Software Engineering Institute (SEI) Podcast Series
By Members of Technical Staff at the Software Engineering Institute
To listen to an audio podcast, mouse over the title and click Play. Open iTunes to download and subscribe to podcasts.
Description
The SEI Podcast Series presents conversations in software engineering, cybersecurity, and future technologies.
| Name | Description | Released | Price | ||
|---|---|---|---|---|---|
|
1 |
The Magic in the Middle: Evolving Scaled Software Solutions for National Defense | A January 2025 Defense Innovation Board study on scaling nontraditional defense innovation stated, “We must act swiftly to ensure the DoD leads in global innovation and competition over AI and autonomous systems – and is a trendsetter for their resp | 6/18/2025 | Free | View in iTunes |
|
2 |
Making Process Respectable Again: Advancing DevSecOps in the DoD Mission Space | Warfighters in the Department of Defense (DoD) operate in high-stakes environments where security, efficiency, and speed are critical. In such environments DevSecOps has become crucial in the drive toward modernization and overall mission success. A rec | 6/4/2025 | Free | View in iTunes |
|
3 |
Deploying on the Edge | Deploying cloud-centric technologies such as Kubernetes in edge environments poses challenges, especially for mission-critical defense systems. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Patrick Earl, Doug | 5/28/2025 | Free | View in iTunes |
|
4 |
The Best and Brightest: 6 Years of Supporting the President’s Cup Cybersecurity Competition | A strong cyber defense is vital to public- and private-sector activities in the United States. In 2019, in response to an executive order to strengthen America’s cybersecurity workforce, the Department of Homeland Security’s Cybersecurity and I | 5/12/2025 | Free | View in iTunes |
|
5 |
Updating Risk Assessment in the CERT Secure Coding StandardUpdating Risk Assessment in the CERT Secure Coding Standard | Bringing a codebase into compliance with the , requires a cost of time and effort, namely in the form of a static analysis tool. But those who are familiar with static analysis tools know that the alerts are not always reliable and produce false... | 4/17/2025 | Free | View in iTunes |
|
6 |
Delivering Next Generation Cyber Capabilities to the DoD Warfighter | In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Gregory Touhill, director of the SEI CERT Division, sits down with Matthew Butkovic, technical director of Cyber Risk and Resilience at CERT, to discuss ways in... | 4/15/2025 | Free | View in iTunes |
|
7 |
Getting the Most Out of Your Insider Risk Data with IIDES | Insider incidents cause around 35 percent of data breaches, creating financial and security risks for organizations. In this podcast from the Carnegie Mellon University Software Engineering Institute, Austin Whisnant and Dan Costa discuss the Insider... | 3/26/2025 | Free | View in iTunes |
|
8 |
Grace Lewis Outlines Vision for IEEE Computer Society Presidency | , a principal researcher at the Carnegie Mellon University Software Engineering Institute (SEI) and lead of the SEI’s Tactical and AI-Enabled Systems Initiative, was elected the 2026 president of the IEEE Computer Society (CS), the largest community.. | 3/11/2025 | Free | View in iTunes |
|
9 |
Improving Machine Learning Test and Evaluation with MLTE | Machine learning (ML) models commonly experience issues when integrated into production systems. In this podcast, researchers from the Carnegie Mellon University Software Engineering Institute and the U.S. Army AI Integration Center (AI2C) discuss... | 3/3/2025 | Free | View in iTunes |
|
10 |
DOD Software Modernization: SEI Impact and Innovation | As software size, complexity, and interconnectedness has grown, software modernization within the Department of Defense (DoD) has become more important than ever. In this discussion moderated by Matthew Butkovic, technical director of risk and... | 2/25/2025 | Free | View in iTunes |
|
11 |
Securing Docker Containers: Techniques, Challenges, and Tools | Containerization allows developers to run individual software applications in an isolated, controlled, repeatable way. With the increasing prevalence of cloud computing environments, containers are providing more and more of their underlying... | 12/16/2024 | Free | View in iTunes |
|
12 |
An Introduction to Software Cost Estimation | Software cost estimation is an important first step when beginning a project. It addresses important questions regarding budget, staffing, scheduling, and determining if the current environment will support the project. In this podcast from the... | 12/4/2024 | Free | View in iTunes |
|
13 |
Cybersecurity Metrics: Protecting Data and Understanding Threats | One of the biggest challenges in collecting cybersecurity metrics is scoping down objectives and determining what kinds of data to gather. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Bill Nichols, who... | 10/11/2024 | Free | View in iTunes |
|
14 |
3 Key Elements for Designing Secure Systems | To make secure software by design a reality, engineers must intentionally build security throughout the software development lifecycle. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Timothy A. Chick,... | 10/2/2024 | Free | View in iTunes |
|
15 |
Using Role-Playing Scenarios to Identify Bias in LLMs | Harmful biases in large language models (LLMs) make AI less trustworthy and secure. Auditing for biases can help identify potential solutions and develop better guardrails to make AI safer. In this podcast from the Carnegie Mellon University Software... | 9/16/2024 | Free | View in iTunes |
|
16 |
Best Practices and Lessons Learned in Standing Up an AISIRT | In the wake of widespread adoption of artificial intelligence (AI) in critical infrastructure, education, government, and national security entities, adversaries are working to disrupt these systems and attack AI-enabled assets. With nearly four .. | 9/9/2024 | Free | View in iTunes |
|
17 |
3 API Security Risks (and How to Protect Against Them) | The exposed and public nature of application programming interfaces (APIs) come with risks including the increased network attack surface. Zero trust principles are helpful for mitigating these risks and making APIs more secure. In this podcast from... | 8/22/2024 | Free | View in iTunes |
|
18 |
Evaluating Large Language Models for Cybersecurity Tasks: Challenges and Best Practices | How can we effectively use large language models (LLMs) for cybersecurity tasks? In this Carnegie Mellon University Software Engineering Institute podcast, Jeff Gennari and Sam Perl discuss applications for LLMs in cybersecurity, potential challenges,.. | 7/25/2024 | Free | View in iTunes |
|
19 |
Capability-based Planning for Early-Stage Software Development | Capability-Based Planning (CBP) defines a framework that has an all-encompassing view of existing abilities and future needs for strategically deciding what is needed and how to effectively achieve it. Both business and government acquisition domains... | 7/18/2024 | Free | View in iTunes |
|
20 |
Safeguarding Against Recent Vulnerabilities Related to Rust | What can the recently discovered vulnerabilities related to Rust tell us about the security of the language? In this podcast from the Carnegie Mellon University Software Engineering Institute, David Svoboda discusses two vulnerabilities, their... | 7/1/2024 | Free | View in iTunes |
|
21 |
Developing a Global Network of Computer Security Incident Response Teams (CSIRTs) | Cybersecurity risks aren’t just a national concern. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), the CERT division’s Tracy Bills, senior cybersecurity operations researcher and team lead, and James... | 6/21/2024 | Free | View in iTunes |
|
22 |
Automated Repair of Static Analysis Alerts | Developers know that static analysis helps make code more secure. However, static analysis tools often produce a large number of false positives, hindering their usefulness. In this podcast from the Carnegie Mellon University Software Engineering... | 5/31/2024 | Free | View in iTunes |
|
23 |
Developing and Using a Software Bill of Materials Framework | With the increasing complexity of software systems, the use of third-party components has become a widespread practice. Cyber disruptions, such as SolarWinds and Log4j, demonstrate the harm that can occur when organizations fail to manage third-party... | 4/4/2024 | Free | View in iTunes |
|
24 |
Using Large Language Models in the National Security Realm | At the request of the White House, the Office of the Director of National Intelligence (ODNI) began exploring use cases for large language models (LLMs) within the Intelligence Community (IC). As part of this effort, ODNI sponsored the Mayflower... | 2/15/2024 | Free | View in iTunes |
|
25 |
Atypical Applications of Agile and DevSecOps Principles | Modern software engineering practices of and have provided a foundation for producing working software products faster and more reliably than ever before. Far too often, however, these practices do not address the non-software concerns of business... | 2/9/2024 | Free | View in iTunes |
|
26 |
When Agile and Earned Value Management Collide: 7 Considerations for Successful Interaction | Increasingly in government acquisition of software-intensive systems, we are seeing programs using Agile development methodology and earned value management. While there are many benefits to using both Agile and EVM, there are important considerations.. | 1/31/2024 | Free | View in iTunes |
|
27 |
The Impact of Architecture on Cyber-Physical Systems Safety | As developers continue to build greater autonomy into (CPSs), such as unmanned aerial vehicles (UAVs) and automobiles, these systems aggregate data from an increasing number of sensors. However, more sensors not only create more data and... | 1/24/2024 | Free | View in iTunes |
|
28 |
ChatGPT and the Evolution of Large Language Models: A Deep Dive into 4 Transformative Case Studies | To better understand the potential uses of large language models (LLMs) and their impact, a team of researchers at the Carnegie Mellon University Software Engineering Institute CERT Division conducted four in-depth case studies. The case studies span... | 12/14/2023 | Free | View in iTunes |
|
29 |
The Cybersecurity of Quantum Computing: 6 Areas of Research | Research and development of quantum computers continues to grow at a rapid pace. The U.S. government alone spent more than $800 million on quantum information science research in 2022. Thomas Scanlon, who leads the data science group in the SEI CERT... | 11/28/2023 | Free | View in iTunes |
|
30 |
User-Centric Metrics for Agile | Far too often software programs continue to collect metrics for no other reason than that is how it has always been done. This leads to situations where, for any given environment, a metrics program is defined by a list of metrics that must be... | 11/16/2023 | Free | View in iTunes |
|
31 |
The Product Manager’s Evolving Role in Software and Systems Development | In working with software and systems teams developing technical products, Judy Hwang, a senior software engineer in the SEI CERT Division, observed that teams were not investing the time, resources and effort required to manage the product lifecycle... | 11/9/2023 | Free | View in iTunes |
|
32 |
Measuring the Trustworthiness of AI Systems | The ability of artificial intelligence (AI) to partner with the software engineer, doctor, or warfighter depends on whether these end users trust the AI system to partner effectively with them and deliver the outcome promised. To build appropriate... | 10/12/2023 | Free | View in iTunes |
|
33 |
Actionable Data in the DevSecOps Pipeline | In this podcast from the Carnegie Mellon University Software Engineering Institute, Bill Nichols and Julie Cohen talk with Suzanne Miller about how automation within DevSecOps product-development pipelines provides new opportunities for program... | 9/13/2023 | Free | View in iTunes |
|
34 |
Insider Risk Management in the Post-Pandemic Workplace | In the wake of the COVID pandemic, the workforce decentralized and shifted toward remote and hybrid environments. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Dan Costa, technical manager of enterprise... | 9/8/2023 | Free | View in iTunes |
|
35 |
An Agile Approach to Independent Verification and Validation | Independent verification and validation (IV&V) is a significant step in the process of deploying systems for mission-critical applications in the Department of Defense (DoD). In this podcast from the Carnegie Mellon University Software Engineering... | 8/9/2023 | Free | View in iTunes |
|
36 |
Zero Trust Architecture: Best Practices Observed in Industry | Zero trust architecture has the potential to improve an enterprise’s security posture. There is still considerable uncertainty about the zero trust transformation process, however, as well as how zero trust architecture will ultimately appear in... | 7/26/2023 | Free | View in iTunes |
|
37 |
Automating Infrastructure as Code with Ansible and Molecule | In Ansible, roles allow system administrators to automate the loading of certain variables, tasks, files, templates, and handlers based on a known file structure. Grouping content by roles allows for easy sharing and reuse. When developing roles,... | 7/10/2023 | Free | View in iTunes |
|
38 |
Identifying and Preventing the Next SolarWinds | In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Gregory J. Touhill, director of the SEI CERT Division, talks with principal researcher Suzanne Miller about the 2020 attack on Solar Winds software and how to... | 6/20/2023 | Free | View in iTunes |
|
39 |
A Penetration Testing Findings Repository | In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI) Marisa Midler and Samantha Chaves, penetration testers with the SEI’s CERT Division, talk with Suzanne Miller about a penetration-testing repository that... | 6/13/2023 | Free | View in iTunes |
|
40 |
Understanding Vulnerabilities in the Rust Programming Language | While the of the Rust programming language can be effective in many situations, Rust’s compiler is very particular on what constitutes good software design practices. Whenever design assumptions disagree with real-world data and assumptions, there.. | 6/8/2023 | Free | View in iTunes |
|
41 |
We Live in Software: Engineering Societal-Scale Systems | Societal-scale software systems, such as today’s commercial social media platforms, are among the most widely used software systems in the world, with some platforms reporting billions of daily active users. These systems have created new mechanisms.. | 5/18/2023 | Free | View in iTunes |
|
42 |
Secure by Design, Secure by Default | In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI) Gregory J. Touhill, director of the SEI CERT Division, talks with Suzanne Miller about secure by design, secure by default, a longstanding tenet of the work... | 5/10/2023 | Free | View in iTunes |
|
43 |
Key Steps to Integrate Secure by Design into Acquisition and Development | Secure by design means performing more security and assurance activities earlier in the product and system lifecycles. A secure-by-design mindset addresses the security of systems during the requirements, design, and development phases of lifecycles... | 5/2/2023 | Free | View in iTunes |
|
44 |
An Exploration of Enterprise Technical Debt | Like all technical debt, enterprise technical debt consists of choices expedient in the short term, but often problematic over the long term. In enterprise technical debt, the impact reaches beyond the scope of a single system or project. Because... | 4/18/2023 | Free | View in iTunes |
|
45 |
The Messy Middle of Large Language Models | The recent growth of applications that leverage large language models, including ChatGPT and Copilot, has spurred reactions ranging from fear and uncertainty to adoration and lofty expectations. In this podcast from the Carnegie Mellon University... | 3/29/2023 | Free | View in iTunes |
|
46 |
An Infrastructure-Focused Framework for Adopting DevSecOps | DevSecOps practices, including continuous-integration/continuous-delivery (CI/CD) pipelines, enable organizations to respond to security and reliability events quickly and efficiently and to produce resilient and secure software on a predictable... | 3/21/2023 | Free | View in iTunes |
|
47 |
Software Security in Rust | Rust is growing in popularity. Its unique security model promises memory safety and concurrency safety, while providing the performance of C/C++. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), David Svoboda... | 3/15/2023 | Free | View in iTunes |
|
48 |
Improving Interoperability in Coordinated Vulnerability Disclosure with Vultron | Coordinated vulnerability disclosure (CVD) begins when at least one individual becomes aware of a vulnerability, but it can’t proceed without the cooperation of many. Software supply chains, software libraries, and component vulnerabilities have... | 2/24/2023 | Free | View in iTunes |
|
49 |
Asking the Right Questions to Coordinate Security in the Supply Chain | In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Dr. Carol Woody, a principal researcher in the SEI's CERT Division, talks with Suzanne Miller about the SEI’s newly released Acquisition Security Framework,... | 2/7/2023 | Free | View in iTunes |
|
50 |
Securing Open Source Software in the DoD | In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Scott Hissam, a researcher within the SEI’s Software Solutions Division who works on software assurance in Department of Defense (DoD) systems, talks with... | 1/26/2023 | Free | View in iTunes |
|
51 |
A Model-Based Tool for Designing Safety-Critical Systems | In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Dr. Sam Procter and Lutz Wrage, researchers with the SEI, discuss the Guided Architecture Trade Space Explorer (GATSE), a new SEI-developed model-based tool to... | 12/13/2022 | Free | View in iTunes |
|
52 |
Managing Developer Velocity and System Security with DevSecOps | In aiming for correctness and security of product, as well as for development speed, software development teams often face tension in their objectives. During a recent customer engagement that involved the development of a continuous-integration (CI)... | 12/7/2022 | Free | View in iTunes |
|
53 |
A Method for Assessing Cloud Adoption Risks | The shift to a cloud environment provides significant benefits. Cloud resources can be scaled quickly, updated frequently, and widely accessed without geographic limitations. Realizing these benefits, however, requires organizations to manage... | 11/17/2022 | Free | View in iTunes |
|
54 |
Software Architecture Patterns for Deployability | Competitive pressures in many domains, as well as development paradigms such as and , have led to the increasingly common practice of where frequent updates to software systems are rapidly and reliably fielded. In today’s systems, releases can... | 11/15/2022 | Free | View in iTunes |
|
55 |
ML-Driven Decision Making in Realistic Cyber Exercises | In this podcast from the Carnegie Mellon University Software Engineering Institute, Thomas Podnar and Dustin Updyke, both senior cybersecurity engineers with the SEI’s CERT Division, discuss their work to apply machine learning to increase the... | 10/13/2022 | Free | View in iTunes |
|
56 |
A Roadmap for Creating and Using Virtual Prototyping Software | In this podcast from the Carnegie Mellon University Software Engineering Institute, Douglass Post and Richard Kendall, authors of "Creating and Using Virtual Prototyping Software: Principles and Practices" discuss with principal researcher Suzanne... | 10/6/2022 | Free | View in iTunes |
|
57 |
Software Architecture Patterns for Robustness | In this podcast from the Carnegie Mellon University Software Engineering Institute, visiting scientist Rick Kazman and principal researcher Suzanne Miller discuss software architecture patterns and the effect that certain architectural patterns have... | 9/15/2022 | Free | View in iTunes |
|
58 |
A Platform-Independent Model for DevSecOps | DevSecOps encompasses all the best software engineering principles known today with an emphasis on faster delivery through increased collaboration of all stakeholders resulting in more secure, useable, and higher-quality software systems. In this... | 9/8/2022 | Free | View in iTunes |
|
59 |
Using the Quantum Approximate Optimization Algorithm (QAOA) to Solve Binary-Variable Optimization Problems | In this podcast from the Carnegie Mellon University Software Engineering Institute, Jason Larkin and Daniel Justice, researchers in the SEI’s AI Division, discuss a paper outlining their efforts to simulate the performance of Quantum Approximate... | 8/18/2022 | Free | View in iTunes |
|
60 |
Trust and AI Systems | To ensure trust, artificial intelligence systems need to be built with fairness, accountability, and transparency at each step of the development cycle. In this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Smith, a.. | 8/5/2022 | Free | View in iTunes |
|
61 |
A Dive into Deepfakes | In this podcast from the Carnegie Mellon University Software Engineering Institute, Shannon Gallagher, a data scientist with SEI’s CERT Division, and Dominic Ross, multimedia team lead for the SEI, discuss deepfakes, their exponential growth in... | 7/28/2022 | Free | View in iTunes |
|
62 |
Challenges and Metrics in Digital Engineering | Digital engineering uses digital tools and representations in the process of developing, sustaining, and maintaining systems, including requirements, design, analysis, implementation, and test. The digital modeling approach is intended to establish an.. | 7/13/2022 | Free | View in iTunes |
|
63 |
The 4 Phases of the Zero Trust Journey | Over the past several years, zero trust architecture has emerged as an important topic within the field of cybersecurity. Heightened federal requirements and pandemic-related challenges have accelerated the timeline for zero trust adoption within the... | 7/5/2022 | Free | View in iTunes |
|
64 |
DevSecOps for AI Engineering | In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Hasan Yasar, technical director, Continuous Deployment of Capability at the SEI, and Jay Palat, interim director of AI for Mission in the SEI’s AI Division,... | 6/21/2022 | Free | View in iTunes |
|
65 |
Undiscovered Vulnerabilities: Not Just for Critical Software | In this podcast from the Carnegie Mellon University Software Engineering Institute, Jonathan Spring, a senior vulnerability researcher, discusses with Suzanne Miller the findings in a paper he published recently analyzing the number of ... | 6/2/2022 | Free | View in iTunes |
|
66 |
Explainable AI Explained | As the field of artificial intelligence (AI) has matured, increasingly complex opaque models have been developed and deployed to solve hard problems. Unlike many predecessor models, these models, by the nature of their architecture, are harder to... | 5/16/2022 | Free | View in iTunes |
|
67 |
Model-Based Systems Engineering Meets DevSecOps | In this podcast from the Carnegie Mellon University Software Engineering Institute, senior researchers Jerome Hugues and Joe Yankel discuss ModDevOps, an extension of DevSecOps that embraces model-based systems engineering (MBSE) practices and... | 4/5/2022 | Free | View in iTunes |
|
68 |
Incorporating Supply-Chain Risk and DevSecOps into a Cybersecurity Strategy | Organizations are turning to DevSecOps to produce code faster and at lower cost, but the reality is that much of the code is actually coming from the software supply chain through code libraries, open source, and third-party components where reuse is... | 3/22/2022 | Free | View in iTunes |
|
69 |
Software and Systems Collaboration in the Era of Smart Systems | In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), director Paul Nielsen talks with principal researcher Suzanne Miller about how the advent of smart systems has led to a growing need for effective collaboration... | 3/9/2022 | Free | View in iTunes |
|
70 |
Securing the Supply Chain for the Defense Industrial Base | In this podcast from the Carnegie Mellon University Software Engineering Institute, Gavin Jurecko, who leads the Resilience Diagnostics Team, talks with Katie Stewart about risks associated with the supply chains of the defense industrial base (DIB),... | 2/22/2022 | Free | View in iTunes |
|
71 |
Building on Ghidra: Tools for Automating Reverse Engineering and Malware Analysis | In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Jeffrey Gennari, a senior malware reverse engineer, and Garret Wassermann, a vulnerability analyst, both with the SEI’s CERT Division, discuss Kaiju, a series... | 2/8/2022 | Free | View in iTunes |
|
72 |
Envisioning the Future of Software Engineering | In this SEI Podcast, Anita Carleton, director of the Software Solutions Division at the SEI, and Forrest Shull, lead for defense software acquisition policy research in the Software Solutions Division of the SEI, discuss the recently published SEI-led.. | 1/20/2022 | Free | View in iTunes |
|
73 |
Implementing the DoD's Ethical AI Principles | In this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Smith, a senior research scientist in Human Machine Interaction, and Alexandrea Van Deusen, an assistant design researcher, both with the SEI’s AI Division,... | 1/11/2022 | Free | View in iTunes |
|
74 |
Walking Fast Into the Future: Evolvable Technical Reference Frameworks for Mixed-Criticality Systems | In this SEI Podcast, Nickolas Guertin, a senior systems engineer with the SEI’s Software Solutions Division, and Douglas Schmidt, associate provost of research at Vanderbilt University and former chief technical officer at the SEI, discuss... | 12/3/2021 | Free | View in iTunes |
|
75 |
Software Engineering for Machine Learning: Characterizing and Understanding Mismatch in ML Systems | Mismatches between the perspectives and practices of the roles involved in the development and fielding of ML systems—data scientists, software engineers, and operations personnel—can affect the ability of systems to achieve their intended... | 11/18/2021 | Free | View in iTunes |
|
76 |
A Discussion on Automation with Watts Humphrey Award Winner Rajendra Prasad | In this SEI Podcast, Mike Konrad, a principal researcher in the SEI's Software Solutions Division, talks with 2020 IEEE Computer Society SEI Watts Humphrey Software Quality Award winner Rajendra Prasad of Accenture about automation and how... | 11/11/2021 | Free | View in iTunes |
|
77 |
Enabling Transition From Sustainment to Engineering Within the DoD | Organic software sustainment organizations within the Department of Defense are expanding beyond their traditional purview of software maintenance into software engineering and development. Instead of repairing and maintaining legacy software in... | 11/3/2021 | Free | View in iTunes |
|
78 |
The Silver Thread of Cyber in the Global Supply Chain | The global supply chain touches every aspect of our lives, from fuel prices to the availability of computer chips and supermarket products. In out latest podcast, Matt Butkovic, technical director of risk and resilience , discusses with Suzanne Miller.. | 10/25/2021 | Free | View in iTunes |
|
79 |
Measuring DevSecOps: The Way Forward | In this SEI Podcast, Bill Nichols and Hasan Yasar, both with the Carnegie Mellon University Software Engineering Institute, discuss DevSecOps metrics with Suzanne Miller. DevSecOps practices, made possible by improvements in underlying technology that.. | 10/15/2021 | Free | View in iTunes |
|
80 |
Bias in AI: Impact, Challenges, and Opportunities | In this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Smith, a senior research scientist in human-machine interaction, and Jonathan Spring, a senior vulnerability researcher, discuss the hidden sources of bias in... | 9/23/2021 | Free | View in iTunes |
|
81 |
Agile Strategic Planning: Concepts and Methods for Success | The rapid pace of change in software development, in business, and in the world has many organizations struggling to execute daily operations, wrangle big projects, and feel confident that there is a long-term strategy at play. Incorporating agile... | 9/9/2021 | Free | View in iTunes |
|
82 |
Applying Scientific Methods in Cybersecurity | In this SEI Podcast, Dr. Leigh Metcalf and Dr. Jonathan Spring, both researchers with the Carnegie Mellon University Software Engineering Institute’s CERT Division, discuss the application of scientific methods to cybersecurity. As described in... | 8/24/2021 | Free | View in iTunes |
|
83 |
Zero Trust Adoption: Benefits, Applications, and Resources | Zero trust adoption is a security initiative that an enterprise must understand, interpret, and implement. Enterprise security initiatives are never simple, and their goal to improve cybersecurity posture requires the alignment of multiple... | 8/13/2021 | Free | View in iTunes |
|
84 |
Uncertainty Quantification in Machine Learning: Measuring Confidence in Predictions | In this SEI Podcast, Dr. Eric Heim, a senior machine learning research scientist at Carnegie Mellon University's Software Engineering Institute (SEI), discusses the quantification of uncertainty in machine-learning (ML) systems. ML systems can make... | 8/6/2021 | Free | View in iTunes |
|
85 |
11 Rules for Ensuring a Security Model with AADL and Bell–LaPadula | In this SEI Podcast, Aaron Greenhouse, a senior architecture researcher with Carnegie Mellon University’s Software Engineering Institute, talks with principal researcher Suzanne Miller about use of the Bell–LaPadula mathematical security model in... | 7/29/2021 | Free | View in iTunes |
|
86 |
Benefits and Challenges of Model-Based Systems Engineering | Nataliya (Natasha) Shevchenko and Mary Popeck, both senior researchers in the CERT Division at Carnegie Mellon University’s Software Engineering Institute, discuss the use of model-based systems engineering (MBSE), which, in contrast to... | 7/23/2021 | Free | View in iTunes |
|
87 |
Can DevSecOps Make Developers Happier? | Author Daniel H. Pink recently examined the factors that lead to job satisfaction among knowledge workers and summarized them in three components: autonomy, skill mastery, and purpose. In this SEI Podcast, Hasan Yasar, technical director of Continuous.. | 6/24/2021 | Free | View in iTunes |
|
88 |
Is Your Organization Ready for AI? | In this SEI Podcast, digital transformation lead Dr. Rachel Dzombak and research scientist Carol Smith, both with the SEI’s Emerging Technology Center at Carnegie Mellon University, discuss how AI Engineering can support organizations to implement... | 6/22/2021 | Free | View in iTunes |
|
89 |
Managing Vulnerabilities in Machine Learning and Artificial Intelligence Systems | The robustness and security of artificial intelligence, and specifically machine learning (ML), is of vital importance. Yet, ML systems are vulnerable to adversarial attacks. These can range from an attacker attempting to make the ML system learn the... | 6/4/2021 | Free | View in iTunes |
|
90 |
AI Workforce Development | In this SEI Podcast, Rachel Dzombak and Jay Palat discuss growth in the field of artificial intelligence (AI) and how organizations can hire and train staff to take advantage of the opportunities afforded by AI and machine learning—and the critical... | 5/20/2021 | Free | View in iTunes |
|
91 |
Moving from DevOps to DevSecOps | DevSecOps is a set of principles and practices that provide faster delivery of secure software capabilities by improving the collaboration and communication between software development teams, IT operations, and security staff within an organization,... | 5/13/2021 | Free | View in iTunes |
|
92 |
Mission-Based Prioritization: A New Method for Prioritizing Agile Backlogs | In this SEI Podcast, Keith Korzec discusses the Mission-Based Prioritization method for prioritizing Agile backlogs. This method overcomes the shortcomings of prioritization based on “weighted shortest job first” and utilizes objective,... | 4/23/2021 | Free | View in iTunes |
|
93 |
Digital Engineering and DevSecOps | Digital engineering is an integrated digital approach that uses authoritative sources of systems data and models as a continuum across disciplines to support lifecycle activities from concept through disposal. With digital engineering, models are... | 3/16/2021 | Free | View in iTunes |
|
94 |
A 10-Step Framework for Managing Risk | Brett Tucker, a technical manager for cyber risk in the SEI CERT Division, discusses the Operationally Critical Threat, Asset, and Vulnerability Evaluation for the Enterprise (OCTAVE FORTE) Model, which helps organizations evaluate security risks and... | 3/9/2021 | Free | View in iTunes |
|
95 |
7 Steps to Engineer Security into Ongoing and Future Container Adoption Efforts | If organizations take more steps to address security-related activities now, they will be less likely to encounter security incidents in the future. When it comes to application containers, security is achieved through adopting a series of best... | 2/23/2021 | Free | View in iTunes |
|
96 |
Ransomware: Evolution, Rise, and Response | In this SEI Podcast, Marisa Midler and Tim Shimeall, network defense analysts within the SEI's CERT Division, discuss the growing problem of ransomware including the rise of ransomware as a service threats. Ransom payments from Quarter 3 of 2019 were... | 2/16/2021 | Free | View in iTunes |
|
97 |
VINCE: A Software Vulnerability Coordination Platform | Software vulnerability coordination at the CERT Coordination Center (CERT/CC) has traditionally relied on a hub-and-spoke model, with reports submitted to analysts at the CERT/CC analysts who would then work with contact affected vendors. To scale... | 1/21/2021 | Free | View in iTunes |
|
98 |
Work From Home: Threats, Vulnerabilities, and Strategies for Protecting Your Network | The COVID-19 pandemic has forced significant changes in enterprise work practices, including an increased use of telecommunications technologies required by the new work-from-home policies that most organizations have instituted in response. In this... | 1/6/2021 | Free | View in iTunes |
|
99 |
An Introduction to CMMC Assessment Guides | The Cybersecurity Maturity Model Certification (CMMC) 1.0 for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are... | 12/8/2020 | Free | View in iTunes |
|
100 |
The CMMC Level 3 Assessment Guide: A Closer Look | The Cybersecurity Maturity Model Certification (CMMC) 1.0 for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are... | 12/7/2020 | Free | View in iTunes |
|
101 |
The CMMC Level 1 Assessment Guide: A Closer Look | The Cybersecurity Maturity Model Certification (CMMC) 1.0 for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are... | 12/7/2020 | Free | View in iTunes |
|
102 |
Achieving Continuous Authority to Operate (ATO) | Authority to Operate (ATO) is a process that certifies a system to operate for a certain period of time by evaluating the risk of the system's security controls. ATO is based on the National Institute of Standards and Technology’s Risk Management... | 11/24/2020 | Free | View in iTunes |
|
103 |
Challenging the Myth of the 10x Programmer | A pervasive belief in software engineering is that some programmers are much, much better than others (the times-10, or 10x, programmer), and that the skills, abilities, and talents of these programmers exert an outsized influence on that... | 11/9/2020 | Free | View in iTunes |
|
104 |
A Stakeholder-Specific Approach to Vulnerability Management | Many organizations use the Common Vulnerability Scoring System (CVSS) to prioritize actions during vulnerability management. This podcast—which highlights the latest work in prioritizing actions during vulnerability management—presents a testable... | 10/27/2020 | Free | View in iTunes |
|
105 |
Optimizing Process Maturity in CMMC Level 5 | The Cybersecurity Maturity Model Certification (CMMC) 1.0 for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are... | 10/13/2020 | Free | View in iTunes |
|
106 |
Reviewing and Measuring Activities for Effectiveness in CMMC Level 4 | The Cybersecurity Maturity Model Certification (CMMC) 1.0 for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are... | 10/7/2020 | Free | View in iTunes |
|
107 |
Situational Awareness for Cybersecurity: Beyond the Network | Situational awareness makes it possible to get relevant information from across an organization, to integrate that information, and to disseminate it to help leaders make more informed decisions. In this SEI Podcast, Angela Horneman and Timothy... | 9/30/2020 | Free | View in iTunes |
|
108 |
Quantum Computing: The Quantum Advantage | While actual quantum computers are available from several different companies, we are currently in the Noisy Intermediate-Scale Quantum (NISQ) era. Working in the NISQ era presents a number of challenges, and the SEI is working to use NISQ devices not.. | 9/17/2020 | Free | View in iTunes |
|
109 |
CMMC Scoring 101 | The Cybersecurity Maturity Model Certification (CMMC) 1.0 for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are... | 9/2/2020 | Free | View in iTunes |
|
110 |
Developing an Effective CMMC Policy | The Cybersecurity Maturity Model Certification (CMMC) 1.0 for the Defense Industrial Base (DIB) defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized... | 8/17/2020 | Free | View in iTunes |
|
111 |
The Future of Cyber: Educating the Cybersecurity Workforce | The culture of computers and information technology changes quickly. The Future of Cyber Podcast series explores the future of cyber and whether we can use the innovations of the past to address the problems of the future. In our latest episode,... | 8/10/2020 | Free | View in iTunes |
|
112 |
Documenting Process for CMMC | The Cybersecurity Maturity Model Certification (CMMC) 1.0 for the Defense Industrial Base (DIB) defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized... | 7/30/2020 | Free | View in iTunes |
|
113 |
Agile Cybersecurity | Software development is shifting to incremental delivery to meet the demand for software quicker and at lower costs. With the current cyber threat climate, the demand for cybersecurity is growing but existing compliance processes focus on a completed... | 7/20/2020 | Free | View in iTunes |
|
114 |
CMMC Levels 1-3: Going Beyond NIST SP-171 | The Cybersecurity Maturity Model Certification (CMMC) 1.0 defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model... | 7/1/2020 | Free | View in iTunes |
|
115 |
The Future of Cyber: Secure Coding | For more than 30 years, the cybersecurity community has worked to increase the effectiveness of our cybersecurity and resilience efforts. Today we face an explosion of devices, the pervasiveness of software, the threat of adversarial capability, and... | 6/15/2020 | Free | View in iTunes |
|
116 |
Challenges to Implementing DevOps in Highly Regulated Environments | In this SEI podcast, Hasan Yasar and Jose Morales discuss challenges to implementing DevOps in highly regulated environments (HREs), exploring issues such as environment parity, the approval process, and compliance. This podcast is the second to... | 5/28/2020 | Free | View in iTunes |
|
117 |
The Future of Cyber: Cybercrime | The culture of computers and information technology evolves quickly. In this environment, how can we build a culture of security through regulations and best practices when technology can move so much faster than legislative bodies? The Future of... | 5/7/2020 | Free | View in iTunes |
|
118 |
An Ethical AI Framework | Artificially intelligent (AI) systems hold great promise to empower us with knowledge and enhance human effectiveness. As a senior research scientist in human-machine interaction at the Software Engineering Institute's Emerging Technology Center,... | 4/28/2020 | Free | View in iTunes |
|
119 |
The CERT Guide to Coordinated Vulnerability Disclosure | In this podcast, Allen Householder and David Warren discuss the CERT Guide to Coordinated Vulnerability Disclosure, which is intended for use by security researchers, software vendors, and other stakeholders in navigating the complexities of informing.. | 3/26/2020 | Free | View in iTunes |
|
120 |
The Future of Cyber: Security and Privacy | Computers and information technology are getting more and more integrated into our daily lives, so they need to be easy to use. But recent, historically large data breaches have demonstrated the need to make systems more secure and to protect... | 2/26/2020 | Free | View in iTunes |
|
121 |
The Future of Cyber: Security and Resilience | For more than 30 years, the cybersecurity community has worked to increase the effectiveness of our cybersecurity and resilience efforts. Today we face an explosion of devices, the pervasiveness of software, the threat of adversarial capability, and... | 2/14/2020 | Free | View in iTunes |
|
122 |
Reverse Engineering Object-Oriented Code with Ghidra and New Pharos Tools | In this podcast, Jeff Gennari and Cory Cohen discuss updates to the Pharos Binary Analysis Framework in GitHub, including a new plug-in to import OOAnalyzer analysis into the NSA's recently released Ghidra software reverse engineering tool suite. | 2/7/2020 | Free | View in iTunes |
|
123 |
Benchmarking Organizational Incident Management Practices | Successful management of incidents that threaten an organization's computer security is a complex endeavor. Frequently an organization's primary focus is on the response aspects of security incidents, which results in its failure to manage incidents... | 12/17/2019 | Free | View in iTunes |
|
124 |
Machine Learning in Cybersecurity: 7 Questions for Decision Makers | April Galyardt, Angela Horneman, and Jonathan Spring discuss seven key questions that managers and decision makers should ask about machine learning to effectively solve cybersecurity problems. | 12/11/2019 | Free | View in iTunes |
|
125 |
Human Factors in Software Engineering | Solving the technical aspects isn’t enough to build reliable, enduring, resilient software and systems. Human decision making, behavioral factors, and cultural factors influence software engineering, acquisition, and cybersecurity. In this podcast... | 11/12/2019 | Free | View in iTunes |
|
126 |
Improving the Common Vulnerability Scoring System | In this podcast, the authors discuss a 2019 paper that outlines challenges with the Common Vulnerability Scoring System (CVSS) and proposes changes to improve it. | 10/4/2019 | Free | View in iTunes |
|
127 |
Why Software Architects Must Be Involved in the Earliest Systems Engineering Activities | Today's major defense systems rely heavily on software-enabled capabilities. However, many defense programs acquiring new systems first determine the physical items to develop, assuming the contractors for those items will provide all needed software... | 10/1/2019 | Free | View in iTunes |
|
128 |
Selecting Metrics for Software Assurance | The Software Assurance Framework (SAF) is a collection of cybersecurity practices that programs can apply across the acquisition lifecycle and supply chain. The SAF can be used to assess an acquisition program’s current cybersecurity practices and... | 9/24/2019 | Free | View in iTunes |
|
129 |
AI in Humanitarian Assistance and Disaster Response | In 2017 and 2018, the world witnessed a record number of climate and weather-related disasters. Government agencies are increasingly interested in the use of artificial intelligence (AI) to help first responders in locating survivors, identifying... | 9/18/2019 | Free | View in iTunes |
|
130 |
The AADL Error Library: 4 Families of Systems Errors | Classifying errors in a component-based system is challenging. Components, and the systems that rely on them, can fail in myriad, unpredictable ways. It is nonetheless a challenge that should be addressed because component-based, software-driven... | 8/30/2019 | Free | View in iTunes |
|
131 |
Privacy in the Blockchain Era | In this SEI Podcast, Dr. Giulia Fanti, an assistant professor of Electrical and Computer Engineering at Carnegie Mellon University, discusses her latest research including privacy problems in the cryptocurrency and blockchain space and generative... | 7/29/2019 | Free | View in iTunes |
|
132 |
Cyber Intelligence: Best Practices and Biggest Challenges | Cyber Intelligence is a rapidly changing field, and many organizations do not have the people, time, and funding in place to build a cyber intelligence team, according to a report on cyber intelligence released in late May by researchers in the... | 7/25/2019 | Free | View in iTunes |
|
133 |
Assessing Cybersecurity Training | Simulation environments allow people to practice skills such as setting up and defending networks. If we can record informative traces of activity in these online environments and draw accurate inferences about trainee capabilities, then we can... | 7/12/2019 | Free | View in iTunes |
|
134 |
DevOps in Highly Regulated Environments | Highly regulated environments (HREs), such as finance and healthcare, are mandated by policies for various reasons, most often general security and protection of intellectual property. These policies make the sharing and open access principles of... | 6/27/2019 | Free | View in iTunes |
|
135 |
The Role of the Software Factory in Acquisition and Sustainment | Dr. Paul Nielsen discusses his involvement on a Defense Science Board Task Force that concluded that the software factory should be a key player in the acquisition and sustainment of software for defense. “This is one case where the military or the.. | 6/11/2019 | Free | View in iTunes |
|
136 |
Defending Your Organization Against Business Email Compromise | Operation Wire Wire, a coordinated law enforcement effort by the U.S. Department of Justice, U.S. Department of Homeland Security, U.S. Department of the Treasury, and the U.S. Postal Inspection Service, was conducted over a six-month period and... | 5/30/2019 | Free | View in iTunes |
|
137 |
Managing Technical Debt: A Focus on Automation, Design, and Architecture | Technical debt communicates the tradeoff between the short-term benefits of rapid delivery and the long-term value of developing a software system that is easy to evolve, modify, repair, and sustain. In this SEI Podcast, Rod Nord and Ipek Ozkaya... | 3/21/2019 | Free | View in iTunes |
|
138 |
Leading in the Age of Artificial Intelligence | Tom Longstaff, who in 2018 was hired as the SEI’s chief technology officer, discusses the challenges of leading a technical organization in the age of artificial intelligence. | 3/1/2019 | Free | View in iTunes |
|
139 |
Applying Best Practices in Network Traffic Analysis | In today's operational climate, threats and attacks against network infrastructures have become far too common. Researchers in the SEI’s CERT Division work with organizations and large enterprises, many of whom analyze their network traffic data for.. | 2/27/2019 | Free | View in iTunes |
|
140 |
10 Types of Application Security Testing Tools and How to Use Them | Bugs and weaknesses in software are common: 84 percent of system breaches exploit vulnerabilities at the application layer. The prevalence of software-related problems is a key motivation for using application security testing tools. With a growing... | 2/25/2019 | Free | View in iTunes |
|
141 |
Using Test Suites for Static Analysis Alert Classifiers | Static analysis tools used to identify potential vulnerabilities in source code produce a large number of alerts with high false-positive rates that engineers must painstakingly examine to find legitimate flaws. Researchers in the SEI’s CERT... | 2/18/2019 | Free | View in iTunes |
|
142 |
Blockchain at CMU and Beyond | Beyond its financial hype, researchers are exploring and understanding the promise of Blockchain technologies. In this SEI Podcast, Eliezer Kanal and Eugene Leventhal discuss blockchain research at Carnegie Mellon University and beyond. | 2/18/2019 | Free | View in iTunes |
| 143 | VideoLeading in the Age of Artificial Intelligence | Tom Longstaff, who in 2018 was hired as the SEI’s chief technology officer, discusses the challenges of leading a technical organization in the age of artificial intelligence. | 2/15/2019 | Free | View in iTunes |
|
144 |
System Architecture Virtual Integration: ROI on Early Discovery of Defects | Peter Feiler discusses the cost savings (26.1 percent) realized when using the System Architecture Virtual Integration approach on the development of software-reliant systems for aircraft. “If you discover [software defects] at system integration... | 11/15/2018 | Free | View in iTunes |
|
145 |
A Technical Strategy for Cybersecurity | Roberta “Bobbie” Stempfley, who was appointed director of the SEI’s CERT Division in June 2017, discusses a technical strategy for cybersecurity. “There is never enough time, money, power, resources—whatever it is—and we make design... | 11/4/2018 | Free | View in iTunes |
|
146 |
Best Practices for Security in Cloud Computing | Don Faatz and Tim Morrow, researchers with the SEI’s CERT Division, outline best practices that organizations should use to address the vulnerabilities and risks in moving applications and data to cloud services. | 10/26/2018 | Free | View in iTunes |
|
147 |
Risks, Threats, and Vulnerabilities in Moving to the Cloud | Tim Morrow and Donald Faatz outline the risks, threats, and vulnerabilities that organizations face when moving applications or data to the cloud. “If you look at large organizations like the DoD, they have embraced this. They are looking to buy... | 10/22/2018 | Free | View in iTunes |
|
148 |
How to Be a Network Traffic Analyst | Tim Shimeall and Timur Snoke, researchers in the SEI’s CERT Division, examine the role of the network traffic analyst in capturing and evaluating ever-increasing volumes of network data. “Part of it is the ability to use a wide variety of tools... | 9/14/2018 | Free | View in iTunes |
|
149 |
Workplace Violence and Insider Threat | Tracy Cassidy and Carrie Gardner, researchers with the CERT National Insider Threat Center, discuss research on using technology to detect an employee’s intent to cause physical harm. “A chronology naturally fell out that gave a temporal... | 8/28/2018 | Free | View in iTunes |
|
150 |
Why Does Software Cost So Much? | Mike Konrad and Bob Stoddard discuss an approach known as causal learning that can help the Department of Defense identify which factors cause software costs to escalate and, therefore, serve as a better basis for guidance on how to intervene. | 8/2/2018 | Free | View in iTunes |
|
151 |
Cybersecurity Engineering & Software Assurance: Opportunities & Risks | Carol Woody discusses opportunities and risks in cybersecurity engineering, software assurance, and the resulting CERT Cybersecurity Engineering and Software Assurance Professional Certificate. | 7/26/2018 | Free | View in iTunes |
|
152 |
Software Sustainment and Product Lines | Mike Phillips and Harry Levinson examine the intersection of three themes that emerged during the SEI’s work with one government program: product line practices, software sustainment, and public-private partnerships. | 7/10/2018 | Free | View in iTunes |
|
153 |
Best Practices in Cyber Intelligence | Jared Ettinger describes preliminary findings and best practices in cyber intelligence identified through a study sponsored by the U.S. Office of the Director of National Intelligence. | 6/25/2018 | Free | View in iTunes |
|
154 |
The Evolving Role of the Chief Risk Officer | Summer Fowler and Ari Lightman discuss the evolving role of the chief risk officer and a Chief Risk Officer Program that is developed and delivered jointly by CMU’s Heinz College of Information Systems and the SEI’s CERT Division. | 5/24/2018 | Free | View in iTunes |
|
155 |
Obsidian: A Safer Blockchain Programming Language | Eliezer Kanal and Michael Coblenz discuss the creation of Obsidian, a novel programming language specifically tailored to secure blockchain software development that significantly reduces the risk of coding errors. | 5/10/2018 | Free | View in iTunes |
|
156 |
Agile DevOps | Eileen Wrubel and Hasan Yasar discuss how Agile and DevOps can be deployed together to meet organizational needs. | 4/19/2018 | Free | View in iTunes |
|
157 |
Is Software Spoiling Us? Technical Innovations in the Department of Defense | In this podcast, the panel discusses technical innovations that can be applied to the Department of Defense including improved situational awareness, human-machine interactions, artificial intelligence, machine learning, data, and continuous integration | 3/15/2018 | Free | View in iTunes |
|
158 |
Is Software Spoiling Us? Innovations in Daily Life from Software | In this podcast, which was excerpted from the webinar Is Software Spoiling Us?, the panel discusses awesome innovations in daily life that are made possible because of software. | 2/8/2018 | Free | View in iTunes |
|
159 |
How Risk Management Fits into Agile & DevOps in Government | In this podcast, Eileen Wrubel, technical lead for the SEI's Agile-in-Government program leads a roundtable discussion into how Agile, DevOps, and the Risk Management Framework can work together. | 2/1/2018 | Free | View in iTunes |
|
160 |
5 Best Practices for Preventing and Responding to Insider Threat | Randy Trzeciak, technical manager of the CERT National Insider Threat Center, discusses five best practices for preventing and responding to insider threat. | 12/28/2017 | Free | View in iTunes |
|
161 |
Pharos Binary Static Analysis: An Update | Jeff Gennari discusses updates to the Pharos framework, which automates reverse engineering of malware analysis, including new tools, improvements, and bug fixes. | 12/12/2017 | Free | View in iTunes |
|
162 |
Positive Incentives for Reducing Insider Threat | Andrew Moore and Daniel Bauer highlight results from our recent research that suggests organizations need to take a more holistic approach to mitigating insider threat. | 11/30/2017 | Free | View in iTunes |
|
163 |
Mission-Practical Biometrics | Satya Venneti presents exploratory research undertaken by the SEI's Emerging Technology Center to design algorithms to extract heart rate from video capture of non-stationary subjects in real-time. | 11/16/2017 | Free | View in iTunes |
|
164 |
At Risk Emerging Technology Domains | In this podcast, CERT vulnerability analyst Dan Klinedinst discusses research aimed at helping the Department of Homeland Security United States Computer Emergency Readiness Team (US-CERT) understand future technologies and their risks. | 10/24/2017 | Free | View in iTunes |
|
165 |
DNS Blocking to Disrupt Malware | In this podcast, CERT researcher Vijay Sarvepalli explores Domain Name System or DNS Blocking, the idea of disrupting communications from malicious code such as ransomware that is used to lock up your digital assets. | 10/12/2017 | Free | View in iTunes |
|
166 |
Best Practices: Network Border Protection | In this podcast, the latest in a series on best practices for network security, Rachel Kartch explores best practices for network border protection at the Internet router and firewall. | 9/21/2017 | Free | View in iTunes |
|
167 |
Verifying Software Assurance with IBM’s Watson | In this podcast, Mark Sherman discusses research aimed at examining whether developers could build an IBM Watson application to support an assurance review. | 9/7/2017 | Free | View in iTunes |
|
168 |
The CERT Software Assurance Framework | In this podcast, Carol Woody and Christopher Alberts introduce the prototype Software Assurance Framework, a collection of cybersecurity practices that programs can apply across the acquisition lifecycle and supply chain. | 8/31/2017 | Free | View in iTunes |
|
169 |
Scaling Agile Methods | In this podcast, Will Hayes and Eileen Wrubel present five perspectives on scaling Agile from leading thinkers in the field, including Scott Ambler, Steve Messenger, Craig Larman, Jeff Sutherland, and Dean Leffingwell. | 8/3/2017 | Free | View in iTunes |
|
170 |
Ransomware: Best Practices for Prevention and Response | In this podcast, CERT researchers spell out several best practices for prevention and response to a ransomware attack. | 7/14/2017 | Free | View in iTunes |
|
171 |
Integrating Security in DevOps | In this podcast, Hasan Yasar discusses how Secure DevOps attempts to shift the paradigm for tough security problems from following rules to creatively determining solutions. | 6/29/2017 | Free | View in iTunes |
|
172 |
SEI Fellows Series: Peter Feiler | Peter Feiler was named an SEI Fellow in August 2016. This podcast is the second in a series highlighting interviews with SEI Fellows. | 6/15/2017 | Free | View in iTunes |
|
173 |
NTP Best Practices | In this podcast, Timur Snoke explores the challenges of NTP and prescribes some best practices for securing accurate time with this protocol. | 5/25/2017 | Free | View in iTunes |
|
174 |
Establishing Trust in Disconnected Environments | In this podcast, Grace Lewis presents a solution for establishing trusted identities in disconnected environments based on secure key generation and exchange in the field, as well as an evaluation and implementation of the solution. | 5/18/2017 | Free | View in iTunes |
|
175 |
Distributed Artificial Intelligence in Space | In this podcast, James Edmondson discusses his work to bring distributed artificial intelligence to a next generation, renewable power grid in space. | 4/20/2017 | Free | View in iTunes |
|
176 |
Verifying Distributed Adaptive Real-Time Systems | In this podcast, James Edmondson and Sagar Chaki describe an architecture and approach to engineering high-assurance software for Distributed Adaptive Real-Time (DART) systems. | 3/27/2017 | Free | View in iTunes |
|
177 |
10 At-Risk Emerging Technologies | Researchers in the SEI's CERT Division recently examined the security of a large swath of technology domains being developed in industry and maturing over the next five years. | 3/23/2017 | Free | View in iTunes |
|
178 |
Technical Debt as a Core Software Engineering Practice | In this podcast, Ipek Ozkaya talks about managing technical debt as a core software engineering practice and its importance in the education of future software engineers. | 2/27/2017 | Free | View in iTunes |
|
179 |
DNS Best Practices | In this podcast, Mark Langston discusses best practices for designing a secure, reliable DNS infrastructure. | 2/23/2017 | Free | View in iTunes |
|
180 |
Three Roles and Three Failure Patterns of Software Architects | This podcast explores three roles and three failure patterns of software architects that he has observed working with industry and government software projects. | 1/26/2017 | Free | View in iTunes |
|
181 |
Security Modeling Tools | In this podcast, Julien Delange discusses security modeling tools that his team developed and how to use them to capture vulnerabilities and their propagation path in an architecture. | 1/12/2017 | Free | View in iTunes |
|
182 |
Best Practices for Preventing and Responding to Distributed Denial of Service (DDoS) Attacks | In this podcast, CERT researcher Rachel Kartch provides an overview of DDoS attacks and best practices for mitigating and responding to them. | 12/19/2016 | Free | View in iTunes |
|
183 |
Cyber Security Engineering for Software and Systems Assurance | In this podcast Nancy Mead and Carol Woody discuss their new book, Cyber Security Engineering: A Practical Approach for Systems and Software Assurance, which introduces a set of seven principles for software assurance. | 12/8/2016 | Free | View in iTunes |
|
184 |
Moving Target Defense | In this podcast, Andrew Mellinger, a senior software developer in the SEI's Emerging Technology Center discusses work to develop a platform to organize dynamic defenses. | 11/30/2016 | Free | View in iTunes |
|
185 |
Improving Cybersecurity Through Cyber Intelligence | In this podcast, Jared Ettinger of the SEI's Emerging Technology Center (ETC) talks about the ETC's work in cyber intelligence as well as the Cyber Intelligence Research Consortium. | 11/10/2016 | Free | View in iTunes |
|
186 |
A Requirement Specification Language for AADL | In this podcast, Peter Feiler describes a textual requirement specification language for the Architecture Analysis & Design Language (AADL) called ReqSpec. | 10/27/2016 | Free | View in iTunes |
|
187 |
Becoming a CISO: Formal and Informal Requirements | In this podcast, Darrell Keeling, Vice President of Information Security and HIPAA Security Officer at Parkview Health, discusses the knowledge, skills, and abilities needed to become a CISO in today's fast-paced cybersecurity field. | 10/19/2016 | Free | View in iTunes |
|
188 |
Predicting Quality Assurance with Software Metrics and Security Methods | In this podcast, Dr. Carol Woody explores the connection between measurement, methods for software assurance, and security. | 10/13/2016 | Free | View in iTunes |
|
189 |
Network Flow and Beyond | In this podcast, Timothy Shimeall discusses approaches for analyzing network security using and going beyond network flow data to gain situational awareness to improve security. | 9/29/2016 | Free | View in iTunes |
|
190 |
A Community College Curriculum for Secure Software Development | In this podcast, Girish Seshagiri discusses a two-year community college software assurance program that he developed and facilitated with SEI Fellow Nancy Mead at Illinois Central College. | 9/15/2016 | Free | View in iTunes |
|
191 |
Security and the Internet of Things | In this podcast, CERT researcher Art Manion discusses work that his team is doing with the Department of Homeland Security to examine and secure IoT devices. | 8/25/2016 | Free | View in iTunes |
|
192 |
The SEI Fellow Series: Nancy Mead | This podcast is the first in a series highlighting interviews with SEI Fellows. | 8/10/2016 | Free | View in iTunes |
|
193 |
An Open Source Tool for Fault Tree Analysis | In this podcast, Dr. Julien Delange discusses fault tree analysis and introduces a new tool to design and analyze fault trees. | 7/28/2016 | Free | View in iTunes |
|
194 |
Global Value Chain – An Expanded View of the ICT Supply Chain | In this podcast, Edna Conway and John Haller discuss the global value chain for organizations and critical infrastructures and how this expanded view can be used to improve ICT supply chain management, including risks to the supply chain. | 7/18/2016 | Free | View in iTunes |
|
195 |
Intelligence Preparation for Operational Resilience | In this podcast, Douglas Gray, a member of the CERT Cyber Risk Management team, discusses how to operationalize intelligence products to build operational resilience of organizational assets and services using IPOR. | 6/21/2016 | Free | View in iTunes |
|
196 |
Evolving Air Force Intelligence with Agile Techniques | In this podcast, Harry Levinson discusses the SEI's work with the Air Force to further evolve the AF DCGS system using Agile techniques working in incremental, iterative approaches to deliver more frequent, more manageable deliveries of capability. | 5/26/2016 | Free | View in iTunes |
|
197 |
Threat Modeling and the Internet of Things | Art Manion and Allen Householder of the CERT Vulnerability Analysis team, talk about threat modeling and its use in improving the security of the Internet of Things (IoT). | 5/12/2016 | Free | View in iTunes |
|
198 |
Open Systems Architectures: When & Where to Be Closed | Don Firesmith discusses how acquisition professionals and system integrators can apply OSA practices to effectively decompose large, monolithic business and technical architectures into manageable and modular solutions. | 4/14/2016 | Free | View in iTunes |
|
199 |
Effective Reduction of Avoidable Complexity in Embedded Systems | Dr. Julien Delange discusses the Effective Reduction of Avoidable Complexity in Embedded Systems (ERACES) project, which aims to identify and remove complexity in software models. | 3/18/2016 | Free | View in iTunes |
|
200 |
Toward Efficient and Effective Software Sustainment | Mike Phillips discusses effective sustainment engineering efforts in the Army and Air Force, using examples from across their software engineering centers and how they tie in to SEI research. | 3/18/2016 | Free | View in iTunes |
|
201 |
Quality Attribute Refinement and Allocation | Dr. Neil Ernst discusses industry practices such as slicing and ratcheting used to develop business capabilities and suggests approaches to enable large-scale iteration. | 3/8/2016 | Free | View in iTunes |
|
202 |
Is Java More Secure Than C? | In this podcast, CERT researcher David Svoboda analyzes secure coding rules for both C and Java to determine if they indeed refute the conventional wisdom that Java is more secure than C. | 2/19/2016 | Free | View in iTunes |
|
203 |
Identifying the Architectural Roots of Vulnerabilities | In this podcast, Rick Kazman and Carol Woody discuss an approach for identifying architecture debt in a large-scale industrial software project by modeling software architecture as design rule spaces. | 2/4/2016 | Free | View in iTunes |
|
204 |
Build Security In Maturity Model (BSIMM) – Practices from Seventy Eight Organizations | In this podcast, Gary McGraw, the Chief Technology Officer for Cigital, discusses the latest version of BSIMM and how to take advantage of observed practices from high-performing organizations. | 2/3/2016 | Free | View in iTunes |
|
205 |
An Interview with Grady Booch | During a recent visit to the SEI, Grady Booch, chief scientist for IBM and author of the Unified Modeling Language, sat down for an interview with SEI Fellow Nancy Mead for the SEI Podcast Series. | 1/12/2016 | Free | View in iTunes |
|
206 |
Structuring the Chief Information Security Officer Organization | In this podcast, Nader Mehravari and Julia Allen, members of the CERT Cyber Risk Management team, discuss an effective approach for defining a CISO team structure and functions for large, diverse organizations. | 12/23/2015 | Free | View in iTunes |
|
207 |
How Cyber Insurance Is Driving Risk and Technology Management | In this podcast, Chip Block, Vice President at Evolver, discusses the growth of the cyber insurance industry and how it is beginning to drive the way that organizations manage risk and invest in technologies. | 11/9/2015 | Free | View in iTunes |
|
208 |
A Field Study of Technical Debt | In this podcast, Dr. Neil Ernst discusses the findings of a recent field study to assess the state of the practice and current thinking regarding technical debt and guide the development of a technical debt timeline. | 10/15/2015 | Free | View in iTunes |
|
209 |
How the University of Pittsburgh Is Using the NIST Cybersecurity Framework | In this podcast, Sean Sweeney, Information Security Officer (ISO) for the University of Pittsburgh (PITT), discusses their use of the NIST (National Institute of Standards and Technology) CSF (Cybersecurity Framework). | 10/1/2015 | Free | View in iTunes |
|
210 |
A Software Assurance Curriculum for Future Engineers | In this podcast, Nancy Mead discusses how, with support from the Department of Homeland Security, SEI researchers developed software assurance curricula and programs for graduate, undergraduate, and community colleges. | 9/24/2015 | Free | View in iTunes |
|
211 |
Four Types of Shift Left Testing | In this podcast, Donald Firesmith explains the importance of shift left testing and defines four approaches using variants of the classic V model to illustrate them. | 9/10/2015 | Free | View in iTunes |
|
212 |
Capturing the Expertise of Cybersecurity Incident Handlers | In this podcast, Dr. Richard Young, a professor with CMU, and Sam Perl, a member of the CERT Division, discuss their research on how expert cybersecurity incident handlers react when faced with an incident. | 8/27/2015 | Free | View in iTunes |
|
213 |
Toward Speed and Simplicity: Creating a Software Library for Graph Analytics | In this podcast, Scott McMillan and Eric Werner of the SEI's Emerging Technology Center discuss work to create a software library for graph analytics that would take advantage of more powerful heterogeneous supercomputers. | 8/27/2015 | Free | View in iTunes |
|
214 |
Improving Quality Using Architecture Fault Analysis with Confidence Arguments | The case study shows that by combining an analytical approach with confidence maps, we can present a structured argument that system requirements have been met and problems in the design have been addressed adequately. | 8/13/2015 | Free | View in iTunes |
|
215 |
A Taxonomy of Testing Types | In this podcast, Donald Firesmith introduces a taxonomy of testing types to help testing stakeholders understand and select those that are best for their specific programs. | 7/30/2015 | Free | View in iTunes |
|
216 |
Reducing Complexity in Software & Systems | In this podcast, Sarah Sheard discusses research to investigate the nature of complexity, how it manifests in software-reliant systems such as avionics, how to measure it, and how to tell when too much complexity might lead to safety problems. | 7/16/2015 | Free | View in iTunes |
|
217 |
Designing Security Into Software-Reliant Systems | In this podcast, CERT researcher Christopher Alberts introduces the SERA Framework, a systematic approach for analyzing complex security risks in software-reliant systems and systems of systems early in the lifecycle. | 6/25/2015 | Free | View in iTunes |
|
218 |
Agile Methods in Air Force Sustainment | This podcast Eileen Wrubel highlights research examining Agile techniques in the software sustainment arena—specifically Air Force programs. | 6/11/2015 | Free | View in iTunes |
|
219 |
Defect Prioritization With the Risk Priority Number | In this podcast, Will Hayes and Julie Cohen discuss a generalized technique that could be used with any type of system to assist the program office in addressing and resolving the conflicting views and creating a better value system for defining release | 5/28/2015 | Free | View in iTunes |
|
220 |
SEI-HCII Collaboration Explores Context-Aware Computing for Soldiers | Dr. Jeff Boleng and Dr. Anind Dey discuss joint research to understand the mission, role, and task of dismounted soldiers using context derived from sensors on them and their mobile devices. | 5/14/2015 | Free | View in iTunes |
|
221 |
An Introduction to Context-Aware Computing | Dr. Anind Dey and Dr. Jeff Boleng introduce context-aware computing and explore issues related to sensor-fueled data in the internet of things. | 4/23/2015 | Free | View in iTunes |
|
222 |
Data Driven Software Assurance | In 2012, SEI researchers began investigating vulnerabilities reported to the SEI's CERT Division. A research project was launched to investigate design-related vulnerabilities and quantify their effects. | 4/9/2015 | Free | View in iTunes |
|
223 |
Applying Agile in the DoD: Twelfth Principle | In this episode, Suzanne Miller and Mary Ann Lapham explore the application of the 12th Agile principle in the Department of Defense. | 3/26/2015 | Free | View in iTunes |
|
224 |
Supply Chain Risk Management: Managing Third Party and External Dependency Risk | In this podcast, Matt Butkovic and John Haller discuss approaches for more effectively managing supply chain risks, focusing on risks arising from “external entities that provide, sustain, or operate Information and Communications Technology (ICT)." | 3/26/2015 | Free | View in iTunes |
|
225 |
Introduction to the Mission Thread Workshop | In this podcast, Mike Gagliardi introduces the Mission Thread Workshop, a method for understanding architectural and engineering considerations for developing and sustaining systems of systems. | 3/12/2015 | Free | View in iTunes |
|
226 |
Applying Agile in the DoD: Eleventh Principle | In this podcast, the tenth in a series by Suzanne Miller and Mary Ann Lapham exploring the application of Agile principles in the Department of Defense, the two researchers discuss the application of the eleventh principle: | 2/26/2015 | Free | View in iTunes |
|
227 |
A Workshop on Measuring What Matters | This podcast summarizes the inaugural Measuring What Matters Workshop conducted in November 2014, and the team's experiences planning and executing the workshop, and identifying improvements for future offerings. | 2/20/2015 | Free | View in iTunes |
|
228 |
Applying Agile in the DoD: Tenth Principle | In this podcast, part of an ongoing series, Mary Ann Lapham and Suzanne Miller discuss the application of the tenth Agile principle: Simplicity—the art of maximizing the amount of work done done—is essential. | 2/12/2015 | Free | View in iTunes |
|
229 |
Predicting Software Assurance Using Quality and Reliability Measures | In this podcast, the authors discuss how a combination of software development and quality techniques can improve software security. | 1/29/2015 | Free | View in iTunes |
|
230 |
Applying Agile in the DoD: Ninth Principle | In this episode, Suzanne Miller and Mary Ann Lapham discuss the application of the ninth Agile principle, "Continuous attention to technical excellence and good design enhances Agile." | 1/16/2015 | Free | View in iTunes |
|
231 |
Cyber Insurance and Its Role in Mitigating Cybersecurity Risk | In this podcast, Jim Cebula and David White discuss cyber insurance and its potential role in reducing operational and cybersecurity risk. | 1/8/2015 | Free | View in iTunes |
|
232 |
AADL and Dassault Aviation | In this podcast, Peter Feiler and Thierry Cornilleau discuss their experiences with the Architecture Analysis and Design Language. | 12/18/2014 | Free | View in iTunes |
|
233 |
Tactical Cloudlets | In this podcast, Grace Lewis discusses five approaches that her team developed and tested for using tactical cloudlets as a strategy for providing infrastructure to support computation offload and data staging at the tactical edge. | 12/4/2014 | Free | View in iTunes |
|
234 |
Agile Software Teams and How They Engage with Systems Engineering on DoD Acquisition Programs | In this podcast, Eileen Wrubel and Suzanne Miller discuss issues with Agile software teams engaging systems engineering functions in developing and acquiring software-reliant systems. | 11/27/2014 | Free | View in iTunes |
|
235 |
Coding with AADL | In this podcast, Julien Delange summarizes different perspectives on research related to code generation from software architecture models. | 11/13/2014 | Free | View in iTunes |
|
236 |
The State of Agile | In this podcast, Alistair Cockburn, an Agile pioneer and one of the original signers of the Agile Manifesto, and SEI principal researcher Suzanne Miller discuss the current state of Agile adoption. | 10/30/2014 | Free | View in iTunes |
|
237 |
Applying Agile in the DoD: Eighth Principle | In this episode, the eighth in a series exploring Agile principles across the DoD, Suzanne Miller and Mary Ann Lapham discuss the eighth Agile principle. | 10/9/2014 | Free | View in iTunes |
|
238 |
A Taxonomy of Operational Risks for Cyber Security | In this podcast, James Cebula describes how to use a taxonomy to increase confidence that your organization is identifying cyber security risks. | 10/7/2014 | Free | View in iTunes |
|
239 |
Agile Metrics | In this podcast Will Hayes and Suzanne Miller discuss research intended to aid U. S. Department of Defense acquisition professionals in the use of Agile software development methods. | 9/25/2014 | Free | View in iTunes |
|
240 |
Four Principles for Engineering Scalable, Big Data Systems | In this podcast, Ian Gorton describes four general principles that hold for any scalable, big data system. | 9/11/2014 | Free | View in iTunes |
|
241 |
An Appraisal of Systems Engineering: Defense v. Non-Defense | In this podcast, Joseph P. Elm analyzes differences in systems-engineering activities for defense and non-defense projects and finds differences in both deployment and effectiveness. | 8/28/2014 | Free | View in iTunes |
|
242 |
HTML5 for Mobile Apps at the Edge | In this podcast, Grace Lewis discusses research that explores the feasibility of using HTML5 for developing mobile applications, for "edge" environments where resources and connectivity are uncertain, such as in the battlefield. | 8/14/2014 | Free | View in iTunes |
|
243 |
Applying Agile in the DoD: Seventh Principle | In this podcast, Suzanne Miller and Mary Ann Lapham explore the application of the seventh Agile principle in the Department of Defense, working software is the primary measure of progress. | 7/24/2014 | Free | View in iTunes |
|
244 |
AADL and Edgewater | In this podcast, Peter Feiler and Serban Gheorghe of Edgewater discuss their work on the Architecture Analysis and Design Language. | 7/10/2014 | Free | View in iTunes |
|
245 |
Security and Wireless Emergency Alerts | In this podcast Carol Woody and Christopher Alberts discuss guidelines that they developed to ensure that the WEA service remains robust and resilient against cyber attacks. | 6/26/2014 | Free | View in iTunes |
|
246 |
Safety and Behavior Specification Using the Architecture Analysis and Design Language | Julien Delange discusses two extensions to the Architecture Analysis and Design Language: the behavior annex and the error-model annex. | 6/12/2014 | Free | View in iTunes |
|
247 |
Applying Agile in the DoD: Sixth Principle | In this podcast, Suzanne Miller and Mary Ann Lapham discuss the application of the sixth Agile principle in the Department of Defense. | 5/29/2014 | Free | View in iTunes |
|
248 |
Characterizing and Prioritizing Malicious Code | In this podcast, Jose Morales discusses how to prioritize malware samples, helping analysts to identify the most destructive malware to examine first. | 5/29/2014 | Free | View in iTunes |
|
249 |
Using Quality Attributes to Improve Acquisition | In this podcast, Patrick Place describes research aimed at determining how acquisition quality attributes can be expressed and used to facilitate alignment among the software architecture and acquisition strategy. | 5/15/2014 | Free | View in iTunes |
|
250 |
Best Practices for Trust in the Wireless Emergency Alerts Service | In this podcast, CERT researchers Robert Ellison and Carol Woody discuss research aimed at increasing alert originators' trust in the WEA service and the public's trust in the alerts that they receive. | 4/29/2014 | Free | View in iTunes |
|
251 |
Three Variations on the V Model for System and Software Testing | In this podcast, Don Firesmith presents three variations on the V model of software or system development. | 4/10/2014 | Free | View in iTunes |
|
252 |
Adapting the PSP to Incorporate Verified Design by Contract | In this podcast, Bill Nichols discusses a proposal for integrating the Verified Design by Contract method into PSP to reduce the number of defects present at the unit-esting phase, while preserving or improving productivity. | 3/27/2014 | Free | View in iTunes |
|
253 |
Comparing IT Risk Assessment and Analysis Methods | In this podcast, the presenters discuss IT risk assessment and analysis, and comparison factors for selecting methods that are a good fit for your organization. | 3/25/2014 | Free | View in iTunes |
|
254 |
AADL and Aerospace | In this podcast, Peter Feiler and Myron Hecht discuss the use of AADL by the Aerospace Corporation. | 3/13/2014 | Free | View in iTunes |
|
255 |
Assuring Open Source Software | In this podcast, Kate Ambrose Sereno and Naomi Anderson discuss research aimed at developing adoptable, evidence-based, data-driven approaches to evaluating (open source) software. | 2/27/2014 | Free | View in iTunes |
|
256 |
Security Pattern Assurance through Roundtrip Engineering | In this podcast, Rick Kazman discusses these challenges and a solution he has developed for achieving system security qualities through use of patterns. | 2/13/2014 | Free | View in iTunes |
|
257 |
The Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) | ES-C2M2 helps improve the operational resilience of the U.S. power grid. | 2/11/2014 | Free | View in iTunes |
|
258 |
Applying Agile in the DoD: Fifth Principle | In this episode, the fifth in a series, Suzanne Miller and Mary Ann Lapham discuss the application of the fifth principle, Build projects around motivated individuals. | 1/30/2014 | Free | View in iTunes |
|
259 |
Software Assurance Cases | In this podcast, Charles Weinstock introduces assurance cases and how they can be used to assure safety, security, and reliability. | 1/16/2014 | Free | View in iTunes |
|
260 |
Raising the Bar - Mainstreaming CERT C Secure Coding Rules | In this podcast, Robert Seacord describes the CERT-led effort to publish an ISO/IEC technical specification for secure coding rules for compilers and analyzers. | 1/7/2014 | Free | View in iTunes |
|
261 |
AADL and Télécom Paris Tech | Real-World Applications of the Architecture Analysis and Design Language (AADL) | 12/26/2013 | Free | View in iTunes |
|
262 |
From Process to Performance-Based Improvement | In this podcast, Tim Chick and Gene Miluk discuss methodology and outputs of the Checkpoint Diagnostic, a tool that provides organizations with actionable performance related information and analysis closely linked to business value. | 12/12/2013 | Free | View in iTunes |
|
263 |
An Approach to Managing the Software Engineering Challenges of Big Data | In this episode, Ian Gorton and John Klein discuss big data and the challenges it presents for software engineers. With help from fellow SEI researchers, the two have developed a lightweight risk reduction approach to help software engineers manage the | 11/27/2013 | Free | View in iTunes |
|
264 |
Using the Cyber Resilience Review to Help Critical Infrastructures Better Manage Operational Resilience | In this podcast, the presenters explain how CRRs allow critical infrastructure owners to compare their cybersecurity performance with their peers. | 11/26/2013 | Free | View in iTunes |
|
265 |
Situational Awareness Mashups | In this podcast Soumya Simanta describes research aimed at creating a software prototype that allows warfighters and first responders to rapidly integrate or mash geo-tagged situational awareness data from multiple remote data sources. | 11/14/2013 | Free | View in iTunes |
|
266 |
Applying Agile in the DoD: Fourth Principle | In this episode, the fourth in a series about the application of agile principles in the DOD, Suzanne Miller and Mary Ann Lapham discuss the application of the fourth principle, "Business people and developers must work together daily." | 10/31/2013 | Free | View in iTunes |
|
267 |
Architecting Systems of the Future | In this episode, Eric Werner discusses research that he and several of his colleagues are conducting to help software developers create systems for the many-core central processing units in massively parallel computing environments. | 10/17/2013 | Free | View in iTunes |
|
268 |
Acquisition Archetypes | In this episode, Bill Novak talks about his work with acquisition archetypes and how they can be used to help government programs avoid problems in software development and systems acquisition. | 9/26/2013 | Free | View in iTunes |
|
269 |
Human-in-the-Loop Autonomy | In this episode, James Edmondson discusses his research on autonomous systems, specifically robotic systems and autonomous systems for robotic systems. | 9/12/2013 | Free | View in iTunes |
|
270 |
Mobile Applications for Emergency Managers | Learn about the SEI's Advanced Mobile Systems Team's work with the Huntingdon County, Pennsylvania, Emergency Management Agency. | 8/29/2013 | Free | View in iTunes |
|
271 |
Why Use Maturity Models to Improve Cybersecurity: Key Concepts, Principles, and Definitions | In this podcast, Rich Caralli explains how maturity models provide measurable value in improving an organization's cybersecurity capabilities. | 8/27/2013 | Free | View in iTunes |
|
272 |
Applying Agile in the DoD: Third Principle | A discussion of the application of the third Agile principle, "Deliver working software frequently, from a couple of weeks to a couple of months, with a preference to the shorter timescale." | 8/15/2013 | Free | View in iTunes |
|
273 |
DevOps - Transform Development and Operations for Fast, Secure Deployments | In this podcast, Gene Kim explains how the "release early, release often" approach significantly improves software performance, stability, and security. | 7/30/2013 | Free | View in iTunes |
|
274 |
Application Virtualization as a Strategy for Cyber Foraging | In this podcast, researcher Grace Lewis discusses application virtualization as a more lightweight alternative to VM synthesis for cloudlet provisioning. | 7/25/2013 | Free | View in iTunes |
|
275 |
Common Testing Problems: Pitfalls to Prevent and Mitigate | Don Firesmith discusses problems that occur during testing as well as a framework that lists potential symptoms by which each can be recognized, potential negative consequences, and potential causes, and makes recommendations for preventing them. | 7/11/2013 | Free | View in iTunes |
|
276 |
Joint Programs and Social Dilemmas | In this episode, SEI researcher Bill Novak discusses joint programs and social dilemmas, which have become increasingly common in defense acquisition, and the ways in joint program outcomes can be affected by their underlying structure. | 6/27/2013 | Free | View in iTunes |
|
277 |
Applying Agile in the DoD: Second Principle | In this episode, SEI researchers discuss the application of the second Agile rinciple, “Welcome changing requirements, even late in development. | 6/13/2013 | Free | View in iTunes |
|
278 |
Managing Disruptive Events - CERT-RMM Experience Reports | In this podcast, the participants describe four experience reports that demonstrate how the CERT-RMM can be applied to manage operational risks. | 6/11/2013 | Free | View in iTunes |
|
279 |
Reliability Validation and Improvement Framework | In this podcast, Peter Feiler discusses his recent work to improve the quality of software-reliant systems through an approach known as the Reliability Validation and Improvement Framework. | 5/23/2013 | Free | View in iTunes |
|
280 |
The Business Case for Systems Engineering | Joe Elm discusses the results of a recent technical report, which establishes clear links between the application of systems engineering (SE) best practices to projects and programs and the performance of those projects and programs. | 5/9/2013 | Free | View in iTunes |
|
281 |
Using a Malware Ontology to Make Progress Towards a Science of Cybersecurity | In this podcast, Dave Mundie explains why a common language is essential to developing a shared understanding to better analyze malicious code. | 5/9/2013 | Free | View in iTunes |
|
282 |
Applying Agile in the DoD: First Principle | In this episode, Suzanne Miller and Mary Ann Lapham discuss the application of the first Agile principle, "Our highest priority is to satisfy the customer through early and continuous delivery of valuable software." | 4/18/2013 | Free | View in iTunes |
|
283 |
The Evolution of a Science Project | In this podcast, Bill Novak and Andy Moore describe a recent technical report, The Evolution of a Science Project, which intends to improve acquisition staff decision-making. | 4/4/2013 | Free | View in iTunes |
|
284 |
Securing Mobile Devices aka BYOD | In this podcast, Joe Mayes discusses how to ensure the security of personal mobile devices that have access to enterprise networks. | 3/26/2013 | Free | View in iTunes |
|
285 |
What's New With Version 2 of the AADL Standard? | In this podcast, Peter Feiler discusses the latest changes to the Architecture Analysis & Design Language (AADL) standard. | 3/21/2013 | Free | View in iTunes |
|
286 |
The State of the Practice of Cyber Intelligence | In this podcast, Troy Townsend and Jay McAllister discuss their findings on the state of the practice of cyber intelligence. | 3/7/2013 | Free | View in iTunes |
|
287 |
Mitigating Insider Threat - New and Improved Practices Fourth Edition | In this podcast, participants explain how 371 cases of insider attacks led to 4 new and 15 updated best practices for mitigating insider threats. | 2/28/2013 | Free | View in iTunes |
|
288 |
Technology Readiness Assessments | Michael Bandor discusses technology readiness assessments, which the DoD defines as a formal, systematic, metrics-based process and accompanying report that assess the maturity of critical hardware and software technologies to be used in systems. | 2/21/2013 | Free | View in iTunes |
|
289 |
Standards in Cloud Computing Interoperability | In this podcast, Grace Lewis discusses her latest research exploring the role of standards in cloud-computing interoperability. | 2/7/2013 | Free | View in iTunes |
|
290 |
Managing Disruptive Events: Demand for an Integrated Approach to Better Manage Risk | In this podcast, Nader Mehravari describes how governments and markets are calling for the integration of plans for and responses to disruptive events. | 1/31/2013 | Free | View in iTunes |
|
291 |
The Latest Developments in AADL | Julien Delange and Peter Feiler discuss the latest developments with the Architecture Analysis and Design Language (AADL) standard. | 1/17/2013 | Free | View in iTunes |
|
292 |
The Fundamentals of Agile | In this episode, Tim Chick, a senior member of the technical staff in the Team Software Process (TSP) initiative, discusses the fundamentals of agile, specifically what it means for an organization to be agile. | 1/3/2013 | Free | View in iTunes |
|
293 |
Software for Soldiers who use Smartphones | In this episode, Ed Morris describes research to create a software application for smartphones that allows soldier end-users to program their smartphones to provide an interface tailored to the information they need for a specific mission. | 12/20/2012 | Free | View in iTunes |
|
294 |
Managing Disruptive Events: Making the Case for Operational Resilience | In this podcast, Nader Mehravari describes how today's high-risk, global, fast, and very public business environment demands a more integrated approach. | 12/19/2012 | Free | View in iTunes |
|
295 |
Architecting Service-Oriented Systems | Grace Lewis discusses general guidelines for architecting service-oriented systems, how common service-oriented system components support these principles, and the effect these principles and their implementation have on system quality attributes. | 12/6/2012 | Free | View in iTunes |
|
296 |
The SEI Strategic Plan | In this podcast, Bill Scherlis discusses the development of the strategic plan of the SEI to advance the practice of software engineering for the DoD. | 11/15/2012 | Free | View in iTunes |
|
297 |
Quantifying Uncertainty in Early Lifecycle Cost Estimation | In this podcast episode, Jim McCurley and Robert Stoddard discuss a new method developed by the SEI's Software Engineering Measurement and Analysis (SEMA) team, Quantifying Uncertainty in Early Lifecycle Cost Estimation (QUELCE). | 11/1/2012 | Free | View in iTunes |
|
298 |
Using Network Flow Data to Profile Your Network and Reduce Vulnerabilities | In this podcast, participants discuss how a network profile can help identify unintended points of entry, misconfigurations, and other weaknesses. | 10/23/2012 | Free | View in iTunes |
|
299 |
Architecting a Financial System with TSP | In this episode, Felix Bachmann and James McHale discuss their work on a project between the SEI and Bursatec to create a reliable and fast new trading system for Groupo Bolsa Mexicana de Valores, the Mexican Stock Exchange. | 10/18/2012 | Free | View in iTunes |
|
300 |
The Importance of Data Quality | In this episode, Dave Zubrow discusses the importance of data quality and research that his team is undertaking in this area. | 10/4/2012 | Free | View in iTunes |
|
301 |
How to More Effectively Manage Vulnerabilities and the Attacks that Exploit Them | In this podcast, Greg Crabb explains how CERT-RMM can be used to establish and meet resilience requirements for a wide range of business objectives. | 9/25/2012 | Free | View in iTunes |
|
302 |
Misaligned Incentives | In this episode, Novak discusses misaligned incentives, misaligned people incentives in software acquisition programs, and how the wrong incentives can undermine acquisition programs and produce poor outcomes. | 9/20/2012 | Free | View in iTunes |
|
303 |
Agile Acquisition | This podcast explores the SEI's research and work to assist the DoD in Agile acquisition. | 9/4/2012 | Free | View in iTunes |
|
304 |
An Architecture-Focused Measurement Framework for Managing Technical Debt | In this podcast, Ipek Ozkaya discusses the SEI's research on the strategic management of technical debt, which involves decisions made to defer necessary work during the planning or execution of a software project. | 9/4/2012 | Free | View in iTunes |
|
305 |
Cloud Computing for the Battlefield | Grace Lewis discusses her research to overcome challenges for battlefield computing by using cloudlets: localized, lightweight servers running one or more virtual machines on which soldiers can offload expensive computations from their handheld devices. | 9/4/2012 | Free | View in iTunes |
|
306 |
How a Disciplined Process Enhances & Enables Agility | In this podcast, Bill Nichols discusses how a disciplined process enables and enhances agility | 9/4/2012 | Free | View in iTunes |
|
307 |
U.S. Postal Inspection Service Use of the CERT Resilience Management Model | In this podcast, Greg Crabb explains how CERT-RMM can be used to establish and meet resilience requirements for a wide range of business objectives. | 8/21/2012 | Free | View in iTunes |
|
308 |
Insights from the First CERT Resilience Management Model Users Group | In this podcast, Lisa Young explains that implementing CERT-RMM requires well-defined improvement objectives, sponsorship, and more. | 7/17/2012 | Free | View in iTunes |
|
309 |
NIST Catalog of Security and Privacy Controls, Including Insider Threat | In this podcast, participants discuss why security controls, including those for insider threat, are necessary to protect information and information systems. | 4/24/2012 | Free | View in iTunes |
|
310 |
Cisco's Adoption of CERT Secure Coding Standards | In this podcast, Martin Sebor explains how implementing secure coding standards is a sound business decision. | 2/28/2012 | Free | View in iTunes |
|
311 |
How to Become a Cyber Warrior | In this podcast, Dennis Allen explains that protecting the internet and its users against cyber attacks requires more skilled cyber warriors. | 1/31/2012 | Free | View in iTunes |
|
312 |
Considering Security and Privacy in the Move to Electronic Health Records | In this podcast, participants discuss how using electronic health records bring many benefits along with security and privacy challenges. | 12/20/2011 | Free | View in iTunes |
|
313 |
Measuring Operational Resilience | In this podcast, Julia Allen explains that measures of operational resilience should answer key questions, inform decisions, and affect behavior. | 10/4/2011 | Free | View in iTunes |
|
314 |
Why Organizations Need a Secure Domain Name System | Use of Domain Name System security extensions can help prevent website hijacking attacks. | 9/6/2011 | Free | View in iTunes |
|
315 |
Controls for Monitoring the Security of Cloud Services | In this podcast, participants explain that it depends on the service model how cloud providers and customers can use controls to protect sensitive information. | 8/2/2011 | Free | View in iTunes |
|
316 |
Building a Malware Analysis Capability | In this podcast, Jeff Gennari explains that analyzing malware is essential to assessing the damage and reducing the impact associated with ongoing infection. | 7/12/2011 | Free | View in iTunes |
|
317 |
Using the Smart Grid Maturity Model (SGMM) | In this podcast, David White describes how over 100 electric power utilities are using the Smart Grid Maturity Model. | 5/5/2011 | Free | View in iTunes |
|
318 |
Integrated, Enterprise-Wide Risk Management: NIST 800-39 and CERT-RMM | In this podcast, participants explain why and how business leaders must address risk at the enterprise, business process, and system levels. | 3/29/2011 | Free | View in iTunes |
|
319 |
Conducting Cyber Exercises at the National Level | In this podcast, participants discuss exercises that help organizations, governments, and nations prepare for, identify, and mitigate cyber risks. | 2/22/2011 | Free | View in iTunes |
|
320 |
Indicators and Controls for Mitigating Insider Threat | In this podcast, Michael Hanley explains how technical controls can be effective in helping to prevent, detect, and respond to insider crimes. | 1/25/2011 | Free | View in iTunes |
|
321 |
How Resilient Is My Organization? | In this podcast, Richard Caralli explains how CERT-RMM can ensure that critical assets and services perform as expected in the face of stress and disruption. | 12/9/2010 | Free | View in iTunes |
|
322 |
Public-Private Partnerships: Essential for National Cyber Security | In this podcast, participants explain that knowledge of software assurance is essential to ensure that complex systems function as intended. | 11/30/2010 | Free | View in iTunes |
|
323 |
Software Assurance: A Master's Level Curriculum | In this podcast, participants explain how knowledge about software assurance is essential to ensure that complex systems function as intended. | 10/26/2010 | Free | View in iTunes |
|
324 |
How to Develop More Secure Software - Practices from Thirty Organizations | In this podcast, participants discuss how organizations can benchmark their software security practices against 109 observed activities from 30 organizations. | 9/28/2010 | Free | View in iTunes |
|
325 |
Mobile Device Security: Threats, Risks, and Actions to Take | In this podcast, Jonathan Frederick explains how internet-connected mobile devices are becoming increasingly attractive targets. | 8/31/2010 | Free | View in iTunes |
|
326 |
Establishing a National Computer Security Incident Response Team (CSIRT) | In this podcast, participants discuss how essential a national CSIRT is for protecting national and economic security and continuity. | 8/19/2010 | Free | View in iTunes |
|
327 |
Securing Industrial Control Systems | In this podcast, Julia Allen how critical it is to secure systems that control physical switches, valves, pumps, meters, and manufacturing lines. | 7/27/2010 | Free | View in iTunes |
|
328 |
The Power of Fuzz Testing to Reduce Security Vulnerabilities | In this podcast, Will Dormann urges listeners to subject their software to fuzz testing to help identify and eliminate security vulnerabilities. | 5/25/2010 | Free | View in iTunes |
|
329 |
Protect Your Business from Money Mules | Organized criminals recruit unsuspecting intermediaries to help steal funds from small businesses. | 4/27/2010 | Free | View in iTunes |
|
330 |
Train for the Unexpected | In this podcast, Matthew Meyer explains that being able to respond effectively when faced with a disruptive event requires becoming more resilient. | 3/3/2010 | Free | View in iTunes |
|
331 |
The Role of the CISO in Developing More Secure Software | In this podcast, Pravir Chandra warns that CISOs must leave no room for doubt that they understand what is expected of them when developing secure software. | 3/2/2010 | Free | View in iTunes |
|
332 |
Computer and Network Forensics: A Master's Level Curriculum | In this podcast, Kris Rush describes how students learn to combine multiple facets of digital forensics and draw conclusions to support investigations. | 2/2/2010 | Free | View in iTunes |
|
333 |
Introducing the Smart Grid Maturity Model (SGMM) | In this podcast, Ray Jones explains how the SGMM provides a roadmap to guide an organization's transformation to the smart grid. | 1/12/2010 | Free | View in iTunes |
|
334 |
Leveraging Security Policies and Procedures for Electronic Evidence Discovery | In this podcast, John Christiansen explains that effectively responding to e-discovery requests depends on well-defined policies, procedures, and processes. | 1/9/2010 | Free | View in iTunes |
|
335 |
Integrating Privacy Practices into the Software Development Life Cycle | In this podcast, participants explain that addressing privacy during software development is just as important as addressing security. | 12/22/2009 | Free | View in iTunes |
|
336 |
Using the Facts to Protect Enterprise Networks: CERT's NetSA Team | In this podcast, Timothy Shimeall describes how network defenders and business leaders can use NetSA measures to protect their networks. | 12/1/2009 | Free | View in iTunes |
|
337 |
Ensuring Continuity of Operations When Business Is Disrupted | In this podcast, Gary Daniels explains that providing critical services during times of stress depends on documented, tested business continuity plans. | 11/10/2009 | Free | View in iTunes |
|
338 |
Managing Relationships with Business Partners to Achieve Operational Resiliency | In this podcast, David White explains why a defined, managed process for third party relationships is essential, particularly when business is disrupted. | 10/20/2009 | Free | View in iTunes |
|
339 |
The Smart Grid: Managing Electrical Power Distribution and Use | In this podcast, James Stevens explains how using the smart grid comes with some new privacy and security challenges. | 9/29/2009 | Free | View in iTunes |
|
340 |
Electronic Health Records: Challenges for Patient Privacy and Security | In this podcast, Robert Charette explains why electronic health records (EHRs) are possibly the most complicated area of IT today. | 9/8/2009 | Free | View in iTunes |
|
341 |
Mitigating Insider Threat: New and Improved Practices | Two hundred and eighty-two cases of actual insider attacks suggest 16 best practices for preventing and detecting insider threat. | 8/18/2009 | Free | View in iTunes |
|
342 |
Rethinking Risk Management | In this podcast, Christopher Alberts urges business leaders to adopt new approaches to addressing risks across the life cycle and supply chain. | 7/7/2009 | Free | View in iTunes |
|
343 |
The Upside and Downside of Security in the Cloud | In this podcast, Tim Mather advises business leaders considering cloud services to weigh the economic benefits against the security and privacy risks. | 6/16/2009 | Free | View in iTunes |
|
344 |
More Targeted, Sophisticated Attacks: Where to Pay Attention | In this podcast, Martin Linder urges business leaders to take action to better mitigate sophisticated social engineering attacks. | 5/26/2009 | Free | View in iTunes |
|
345 |
Is There Value in Identifying Software Security "Never Events?" | In this podcast, Robert Charette suggests when to examine responsibilities when developing software with known, preventable errors. | 5/5/2009 | Free | View in iTunes |
|
346 |
Cyber Security, Safety, and Ethics for the Net Generation | In this podcast, Rodney Peterson explains why capitalizing on the cultural norms of the Net Generation is essential when developing security awareness programs. | 4/14/2009 | Free | View in iTunes |
|
347 |
An Experience-Based Maturity Model for Software Security | In this podcast, participants discuss how observed practice, represented as a maturity model, can serve as a basis for developing more secure software. | 3/31/2009 | Free | View in iTunes |
|
348 |
Mainstreaming Secure Coding Practices | In this podcast, Robert Seacord explains how requiring secure coding practices when building or buying software can dramatically reduce vulnerabilities. | 3/17/2009 | Free | View in iTunes |
|
349 |
Security: A Key Enabler of Business Innovation | In this podcast, participants describe how making security strategic to business innovation involves seven strategies. | 3/3/2009 | Free | View in iTunes |
|
350 |
Better Incident Response Through Scenario Based Training | In this podcast, Christopher May explains how teams are better prepared to respond to incidents if realistic, hands-on training is part of their normal routine. | 2/17/2009 | Free | View in iTunes |
|
351 |
An Alternative to Risk Management for Information and Software Security | In this podcast, Brian Chess explain how standards, compliance, and process are better than risk management for ensuring information and software security. | 2/3/2009 | Free | View in iTunes |
|
352 |
Tackling Tough Challenges: Insights from CERT’s Director Rich Pethia | In this podcast, Rich Pethia reflects on the CERT Division's 20-year history and discusses its future IT and security challenges. | 1/20/2009 | Free | View in iTunes |
|
353 |
Climate Change: Implications for Information Technology and Security | In this podcast, Richard Power explains how climate change requires new strategies for dealing with traditional IT and information security risks. | 12/9/2008 | Free | View in iTunes |
|
354 |
Using High Fidelity, Online Training to Stay Sharp | In this podcast, Jim Wrubel explains how virtual training environments can deliver high quality content to security professionals on-demand, anywhere, anytime. | 11/25/2008 | Free | View in iTunes |
|
355 |
Integrating Security Incident Response and e-Discovery | In this podcast, Julia Allen explains how responding to an e-discovery request involves many of the same steps and roles as responding to a security incident. | 11/11/2008 | Free | View in iTunes |
|
356 |
Concrete Steps for Implementing an Information Security Program | In this podcast, Jennifer Bayuk explains how successful security programs are based on strategy, policy, awareness, implementation, monitoring, and remediation. | 10/28/2008 | Free | View in iTunes |
|
357 |
Virtual Communities: Risks and Opportunities | In this podcast, Jan Wolynski advises business leaders to evaluate risks and opportunities when considering conducting business in online, virtual communities. | 10/14/2008 | Free | View in iTunes |
|
358 |
Developing Secure Software: Universities as Supply Chain Partners | In this podcast, Mary Ann Davidson explains how integrating security into university curricula is a key solution to developing more secure software. | 9/30/2008 | Free | View in iTunes |
|
359 |
Security Risk Assessment Using OCTAVE Allegro | In this podcast, Lisa Young describes OCTAVE Allegro, a streamlined assessment method that focuses on risks to information used by critical business services. | 9/16/2008 | Free | View in iTunes |
|
360 |
Getting to a Useful Set of Security Metrics | Well-defined metrics are essential to determine which security practices are worth the investment. | 9/2/2008 | Free | View in iTunes |
|
361 |
How to Start a Secure Software Development Program | In this podcast, Gary McGraw explains how to achieve software security by thinking like an attacker and integrating practices into the development lifecycle. | 8/20/2008 | Free | View in iTunes |
|
362 |
Managing Risk to Critical Infrastructures at the National Level | In this podcast, Bradford Willke explain how protecting critical infrastructures and the information they use are essential for preserving our way of life. | 8/5/2008 | Free | View in iTunes |
|
363 |
Analyzing Internet Traffic for Better Cyber Situational Awareness | In this podcast, Derek Gabbard discusses automation, innovation, reaction, and expansion as the foundation for meaningful network traffic intelligence. | 7/28/2008 | Free | View in iTunes |
|
364 |
Managing Security Vulnerabilities Based on What Matters Most | In this podcast, Art Manion explains that determining which security vulnerabilities to address should be based on the importance of the information asset. | 7/22/2008 | Free | View in iTunes |
|
365 |
Identifying Software Security Requirements Early, Not After the Fact | In this podcast, Nancy Mead explains that during requirements engineering, software engineers need to think about how software should behave when under attack. | 7/8/2008 | Free | View in iTunes |
|
366 |
Making Information Security Policy Happen | In this podcast, Paul Love argues that targeted, innovative communications and a robust lifecycle are keys for security policy success. | 6/24/2008 | Free | View in iTunes |
|
367 |
Becoming a Smart Buyer of Software | Managing software that is developed by an outside organization can be more challenging than building it yourself. | 6/10/2008 | Free | View in iTunes |
|
368 |
Building More Secure Software | In this podcast, Julia Allen explains how software security is about building more defect-free software to reduce vulnerabilities targeted by attackers. | 5/27/2008 | Free | View in iTunes |
|
369 |
Connecting the Dots Between IT Operations and Security | In this podcast, Gene Kim describes how high performing organizations must integrate information security controls into their IT operational processes. | 5/13/2008 | Free | View in iTunes |
|
370 |
Getting in Front of Social Engineering | In this podcast, Betsy Nichols tells us how benchmark results can compare results with peers, drive performance, and help determine how much security is enough. | 4/29/2008 | Free | View in iTunes |
|
371 |
Using Benchmarks to Make Better Security Decisions | In this podcast, Betsy Nichols describes how benchmark results can be used to help determine how much security is enough. | 4/15/2008 | Free | View in iTunes |
|
372 |
Protecting Information Privacy - How To and Lessons Learned | In this podcast, Kim Hargraves describes three keys to ensuring information privacy in an organization. | 4/1/2008 | Free | View in iTunes |
|
373 |
Initiating a Security Metrics Program: Key Points to Consider | In this podcast, Samuel Merrell explains that a sound security metrics program should select data relevant to consumers from repeatable processes. | 3/18/2008 | Free | View in iTunes |
|
374 |
Insider Threat and the Software Development Life Cycle | In this podcast, Dawn Cappelli explains how insider threat vulnerabilities can be introduced during all phases of the software development lifecycle. | 3/4/2008 | Free | View in iTunes |
|
375 |
Tackling the Growing Botnet Threat | In this podcast, Nicholas Ianelli cautions business leaders to understand the risks to their organizations caused by the proliferation of botnets. | 2/19/2008 | Free | View in iTunes |
|
376 |
Building a Security Metrics Program | In this podcast, Betsy Nichols explains that reporting meaningful security metrics depends on topic selection, context definition, and data access. | 2/5/2008 | Free | View in iTunes |
|
377 |
Inadvertent Data Disclosure on Peer-to-Peer Networks | In this podcast, participants discuss how peer-to-peer networks are being used to unintentionally disclose government, commercial, and personal information. | 1/22/2008 | Free | View in iTunes |
|
378 |
Information Compliance: A Growing Challenge for Business Leaders | In this podcast, Tom Smedinghoff reminds directors and executives that they are personally accountable for protecting information entrusted to their care. | 1/8/2008 | Free | View in iTunes |
|
379 |
Internal Audit's Role in Information Security: An Introduction | In this podcast, Dan Swanson explains how an internal audit can serve a key role in establishing an effective information security program. | 12/10/2007 | Free | View in iTunes |
|
380 |
What Business Leaders Can Expect from Security Degree Programs | In this podcast, participants discuss whether information security degree programs meet the needs of business leaders seeking knowledgeable employees. | 11/27/2007 | Free | View in iTunes |
|
381 |
The Path from Information Security Risk Assessment to Compliance | In this podcast, William Wilson explains how an information security risk assessment, performed with operational risk management, can contribute to compliance. | 11/13/2007 | Free | View in iTunes |
|
382 |
Computer Forensics for Business Leaders: Building Robust Policies and Processes | In this podcast, participants discuss how business leaders can play a key role in computer forensics by establishing and testing strong policies. | 10/30/2007 | Free | View in iTunes |
|
383 |
Business Resilience: A More Compelling Argument for Information Security | In this podcast, participants discuss how a business resilience argument can bridge the gap between information security officers and business leaders. | 10/16/2007 | Free | View in iTunes |
|
384 |
Resiliency Engineering: Integrating Security, IT Operations, and Business Continuity | In this podcast, Lisa Young suggests that by taking a holistic view of business resilience, business leaders can help their organizations stand up to threats. | 10/15/2007 | Free | View in iTunes |
|
385 |
The Human Side of Security Trade-Offs | In this podcast, participants explain that it's easy to think of security as a collection of technologies and tools, but that people are the real key. | 9/18/2007 | Free | View in iTunes |
|
386 |
Dual Perspectives: A CIO's and CISO's Take on Security | In this podcast, participants explain that since you can't secure everything, managing security risk to a "commercially reasonable degree" is best. | 9/4/2007 | Free | View in iTunes |
|
387 |
Reducing Security Costs with Standard Configurations: U.S. Government Initiatives | In this podcast, participants explain that since you can't secure everything, , managing security risk to a "commercially reasonable degree" is best. | 8/7/2007 | Free | View in iTunes |
|
388 |
Tackling Security at the National Level: A Resource for Leaders | In this podcast, Clint Kreitner explains how information security costs can be reduced by enforcing standard configurations for widely deployed systems. | 8/7/2007 | Free | View in iTunes |
|
389 |
Real-World Security for Business Leaders | In this podcast, William Wilson advises business leaders to use international standards to create a business- and risk-based information security program. | 7/24/2007 | Free | View in iTunes |
|
390 |
Using Standards to Build an Information Security Program | In this podcast, William Wilson explains how business leaders can use international standards to create a business- and risk-based information security program. | 7/10/2007 | Free | View in iTunes |
|
391 |
Getting Real About Security Governance | In this podcast, participants explain that enterprise security governance can be achieved by implementing a defined, repeatable process. | 6/26/2007 | Free | View in iTunes |
|
392 |
Convergence: Integrating Physical and IT Security | In this podcast, participants recommend deploying common solutions for physical and IT security as a cost-effective way to reduce risk and save money. | 6/12/2007 | Free | View in iTunes |
|
393 |
IT Infrastructure: Tips for Navigating Tough Spots | In this podcast, participants discuss how organizations may occasionally need to redefine their IT infrastructures and be ready to handle tricky situations. | 5/29/2007 | Free | View in iTunes |
|
394 |
The Value of De-Identified Personal Data | In this podcast, participants discuss the complex legal compliance landscape and how de-identification can help organizations share data more securely. | 5/15/2007 | Free | View in iTunes |
|
395 |
Adapting to Changing Risk Environments: Operational Resilience | In this podcast, participants discuss how businesses leaders need to keep their critical processes and services up and running in the face of the unexpected. | 5/1/2007 | Free | View in iTunes |
|
396 |
Computer Forensics for Business Leaders: A Primer | In this podcast, participants discuss how computer forensics is often overlooked when planning an incident response strategy. | 4/17/2007 | Free | View in iTunes |
|
397 |
The Real Secrets of Incident Management | In this podcast, participants explain that incident management is not just technical response, but a cross-enterprise effort. | 4/3/2007 | Free | View in iTunes |
|
398 |
The Legal Side of Global Security | In this podcast, participants encourage business leaders, including legal counsel, to understand how to tackle complex security issues for a global enterprise. | 3/20/2007 | Free | View in iTunes |
|
399 |
A New Look at the Business of IT Education | System administrators increasingly need business savvy in addition to technical skills, and IT training courses must try to keep pace with this trend. | 3/6/2007 | Free | View in iTunes |
|
400 |
Crisis Communications During a Security Incident | In this podcast, participants alert business leaders to be prepared to communicate with the media and their staff during high-profile security incidents. | 2/20/2007 | Free | View in iTunes |
|
401 |
Assuring Mission Success in Complex Environments | In this podcast, participants discuss analysis tools for assessing complex organizational and technological issues that are beyond traditional approaches. | 2/6/2007 | Free | View in iTunes |
|
402 |
Privacy: The Slow Tipping Point | In this podcast, participants discuss a trend toward more data disclosure that may cause users to become desensitized to privacy breaches. | 1/23/2007 | Free | View in iTunes |
|
403 |
Building Staff Competence in Security | In this podcast, Barbara Laswell describes specifications that define the knowledge, skills, and competencies required for a range of security positions. | 1/9/2007 | Free | View in iTunes |
|
404 |
Evolving Business Models, Threats, and Technologies: A Conversation with CERT's Deputy Director for Technology | In this podcast, participants discuss how business models are evolving as security threats become more covert and technology enables information migration. | 12/26/2006 | Free | View in iTunes |
|
405 |
Inside Defense-in-Depth | In this podcast, participants discuss defense-in-depth, a path toward enterprise resilience. | 12/19/2006 | Free | View in iTunes |
|
406 |
Protecting Against Insider Threat | In this podcast, Dawn Cappelli describes the real and substantial threat of attack from insiders. | 11/28/2006 | Free | View in iTunes |
|
407 |
Change Management: The Security 'X' Factor | In this podcast, Gene Kim reports how a recent security survey found one factor that separated high performers from the rest of the pack: change management. | 11/14/2006 | Free | View in iTunes |
|
408 |
CERT Lessons Learned: A Conversation with Rich Pethia, Director of CERT | In this podcast, Richard Pethia voices his view of the internet security landscape and the future of the CERT Division. | 10/31/2006 | Free | View in iTunes |
|
409 |
Compliance vs. Buy-in | In this podcast, Julia Allen explains why integrating security into standard business processes is more effective than treating security as a compliance task. | 10/17/2006 | Free | View in iTunes |
|
410 |
Proactive Remedies for Rising Threats | In this podcast, participants discuss how threats to information security are increasingly stealthy and must be mitigated through sound policy and strategy. | 10/17/2006 | Free | View in iTunes |
|
411 |
The ROI of Security | In this podcast, Julia Allen explains how ROI is a useful tool because it enables comparison among investments in a consistent way. | 10/17/2006 | Free | View in iTunes |
|
412 |
Why Leaders Should Care About Security | In this podcast, Julia Allen urges leaders to be security conscious and treat adequate security as a non-negotiable requirement of being in business. | 10/17/2006 | Free | View in iTunes |
| 412 Items |
Customer Reviews
Empowering, insightful and actionable! 👏👏👏
Whether you’re well established as someone innovating in the cybersecurity ecosystem, or just getting started as a catalyst for change within your organization - this is a must-listen podcast for you! Bobbie and the entire SEI team do an incredible job leading conversations that cover a huge breadth of topics related to the ins and outs of navigating an ever changing data and technological landscape - from leaders who’ve actually walked the path. Highly recommend listening and subscribing!
Listeners also subscribed to
- How to Fix the Internet
- Electronic Frontier Foundation (EFF)
- View in iTunes
- Soft Skills Engineering
- Jamison Dance and Dave Smith
- View in iTunes
- The So What from BCG
- Boston Consulting Group BCG
- View in iTunes