Vulnerabilities | In this podcast, Rick Kazman and Carol Woody discuss an approach for identifying architecture debt in a large-scale industrial software project by modeling software architecture as design rule spaces. | 2/4/2016 | Free | View in iTunes |
210 |
CleanBuild Security In Maturity Model (BSIMM) – Practices from Seventy Eight Organizations | In this podcast, Gary McGraw, the Chief Technology Officer for Cigital, discusses the latest version of BSIMM and how to take advantage of observed practices from high-performing organizations. | 2/3/2016 | Free | View in iTunes |
211 |
CleanAn Interview with Grady Booch | During a recent visit to the SEI, Grady Booch, chief scientist for IBM and author of the Unified Modeling Language, sat down for an interview with SEI Fellow Nancy Mead for the SEI Podcast Series. | 1/12/2016 | Free | View in iTunes |
212 |
CleanStructuring the Chief Information Security Officer Organization | In this podcast, Nader Mehravari and Julia Allen, members of the CERT Cyber Risk Management team, discuss an effective approach for defining a CISO team structure and functions for large, diverse organizations. | 12/23/2015 | Free | View in iTunes |
213 |
CleanHow Cyber Insurance Is Driving Risk and Technology Management | In this podcast, Chip Block, Vice President at Evolver, discusses the growth of the cyber insurance industry and how it is beginning to drive the way that organizations manage risk and invest in technologies. | 11/9/2015 | Free | View in iTunes |
214 |
CleanA Field Study of Technical Debt | In this podcast, Dr. Neil Ernst discusses the findings of a recent field study to assess the state of the practice and current thinking regarding technical debt and guide the development of a technical debt timeline. | 10/15/2015 | Free | View in iTunes |
215 |
CleanHow the University of Pittsburgh Is Using the NIST Cybersecurity Framework | In this podcast, Sean Sweeney, Information Security Officer (ISO) for the University of Pittsburgh (PITT), discusses their use of the NIST (National Institute of Standards and Technology) CSF (Cybersecurity Framework). | 10/1/2015 | Free | View in iTunes |
216 |
CleanA Software Assurance Curriculum for Future Engineers | In this podcast, Nancy Mead discusses how, with support from the Department of Homeland Security, SEI researchers developed software assurance curricula and programs for graduate, undergraduate, and community colleges. | 9/24/2015 | Free | View in iTunes |
217 |
CleanFour Types of Shift Left Testing | In this podcast, Donald Firesmith explains the importance of shift left testing and defines four approaches using variants of the classic V model to illustrate them. | 9/10/2015 | Free | View in iTunes |
218 |
CleanCapturing the Expertise of Cybersecurity Incident Handlers | In this podcast, Dr. Richard Young, a professor with CMU, and Sam Perl, a member of the CERT Division, discuss their research on how expert cybersecurity incident handlers react when faced with an incident. | 8/27/2015 | Free | View in iTunes |
219 |
CleanToward Speed and Simplicity: Creating a Software Library for Graph Analytics | In this podcast, Scott McMillan and Eric Werner of the SEI's Emerging Technology Center discuss work to create a software library for graph analytics that would take advantage of more powerful heterogeneous supercomputers. | 8/27/2015 | Free | View in iTunes |
220 |
CleanImproving Quality Using Architecture Fault Analysis with Confidence Arguments | The case study shows that by combining an analytical approach with confidence maps, we can present a structured argument that system requirements have been met and problems in the design have been addressed adequately. | 8/13/2015 | Free | View in iTunes |
221 |
CleanA Taxonomy of Testing Types | In this podcast, Donald Firesmith introduces a taxonomy of testing types to help testing stakeholders understand and select those that are best for their specific programs. | 7/30/2015 | Free | View in iTunes |
222 |
CleanReducing Complexity in Software & Systems | In this podcast, Sarah Sheard discusses research to investigate the nature of complexity, how it manifests in software-reliant systems such as avionics, how to measure it, and how to tell when too much complexity might lead to safety problems. | 7/16/2015 | Free | View in iTunes |
223 |
CleanDesigning Security Into Software-Reliant Systems | In this podcast, CERT researcher Christopher Alberts introduces the SERA Framework, a systematic approach for analyzing complex security risks in software-reliant systems and systems of systems early in the lifecycle. | 6/25/2015 | Free | View in iTunes |
224 |
CleanAgile Methods in Air Force Sustainment | This podcast Eileen Wrubel highlights research examining Agile techniques in the software sustainment arena—specifically Air Force programs. | 6/11/2015 | Free | View in iTunes |
225 |
CleanDefect Prioritization With the Risk Priority Number | In this podcast, Will Hayes and Julie Cohen discuss a generalized technique that could be used with any type of system to assist the program office in addressing and resolving the conflicting views and creating a better value system for defining release | 5/28/2015 | Free | View in iTunes |
226 |
CleanSEI-HCII Collaboration Explores Context-Aware Computing for Soldiers | Dr. Jeff Boleng and Dr. Anind Dey discuss joint research to understand the mission, role, and task of dismounted soldiers using context derived from sensors on them and their mobile devices. | 5/14/2015 | Free | View in iTunes |
227 |
CleanAn Introduction to Context-Aware Computing | Dr. Anind Dey and Dr. Jeff Boleng introduce context-aware computing and explore issues related to sensor-fueled data in the internet of things. | 4/23/2015 | Free | View in iTunes |
228 |
CleanData Driven Software Assurance | In 2012, SEI researchers began investigating vulnerabilities reported to the SEI's CERT Division. A research project was launched to investigate design-related vulnerabilities and quantify their effects. | 4/9/2015 | Free | View in iTunes |
229 |
CleanApplying Agile in the DoD: Twelfth Principle | In this episode, Suzanne Miller and Mary Ann Lapham explore the application of the 12th Agile principle in the Department of Defense. | 3/26/2015 | Free | View in iTunes |
230 |
CleanSupply Chain Risk Management: Managing Third Party and External Dependency Risk | In this podcast, Matt Butkovic and John Haller discuss approaches for more effectively managing supply chain risks, focusing on risks arising from “external entities that provide, sustain, or operate Information and Communications Technology (ICT)." | 3/26/2015 | Free | View in iTunes |
231 |
CleanIntroduction to the Mission Thread Workshop | In this podcast, Mike Gagliardi introduces the Mission Thread Workshop, a method for understanding architectural and engineering considerations for developing and sustaining systems of systems. | 3/12/2015 | Free | View in iTunes |
232 |
CleanApplying Agile in the DoD: Eleventh Principle | In this podcast, the tenth in a series by Suzanne Miller and Mary Ann Lapham exploring the application of Agile principles in the Department of Defense, the two researchers discuss the application of the eleventh principle: | 2/26/2015 | Free | View in iTunes |
233 |
CleanA Workshop on Measuring What Matters | This podcast summarizes the inaugural Measuring What Matters Workshop conducted in November 2014, and the team's experiences planning and executing the workshop, and identifying improvements for future offerings. | 2/20/2015 | Free | View in iTunes |
234 |
CleanApplying Agile in the DoD: Tenth Principle | In this podcast, part of an ongoing series, Mary Ann Lapham and Suzanne Miller discuss the application of the tenth Agile principle: Simplicity—the art of maximizing the amount of work done done—is essential. | 2/12/2015 | Free | View in iTunes |
235 |
CleanPredicting Software Assurance Using Quality and Reliability Measures | In this podcast, the authors discuss how a combination of software development and quality techniques can improve software security. | 1/29/2015 | Free | View in iTunes |
236 |
CleanApplying Agile in the DoD: Ninth Principle | In this episode, Suzanne Miller and Mary Ann Lapham discuss the application of the ninth Agile principle, "Continuous attention to technical excellence and good design enhances Agile." | 1/16/2015 | Free | View in iTunes |
237 |
CleanCyber Insurance and Its Role in Mitigating Cybersecurity Risk | In this podcast, Jim Cebula and David White discuss cyber insurance and its potential role in reducing operational and cybersecurity risk. | 1/8/2015 | Free | View in iTunes |
238 |
CleanAADL and Dassault Aviation | In this podcast, Peter Feiler and Thierry Cornilleau discuss their experiences with the Architecture Analysis and Design Language. | 12/18/2014 | Free | View in iTunes |
239 |
CleanTactical Cloudlets | In this podcast, Grace Lewis discusses five approaches that her team developed and tested for using tactical cloudlets as a strategy for providing infrastructure to support computation offload and data staging at the tactical edge. | 12/4/2014 | Free | View in iTunes |
240 |
CleanAgile Software Teams and How They Engage with Systems Engineering on DoD Acquisition Programs | In this podcast, Eileen Wrubel and Suzanne Miller discuss issues with Agile software teams engaging systems engineering functions in developing and acquiring software-reliant systems. | 11/27/2014 | Free | View in iTunes |
241 |
CleanCoding with AADL | In this podcast, Julien Delange summarizes different perspectives on research related to code generation from software architecture models. | 11/13/2014 | Free | View in iTunes |
242 |
CleanThe State of Agile | In this podcast, Alistair Cockburn, an Agile pioneer and one of the original signers of the Agile Manifesto, and SEI principal researcher Suzanne Miller discuss the current state of Agile adoption. | 10/30/2014 | Free | View in iTunes |
243 |
CleanApplying Agile in the DoD: Eighth Principle | In this episode, the eighth in a series exploring Agile principles across the DoD, Suzanne Miller and Mary Ann Lapham discuss the eighth Agile principle. | 10/9/2014 | Free | View in iTunes |
244 |
CleanA Taxonomy of Operational Risks for Cyber Security | In this podcast, James Cebula describes how to use a taxonomy to increase confidence that your organization is identifying cyber security risks. | 10/7/2014 | Free | View in iTunes |
245 |
CleanAgile Metrics | In this podcast Will Hayes and Suzanne Miller discuss research intended to aid U. S. Department of Defense acquisition professionals in the use of Agile software development methods. | 9/25/2014 | Free | View in iTunes |
246 |
CleanFour Principles for Engineering Scalable, Big Data Systems | In this podcast, Ian Gorton describes four general principles that hold for any scalable, big data system. | 9/11/2014 | Free | View in iTunes |
247 |
CleanAn Appraisal of Systems Engineering: Defense v. Non-Defense | In this podcast, Joseph P. Elm analyzes differences in systems-engineering activities for defense and non-defense projects and finds differences in both deployment and effectiveness. | 8/28/2014 | Free | View in iTunes |
248 |
CleanHTML5 for Mobile Apps at the Edge | In this podcast, Grace Lewis discusses research that explores the feasibility of using HTML5 for developing mobile applications, for "edge" environments where resources and connectivity are uncertain, such as in the battlefield. | 8/14/2014 | Free | View in iTunes |
249 |
CleanApplying Agile in the DoD: Seventh Principle | In this podcast, Suzanne Miller and Mary Ann Lapham explore the application of the seventh Agile principle in the Department of Defense, working software is the primary measure of progress. | 7/24/2014 | Free | View in iTunes |
250 |
CleanAADL and Edgewater | In this podcast, Peter Feiler and Serban Gheorghe of Edgewater discuss their work on the Architecture Analysis and Design Language. | 7/10/2014 | Free | View in iTunes |
251 |
CleanSecurity and Wireless Emergency Alerts | In this podcast Carol Woody and Christopher Alberts discuss guidelines that they developed to ensure that the WEA service remains robust and resilient against cyber attacks. | 6/26/2014 | Free | View in iTunes |
252 |
CleanSafety and Behavior Specification Using the Architecture Analysis and Design Language | Julien Delange discusses two extensions to the Architecture Analysis and Design Language: the behavior annex and the error-model annex. | 6/12/2014 | Free | View in iTunes |
253 |
CleanApplying Agile in the DoD: Sixth Principle | In this podcast, Suzanne Miller and Mary Ann Lapham discuss the application of the sixth Agile principle in the Department of Defense. | 5/29/2014 | Free | View in iTunes |
254 |
CleanCharacterizing and Prioritizing Malicious Code | In this podcast, Jose Morales discusses how to prioritize malware samples, helping analysts to identify the most destructive malware to examine first. | 5/29/2014 | Free | View in iTunes |
255 |
CleanUsing Quality Attributes to Improve Acquisition | In this podcast, Patrick Place describes research aimed at determining how acquisition quality attributes can be expressed and used to facilitate alignment among the software architecture and acquisition strategy. | 5/15/2014 | Free | View in iTunes |
256 |
CleanBest Practices for Trust in the Wireless Emergency Alerts Service | In this podcast, CERT researchers Robert Ellison and Carol Woody discuss research aimed at increasing alert originators' trust in the WEA service and the public's trust in the alerts that they receive. | 4/29/2014 | Free | View in iTunes |
257 |
CleanThree Variations on the V Model for System and Software Testing | In this podcast, Don Firesmith presents three variations on the V model of software or system development. | 4/10/2014 | Free | View in iTunes |
258 |
CleanAdapting the PSP to Incorporate Verified Design by Contract | In this podcast, Bill Nichols discusses a proposal for integrating the Verified Design by Contract method into PSP to reduce the number of defects present at the unit-esting phase, while preserving or improving productivity. | 3/27/2014 | Free | View in iTunes |
259 |
CleanComparing IT Risk Assessment and Analysis Methods | In this podcast, the presenters discuss IT risk assessment and analysis, and comparison factors for selecting methods that are a good fit for your organization. | 3/25/2014 | Free | View in iTunes |
260 |
CleanAADL and Aerospace | In this podcast, Peter Feiler and Myron Hecht discuss the use of AADL by the Aerospace Corporation. | 3/13/2014 | Free | View in iTunes |
261 |
CleanAssuring Open Source Software | In this podcast, Kate Ambrose Sereno and Naomi Anderson discuss research aimed at developing adoptable, evidence-based, data-driven approaches to evaluating (open source) software. | 2/27/2014 | Free | View in iTunes |
262 |
CleanSecurity Pattern Assurance through Roundtrip Engineering | In this podcast, Rick Kazman discusses these challenges and a solution he has developed for achieving system security qualities through use of patterns. | 2/13/2014 | Free | View in iTunes |
263 |
CleanThe Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) | ES-C2M2 helps improve the operational resilience of the U.S. power grid. | 2/11/2014 | Free | View in iTunes |
264 |
CleanApplying Agile in the DoD: Fifth Principle | In this episode, the fifth in a series, Suzanne Miller and Mary Ann Lapham discuss the application of the fifth principle, Build projects around motivated individuals. | 1/30/2014 | Free | View in iTunes |
265 |
CleanSoftware Assurance Cases | In this podcast, Charles Weinstock introduces assurance cases and how they can be used to assure safety, security, and reliability. | 1/16/2014 | Free | View in iTunes |
266 |
CleanRaising the Bar - Mainstreaming CERT C Secure Coding Rules | In this podcast, Robert Seacord describes the CERT-led effort to publish an ISO/IEC technical specification for secure coding rules for compilers and analyzers. | 1/7/2014 | Free | View in iTunes |
267 |
CleanAADL and Télécom Paris Tech | Real-World Applications of the Architecture Analysis and Design Language (AADL) | 12/26/2013 | Free | View in iTunes |
268 |
CleanFrom Process to Performance-Based Improvement | In this podcast, Tim Chick and Gene Miluk discuss methodology and outputs of the Checkpoint Diagnostic, a tool that provides organizations with actionable performance related information and analysis closely linked to business value. | 12/12/2013 | Free | View in iTunes |
269 |
CleanAn Approach to Managing the Software Engineering Challenges of Big Data | In this episode, Ian Gorton and John Klein discuss big data and the challenges it presents for software engineers. With help from fellow SEI researchers, the two have developed a lightweight risk reduction approach to help software engineers manage the | 11/27/2013 | Free | View in iTunes |
270 |
CleanUsing the Cyber Resilience Review to Help Critical Infrastructures Better Manage Operational Resilience | In this podcast, the presenters explain how CRRs allow critical infrastructure owners to compare their cybersecurity performance with their peers. | 11/26/2013 | Free | View in iTunes |
271 |
CleanSituational Awareness Mashups | In this podcast Soumya Simanta describes research aimed at creating a software prototype that allows warfighters and first responders to rapidly integrate or mash geo-tagged situational awareness data from multiple remote data sources. | 11/14/2013 | Free | View in iTunes |
272 |
CleanApplying Agile in the DoD: Fourth Principle | In this episode, the fourth in a series about the application of agile principles in the DOD, Suzanne Miller and Mary Ann Lapham discuss the application of the fourth principle, "Business people and developers must work together daily." | 10/31/2013 | Free | View in iTunes |
273 |
CleanArchitecting Systems of the Future | In this episode, Eric Werner discusses research that he and several of his colleagues are conducting to help software developers create systems for the many-core central processing units in massively parallel computing environments. | 10/17/2013 | Free | View in iTunes |
274 |
CleanAcquisition Archetypes | In this episode, Bill Novak talks about his work with acquisition archetypes and how they can be used to help government programs avoid problems in software development and systems acquisition. | 9/26/2013 | Free | View in iTunes |
275 |
CleanHuman-in-the-Loop Autonomy | In this episode, James Edmondson discusses his research on autonomous systems, specifically robotic systems and autonomous systems for robotic systems. | 9/12/2013 | Free | View in iTunes |
276 |
CleanMobile Applications for Emergency Managers | Learn about the SEI's Advanced Mobile Systems Team's work with the Huntingdon County, Pennsylvania, Emergency Management Agency. | 8/29/2013 | Free | View in iTunes |
277 |
CleanWhy Use Maturity Models to Improve Cybersecurity: Key Concepts, Principles, and Definitions | In this podcast, Rich Caralli explains how maturity models provide measurable value in improving an organization's cybersecurity capabilities. | 8/27/2013 | Free | View in iTunes |
278 |
CleanApplying Agile in the DoD: Third Principle | A discussion of the application of the third Agile principle, "Deliver working software frequently, from a couple of weeks to a couple of months, with a preference to the shorter timescale." | 8/15/2013 | Free | View in iTunes |
279 |
CleanDevOps - Transform Development and Operations for Fast, Secure Deployments | In this podcast, Gene Kim explains how the "release early, release often" approach significantly improves software performance, stability, and security. | 7/30/2013 | Free | View in iTunes |
280 |
CleanApplication Virtualization as a Strategy for Cyber Foraging | In this podcast, researcher Grace Lewis discusses application virtualization as a more lightweight alternative to VM synthesis for cloudlet provisioning. | 7/25/2013 | Free | View in iTunes |
281 |
CleanCommon Testing Problems: Pitfalls to Prevent and Mitigate | Don Firesmith discusses problems that occur during testing as well as a framework that lists potential symptoms by which each can be recognized, potential negative consequences, and potential causes, and makes recommendations for preventing them. | 7/11/2013 | Free | View in iTunes |
282 |
CleanJoint Programs and Social Dilemmas | In this episode, SEI researcher Bill Novak discusses joint programs and social dilemmas, which have become increasingly common in defense acquisition, and the ways in joint program outcomes can be affected by their underlying structure. | 6/27/2013 | Free | View in iTunes |
283 |
CleanApplying Agile in the DoD: Second Principle | In this episode, SEI researchers discuss the application of the second Agile rinciple, “Welcome changing requirements, even late in development. | 6/13/2013 | Free | View in iTunes |
284 |
CleanManaging Disruptive Events - CERT-RMM Experience Reports | In this podcast, the participants describe four experience reports that demonstrate how the CERT-RMM can be applied to manage operational risks. | 6/11/2013 | Free | View in iTunes |
285 |
CleanReliability Validation and Improvement Framework | In this podcast, Peter Feiler discusses his recent work to improve the quality of software-reliant systems through an approach known as the Reliability Validation and Improvement Framework. | 5/23/2013 | Free | View in iTunes |
286 |
CleanThe Business Case for Systems Engineering | Joe Elm discusses the results of a recent technical report, which establishes clear links between the application of systems engineering (SE) best practices to projects and programs and the performance of those projects and programs. | 5/9/2013 | Free | View in iTunes |
287 |
CleanUsing a Malware Ontology to Make Progress Towards a Science of Cybersecurity | In this podcast, Dave Mundie explains why a common language is essential to developing a shared understanding to better analyze malicious code. | 5/9/2013 | Free | View in iTunes |
288 |
CleanApplying Agile in the DoD: First Principle | In this episode, Suzanne Miller and Mary Ann Lapham discuss the application of the first Agile principle, "Our highest priority is to satisfy the customer through early and continuous delivery of valuable software." | 4/18/2013 | Free | View in iTunes |
289 |
CleanThe Evolution of a Science Project | In this podcast, Bill Novak and Andy Moore describe a recent technical report, The Evolution of a Science Project, which intends to improve acquisition staff decision-making. | 4/4/2013 | Free | View in iTunes |
290 |
CleanSecuring Mobile Devices aka BYOD | In this podcast, Joe Mayes discusses how to ensure the security of personal mobile devices that have access to enterprise networks. | 3/26/2013 | Free | View in iTunes |
291 |
CleanWhat's New With Version 2 of the AADL Standard? | In this podcast, Peter Feiler discusses the latest changes to the Architecture Analysis & Design Language (AADL) standard. | 3/21/2013 | Free | View in iTunes |
292 |
CleanThe State of the Practice of Cyber Intelligence | In this podcast, Troy Townsend and Jay McAllister discuss their findings on the state of the practice of cyber intelligence. | 3/7/2013 | Free | View in iTunes |
293 |
CleanMitigating Insider Threat - New and Improved Practices Fourth Edition | In this podcast, participants explain how 371 cases of insider attacks led to 4 new and 15 updated best practices for mitigating insider threats. | 2/28/2013 | Free | View in iTunes |
294 |
CleanTechnology Readiness Assessments | Michael Bandor discusses technology readiness assessments, which the DoD defines as a formal, systematic, metrics-based process and accompanying report that assess the maturity of critical hardware and software technologies to be used in systems. | 2/21/2013 | Free | View in iTunes |
295 |
CleanStandards in Cloud Computing Interoperability | In this podcast, Grace Lewis discusses her latest research exploring the role of standards in cloud-computing interoperability. | 2/7/2013 | Free | View in iTunes |
296 |
CleanManaging Disruptive Events: Demand for an Integrated Approach to Better Manage Risk | In this podcast, Nader Mehravari describes how governments and markets are calling for the integration of plans for and responses to disruptive events. | 1/31/2013 | Free | View in iTunes |
297 |
CleanThe Latest Developments in AADL | Julien Delange and Peter Feiler discuss the latest developments with the Architecture Analysis and Design Language (AADL) standard. | 1/17/2013 | Free | View in iTunes |
298 |
CleanThe Fundamentals of Agile | In this episode, Tim Chick, a senior member of the technical staff in the Team Software Process (TSP) initiative, discusses the fundamentals of agile, specifically what it means for an organization to be agile. | 1/3/2013 | Free | View in iTunes |
299 |
CleanSoftware for Soldiers who use Smartphones | In this episode, Ed Morris describes research to create a software application for smartphones that allows soldier end-users to program their smartphones to provide an interface tailored to the information they need for a specific mission. | 12/20/2012 | Free | View in iTunes |
300 |
CleanManaging Disruptive Events: Making the Case for Operational Resilience | In this podcast, Nader Mehravari describes how today's high-risk, global, fast, and very public business environment demands a more integrated approach. | 12/19/2012 | Free | View in iTunes |
301 |
CleanArchitecting Service-Oriented Systems | Grace Lewis discusses general guidelines for architecting service-oriented systems, how common service-oriented system components support these principles, and the effect these principles and their implementation have on system quality attributes. | 12/6/2012 | Free | View in iTunes |
302 |
CleanThe SEI Strategic Plan | In this podcast, Bill Scherlis discusses the development of the strategic plan of the SEI to advance the practice of software engineering for the DoD. | 11/15/2012 | Free | View in iTunes |
303 |
CleanQuantifying Uncertainty in Early Lifecycle Cost Estimation | In this podcast episode, Jim McCurley and Robert Stoddard discuss a new method developed by the SEI's Software Engineering Measurement and Analysis (SEMA) team, Quantifying Uncertainty in Early Lifecycle Cost Estimation (QUELCE). | 11/1/2012 | Free | View in iTunes |
304 |
CleanUsing Network Flow Data to Profile Your Network and Reduce Vulnerabilities | In this podcast, participants discuss how a network profile can help identify unintended points of entry, misconfigurations, and other weaknesses. | 10/23/2012 | Free | View in iTunes |
305 |
CleanArchitecting a Financial System with TSP | In this episode, Felix Bachmann and James McHale discuss their work on a project between the SEI and Bursatec to create a reliable and fast new trading system for Groupo Bolsa Mexicana de Valores, the Mexican Stock Exchange. | 10/18/2012 | Free | View in iTunes |
306 |
CleanThe Importance of Data Quality | In this episode, Dave Zubrow discusses the importance of data quality and research that his team is undertaking in this area. | 10/4/2012 | Free | View in iTunes |
307 |
CleanHow to More Effectively Manage Vulnerabilities and the Attacks that Exploit Them | In this podcast, Greg Crabb explains how CERT-RMM can be used to establish and meet resilience requirements for a wide range of business objectives. | 9/25/2012 | Free | View in iTunes |
308 |
CleanMisaligned Incentives | In this episode, Novak discusses misaligned incentives, misaligned people incentives in software acquisition programs, and how the wrong incentives can undermine acquisition programs and produce poor outcomes. | 9/20/2012 | Free | View in iTunes |
309 |
CleanAgile Acquisition | This podcast explores the SEI's research and work to assist the DoD in Agile acquisition. | 9/4/2012 | Free | View in iTunes |
310 |
CleanAn Architecture-Focused Measurement Framework for Managing Technical Debt | In this podcast, Ipek Ozkaya discusses the SEI's research on the strategic management of technical debt, which involves decisions made to defer necessary work during the planning or execution of a software project. | 9/4/2012 | Free | View in iTunes |
311 |
CleanCloud Computing for the Battlefield | Grace Lewis discusses her research to overcome challenges for battlefield computing by using cloudlets: localized, lightweight servers running one or more virtual machines on which soldiers can offload expensive computations from their handheld devices. | 9/4/2012 | Free | View in iTunes |
312 |
CleanHow a Disciplined Process Enhances & Enables Agility | In this podcast, Bill Nichols discusses how a disciplined process enables and enhances agility | 9/4/2012 | Free | View in iTunes |
313 |
CleanU.S. Postal Inspection Service Use of the CERT Resilience Management Model | In this podcast, Greg Crabb explains how CERT-RMM can be used to establish and meet resilience requirements for a wide range of business objectives. | 8/21/2012 | Free | View in iTunes |
314 |
CleanInsights from the First CERT Resilience Management Model Users Group | In this podcast, Lisa Young explains that implementing CERT-RMM requires well-defined improvement objectives, sponsorship, and more. | 7/17/2012 | Free | View in iTunes |
315 |
CleanNIST Catalog of Security and Privacy Controls, Including Insider Threat | In this podcast, participants discuss why security controls, including those for insider threat, are necessary to protect information and information systems. | 4/24/2012 | Free | View in iTunes |
316 |
CleanCisco's Adoption of CERT Secure Coding Standards | In this podcast, Martin Sebor explains how implementing secure coding standards is a sound business decision. | 2/28/2012 | Free | View in iTunes |
317 |
CleanHow to Become a Cyber Warrior | In this podcast, Dennis Allen explains that protecting the internet and its users against cyber attacks requires more skilled cyber warriors. | 1/31/2012 | Free | View in iTunes |
318 |
CleanConsidering Security and Privacy in the Move to Electronic Health Records | In this podcast, participants discuss how using electronic health records bring many benefits along with security and privacy challenges. | 12/20/2011 | Free | View in iTunes |
319 |
CleanMeasuring Operational Resilience | In this podcast, Julia Allen explains that measures of operational resilience should answer key questions, inform decisions, and affect behavior. | 10/4/2011 | Free | View in iTunes |
320 |
CleanWhy Organizations Need a Secure Domain Name System | Use of Domain Name System security extensions can help prevent website hijacking attacks. | 9/6/2011 | Free | View in iTunes |
321 |
CleanControls for Monitoring the Security of Cloud Services | In this podcast, participants explain that it depends on the service model how cloud providers and customers can use controls to protect sensitive information. | 8/2/2011 | Free | View in iTunes |
322 |
CleanBuilding a Malware Analysis Capability | In this podcast, Jeff Gennari explains that analyzing malware is essential to assessing the damage and reducing the impact associated with ongoing infection. | 7/12/2011 | Free | View in iTunes |
323 |
CleanUsing the Smart Grid Maturity Model (SGMM) | In this podcast, David White describes how over 100 electric power utilities are using the Smart Grid Maturity Model. | 5/5/2011 | Free | View in iTunes |
324 |
CleanIntegrated, Enterprise-Wide Risk Management: NIST 800-39 and CERT-RMM | In this podcast, participants explain why and how business leaders must address risk at the enterprise, business process, and system levels. | 3/29/2011 | Free | View in iTunes |
325 |
CleanConducting Cyber Exercises at the National Level | In this podcast, participants discuss exercises that help organizations, governments, and nations prepare for, identify, and mitigate cyber risks. | 2/22/2011 | Free | View in iTunes |
326 |
CleanIndicators and Controls for Mitigating Insider Threat | In this podcast, Michael Hanley explains how technical controls can be effective in helping to prevent, detect, and respond to insider crimes. | 1/25/2011 | Free | View in iTunes |
327 |
CleanHow Resilient Is My Organization? | In this podcast, Richard Caralli explains how CERT-RMM can ensure that critical assets and services perform as expected in the face of stress and disruption. | 12/9/2010 | Free | View in iTunes |
328 |
CleanPublic-Private Partnerships: Essential for National Cyber Security | In this podcast, participants explain that knowledge of software assurance is essential to ensure that complex systems function as intended. | 11/30/2010 | Free | View in iTunes |
329 |
CleanSoftware Assurance: A Master's Level Curriculum | In this podcast, participants explain how knowledge about software assurance is essential to ensure that complex systems function as intended. | 10/26/2010 | Free | View in iTunes |
330 |
CleanHow to Develop More Secure Software - Practices from Thirty Organizations | In this podcast, participants discuss how organizations can benchmark their software security practices against 109 observed activities from 30 organizations. | 9/28/2010 | Free | View in iTunes |
331 |
CleanMobile Device Security: Threats, Risks, and Actions to Take | In this podcast, Jonathan Frederick explains how internet-connected mobile devices are becoming increasingly attractive targets. | 8/31/2010 | Free | View in iTunes |
332 |
CleanEstablishing a National Computer Security Incident Response Team (CSIRT) | In this podcast, participants discuss how essential a national CSIRT is for protecting national and economic security and continuity. | 8/19/2010 | Free | View in iTunes |
333 |
CleanSecuring Industrial Control Systems | In this podcast, Julia Allen how critical it is to secure systems that control physical switches, valves, pumps, meters, and manufacturing lines. | 7/27/2010 | Free | View in iTunes |
334 |
CleanThe Power of Fuzz Testing to Reduce Security Vulnerabilities | In this podcast, Will Dormann urges listeners to subject their software to fuzz testing to help identify and eliminate security vulnerabilities. | 5/25/2010 | Free | View in iTunes |
335 |
CleanProtect Your Business from Money Mules | Organized criminals recruit unsuspecting intermediaries to help steal funds from small businesses. | 4/27/2010 | Free | View in iTunes |
336 |
CleanTrain for the Unexpected | In this podcast, Matthew Meyer explains that being able to respond effectively when faced with a disruptive event requires becoming more resilient. | 3/3/2010 | Free | View in iTunes |
337 |
CleanThe Role of the CISO in Developing More Secure Software | In this podcast, Pravir Chandra warns that CISOs must leave no room for doubt that they understand what is expected of them when developing secure software. | 3/2/2010 | Free | View in iTunes |
338 |
CleanComputer and Network Forensics: A Master's Level Curriculum | In this podcast, Kris Rush describes how students learn to combine multiple facets of digital forensics and draw conclusions to support investigations. | 2/2/2010 | Free | View in iTunes |
339 |
CleanIntroducing the Smart Grid Maturity Model (SGMM) | In this podcast, Ray Jones explains how the SGMM provides a roadmap to guide an organization's transformation to the smart grid. | 1/12/2010 | Free | View in iTunes |
340 |
CleanLeveraging Security Policies and Procedures for Electronic Evidence Discovery | In this podcast, John Christiansen explains that effectively responding to e-discovery requests depends on well-defined policies, procedures, and processes. | 1/9/2010 | Free | View in iTunes |
341 |
CleanIntegrating Privacy Practices into the Software Development Life Cycle | In this podcast, participants explain that addressing privacy during software development is just as important as addressing security. | 12/22/2009 | Free | View in iTunes |
342 |
CleanUsing the Facts to Protect Enterprise Networks: CERT's NetSA Team | In this podcast, Timothy Shimeall describes how network defenders and business leaders can use NetSA measures to protect their networks. | 12/1/2009 | Free | View in iTunes |
343 |
CleanEnsuring Continuity of Operations When Business Is Disrupted | In this podcast, Gary Daniels explains that providing critical services during times of stress depends on documented, tested business continuity plans. | 11/10/2009 | Free | View in iTunes |
344 |
CleanManaging Relationships with Business Partners to Achieve Operational Resiliency | In this podcast, David White explains why a defined, managed process for third party relationships is essential, particularly when business is disrupted. | 10/20/2009 | Free | View in iTunes |
345 |
CleanThe Smart Grid: Managing Electrical Power Distribution and Use | In this podcast, James Stevens explains how using the smart grid comes with some new privacy and security challenges. | 9/29/2009 | Free | View in iTunes |
346 |
CleanElectronic Health Records: Challenges for Patient Privacy and Security | In this podcast, Robert Charette explains why electronic health records (EHRs) are possibly the most complicated area of IT today. | 9/8/2009 | Free | View in iTunes |
347 |
CleanMitigating Insider Threat: New and Improved Practices | Two hundred and eighty-two cases of actual insider attacks suggest 16 best practices for preventing and detecting insider threat. | 8/18/2009 | Free | View in iTunes |
348 |
CleanRethinking Risk Management | In this podcast, Christopher Alberts urges business leaders to adopt new approaches to addressing risks across the life cycle and supply chain. | 7/7/2009 | Free | View in iTunes |
349 |
CleanThe Upside and Downside of Security in the Cloud | In this podcast, Tim Mather advises business leaders considering cloud services to weigh the economic benefits against the security and privacy risks. | 6/16/2009 | Free | View in iTunes |
350 |
CleanMore Targeted, Sophisticated Attacks: Where to Pay Attention | In this podcast, Martin Linder urges business leaders to take action to better mitigate sophisticated social engineering attacks. | 5/26/2009 | Free | View in iTunes |
351 |
CleanIs There Value in Identifying Software Security "Never Events?" | In this podcast, Robert Charette suggests when to examine responsibilities when developing software with known, preventable errors. | 5/5/2009 | Free | View in iTunes |
352 |
CleanCyber Security, Safety, and Ethics for the Net Generation | In this podcast, Rodney Peterson explains why capitalizing on the cultural norms of the Net Generation is essential when developing security awareness programs. | 4/14/2009 | Free | View in iTunes |
353 |
CleanAn Experience-Based Maturity Model for Software Security | In this podcast, participants discuss how observed practice, represented as a maturity model, can serve as a basis for developing more secure software. | 3/31/2009 | Free | View in iTunes |
354 |
CleanMainstreaming Secure Coding Practices | In this podcast, Robert Seacord explains how requiring secure coding practices when building or buying software can dramatically reduce vulnerabilities. | 3/17/2009 | Free | View in iTunes |
355 |
CleanSecurity: A Key Enabler of Business Innovation | In this podcast, participants describe how making security strategic to business innovation involves seven strategies. | 3/3/2009 | Free | View in iTunes |
356 |
CleanBetter Incident Response Through Scenario Based Training | In this podcast, Christopher May explains how teams are better prepared to respond to incidents if realistic, hands-on training is part of their normal routine. | 2/17/2009 | Free | View in iTunes |
357 |
CleanAn Alternative to Risk Management for Information and Software Security | In this podcast, Brian Chess explain how standards, compliance, and process are better than risk management for ensuring information and software security. | 2/3/2009 | Free | View in iTunes |
358 |
CleanTackling Tough Challenges: Insights from CERT’s Director Rich Pethia | In this podcast, Rich Pethia reflects on the CERT Division's 20-year history and discusses its future IT and security challenges. | 1/20/2009 | Free | View in iTunes |
359 |
CleanClimate Change: Implications for Information Technology and Security | In this podcast, Richard Power explains how climate change requires new strategies for dealing with traditional IT and information security risks. | 12/9/2008 | Free | View in iTunes |
360 |
CleanUsing High Fidelity, Online Training to Stay Sharp | In this podcast, Jim Wrubel explains how virtual training environments can deliver high quality content to security professionals on-demand, anywhere, anytime. | 11/25/2008 | Free | View in iTunes |
361 |
CleanIntegrating Security Incident Response and e-Discovery | In this podcast, Julia Allen explains how responding to an e-discovery request involves many of the same steps and roles as responding to a security incident. | 11/11/2008 | Free | View in iTunes |
362 |
CleanConcrete Steps for Implementing an Information Security Program | In this podcast, Jennifer Bayuk explains how successful security programs are based on strategy, policy, awareness, implementation, monitoring, and remediation. | 10/28/2008 | Free | View in iTunes |
363 |
CleanVirtual Communities: Risks and Opportunities | In this podcast, Jan Wolynski advises business leaders to evaluate risks and opportunities when considering conducting business in online, virtual communities. | 10/14/2008 | Free | View in iTunes |
364 |
CleanDeveloping Secure Software: Universities as Supply Chain Partners | In this podcast, Mary Ann Davidson explains how integrating security into university curricula is a key solution to developing more secure software. | 9/30/2008 | Free | View in iTunes |
365 |
CleanSecurity Risk Assessment Using OCTAVE Allegro | In this podcast, Lisa Young describes OCTAVE Allegro, a streamlined assessment method that focuses on risks to information used by critical business services. | 9/16/2008 | Free | View in iTunes |
366 |
CleanGetting to a Useful Set of Security Metrics | Well-defined metrics are essential to determine which security practices are worth the investment. | 9/2/2008 | Free | View in iTunes |
367 |
CleanHow to Start a Secure Software Development Program | In this podcast, Gary McGraw explains how to achieve software security by thinking like an attacker and integrating practices into the development lifecycle. | 8/20/2008 | Free | View in iTunes |
368 |
CleanManaging Risk to Critical Infrastructures at the National Level | In this podcast, Bradford Willke explain how protecting critical infrastructures and the information they use are essential for preserving our way of life. | 8/5/2008 | Free | View in iTunes |
369 |
CleanAnalyzing Internet Traffic for Better Cyber Situational Awareness | In this podcast, Derek Gabbard discusses automation, innovation, reaction, and expansion as the foundation for meaningful network traffic intelligence. | 7/28/2008 | Free | View in iTunes |
370 |
CleanManaging Security Vulnerabilities Based on What Matters Most | In this podcast, Art Manion explains that determining which security vulnerabilities to address should be based on the importance of the information asset. | 7/22/2008 | Free | View in iTunes |
371 |
CleanIdentifying Software Security Requirements Early, Not After the Fact | In this podcast, Nancy Mead explains that during requirements engineering, software engineers need to think about how software should behave when under attack. | 7/8/2008 | Free | View in iTunes |
372 |
CleanMaking Information Security Policy Happen | In this podcast, Paul Love argues that targeted, innovative communications and a robust lifecycle are keys for security policy success. | 6/24/2008 | Free | View in iTunes |
373 |
CleanBecoming a Smart Buyer of Software | Managing software that is developed by an outside organization can be more challenging than building it yourself. | 6/10/2008 | Free | View in iTunes |
374 |
CleanBuilding More Secure Software | In this podcast, Julia Allen explains how software security is about building more defect-free software to reduce vulnerabilities targeted by attackers. | 5/27/2008 | Free | View in iTunes |
375 |
CleanConnecting the Dots Between IT Operations and Security | In this podcast, Gene Kim describes how high performing organizations must integrate information security controls into their IT operational processes. | 5/13/2008 | Free | View in iTunes |
376 |
CleanGetting in Front of Social Engineering | In this podcast, Betsy Nichols tells us how benchmark results can compare results with peers, drive performance, and help determine how much security is enough. | 4/29/2008 | Free | View in iTunes |
377 |
CleanUsing Benchmarks to Make Better Security Decisions | In this podcast, Betsy Nichols describes how benchmark results can be used to help determine how much security is enough. | 4/15/2008 | Free | View in iTunes |
378 |
CleanProtecting Information Privacy - How To and Lessons Learned | In this podcast, Kim Hargraves describes three keys to ensuring information privacy in an organization. | 4/1/2008 | Free | View in iTunes |
379 |
CleanInitiating a Security Metrics Program: Key Points to Consider | In this podcast, Samuel Merrell explains that a sound security metrics program should select data relevant to consumers from repeatable processes. | 3/18/2008 | Free | View in iTunes |
380 |
CleanInsider Threat and the Software Development Life Cycle | In this podcast, Dawn Cappelli explains how insider threat vulnerabilities can be introduced during all phases of the software development lifecycle. | 3/4/2008 | Free | View in iTunes |
381 |
CleanTackling the Growing Botnet Threat | In this podcast, Nicholas Ianelli cautions business leaders to understand the risks to their organizations caused by the proliferation of botnets. | 2/19/2008 | Free | View in iTunes |
382 |
CleanBuilding a Security Metrics Program | In this podcast, Betsy Nichols explains that reporting meaningful security metrics depends on topic selection, context definition, and data access. | 2/5/2008 | Free | View in iTunes |
383 |
CleanInadvertent Data Disclosure on Peer-to-Peer Networks | In this podcast, participants discuss how peer-to-peer networks are being used to unintentionally disclose government, commercial, and personal information. | 1/22/2008 | Free | View in iTunes |
384 |
CleanInformation Compliance: A Growing Challenge for Business Leaders | In this podcast, Tom Smedinghoff reminds directors and executives that they are personally accountable for protecting information entrusted to their care. | 1/8/2008 | Free | View in iTunes |
385 |
CleanInternal Audit's Role in Information Security: An Introduction | In this podcast, Dan Swanson explains how an internal audit can serve a key role in establishing an effective information security program. | 12/10/2007 | Free | View in iTunes |
386 |
CleanWhat Business Leaders Can Expect from Security Degree Programs | In this podcast, participants discuss whether information security degree programs meet the needs of business leaders seeking knowledgeable employees. | 11/27/2007 | Free | View in iTunes |
387 |
CleanThe Path from Information Security Risk Assessment to Compliance | In this podcast, William Wilson explains how an information security risk assessment, performed with operational risk management, can contribute to compliance. | 11/13/2007 | Free | View in iTunes |
388 |
CleanComputer Forensics for Business Leaders: Building Robust Policies and Processes | In this podcast, participants discuss how business leaders can play a key role in computer forensics by establishing and testing strong policies. | 10/30/2007 | Free | View in iTunes |
389 |
CleanBusiness Resilience: A More Compelling Argument for Information Security | In this podcast, participants discuss how a business resilience argument can bridge the gap between information security officers and business leaders. | 10/16/2007 | Free | View in iTunes |
390 |
CleanResiliency Engineering: Integrating Security, IT Operations, and Business Continuity | In this podcast, Lisa Young suggests that by taking a holistic view of business resilience, business leaders can help their organizations stand up to threats. | 10/15/2007 | Free | View in iTunes |
391 |
CleanThe Human Side of Security Trade-Offs | In this podcast, participants explain that it's easy to think of security as a collection of technologies and tools, but that people are the real key. | 9/18/2007 | Free | View in iTunes |
392 |
CleanDual Perspectives: A CIO's and CISO's Take on Security | In this podcast, participants explain that since you can't secure everything, managing security risk to a "commercially reasonable degree" is best. | 9/4/2007 | Free | View in iTunes |
393 |
CleanReducing Security Costs with Standard Configurations: U.S. Government Initiatives | In this podcast, participants explain that since you can't secure everything, , managing security risk to a "commercially reasonable degree" is best. | 8/7/2007 | Free | View in iTunes |
394 |
CleanTackling Security at the National Level: A Resource for Leaders | In this podcast, Clint Kreitner explains how information security costs can be reduced by enforcing standard configurations for widely deployed systems. | 8/7/2007 | Free | View in iTunes |
395 |
CleanReal-World Security for Business Leaders | In this podcast, William Wilson advises business leaders to use international standards to create a business- and risk-based information security program. | 7/24/2007 | Free | View in iTunes |
396 |
CleanUsing Standards to Build an Information Security Program | In this podcast, William Wilson explains how business leaders can use international standards to create a business- and risk-based information security program. | 7/10/2007 | Free | View in iTunes |
397 |
CleanGetting Real About Security Governance | In this podcast, participants explain that enterprise security governance can be achieved by implementing a defined, repeatable process. | 6/26/2007 | Free | View in iTunes |
398 |
CleanConvergence: Integrating Physical and IT Security | In this podcast, participants recommend deploying common solutions for physical and IT security as a cost-effective way to reduce risk and save money. | 6/12/2007 | Free | View in iTunes |
399 |
CleanIT Infrastructure: Tips for Navigating Tough Spots | In this podcast, participants discuss how organizations may occasionally need to redefine their IT infrastructures and be ready to handle tricky situations. | 5/29/2007 | Free | View in iTunes |
400 |
CleanThe Value of De-Identified Personal Data | In this podcast, participants discuss the complex legal compliance landscape and how de-identification can help organizations share data more securely. | 5/15/2007 | Free | View in iTunes |
401 |
CleanAdapting to Changing Risk Environments: Operational Resilience | In this podcast, participants discuss how businesses leaders need to keep their critical processes and services up and running in the face of the unexpected. | 5/1/2007 | Free | View in iTunes |
402 |
CleanComputer Forensics for Business Leaders: A Primer | In this podcast, participants discuss how computer forensics is often overlooked when planning an incident response strategy. | 4/17/2007 | Free | View in iTunes |
403 |
CleanThe Real Secrets of Incident Management | In this podcast, participants explain that incident management is not just technical response, but a cross-enterprise effort. | 4/3/2007 | Free | View in iTunes |
404 |
CleanThe Legal Side of Global Security | In this podcast, participants encourage business leaders, including legal counsel, to understand how to tackle complex security issues for a global enterprise. | 3/20/2007 | Free | View in iTunes |
405 |
CleanA New Look at the Business of IT Education | System administrators increasingly need business savvy in addition to technical skills, and IT training courses must try to keep pace with this trend. | 3/6/2007 | Free | View in iTunes |
406 |
CleanCrisis Communications During a Security Incident | In this podcast, participants alert business leaders to be prepared to communicate with the media and their staff during high-profile security incidents. | 2/20/2007 | Free | View in iTunes |
407 |
CleanAssuring Mission Success in Complex Environments | In this podcast, participants discuss analysis tools for assessing complex organizational and technological issues that are beyond traditional approaches. | 2/6/2007 | Free | View in iTunes |
408 |
CleanPrivacy: The Slow Tipping Point | In this podcast, participants discuss a trend toward more data disclosure that may cause users to become desensitized to privacy breaches. | 1/23/2007 | Free | View in iTunes |
409 |
CleanBuilding Staff Competence in Security | In this podcast, Barbara Laswell describes specifications that define the knowledge, skills, and competencies required for a range of security positions. | 1/9/2007 | Free | View in iTunes |
410 |
CleanEvolving Business Models, Threats, and Technologies: A Conversation with CERT's Deputy Director for Technology | In this podcast, participants discuss how business models are evolving as security threats become more covert and technology enables information migration. | 12/26/2006 | Free | View in iTunes |
411 |
CleanInside Defense-in-Depth | In this podcast, participants discuss defense-in-depth, a path toward enterprise resilience. | 12/19/2006 | Free | View in iTunes |
412 |
CleanProtecting Against Insider Threat | In this podcast, Dawn Cappelli describes the real and substantial threat of attack from insiders. | 11/28/2006 | Free | View in iTunes |
413 |
CleanChange Management: The Security 'X' Factor | In this podcast, Gene Kim reports how a recent security survey found one factor that separated high performers from the rest of the pack: change management. | 11/14/2006 | Free | View in iTunes |
414 |
CleanCERT Lessons Learned: A Conversation with Rich Pethia, Director of CERT | In this podcast, Richard Pethia voices his view of the internet security landscape and the future of the CERT Division. | 10/31/2006 | Free | View in iTunes |
415 |
CleanCompliance vs. Buy-in | In this podcast, Julia Allen explains why integrating security into standard business processes is more effective than treating security as a compliance task. | 10/17/2006 | Free | View in iTunes |
416 |
CleanProactive Remedies for Rising Threats | In this podcast, participants discuss how threats to information security are increasingly stealthy and must be mitigated through sound policy and strategy. | 10/17/2006 | Free | View in iTunes |
417 |
CleanThe ROI of Security | In this podcast, Julia Allen explains how ROI is a useful tool because it enables comparison among investments in a consistent way. | 10/17/2006 | Free | View in iTunes |
418 |
CleanWhy Leaders Should Care About Security | In this podcast, Julia Allen urges leaders to be security conscious and treat adequate security as a non-negotiable requirement of being in business. | 10/17/2006 | Free | View in iTunes |
418 Items |
Customer Reviews
Empowering, insightful and actionable! 👏👏👏
Whether you’re well established as someone innovating in the cybersecurity ecosystem, or just getting started as a catalyst for change within your organization - this is a must-listen podcast for you! Bobbie and the entire SEI team do an incredible job leading conversations that cover a huge breadth of topics related to the ins and outs of navigating an ever changing data and technological landscape - from leaders who’ve actually walked the path. Highly recommend listening and subscribing!
Listeners also subscribed to
- Software Engineering Daily
- Software Engineering Daily
- View in iTunes
- Last Week in AI
- Skynet Today
- View in iTunes