Software Engineering Institute (SEI) Webcast Series
By SEI Members of Technical Staff
To listen to an audio podcast, mouse over the title and click Play. Open iTunes to download and subscribe to podcasts.
Description
Each webinar features an SEI researcher discussing their research on software and cybersecurity problems of considerable complexity. The webinar series is a way for the SEI to accomplish its core purpose of improving the state-of-the-art in software engineering and cybersecurity and transitioning this work to the community. The SEI is a federally funded research and development center sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University. The SEI Webinar Series is produced by SEI Communications Outreach.
| Name | Description | Released | Price | ||
|---|---|---|---|---|---|
| 1 | VideoCan a Cybersecurity Parametric Cost Model be Developed? | Can a cybersecurity parametric cost estimation model be developed? Every Department of Defense (DoD) program needs to account for, credibly estimate, budget/plan for, and assess the performance of its cybersecurity activities. Creating a cybersecurity.. | 3/17/2025 | Free | View in iTunes |
| 2 | VideoElements of Effective Communications for Cybersecurity Teams | Communications, both in times of crisis and during normal operations, are essential to the overall success and sustainability of an incident response or security operations team. How you plan for and manage these communications and how they are... | 3/3/2025 | Free | View in iTunes |
| 3 | VideoOperational Resilience Fundamentals: Building Blocks of a Survivable Enterprise | Surviving disruptive cyber events requires a specific form of planning. One must strike a balance between defending against threats (e.g., managing conditions) and effectively handling the effects of disruption (e.g., managing consequences). Employing.. | 2/13/2025 | Free | View in iTunes |
| 4 | VideoCybersecurity Priorities in 2025 | Chief Information Security Officers (CISOs) perpetually navigate a dynamic set of challenges. Applying focus and aligning resources is imperative for success. In this Intersect, Matthew Butkovic and Gregory Touhill, reflect on 2024 and explore the... | 2/7/2025 | Free | View in iTunes |
| 5 | VideoUnderstanding the Need for Cyber Resilience: A Conversation with Ray Umerley | No organization can comprehensively avoid disruptive cyber events. All must strive to maintain operational resilience during times of organizational stress. Ransomware incidents create disruption that can be fatal to the unprepared. In this webcast,... | 1/7/2025 | Free | View in iTunes |
| 6 | VideoExploring the Fundamentals of Counter AI | As the strategic importance of AI increases, so too does the importance of defending those AI systems. To understand AI defense, it is necessary to understand AI offense—that is, counter AI. In this session, Matthew Butkovic, CISA, CISSP, technical... | 1/3/2025 | Free | View in iTunes |
| 7 | VideoCyber Challenges in Health Care: Managing for Operational Resilience | Health-care organizations are seemingly besieged by a complex set of cyber threats. The consequences of disruptive cyber events in health care are in many ways uniquely troubling. Health-care organizations often face these challenges with modest... | 10/31/2024 | Free | View in iTunes |
| 8 | VideoIndependent Verification and Validation for Agile Projects | Traditionally, independent verification and validation (IV&V) is performed by an independent team throughout a program’s milestones or once the software is formally delivered. This approach allows the IV&V team to provide input at the... | 10/30/2024 | Free | View in iTunes |
| 9 | VideoGenerative AI and Software Engineering Education | Within a very short amount of time, the productivity and creativity improvements envisioned by generative artificial intelligence (AI), such as using tools based on large language models (LLMs), have taken the software engineering community by storm.... | 6/28/2024 | Free | View in iTunes |
| 10 | VideoSecure Systems Don’t Happen by Accident | Traditionally, cybersecurity has focused on finding and removing vulnerabilities. This is like driving backward down the highway using your rearview mirror. Most breaches are due to defects in design or code; thus, the only way to truly address the... | 6/13/2024 | Free | View in iTunes |
| 11 | VideoCan You Rely on Your AI? Applying the AIR Tool to Improve Classifier Performance | Modern analytic methods, including artificial intelligence (AI) and machine learning (ML) classifiers, depend on correlations; however, such approaches fail to account for confounding in the data, which prevents accurate modeling of cause and effect... | 5/31/2024 | Free | View in iTunes |
| 12 | VideoUsing a Scenario to Reason About Implementing a Zero Trust Strategy | There is a lot of documentation about a zero trust architecture, as well as directives that it be used for U.S. federal agencies and the Department of Defense (DoD), but little information on how to go about implementing it to improve an... | 5/2/2024 | Free | View in iTunes |
| 13 | VideoAsk Us Anything: Supply Chain Risk Management | According to the , Log4j-related exploits have occurred less frequently over the past year. However, this Common Vulnerabilities and Exposures (CVE) flaw was originally documented in 2021. The threat still exists despite increased awareness. Over... | 2/1/2024 | Free | View in iTunes |
| 14 | VideoThe Future of Software Engineering and Acquisition with Generative AI | We stand at a pivotal moment in software engineering, with artificial intelligence (AI) playing a crucial role in driving approaches poised to enhance software acquisition, analysis, verification, and automation. While generative AI tools initially... | 1/25/2024 | Free | View in iTunes |
| 15 | VideoCyber Cyber Supply Chain Risk Management: No Silver BulletSupply Chain Risk Management: No Silver Bullet | Compliance standards, privileged access management, software bills of materials (SBOMs), maturity models, cloud services, vulnerability management, etc. The list of potential solutions to supply chain risk management (SCRM) challenges seems unending... | 10/4/2023 | Free | View in iTunes |
| 16 | VideoAsk Us Anything: Generative AI Edition | Generative AI (GenAI) has been around for decades, but the latest leap in progress, fueled by high-capability large language models (LLMs), image and video generators, and AI pair programmers, has captivated audiences across a variety of disciplines.... | 9/29/2023 | Free | View in iTunes |
| 17 | VideoEvaluating Trustworthiness of AI Systems | AI system trustworthiness is dependent on end users’ confidence in the system’s ability to augment their needs. This confidence is gained through evidence of the system’s capabilities. Trustworthy systems are designed with an understanding of... | 9/14/2023 | Free | View in iTunes |
| 18 | VideoLeveraging Software Bill of Materials Practices for Risk Reduction | A Software Bill of Materials (SBOM) is a comprehensive list of software components involved in the development of a software product. While recently gaining attention in the context of security, SBOMs have limited value unless properly integrated into.. | 9/7/2023 | Free | View in iTunes |
| 19 | VideoInstitutionalizing the Fundamentals of Insider Risk Management | Insider threats pose an enduring, ever-evolving risk to an organization’s critical assets that require enterprise-wide participation to manage effectively. Many organizations struggle to make critical tasks in insider risk management “stick,”... | 8/23/2023 | Free | View in iTunes |
| 20 | VideoWhat’s Wrong with ROI for Model-Based Analysis of Cyber-Physical Systems? | In this webcast, Fred Schenker, Jerome Hugues, and Linda Parker Gates discuss the benefits of using a model-based approach to improve the design of a CPS’ embedded computing resources. This is accomplished by (1) building virtual architectural... | 8/11/2023 | Free | View in iTunes |
| 21 | VideoWill Rust Solve Software Security? | The Rust programming language makes some strong claims about the security of Rust code. In this webcast, David Svoboda and Joe Sible will evaluate the Rust programming language from a cybersecurity perspective. They will examine Rust's security model,.. | 7/27/2023 | Free | View in iTunes |
| 22 | VideoTop 5 Challenges to Overcome on Your DevSecOps Journey | Historically, a lot of discussion in software security focused on the project level, emphasizing code scanning, penetration testing, reactive approaches for incident response, and so on. Today, the discussion has shifted to the program level to align... | 5/3/2023 | Free | View in iTunes |
| 23 | VideoImproving Analytics Using Enriched Network Flow Data | Classic tool suites that are used to process network flow records deal with very limited detail on the network connections they summarize. These tools limit detail for several reasons: (1) to maintain long-baseline data, (2) to focus on... | 4/26/2023 | Free | View in iTunes |
| 24 | VideoHow Can Data Science Solve Cybersecurity Challenges? | In this webcast, Tom Scanlon, Matthew Walsh and Jeffrey Mellon discuss approaches to using data science and machine learning to address cybersecurity challenges. They provide an overview of data science, including a discussion of what constitutes a... | 3/29/2023 | Free | View in iTunes |
| 25 | VideoAI Next Generation Architecture | As Artificial Intelligence permeates mission-critical capabilities, it is paramount to design modular solutions to ensure rapid evolution and interoperability. During this webcast, we’ll discuss some of the primary quality attributes guiding such... | 3/17/2023 | Free | View in iTunes |
| 26 | VideoAddressing Supply Chain Risk and Resilience for Software-Reliant Systems | All technology acquired by an organization requires the support of (or integration with) components, tools, and services delivered by a diverse set of supply chains. However, the practices critical to addressing supply chain risks are typically... | 2/22/2023 | Free | View in iTunes |
| 27 | VideoDoes your DevSecOps Pipeline only Function as Intended? | Understanding and articulating cybersecurity risk is hard. With the adoption of DevSecOps tools and techniques and the increased coupling between the product being built and the tools used to build them, the attack surface of the product continues to... | 1/13/2023 | Free | View in iTunes |
| 28 | VideoFinding Your Way with Software Engineering Buzzwords | As a Software Engineering community, we started to hear new words with new definitions to achieve some challenges with deciding the shelf life of said terms. Some examples include: DevOps is dead, long live NoOps, SecOps, NoCode, SRE, GitOps, and... | 12/8/2022 | Free | View in iTunes |
| 29 | VideoInfrastructure as Code Through Ansible | Infrastructure as code (IaC) is a concept that enables organizations to automate the provisioning and configuration of their IT infrastructure. This concept also aids organizations in applying the DevOps process (plan, code, build, test, release,... | 11/4/2022 | Free | View in iTunes |
| 30 | VideoApplying the Principles of Agile to Strengthen the Federal Cyber Workforce | The lack of qualified cybersecurity professionals in the United States is a threat to our national security. We cannot adequately protect the systems that our government, economy, and critical infrastructure sectors rely on without an appropriately... | 10/28/2022 | Free | View in iTunes |
| 31 | VideoRansomware: Defense and Resilience Strategies | Ransomware poses an imminent threat to most organizations. Whereas most traditional cyber attacks require extended threat actor engagement to seeking out critical information, exporting data, and demanding ransom from victims, ransomware shortens the... | 10/12/2022 | Free | View in iTunes |
| 32 | VideoUsing Open Source to Shrink the Cyber Workforce Gap | By all recent measures, the cybersecurity workforce is woefully understaffed. According to (ISC)², the cyber workforce gap in the United States was 377,000 open positions in 2021. The Software Engineering Institute (SEI) at Carnegie Mellon University.. | 10/5/2022 | Free | View in iTunes |
| 33 | VideoExploring an AI Engineering Body of Knowledge | In this webcast, Carol Smith, Carrie Gardner, and Michael Mattarock discuss maturing artificial intelligence (AI) practices based on our current body of knowledge. Much as it did for software engineering in the 1980s, the SEI has begun... | 9/22/2022 | Free | View in iTunes |
| 34 | VideoWhat are Deepfakes, and How Can We Detect Them? | In this webcast, Shannon Gallagher and Dominic Ross discuss what deepfakes are, and how they are building AI/ML tech to distinguish real from fake. They will start with some well-known examples of deepfakes and discuss what makes them distinguishable... | 8/23/2022 | Free | View in iTunes |
| 35 | VideoAdapting Agile and DevSecOps to Improve Non-Software Development Teams | Agile and DevSecOps have revolutionized software engineering practices. The strategies put forward in Agile and DevSecOps have eased many software engineering challenges and paved the way for continuous deployment pipelines. But what do you do when... | 7/26/2022 | Free | View in iTunes |
| 36 | VideoPredictable Use of Multicore in the Army and Beyond | Complex, cyber-physical DoD systems, such as aircraft, depend on correct timing to properly and reliably execute crucial sensing, computing, and actuation functions. In this webcast, SEI staff members Bjorn Andersson, PhD, Dionisio de Niz, PhD, and... | 5/5/2022 | Free | View in iTunes |
| 37 | VideoAsk Us Anything: Zero Trust Edition | The Forrester report, "The Definition of Modern Zero Trust," defines Zero Trust as an information security model that denies access to applications and data by default. Zero Trust adoption can be difficult for organizations to undertake. It is not a... | 3/21/2022 | Free | View in iTunes |
| 38 | VideoAcquisition Disasters? Ideas For Reducing Acquisition Risk | The status quo for how we acquire cyber-physical weapon systems (CPS) needs to be changed. It is almost certain (for any acquisition of a CPS) that there will be cost overruns, schedule delays, and/or the loss of promised warfighter capability.... | 3/8/2022 | Free | View in iTunes |
| 39 | VideoEngineering Tactical and AI-Enabled Systems | In this episode, Grace Lewis and Shane McGraw discuss how the SEI is applying research, through its highly successful Tactical and AI-Enabled Systems (TAS) initiative, to develop foundational principles, innovative solutions, and best practices for... | 3/8/2022 | Free | View in iTunes |
| 40 | VideoA Cybersecurity Engineering Strategy for DevSecOps | In this webcast, Carol Woody presents the scope of a cybersecurity engineering strategy for DevSecOps along with the criticality of sharing information with direct and indirect stakeholders. | 10/28/2021 | Free | View in iTunes |
| 41 | VideoCRO Success Factors in the Age of COVID | In this webcast, Brett Tucker, Ryan Zanin, and Abid Adam discuss the critical factors for risk executives to be successful to not only protect critical assets but also to take advantage of new opportunities created via the pandemic. | 10/25/2021 | Free | View in iTunes |
| 42 | VideoZero Trust Journey | Zero Trust Architecture adoption is a challenge for many organizations. It isn't a specific technology to adopt; instead, it’s a security initiative that an enterprise must understand, interpret, and implement. Enterprise security initiatives are... | 10/8/2021 | Free | View in iTunes |
| 43 | VideoThe Future of AI: Scaling AI Through AI Engineering | In its 2021 report, the National Security Commission on AI (NSCAI) wrote, "The impact of artificial intelligence (AI) on the world will extend far beyond narrow national security applications." How do we move beyond those narrow AI applications to... | 9/28/2021 | Free | View in iTunes |
| 44 | VideoAI Engineering: Ask Us Anything About Building AI Better | Self-driving cars are being tested in our cities, bespoke movie and product recommendations populate our apps, and we can count on our phones to route us around highway traffic... Why, then, do most AI deployments fail? What is needed to create,... | 9/23/2021 | Free | View in iTunes |
| 45 | VideoBalanced Approaches to Insider Risk Management | Misuse of authorized access to an organization’s critical assets is a significant concern for organizations of all sizes, missions, and industries. We at the CERT National Insider Threat Center have been collecting and analyzing data on incidents... | 9/9/2021 | Free | View in iTunes |
| 46 | VideoSoftware Development Open Forum: Ask Hasan Anything! | The software development lifecycle has changed a lot and continues to evolve. Almost every company now is a software company. Meeting business needs and adapting to the speed of the market for new features requires an agility mindset and... | 7/1/2021 | Free | View in iTunes |
| 47 | VideoSoftware Supply Chain Concerns for DevSecOps Programs | In a DevSecOps world the software supply chain extends beyond libraries upon which developed software depends. In this webinar we will look at the Solarwinds incident as a worst-case exemplifying the breadth of the software supply chain issues... | 5/20/2021 | Free | View in iTunes |
| 48 | VideoHow Do We Teach Cybersecurity? | How do you teach cybersecurity to a middle school student? To a soldier? To some of the best hackers in the country? How do you evaluate all of these audiences’ skills? Cybersecurity training has been an ongoing challenge for decades. The key to... | 5/13/2021 | Free | View in iTunes |
| 49 | VideoHow I Learned to Stop Worrying and Love SLAs | Managing third-party relationships, such as pubic cloud service providers, requires a set of skills often unfamiliar to many technologists. These relationships are constructed on a foundation of verifiable trust. This requires managing the... | 5/12/2021 | Free | View in iTunes |
| 50 | VideoAnnouncing IEEE 2675 DevOps Standard to Build Reliable and Secure Systems | IEEE 2675 standard specifies technical principles and practices to build, package, and deploy systems and applications in a reliable and secure way. The standard focuses on establishing effective compliance and IT controls. It presents principles of... | 4/29/2021 | Free | View in iTunes |
| 51 | VideoAI Engineering: The National Initiative | According to recent estimates, around 85% of AI projects fail to move from conceptualization to implementation. Why are these failures happening, and how can we prevent them? AI engineering is an emergent discipline focused on developing tools,... | 4/22/2021 | Free | View in iTunes |
| 52 | VideoAmplifying Your Privacy Program: Strategies for Success | Privacy protection isn't just a compliance activity. but It’s also a key area of organizational risk that requires enterprise-wide support and participation; careful planning; and forward-leaning, data-driven controls. In this webcast, we highlight... | 4/5/2021 | Free | View in iTunes |
| 53 | VideoDevOps Enables Digital Engineering | There is some confusion about how the paradigms of DevOps and Digital Engineering fit together. In the case of software-intensive systems, we believe DevOps practices are an enabler for Digital Engineering, in many forms. During this webcast, we... | 3/19/2021 | Free | View in iTunes |
| 54 | VideoModeling DevSecOps to Reduce the Time-to-Deploy and Increase Resiliency | Many organizations struggle in applying DevSecOps practices and principles in a cybersecurity-constrained environment because programs lack a consistent basis for managing software intensive development, cybersecurity, and operations in a high-speed... | 3/11/2021 | Free | View in iTunes |
| 55 | VideoSolarWinds Hack: Fallout, Recovery, and Prevention | The recent SolarWinds incident demonstrated the challenges of securing systems when they are the product of complex supply chains. Responding effectively to breaches and hacks requires a cross-section of technical skills and process insights. In this... | 2/11/2021 | Free | View in iTunes |
| 56 | VideoSoftware Engineering for Machine Learning | In this webcast, Grace Lewis and Ipek Ozkaya provide perspectives involved in the development and operation of ML systems. What attendees will learn: • Perspectives involved in the development and operation of ML systems • Types of mismatch that... | 1/27/2021 | Free | View in iTunes |
| 57 | VideoBusting the Myths of Programmer Productivity | Are the great programmers really 10 times faster than the rest? What does this difference in productivity even mean? What productivity distribution should we expect between professionals? How can we use this knowledge? In this webcast, we make the... | 12/9/2020 | Free | View in iTunes |
| 58 | VideoWhat Is Cybersecurity Engineering and Why Do I Need It? | In this webcast, Carol Woody and Rita Creel discuss how cybersecurity engineering knowledge, methods, and tools throughout the lifecycle of software-intensive systems will reduce their inherent cyber risk and increase their operational cyber resilience. | 11/18/2020 | Free | View in iTunes |
| 59 | VideoThreats for Machine Learning | This webcast illustrated where machine learning applications can be attacked, the means for carrying out the attack and some mitigations that can be employed. The elements in building and deploying a machine learning application are reviewed,... | 10/7/2020 | Free | View in iTunes |
| 60 | VideoFollow the CUI: Setting the Boundaries for Your CMMC Assessment | One of the primary drivers of the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) is the congressional mandate to reduce the risk of accidental disclosure of controlled unclassified information (CUI). However, a full CMMC.. | 9/16/2020 | Free | View in iTunes |
| 61 | VideoRisk Management for the Enterprise–How Do You Get Executives to Care About Your Risks? | Risk managers must often sift through the cacophony of demands for resources and advocacy to identify a diverse set of risks to include in their organization’s risk register. These managers of cyber risk face this problem when trying to prioritize... | 8/20/2020 | Free | View in iTunes |
| 62 | VideoQuality Attribute Concerns for Microservices at the Edge | Bringing computation and data storage closer to the edge, such as disaster and tactical environments, has challenging quality attribute requirements. These include improving response time, saving bandwidth, and implementing security in... | 8/13/2020 | Free | View in iTunes |
| 63 | VideoAgile in Government: Go for Insight, Not Just Oversight | This webcast provided practical insights into how a Government Program Office can productively engage with a contractor using Agile and Lean methods. By reorienting the Agile Manifesto for a system acquisition context, we will consider the distinction.. | 7/16/2020 | Free | View in iTunes |
| 64 | VideoOrganizational Resilience in a Time of Crisis | Disruptive events and crises have the potential to irreparably harm your organization. The key to thriving, not simply surviving, in uncertain times is analysis of posture and preplanning. An organization can demonstrate operational resilience, when... | 6/25/2020 | Free | View in iTunes |
| 65 | VideoSolving Current Cyber Challenges: Academic and Industry Collaboration | The chasm between what academia researches and what industry uses in cyber is wide. By building mutually beneficial collaborations between the two, we can improve algorithms, datasets and techniques that are applicable to the real-world. Students and... | 6/19/2020 | Free | View in iTunes |
| 66 | VideoSoftware Architecture: A Mature Discipline? | The concept of software architecture as a distinct discipline in software engineering started to emerge in 1990 — although the idea had been around for much longer. Throughout my career in industry, then in academia, I’ve witnessed the growth of... | 6/5/2020 | Free | View in iTunes |
| 67 | VideoA Discussion on DoD Software Advances and What’s Next from SEI | SEI Chief Technology Officer Tom Longstaff interviewed Jeff Boleng, a senior advisor to the U.S. Department of Defense, on recent DoD software advances and accomplishments. They discussed how the DoD is implementing recommendations from the Defense... | 5/15/2020 | Free | View in iTunes |
| 68 | VideoTop 5 Considerations Before Boarding the Container Ship | In an increasingly cloud-native world, application containers and microservice architectures are the next go-to for system architecture modernization. Like many technology choices, there are trade-offs that have to be carefully considered. ... | 5/6/2020 | Free | View in iTunes |
| 69 | VideoTrust, Verify & Authorize with DevSecOps | You may have a secure application today, but you cannot guarantee that it will still be secure tomorrow. Application security is a living process that must be constantly addressed throughout the application lifecycle. This requires continuous security.. | 4/29/2020 | Free | View in iTunes |
| 70 | VideoHitting the Ground Running: Reviewing the 17 CMMC Level 1 Practices | In this webcast, CMMC Architects, Gavin Jurecko & Matt Trevors provide insight on how to evaluate and assess your organization’s readiness for meeting the practice requirements of CMMC Level 1. Learn more about the DIB CS Program at:... | 4/16/2020 | Free | View in iTunes |
| 71 | VideoThe DoD’s Cybersecurity Maturity Model Certification and Process Maturity | Andrew Hoover and Katie Stewart discussed the DoD’s new CMMC program. They gave a brief overview of CMMC followed by a deep dive into the Process Maturity aspect of the model. The webcast provided insight into how organizations can prepare for CMMC. | 4/8/2020 | Free | View in iTunes |
| 72 | VideoConnecting Cyber Risk Managers to Executives: Understanding Risk Governance and Appetite | This webcast will assist professionals and executives communicate risk concerns despite the cacophony and distraction posed by technical details and other organizational demands using the new OCTAVE FORTE approach. Practical tips for risk... | 4/3/2020 | Free | View in iTunes |
| 73 | VideoAt What Point Does DevSecOps Become Too Risky for the Business? | This webcast covered the implementation of an automated, continuous risk pipeline that demonstrates how cyber-resiliency and compliance risk can be traced to and from DevSecOps teams working in the SDLC program and project levels. It will include... | 4/2/2020 | Free | View in iTunes |
| 74 | VideoBecoming a Better Software Architect | For more than two decades, Carnegie Mellon University’s Software Engineering Institute (SEI) has been instrumental in the creation and development of the field of software architecture. In our past webcasts, What Makes a Good Software Architect? ()... | 4/1/2020 | Free | View in iTunes |
| 75 | VideoDesigning Trustworthy AI: A User Experience (UX) Framework | Artificial intelligence (AI) holds great promise to empower us with knowledge and scaled effectiveness. To harness the power of AI systems, we can—and must—ensure that we keep humans safe and in control. This session will introduce a new user... | 4/1/2020 | Free | View in iTunes |
| 76 | VideoCyber Hygiene: Why the Fundamentals Matter | In this webcast, as a part of National Cybersecurity Awareness Month, our experts will provide an overview of the concept of cyber hygiene, which bears an analogy to the concept of hygiene in the medical profession. Like the practice of washing hands... | 10/16/2019 | Free | View in iTunes |
| 77 | VideoInsider Threats: Your Questions. Our Answers. | Misuse of authorized access to an organization’s critical assets is a significant concern for organizations of all sizes, missions, and industries. We at the CERT National Insider Threat Center have been collecting and analyzing data on incidents... | 9/23/2019 | Free | View in iTunes |
| 78 | VideoWhat is Ransomware? | Ritwik Gupta and Elli Kanal explain what ransomware is, what it can do to your computer, and how you can help prevent infections using the concept of cyber hygiene. Ransomware is a type of malware that encrypts the files on a computer, preventing the... | 9/13/2019 | Free | View in iTunes |
| 79 | VideoDeepfakes—What Can Really Be Done Today? | Rotem Guttman and Zach Kurtz explain what deepfakes are, how they work, and what kind of content it’s possible to create with current techniques and technology. The term “deepfake” refers to the use of machine learning to produce content for... | 8/30/2019 | Free | View in iTunes |
| 80 | VideoArtificial Intelligence and Machine Learning – Hype vs Reality | Rotem Guttman and April Galyardt describe how machine learning (ML) fits into the bigger picture of artificial intelligence (AI) and discuss the current state of AI. Currently, there is an enormous amount of interest in machine learning and... | 8/22/2019 | Free | View in iTunes |
| 81 | VideoDefending Your Computer Network from DNS Hijacking | Recently, the Department of Homeland Security (DHS) released a warning about DNS hijacking and how website owners can protect themselves against it. To explain what DNS hijacking is and how adversaries use it to steal sensitive information, Elli Kanal.. | 8/21/2019 | Free | View in iTunes |
| 82 | VideoThree Federal Government/DoD Cloud Transition Issues and How to Prevent Them | In 2011, the Office of Management and Budget (OMB) issued the “Cloud First” policy to reform federal information technology management, which required agencies to evaluate cloud computing options. In 2012, the DoD Cloud Computing Strategy evolved... | 7/17/2019 | Free | View in iTunes |
| 83 | VideoSecure Your Code with AI and NLP | As every software engineer knows, writing secure software is an incredibly difficult task. There are many techniques available to assist developers in finding bugs hiding in their code, but none are perfect, and an adversary only needs one to cause... | 6/6/2019 | Free | View in iTunes |
| 84 | VideoDevSecOps Implementation in the DoD: Barriers and Enablers | Today's DoD software development and deployment is not responsive to warfighter needs. As a result, the DoD's ability to keep pace with potential adversaries is falling behind. In this webcast, panelists discuss potential enablers of and barriers to... | 4/17/2019 | Free | View in iTunes |
| 85 | VideoWhat Makes a Good Software Architect (2019 Edition)? | In 2017, the Software Engineering Institute (SEI) Webcast, What Makes a Good Software Architect? () explored the skills and knowledge needed by successful software architects. The architect’s role continues to evolve; in this webcast we revisited... | 4/10/2019 | Free | View in iTunes |
| 86 | VideoHelping You Reach the Next Level of Security - 6 Free Tools for Creating a Cyber Simulator | Cybersecurity operators have to keep up with a world that's constantly changing, and they may lack the tools, time, and access to learn how to face actual threats. Simulated environments may not appear or behave the way they do in real life, and... | 3/18/2019 | Free | View in iTunes |
| 87 | VideoImprove Your Static Analysis Audits Using CERT SCALe | In this webcast, Lori Flynn, a CERT senior software security researcher, describes the new features in SCALe v3, a research prototype tool. SCALe v2, available on GitHub, offers a subset of features available in SCALe v3. Over the last three years, as.. | 12/20/2018 | Free | View in iTunes |
| 88 | VideoBlockchain: Your Questions. Our Answers. | In this webcast, we explain how the technology works and what makes it fundamentally different than its predecessors. We discuss where it fits (and where it doesn’t fit) and help set a rubric to help you determine if you need this technology. | 11/1/2018 | Free | View in iTunes |
| 89 | VideoIllicit Cyber Activity Involving Fraud | In this webinar, Randy Trzeciak discusses a study to develop insights and risk indicators related to malicious insider activity in the banking and finance sector. | 9/25/2018 | Free | View in iTunes |
| 90 | VideoPanel Discussion: Managing the Insider Threat: What Every Organization Should Know | In this webinar, a watch panel consisting of Robert Floodeen, William R. Claycomb, Andrew P. Moore, Kurt C. Wallnau, Randall F. Trzeciak, Alex Nicoll discuss Managing the Insider Threat: What Every Organization Should Know. | 9/25/2018 | Free | View in iTunes |
| 91 | Video20+ Years of Cyber (in)Security | In this webinar, Rich Pethia discusses how cybersecurity has changed over the past 20 years. | 9/24/2018 | Free | View in iTunes |
| 92 | VideoDepartment of Homeland Security Cyber Resilience Review (Case Study) | Watch Matthew Butkovic discuss the "Department of Homeland Security Cyber Resilience Review (Case Study)" from the SEI Virtual Event, CERT® Operational Resilience: Manage, Protect and Sustain. | 9/24/2018 | Free | View in iTunes |
| 93 | VideoEngineering Realistic Synthetic Insider Threat (Cyber-Social) Test Data | In this webinar, Kurt Wallnau discusses insider threat controls and how to test systems whose dynamics are based in human nature that is only partially understood. | 9/24/2018 | Free | View in iTunes |
| 94 | VideoHow to Build an Effective Insider Threat Program to Comply With the New NISPOM Mandate | In this webinar, Randy Trzeciak, Technical Manager of the CERT Insider Threat Center, described the summary of new requirements mandated by NISPOM Change 2 and the impact it will have on DoD contracting organizations. | 9/24/2018 | Free | View in iTunes |
| 95 | VideoOverview of the CERT® Resilience Management Model (CERT®-RMM) | Watch James Cebula discuss the "Overview of the CERT® Resilience Management Model" from the SEI Virtual Event, CERT® Operational Resilience: Manage, Protect and Sustain | 9/24/2018 | Free | View in iTunes |
| 96 | VideoRecent Federal Policies Affecting the Cybersecurity and Resiliency Landscape | Watch Nader Mehravari discuss "Recent Federal Policies Affecting the Cybersecurity and Resiliency Landscape" from the SEI Virtual Event, CERT® Operational Resilience: Manage, Protect and Sustain. | 9/24/2018 | Free | View in iTunes |
| 97 | VideoUnited States Postal Inspection Service (USPIS) | Watch Julia Allen discuss the United States Postal Inspection Service (USPIS) (Case Study) from the SEI Virtual Event, CERT® Operational Resilience: Manage, Protect and Sustain | 9/24/2018 | Free | View in iTunes |
| 98 | VideoABCs of Operational Resilience | Watch Nader Mehravari discuss the "ABCs of Operational Resilience" from the SEI Virtual Event, CERT® Operational Resilience: Manage, Protect and Sustain. | 9/18/2018 | Free | View in iTunes |
| 99 | VideoSecurity Practitioner Perspective on DevOps for Building Secure Solutions | This webinar covered the perspectives of security practitioners on building secure software using the DevOps development process and modern security approach. | 9/18/2018 | Free | View in iTunes |
| 100 | VideoNext Steps with Blockchain Technology | In this webcast, we’ll discuss some of the factors holding blockchain back, as well as where they can expect to see it in the future. | 9/5/2018 | Free | View in iTunes |
| 101 | VideoFive Ways to Boost Cybersecurity with DevOps | In this webinar, Doug Reynolds and Aaron Volkmann discuss key DevOps principles, including cross-team collaboration, task automation, tool integration, continuous integration and deployment, and continuous monitoring. Doug and Aaron discuss how you... | 3/23/2018 | Free | View in iTunes |
| 102 | VideoThree Software Innovations that DoD Needs Now | Watch Jeff Boleng, Robert Schiela, Samuel Procter, Lena Pons, and Nathan VanHoudnos discuss "Three Software Innovations that DoD Needs Now". | 3/9/2018 | Free | View in iTunes |
| 103 | VideoAgile and DevOps: Your Questions. Our Answers. | Watch this lively discussion in which we answered attendee questions on all things Agile and DevOps. | 3/2/2018 | Free | View in iTunes |
| 104 | VideoWeaving a Fabric of Trust: Ensured Security, Privacy, Resilience, and Accountability | During this webinar, Dr. Shannon examined the questions, science, and technology that builds trust with customers, other organizations, and society to ensure their security and privacy, and our own resilience and accountability. | 11/28/2017 | Free | View in iTunes |
| 105 | VideoIs Software Spoiling Us? | Have software's repeated successes, and the assumption that they will continue endlessly, discounted perceptions of its importance among leadership in civilian government, national defense, and national security organizations? | 11/20/2017 | Free | View in iTunes |
| 106 | VideoFour Valuable Data Sources for Network Security Analytics | This webinar focused on the development and application of combined data analytics and offered several examples of analytics that combine domain resolution data, network device inventory and configuration data, and intrusion detection. | 10/5/2017 | Free | View in iTunes |
| 107 | VideoThree Secrets to Successful Agile Metrics | Watch this webcast to gain insights into effective metrics programs in government settings. | 9/10/2017 | Free | View in iTunes |
| 108 | VideoFive Keys to Effective Agile Test Automation for Government Programs | In this discussion-focused webinar, Bob Binder and SuZ Miller will discuss 5 key questions that government organizations contemplating embarking on adopting automated test techniques and tools in an Agile environment are likely to have. | 8/25/2017 | Free | View in iTunes |
| 109 | VideoThe Evolving Role of the Chief Risk Officer | In this webinar we discussed the challenges facing the CRO role and about how CMU's new CRO program can help you address those challenges. | 8/25/2017 | Free | View in iTunes |
| 110 | VideoPractical Considerations in Adopting Agile-Lean in Government Settings | This webinar summarizes much of what the SEI has learned in its eight years of researching and facilitating adoption of Agile and Lean methods in software-reliant systems in government. | 7/4/2017 | Free | View in iTunes |
|
111 |
Building Analytics for Network Flow Records | Network flow records provide a useful overview of traffic on a network that uses the Internet protocol (IP) to pass information. Huge numbers of bytes and thousands of packets can be summarized by a relatively small number of records, with few privacy.. | 4/30/2017 | Free | View in iTunes |
| 112 | Video5 Things You Need to Know About Leading a Successful Large IT Modernization Project | In this webinar, we discuss topics to consider when planning a large modernization project and share mitigation strategies for executing the modernization effort. | 3/5/2017 | Free | View in iTunes |
| 113 | VideoBuilding and Scaling a Malware Analysis System | This webinar describes some of the issues involved in automating the collection and analysis of malware, which has seen exponential growth over the past decade. | 1/19/2017 | Free | View in iTunes |
| 114 | VideoHow to Reduce the Graveyard of Software Tools with UI/UX Capability | For different reasons, usability is generally an afterthought in the cybersecurity tool development process. In this webinar, we teach the audience the value of defining the problem and how this impacts the software quality outcomes. | 1/19/2017 | Free | View in iTunes |
| 115 | VideoFrom Secure Coding to Secure Software | In this webinar, we discussed how you can improve your organization's secure coding capabilities and how to improve your workforce, processes, and tools to develop and verify the security of your software before it is deployed. | 11/11/2016 | Free | View in iTunes |
| 116 | VideoData Science: What It Is and How It Can Help Your Company | In this webinar, we discussed what the term “data science” means, what skills a data scientist brings to the table, and what competitive edge data science can bring to your team. | 8/15/2016 | Free | View in iTunes |
| 117 | VideoSecure Coding Best Practices | Learn why secure coding practices are important to reduce common programming errors that lead to vulnerabilities. | 7/31/2016 | Free | View in iTunes |
| 118 | VideoSecurity Requirements Engineering | Learn the importance of developing security requirements in the same time frame as functional requirements. | 7/31/2016 | Free | View in iTunes |
| 119 | VideoContinuous Integration (Secure DevOps) | Learn how to better identify process improvements at your organization through new perspectives on secure software development and delivery. | 7/31/2016 | Free | View in iTunes |
| 120 | VideoCoordinated Vulnerability Disclosure | Learn how to develop a vulnerability coordination capability, which helps you respond to vulnerabilities and demonstrates that you are serious about fixing them. | 7/31/2016 | Free | View in iTunes |
| 121 | VideoSecure Software Development Landscape | Last summer's Wired article describing vulnerabilities in the Jeep shows that software is being created and deployed with exploitable, yet avoidable, security flaws. So far, the automotive attacks have been largely demonstrations. However, successful... | 7/29/2016 | Free | View in iTunes |
| 122 | VideoWhat Makes a Good Software Architect? | In this webinar, SEI researchers and an industry colleague discussed in two talks What Makes a Good Software Architect? | 6/2/2016 | Free | View in iTunes |
| 123 | VideoIntelligence Preparation for Operational Resilience | This webinar proposed the Intelligence Preparation for Operational Resilience (IPOR) framework to create a model for structured analysis of your intelligence needs and a way to operationalize threat intelligence once you have received it. To build a... | 4/29/2016 | Free | View in iTunes |
| 124 | VideoStructuring the Chief Information Security Officer Organization | Chief Information Security Officers (CISOs) are increasingly finding that the tried-and-true, traditional information security strategies and functions are no longer adequate when dealing with today’s increasingly expanding and dynamic cyber risk... | 4/20/2016 | Free | View in iTunes |
| 125 | VideoContext Enabled Computing | The most precious resource people have in today’s ever-connected world is their attention. Human interaction with information systems has continually shrunk from hours behind a terminal, to minutes interacting with a cell phone screen, to only 3–5.. | 4/1/2016 | Free | View in iTunes |
| 126 | VideoUsing Network Flow to Gain Cyber Situational Awareness | Cyber situational awareness is an emerging topic in network operations and defense, yet the overarching concept of situational awareness has been widely used and studied extensively for decades. During this webinar, we will • describe the... | 4/1/2016 | Free | View in iTunes |
| 127 | VideoDevOps Security: Ignore It As Much As You Would Ignore Regular Security | The implementation of DevOps implies improvement across the entire scope of software delivery. However, as with any process change or introduction of new technology, lack of attention to security can invite disaster. In this presentation, we’ll... | 1/28/2016 | Free | View in iTunes |
| 128 | VideoA Taxonomy of Testing Types | A surprisingly large number of different types of testing exist and are used during the development and operation of software-reliant systems. We have identified nearly 200 of these general types of testing and there are many additional types that are.. | 1/28/2016 | Free | View in iTunes |
| 129 | VideoCyber-Vulnerabilities in Aviation Today | SEI Chief Operating Officer, Robert F. Behler discusses Cyber-Vulnerabilities in Aviation Today. | 12/16/2015 | Free | View in iTunes |
| 130 | VideoWeb Traffic Analysis with CERT Tapioca | Will Dormann discusses a tool that shows whether a connection to the web is secure and what information is being transmitted. | 12/16/2015 | Free | View in iTunes |
| 131 | VideoFinding Related Malware Samples Using Run-Time Features | Rhiannon Weaver discusses how a small subset of features from dynamic malware analysis can help to uncover possible relationships among files and to direct static reverse engineering efforts. | 12/16/2015 | Free | View in iTunes |
| 132 | VideoEnhancing Mobile Device Security | Jose Morales discusses mobile device security enhancements with defensive and offensive uses. | 12/16/2015 | Free | View in iTunes |
| 133 | VideoCERT® Alignment with Cyber COI Challenges and Gaps | Greg Shannon discusses the CERT Division's current work associated with cyber community of interest (COI). | 12/16/2015 | Free | View in iTunes |
| 134 | VideoResilience Panel Discussion | CERT researchers discuss risk management and resilience. | 12/16/2015 | Free | View in iTunes |
| 135 | VideoGeneralized Automated Cyber-Readiness Evaluator (ACE) | Rotem Guttman discusses how mission-readiness can be assessed at a DoD scale. | 12/16/2015 | Free | View in iTunes |
| 136 | VideoUsing DidFail to Analyze Flow of Sensitive Information in Sets of Android Apps | Will Klieber and Lori Flynn discuss undesired flows of sensitive information within and between Android apps. | 12/16/2015 | Free | View in iTunes |
| 137 | VideoDevOps Panel Discussion | CERT researchers discuss DevOps and its relationship to cybersecurity and the dynamic threat. | 12/10/2015 | Free | View in iTunes |
| 138 | VideoCulture Shock: Unlocking DevOps with Collaboration and Communication | About the Webinar DevOps is all about delivering business value as rapidly as possible. Embracing its philosophies goes beyond implementing automation and tooling to speed software development and delivery. DevOps is a culture of communication and... | 8/27/2015 | Free | View in iTunes |
| 139 | VideoWhat DevOps Is Not! | The definition of DevOps is a highly contested topic. Despite what some will lead you to believe DevOps is not just a set of tools, nor is it merely a focus on achieving continuous integration, continuous delivery, or continuous deployment. DevOps... | 8/7/2015 | Free | View in iTunes |
| 140 | VideoApproaching Security from an "Architecture First" Perspective | While software security is an increasing concern for software and system architects, few architects approach this quality concern strategically. Architects and developers primarily focus on functionality, and security is often applied as a band-aid... | 5/5/2015 | Free | View in iTunes |
| 141 | VideoTrends and New Directions in Software Architecture May 4, 2015 | Software architecture has enormous influence on the behavior of a system. For many categories of systems, early architectural decisions can be a greater influence on success than nearly any other factor. After more than twenty years of research and... | 5/5/2015 | Free | View in iTunes |
| 142 | VideoAdvancing Cyber Intelligence Practices Through the SEI's Consortium | Sound cyber intelligence practices can help organizations prevent or mitigate major security breaches. For several years, researchers at the SEI have been examining methodologies, processes, technology, and training to help organizations understand... | 2/20/2015 | Free | View in iTunes |
| 143 | VideoTactical Cloudlets: Moving Cloud Computing to the Edge | Soldiers and front-line personnel operating in tactical environments increasingly make use of handheld devices to help with tasks such as face recognition, language translation, decision making, and mission planning. These resource-constrained edge... | 2/2/2015 | Free | View in iTunes |
| 144 | VideoLessons in External Dependency and Supply Chain Risk Management | In this webinar, John Haller and Matthew Butkovic of the CERT Division of the Software Engineering Institute will discuss real-world incidents, including recent industrial control system attacks and incidents affecting Department of Defense... | 1/5/2015 | Free | View in iTunes |
| 145 | VideoRisk Priority Number (RPN) – A Method for Software Defect Report Analysis | Most software systems have “defects” identified by users or developers. For most systems, it is too costly to fix all of the concerns in the near term, and indeed some issues may never be addressed. The government program office (or other... | 1/5/2015 | Free | View in iTunes |
| 146 | VideoArchitecture Analysis with AADL | Safety-critical systems, such as those used in avionics and the medical and aerospace domains, are becoming increasingly reliant on software. Malfunctions in these systems can have significant consequences, including mission failure and loss of life.... | 11/14/2014 | Free | View in iTunes |
| 147 | VideoTaking Advantage of Agile while Minimizing Risk | Watch Dave Zubrow discuss "Taking Advantage of Agile while Minimizing Risk" at the Agile for Government Summit. The purpose of this event was to: *foster better understanding of how agile software development methods are providing the basis for... | 11/13/2014 | Free | View in iTunes |
| 148 | VideoHeartbleed: Analysis, Thoughts, and Actions | On April 25, 2014, technical staff from the Software Engineering Institute (SEI) and Codenomicon participated in a live-streamed panel discussion on the impact of the Heartbleed OpenSSL vulnerability along with methods to mitigate and even prevent... | 11/13/2014 | Free | View in iTunes |
| 149 | VideoWhy Should Government Care about Technical Debt and Software Architecture? | Watch Ipek Ozkaya discuss “Why Should Government Care about Technical Debt and Software Architecture?” at the Agile for Government Summit. The purpose of this event was to: • foster better understanding of how agile software development methods... | 10/6/2014 | Free | View in iTunes |
| 150 | VideoWhen Measurement Benefits the Measured | What constitutes stellar performance and best practice? You can't really say what's good or best ... unless you measure it. High-performing athletes rely on measurement to understand and improve so that they can compete effectively and win. Can... | 10/6/2014 | Free | View in iTunes |
| 151 | VideoOverview of the Threat Posed by Insiders to Critical Assets | Watch Randy Trzeciak and David Mundie discuss an "Overview of the Threat Posed by Insiders to Critical Assets" from the virtual event Managing the Insider Threat: What Every Organization Should Know. About the Speaker(s) Randy Trzeciak is Technical... | 10/6/2014 | Free | View in iTunes |
| 152 | VideoSoftware Architecture for Big Data Systems | The wide variety and different characteristics of NoSQL databases creates a complex technology acquisition and design landscape for organizations looking to build scalable, high performance data management systems. In addition, scalable 'big data'... | 10/2/2014 | Free | View in iTunes |
| 153 | VideoArchitectural Implications of DevOps | The Agile movement began as a reaction to frustration over slow delivery of software which often didn't sufficiently meet user needs. DevOps picks up what Agile started. Software development velocity has improved in many cases, yet we see... | 10/1/2014 | Free | View in iTunes |
| 154 | VideoCERT® RMM User Panel Discussion: USPIS, DHS, DoE, SunGard, & Lockheed Martin | Watch the CERT® RMM User Panel discuss their experiences implementing RMM from the SEI Virtual Event, CERT® Operational Resilience: Manage, Protect and Sustain. Panelists inlcluded: Michael Ray of the United States Postal Inspector Service (USPIS),... | 9/30/2014 | Free | View in iTunes |
| 155 | VideoBest Practices and Controls for Mitigating Insider Threats | Watch George Silowash and Alex Nicoll discuss best practices and controls for mitigating insider threats from the virtual event Managing the Insider Threat: What Every Organization Should Know. | 11/7/2013 | Free | View in iTunes |
| 156 | VideoResponding to a Large-Scale Cybersecurity Incident | In this 2013 webinar, Christian Roylo discusses the role of technology in responding to large-scale cyber incidents. | 9/18/2013 | Free | View in iTunes |
| 157 | VideoAchieving Mission Assurance Through Resilience Management | In this August 2013 webinar, Nader Mehravari discusses how to protect and sustain the mission and business operations of an organization. | 8/21/2013 | Free | View in iTunes |
| 158 | VideoObservations of Successful Cyber Security Operations | In this 2013 webinar, Roman Danyliw discusses how cyber security organizations react to new technologies or adversaries. | 8/15/2013 | Free | View in iTunes |
| 158 Items |
