Software Engineering Institute

October 16, 2024 • Podcast

By Bill Nichols

Scoping down objectives and determining what kinds of data to gather are persistent challenges in cybersecurity. Bill Nichols explores cyber metrics in our latest podcast.

October 2, 2024 • Podcast

By Timothy A. Chick

To make secure software by design a reality, engineers must intentionally build security throughout the software development lifecycle.

September 16, 2024 • Podcast

By Katherine-Marie Robinson, Violet Turri

Harmful biases in large language models (LLMs) make AI less trustworthy and secure. Katie Robinson and Violet Turri discuss their recent work using role-playing game scenarios to identify biases in …

September 12, 2024 • Podcast

By Lauren McIlvenny

In the wake of widespread adoption of AI practices in critical infrastructure, best practices and lessons learned in standing up a AI Security Incident Response Team (AISIRT).

August 27, 2024 • Podcast

By McKinley Sconiers-Hasan

McKinley Sconiers-Hasan discusses three API risks and how to address them through the lens of zero trust.

July 26, 2024 • Podcast

By Samuel J. Perl, Jeff Gennari

Jeff Gennari and Sam Perl discuss applications for LLMs in cybersecurity, potential challenges, and recommendations for evaluating LLMs.

July 24, 2024 • Podcast

By Anandi Hira, Bill Nichols

This SEI podcast introduces capability-based planning (CBP) and its use and application in software acquisition.

June 28, 2024 • Podcast

By David Svoboda

David Svoboda discusses two vulnerabilities related to Rust, their sources, and how to mitigate them.

June 26, 2024 • Podcast

By James Lord, Tracy Bills

Tracy Bills and James Lord discuss the SEI’s work developing Computer Security Incident Response Teams (CSIRTs) across the globe.

May 31, 2024 • Podcast

By David Svoboda

David Svoboda discusses Redemption, a new open source tool that automatically repairs common errors in C/C++ code generated from static analysis alerts.

May 29, 2024 • Podcast

By Randall F. Trzeciak

Randy Trzeciak discusses his career journey, resources for pursuing a career in cybersecurity, and the importance of building a diverse workforce.

April 26, 2024 • Podcast

By Sam Procter

Sam Procter discusses influences that shaped his career, the importance of embracing diversity in his research and work, and the value of a work-life balance.

April 9, 2024 • Podcast

By Michael S. Bandor, Carol Woody

Carol Woody and Michael Bandor discuss a Software Bill of Materials framework to help organizations establish a comprehensive set of practices and processes.

March 29, 2024 • Podcast

By Suzanne Miller

Suzanne Miller discusses her career path, the value of mentorship, and the importance of diversity in software engineering.

March 21, 2024 • Podcast

By Carol Ware

Carol Ware, a senior cybersecurity engineer in the SEI's CERT Division, discusses the evolution of her career and the importance of diversity in the field.

March 19, 2024 • Podcast

By Violet Turri

Violet Turri, a software developer in the SEI’s AI Division, discusses the evolution of her career in AI and the importance of diversity in the field.

March 5, 2024 • Podcast

By Shannon Gallagher

Shannon Gallagher discusses findings and recommendations from the Mayflower Project and provides additional background information about LLMs and how they can be engineered for national security use.

February 15, 2024 • Podcast

By David Sweeney, Lyndsi A. Hughes

Lyndsi Hughes and David Sweeney discuss their experiences leveraging DevSecOps pipelines in atypical situations for capability delivery and business mission.

February 9, 2024 • Podcast

By Stephen Wilson, Patrick R. Place

Patrick Place and Stephen Wilson discuss seven considerations for successful use of Agile and EVM.

January 30, 2024 • Podcast

By Jerome Hugues

Jerome Hugues discusses challenges that arise from the increasing autonomy in cyber-physical systems including transferring and processing multiple data streams.

December 14, 2023 • Podcast

By Dominic A. Ross, Matthew Walsh

Matthew Walsh, a senior data scientists in CERT, and Dominic Ross, Multi-Media Design Team Lead, discuss their work in developing four case studies to understand limitations and future uses of …

December 4, 2023 • Podcast

By Tom Scanlon

Thomas Scanlon, lead of the SEI Data Science Group, discusses how to create the discipline of cyber protection of quantum computing and outlines six areas of future research in the …

November 20, 2023 • Podcast

By Patrick R. Place, Will Hayes

Will Hayes and Pat Place discuss the importance of user stories in Agile metrics.

November 14, 2023 • Podcast

By Judy Hwang

Judy Hwang discusses the importance of implementing product management principles in software and systems development and resources to strengthen Agile product delivery practices.

October 16, 2023 • Podcast

By Alexandrea Steiner, Carol J. Smith, Katherine-Marie Robinson

Carol Smith, Katie Robinson, and Alex Steiner discuss how to measure the trustworthiness of an AI system as well as questions that organizations should ask before determining if they want …

September 27, 2023 • Podcast

By Julie B. Cohen, Bill Nichols

Bill Nichols and Julie Cohen talk with Suzanne Miller about how automation within DevSecOps product-development pipelines provides new opportunities for program managers (PMs) to confidently make decisions with the help …

September 7, 2023 • Podcast

By Randall F. Trzeciak, Daniel L. Costa

Dan Costa and Randy Trzeciak discuss how remote work in the post-pandemic world is changing expectations about employee behavior monitoring and insider risk detection.

August 15, 2023 • Podcast

By Justin Smith

Justin Smith, senior Agile transformation leader in the SEI Software Solutions Division, talks with principal researcher Suzanne Miller about how to bring concepts from Lean and Agile software development into …

July 27, 2023 • Podcast

By Nathaniel Richmond, Matthew Nicolai

Matthew Nicolai and Nathaniel Richmond discuss five best practices in implementing a zero trust architecture, explain their significance, and provide commentary and analysis on ways to empower your organization’s zero …

July 11, 2023 • Podcast

By Matthew Heckathorn

Matthew Heckathorn, an integration engineer with the SEI’s CERT Division, offers guidance for systems engineers, system administrators, and others on developing Ansible roles and automating infrastructure as code.

June 27, 2023 • Podcast

By Greg Touhill

Gregory J. Touhill, director of the SEI CERT Division, talks with Suzanne Miller about the 2020 attack on SolarWinds software and how to prevent a recurrence of another major attack …

June 22, 2023 • Podcast

By Samantha Chaves, Marisa Midler

Marisa Midler and Samantha Chaves talk with Suzanne Miller about an open-source penetration testing findings repository that they created.

June 6, 2023 • Podcast

By David Svoboda, Garret Wassermann

David Svoboda and Garret Wassermann explore tools for understanding vulnerabilities in Rust whether the original source code is available or not.

May 25, 2023 • Podcast

By John E. Robert, Forrest Shull

John Robert, deputy director of the SEI’s Software Solutions Division, and Forrest Shull, lead for defense software acquisition policy research at the SEI, discuss issues that must be considered when …

May 11, 2023 • Podcast

By Greg Touhill

Gregory J. Touhill, director of the SEI CERT Division, talks with Suzanne Miller about secure by design, secure by default, a longstanding tenet of the work of the SEI and …

May 4, 2023 • Podcast

By Robert Schiela, Carol Woody

Robert Schiela and Carol Woody talk with Suzanne Miller about the importance of integrating the practices and mindset of secure by design into the acquisition and development of software-reliant systems.

April 18, 2023 • Podcast

By Stephany Bellomo

Stephany Bellomo, a principal engineer in the SEI’s Software Solutions Division, talks with principal researcher Suzanne Miller about identifying and remediating enterprise technical debt.

April 4, 2023 • Podcast

By Rachel Dzombak, Jay Palat

Jay Palat and Rachel Dzombak discuss the current landscape of large language models (LLMs) and how to leverage tools built on top of LLMs, such as ChatGPT and Copilot.

March 30, 2023 • Podcast

By Lyndsi A. Hughes, Vanessa B. Jackson

Vanessa Jackson and Lyndsi Hughes discuss the DevSecOps adoption framework, which guides organizations in the planning and implementation of a roadmap to functional CI/CD pipeline capabilities.

March 21, 2023 • Podcast

By Joe Sible, David Svoboda

David Svoboda and Joe Sible talk with Suzanne Miller about the Rust programming language and its security-related features.

February 28, 2023 • Podcast

By Allen D. Householder

Allen Householder, a senior vulnerability and incident researcher with the SEI’s CERT Division, talks with SEI principal investigator Suzanne Miller about Vultron, a protocol for multi-party coordinated vulnerability disclosure (MPCVD).

February 9, 2023 • Podcast

By Carol Woody

Carol Woody talks with Suzanne Miller about the SEI’s newly released Acquisition Security Framework, which helps programs coordinate the management of engineering and supply-chain risks across system components.

January 26, 2023 • Podcast

By Linda Parker Gates, Scott Hissam

Scott Hissam talks with Linda Parker Gates about the use of free and open-source software (FOSS) in the DoD, building on insights that surfaced in a recent workshop held for …

January 5, 2023 • Podcast

By Lutz Wrage, Sam Procter

Sam Procter and Lutz Wrage discuss with Suzanne Miller the Guided Architecture Trade Space Explorer (GATSE), a new SEI-developed model-based tool to help with the design of safety-critical systems.

December 6, 2022 • Podcast

By Alejandro Gomez

Alejandro Gomez talks with Suzanne Miller about how his team explored—and eventually resolved—the two competing forces of developer velocity and cybersecurity enforcement by implementing DevSecOps.

November 17, 2022 • Podcast

By Christopher J. Alberts

Chris Alberts discusses with Suzanne Miller a prototype set of cloud adoption risk factors and describes a method that managers can employ to assess their cloud initiatives against these risk …

November 15, 2022 • Podcast

By Rick Kazman

Rick Kazman, an SEI visiting scientist and coauthor of Software Architecture in Practice, talks with principal researcher Suzanne Miller about using patterns for software deployability.

October 27, 2022 • Podcast

By Richard Kendall, Douglass Post (DoD High Performance Computing Modernization Program)

Douglass Post and Richard Kendall discuss their experiences applying virtual prototyping in Computational Research and Engineering Acquisition Tools and Environments (CREATE).

October 20, 2022 • Podcast

By Thomas G. Podnar, Dustin D. Updyke

Thomas Podnar and Dustin Updyke discuss efforts by the SEI CERT Division to apply machine learning to increase the realism of non-player characters (NPCs) in cyber training exercises.

September 15, 2022 • Podcast

By Rick Kazman

Rick Kazman discusses software architecture patterns and the effect that certain architectural patterns have on quality attributes, such as availability and robustness.

September 8, 2022 • Podcast

By Joe Yankel, Timothy A. Chick

Tim Chick and Joe Yankel present a DevSecOps Platform-Independent Model that uses model-based systems engineering (MBSE) to formalize the practices of DevSecOps pipelines and organize relevant guidance.

August 30, 2022 • Podcast

By Jason Larkin, Daniel Justice

Jason Larkin and Daniel Justice, researchers in the SEI’s AI Division, discuss a paper outlining their efforts to simulate the performance of Quantum Approximate Optimization Algorithm (QAOA) for the Max-Cut …

August 18, 2022 • Podcast

By Shannon Gallagher, Dominic A. Ross

Shannon Gallagher, a data scientist with SEI’s CERT Division, and Dominic Ross, multimedia team lead for the SEI, discuss deepfakes, their exponential growth in recent years, and their increasing technical …

August 11, 2022 • Podcast

By Dustin D. Updyke, Carol J. Smith

Carol Smith, a senior research scientist in human machine interaction, and Dustin Updyke, a senior cybersecurity engineering in the SEI’s CERT Division, discuss the construction of trustworthy AI systems and …

July 14, 2022 • Podcast

By Bill Nichols

Bill Nichols and Suzanne Miller discuss the challenges in making the transition from traditional development practices to digital engineering.

July 7, 2022 • Podcast

By Timothy Morrow, Matthew Nicolai

Tim Morrow and Matthew Nicolai outline 4 steps that organizations can take to implement and maintain a zero trust architecture.

June 23, 2022 • Podcast

By Jay Palat, Hasan Yasar

Hasan Yasar and Jay Palat discuss how to engineer AI systems with DevSecOps and explore the relationship between MLOps and DevSecOps.

June 2, 2022 • Podcast

By Jonathan Spring

Jonathan Spring discusses the findings in a recent paper that analyzes the number of undiscovered vulnerabilities in information systems.

May 19, 2022 • Podcast

By Violet Turri

Violet Turri discusses explainable AI, which encompasses all the techniques that make the decision-making processes of AI systems understandable to humans.

April 7, 2022 • Podcast

By Joe Yankel, Jerome Hugues

Jerome Hugues and Joe Yankel discuss ModDevOps, an extension of DevSecOps that embraces model-based systems engineering (MBSE) practices and technology.

March 24, 2022 • Podcast

By Carol Woody

Carol Woody, a principal researcher in the SEI's CERT Division, talks with Suzanne Miller about supply-chain issues and the planning needed to integrate software from the supply chain into operational …

March 10, 2022 • Podcast

By Paul Nielsen

SEI director Paul Nielsen talks with principal researcher Suzanne Miller about how the advent of smart systems has led to a growing need for effective collaboration between the disciplines of …

March 1, 2022 • Podcast

By Katie C. Stewart, Gavin Jurecko

Gavin Jurecko, who leads the SEI’s Resilience Diagnostics Team, talks with Katie Stewart about risks associated with defense industrial base (DIB) supply chains and how the SEI works with the …

February 10, 2022 • Podcast

By Jeff Gennari, Garret Wassermann

Jeffrey Gennari and Garret Wassermann talk with Suzanne Miller about Kaiju, a series of tools that they have developed that allows for malware analysis and reverse engineering. Kaiju helps analysts …

January 25, 2022 • Podcast

By Anita Carleton, Forrest Shull

Anita Carleton and Forrest Shull discuss the recently published SEI-led study Architecting the Future of Software Engineering: A National Agenda for Software Engineering Research & Development.

January 13, 2022 • Podcast

By Carol J. Smith, Alexandrea Steiner

In this SEI podcast, Alex Van Deusen and Carol Smith, both with the SEI's AI Division, discuss a recent project in which they helped the Defense Innovation Unit of the …

December 9, 2021 • Podcast

By Douglas Schmidt (Vanderbilt University), Nickolas Guertin

In this SEI Podcast, Suzanne Miller talks with Nickolas Guertin and Douglas Schmidt about strategies for creating architectures for large-scale, complex systems that comprise functions with a wide range of …

November 18, 2021 • Podcast

By Grace Lewis, Ipek Ozkaya

Grace Lewis and Ipek Ozkaya discuss their research into software engineering for machine learning (ML) with host Jonathan Spring.

November 16, 2021 • Podcast

By Rajendra T. Prasad (Accenture)

In this SEI Podcast, 2020 IEEE Computer Society SEI Watts Humphrey Software Quality Award winner Rajendra Prasad of Accenture talks with Mike Konrad of the SEI about automation.

November 4, 2021 • Podcast

By Douglas Schmidt (Vanderbilt University), Thomas Evans

Thomas Evans and Douglas C. Schmidt discuss challenges sustainment teams face when transitioning from sustainment to engineering in the DoD.

October 28, 2021 • Podcast

By Matthew J. Butkovic

Matt Butkovic, technical director of risk and resilience in the SEI's CERT Division, discusses with Suzanne Miller the importance of cyber in the global supply chain and his team's work …

October 14, 2021 • Podcast

By Hasan Yasar, Bill Nichols

Bill Nichols and Hasan Yasar discuss the ways in which DevSecOps practices yield valuable information about software performance that is likely to lead to innovations in software engineering metrics.

September 30, 2021 • Podcast

By Jonathan Spring, Carol J. Smith

Carol Smith discusses with Jonathan Spring the hidden sources of bias in artificial intelligence (AI) systems and how systems developers can raise their awareness of bias, mitigate consequences, and reduce …

September 16, 2021 • Podcast

By Rachel Dzombak

In this SEI Podcast, the latest in the “My Story in Computing” series, Rachel Dzombak discusses the journey that led to her current leadership role at the SEI as digital …

September 9, 2021 • Podcast

By Suzanne Miller, Linda Parker Gates

Linda Parker Gates, initiative lead, Software Acquisition Pathways, and Suzanne Miller, principal researcher in the SEI's Software Solutions Division, discuss the principles of Agile strategic planning and methods for success.

August 26, 2021 • Podcast

By Leigh B. Metcalf, Jonathan Spring

Leigh Metcalf and Jonathan Spring discuss with Suzanne Miller the application of scientific methods to cybersecurity, a subject of their recently published book, Using Science in Cybersecurity.

August 13, 2021 • Podcast

By Geoff Sanders

Geoff Sanders, a senior network defense analyst in the SEI's CERT Division, discusses zero trust adoption and its benefits, applications, and available resources.

August 5, 2021 • Podcast

By Eric Heim

Eric Heim, a senior machine learning research scientist at the Software Engineering Institute at Carnegie Mellon University, discusses the quantification of uncertainty in machine-learning (ML) systems.

July 29, 2021 • Podcast

By Aaron Greenhouse

Aaron Greenhouse, a senior software architecture researcher, discusses 11 analysis rules that must be enforced over an AADL instance to ensure the consistency of a security model.

July 22, 2021 • Podcast

By Mary Popeck, Nataliya Shevchenko

Nataliya [Natasha] Shevchenko and Mary Popeck discuss the use of model-based systems engineering (MBSE), which, in contrast to document-centric engineering, puts models at the center of system design.

July 15, 2021 • Podcast

By Grace Lewis, Ipek Ozkaya, Jay Palat, Nathan R. West

Grace Lewis hosts a panel discussion with Ipek Ozkaya, Nathan West, and Jay Palat about diversity in software engineering.

July 8, 2021 • Podcast

By Hasan Yasar

Hasan Yasar discusses the cultural aspects of DevSecOps practices.

June 24, 2021 • Podcast

By Rachel Dzombak, Carol J. Smith

Digital transformation lead Dr. Rachel Dzombak and research scientist Carol Smith discuss how AI Engineering can support organizations to implement AI systems.

June 17, 2021 • Podcast

By Marisa Midler

Marisa Midler discusses the career path that led to her work as a cybersecurity engineer in the SEI's CERT Division. In all life choices, Midler has been guided by the …

June 10, 2021 • Podcast

By Allen D. Householder, Nathan M. VanHoudnos, Jonathan Spring

Allen Householder, Jonathan Spring, and Nathan VanHoudnos discuss how to manage vulnerabilities in AI/ML systems.

May 20, 2021 • Podcast

By Rachel Dzombak, Jay Palat

Rachel Dzombak and Jay Palat discuss growth in the field of artificial intelligence (AI) and how organizations can hire and train staff to take advantage of the opportunities afforded by …

May 13, 2021 • Podcast

By Hasan Yasar

Hasan Yasar discusses how organizations can transition from DevOps to DevSecOps.

April 29, 2021 • Podcast

By David Zubrow

David Zubrow discusses his career journey, which led from a PhD in applied history and social sciences to his role as a manager and technical leader at the SEI.

April 22, 2021 • Podcast

By Keith Korzec

Keith Korzec discusses the Misson-Based Prioritization method for prioritizing Agile backlogs.

April 15, 2021 • Podcast

By Carol J. Smith

Carol Smith, who trained as a photojournalist, transitioned a love of telling people's stories to a career in human-computer interaction working in artificial intelligence with the SEI's Emerging Technology Center.

March 16, 2021 • Podcast

By David James Shepard

David Shepard, a software developer with the SEI's Software Solutions Division, discusses digital engineering and its relationship with DevSecOps.

March 11, 2021 • Podcast

By Brett Tucker

Brett Tucker outlines OCTAVE FORTE, a 10-step framework to guide organizations in managing risk.

February 25, 2021 • Podcast

By Richard Laughlin, Tom Scanlon

Thomas Scanlon and Richard Laughlin discuss seven steps that developers can take to engineer security into ongoing and future container adoption efforts.

February 18, 2021 • Podcast

By Marisa Midler, Timothy J. Shimeall

Marisa Midler and Tim Shimeall, analysts with the SEI's CERT Division, discuss steps and strategies that organizations can adopt to minimize their exposure to the risks and threats associated with …

January 25, 2021 • Podcast

By Emily Sarneso, Art Manion

Emily Sarneso, the architect of VINCE, and Art Manion, technical manager of the Vulnerability Analysis Team in the SEI CERT Division, discuss the rollout of VINCE, how to use it, …

January 7, 2021 • Podcast

By Phil Groce

Phil Groce, a senior network defense analyst in the SEI's CERT Division, discusses the security implications of remote work.

December 8, 2020 • Podcast

By Katie C. Stewart, Andrew F. Hoover

In this SEI Podcast, Andrew Hoover and Katie Stewart, architects of the CMMC 1.0 model, discuss the CMMC assessment guides, how they were developed, and how they can be used.

December 8, 2020 • Podcast

By Andrew F. Hoover, Katie C. Stewart

Andrew Hoover and Katie Stewart, architects of the CMMC 1.0 model, discuss the Level 3 Assessment Guide for the CMMC and how it differs from the Level 1 Assessment Guide.

December 8, 2020 • Podcast

By Andrew F. Hoover, Katie C. Stewart

Andrew Hoover and Katie Stewart, architects of the CMMC 1.0 model, discuss the Level 1 Assessment Guide for the CMMC.

November 30, 2020 • Podcast

By Shane Ficorilli, Hasan Yasar

Shane Ficorilli and Hasan Yasar sit down with Suzanne Miller to discuss Continuous ATO, including challenges, the role of DevSecOps, and cultural issues that organizations must address.

November 10, 2020 • Podcast

By Bill Nichols

Bill Nichols, a researcher in the SEI's Software Solution Division, recently examined the veracity and relevance of the widely held notion that some programmers are much better than others (the …

October 29, 2020 • Podcast

By Allen D. Householder, Jonathan Spring, Eric Hatleback

Eric Hatleback, Allen Householder, and Jonathan Spring, vulnerability and incident researchers in the SEI CERT Division, discuss SSVC and also take audience members through a sample scoring vulnerability.

October 13, 2020 • Podcast

By Andrew F. Hoover, Katie C. Stewart

Andrew Hoover and Katie Stewart, architects of the CMMC 1.0 model, discuss the Level 5 process maturity requirements, which are standardizing and optimizing a documented approach for CMMC.

October 8, 2020 • Podcast

By Katie C. Stewart, Andrew F. Hoover

Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss reviewing and communicating CMMC activities and measuring those activities for effectiveness, which are requirements of Level 4 of the …

October 1, 2020 • Podcast

By Timothy Morrow, Angela Horneman

Angela Horneman and Timothy Morrow discuss the importance of looking beyond the network to gain situational awareness for cybersecurity.

September 17, 2020 • Podcast

By Jason Larkin

Dr. Jason Larkin discusses the challenges of working in the NISQ era and the work that the SEI is doing in quantum computing.

September 3, 2020 • Podcast

By Katie C. Stewart, Andrew F. Hoover

Andrew Hoover and Katie Stewart, architects of the Cybersecurity Maturity Model Certification (CMMC) 1.0, discuss how assessed DIB organizations are scored according to the model.

August 25, 2020 • Podcast

By Andrew F. Hoover, Katie C. Stewart

Andrew Hoover and Katie Stewart, architects of the Cybersecurity Maturity Model Certification (CMMC) 1.0, present guidelines for developing an effective CMMC policy.

August 11, 2020 • Podcast

By Dr. Diana Burley, Roberta (Bobbie) Stempfley

Bobbie Stempfley, director of the SEI's CERT Division, interviews Dr. Diana Burley, executive director and chair of I3P, and vice provost for research for American University.

July 30, 2020 • Podcast

By Katie C. Stewart, Andrew F. Hoover

Andrew Hoover and Katie Stewart, architects of the Cybersecurity Maturity Model Certification (CMMC) 1.0, discuss process documentation, a Level 2 requirement.

July 16, 2020 • Podcast

By Will Hayes, Carol Woody

Dr. Carol Woody and Will Hayes discuss an approach that allows organizations to integrate cybersecurity into the agile pipeline.

July 1, 2020 • Podcast

By Katie C. Stewart, Andrew F. Hoover

Andrew Hoover and Katie Stewart, CMMC architects, discuss Levels 1-3 of the model and what steps organizations need to take to move beyond NIST 800-171. 

June 18, 2020 • Podcast

By Steve Lipner, Roberta (Bobbie) Stempfley

Bobbie Stempfley, director of the CERT Division of the SEI, explores the future of secure coding with Steve Lipner, the executive director of SAFECode and former director of software security …

May 28, 2020 • Podcast

By Jose A. Morales, Hasan Yasar

Hasan Yasar and Jose Morales discuss challenges to implementing DevOps in highly regulated environment (HREs), exploring issues such as environment parity, the approval process, and compliance.

May 12, 2020 • Podcast

By David Hickton, Roberta (Bobbie) Stempfley

David Hickton, founding director of the University of Pittsburgh Institute for Cyber Law, Policy, and Security, sits down with Bobbie Stempfley, director of the SEI's CERT Division, to talk about …

April 29, 2020 • Podcast

By Carol J. Smith

Carol Smith discusses a framework that builds upon the importance of diverse teams and ethical standards to ensure that AI systems are trustworthy and able to effectively augment warfighters.

April 16, 2020 • Podcast

By Madison Oliver

Madison Quinn Oliver, an associated vulnerability engineer in the SEI's CERT Division, discusses her career journey and obstacles and mentors that she encountered along the way.

March 26, 2020 • Podcast

By Allen D. Householder, David Warren

Allen Householder and David Warren discuss the CERT Guide to Coordinated Vulnerability Disclosure, which is used by security researchers, software vendors, and other stakeholders in informing others about security vulnerabilities.

March 10, 2020 • Podcast

By April Galyardt

Dr. April Galyardt, a machine learning research scientist in the SEI's CERT Division, discusses her career journey, challenges, and lessons learned along the way.

February 27, 2020 • Podcast

By Roberta (Bobbie) Stempfley, Dr. Lorrie Cranor

Dr. Lorrie Faith Cranor, director of CyLab, sits down with Bobbie Stempfley, director of the SEI's CERT Division, to talk about the future of cyber in security and privacy.

February 13, 2020 • Podcast

By J. Michael McQuade, Ph.D., Roberta (Bobbie) Stempfley

Bobbie Stempfley, director of the CERT Division of the SEI, and Dr. Michael McQuade, vice-president for research at Carnegie Mellon University, discuss the future of cyber in security and resilience.

February 6, 2020 • Podcast

By Cory Cohen, Jeff Gennari

Jeff Gennari and Cory Cohen discuss updates to the Pharos Binary Analysis Framework in GitHub, including a new plug-in to import OOAnalyzer analysis into the NSA's recently released Ghidra software …

January 30, 2020 • Podcast

By Carol Woody

Dr. Carol Woody discusses the career path that led to her current role as technical manager for the Cybersecurity Engineering (CSE) team in the SEI's CERT Division.

December 17, 2019 • Podcast

By Mark Zajicek, Robin Ruefle

Robin Ruefle and Mark Zajicek discuss recent work that provides a baseline or benchmark of incident management practices for an organization.

December 12, 2019 • Podcast

By Angela Horneman, Jonathan Spring, April Galyardt

April Galyardt, Angela Horneman, and Jonathan Spring discuss key questions that managers and decision makers should ask about machine learning to effectively solve cybersecurity problems.

November 26, 2019 • Podcast

By None

Kristi Roth discusses her experience as an intern in the SEI's Software Solutions Division and her journey into the field of software engineering.

November 12, 2019 • Podcast

By Andrew O. Mellinger, Hasan Yasar, Suzanne Miller

Andrew Mellinger, Suzanne Miller, and Hasan Yasar discuss the human factors that impact software engineering, from the communication tools they use to the environments where they work.

October 15, 2019 • Podcast

By Anita Carleton

Anita Carleton discusses the career path that led to her current role as acting director of the SEI's Software Solutions Division and the challenges and mentors (Watts Humphrey) that she …

October 3, 2019 • Podcast

By Art Manion, Deana Shick, Jonathan Spring

Art Manion, Deana Shick, and Jonathan Spring discuss a 2019 paper that outlines challenges with the Common Vulnerability Scoring System (CVSS) and proposes changes to improve it.

October 1, 2019 • Podcast

By Sarah Sheard

Dr. Sarah Sheard discusses the importance of including software architects in the earliest systems engineering activities.

September 24, 2019 • Podcast

By Carol Woody

Dr. Carol Woody discusses the selection of metrics for measuring the software assurance of a product as it is developed and delivered to function in a specific system context.

September 18, 2019 • Podcast

By Ritwik Gupta

Ritwik Gupta, a machine learning research scientist in the SEI's Emerging Technology Center, discusses the use of AI in humanitarian assistance and disaster response (HADR) efforts.

August 29, 2019 • Podcast

By Peter H. Feiler, Sam Procter

Peter Feiler and Sam Procter present the Architecture Analysis and Design Language (AADL) EMV2 Error Library, which is an established taxonomy that draws on a broad range of previous work …

August 22, 2019 • Podcast

By Suzanne Miller

SEI principal researcher Suzanne Miller discusses the path that led to her present-day career and the challenges and mentors that she encountered along the way.

July 29, 2019 • Podcast

By Dr. Giulia Fanti (Electrical and Computer Engineering, CMU College of Engineering)

Dr. Giulia Fanti, an assistant professor of Electrical and Computer Engineering at Carnegie Mellon University, discusses her latest research including privacy problems in the cryptocurrency and blockchain space.

July 25, 2019 • Podcast

By Jared Ettinger

Jared Ettinger, a cyber intelligence researcher in the SEI's Emerging Technology Center, discusses the findings of a report that outlines challenges and best practices in cyber intelligence.

July 11, 2019 • Podcast

By April Galyardt

April Galyardt, a machine learning research scientist, discusses efforts to develop a new approach to assessing the skills of the cybersecurity workforce.

June 27, 2019 • Podcast

By Jose A. Morales, Hasan Yasar

Hasan Yasar and Jose Morales discuss the process, challenges, approaches, and lessons learned in implementing DevOps in the software development lifecycle in highly regulated environments.

June 20, 2019 • Podcast

By Ipek Ozkaya

In this podcast, the latest in our Women in Software and Cybersecurity podcast series, Dr. Ipek Ozkaya talks about the educational choices and career path that led to her current …

May 30, 2019 • Podcast

By Anne Connell

Anne Connell discusses recent business email compromise attacks, such as Operation Wire Wire, and offers guidance on how individuals and organizations can protect themselves from these sophisticated new modes of …

May 16, 2019 • Podcast

By Eliezer Kanal

In this SEI Podcast, the first in the My Story in Computing series, Dr. Kanal discusses his education, career path, and lessons he learned along the way.

April 11, 2019 • Podcast

By Eileen Wrubel

In this SEI Podcast, which highlights the work of Women in Software and Cybersecurity, Eileen Wrubel, co-lead of the SEI's Agile/DevOps Transformation directorate, discusses her career journey.

March 20, 2019 • Podcast

By Robert Nord, Ipek Ozkaya

Rod Nord and Ipek Ozkaya discuss the SEI's current work in technical debt including the development of analysis techniques to help software engineers and decision makers manage the effect of …

March 14, 2019 • Podcast

By Grace Lewis

Grace Lewis discusses her career journey, which led to her leading Tactical Edge Computing at the SEI. This podcast is the latest installment in our Women in Software and Cybersecurity …

February 7, 2019 • Podcast

By Tom Scanlon

Thomas Scanlon, a researcher in the SEI's CERT Division, discusses the different types of application security testing tools and provides guidance on how and when to use each tool.

January 16, 2019 • Podcast

By Thomas A. Longstaff

Tom Longstaff, who in 2018 was hired as the SEI's chief technology officer, discusses the challenges of leading a technical organization in the age of artificial intelligence.

January 8, 2019 • Podcast

By Dr. Lorrie Cranor

Dr. Lorrie Cranor, director of CyLab, discusses her career, her work in security and privacy, and her upcoming keynote at the Women in Cybersecurity Conference.

December 14, 2018 • Podcast

By Roberta (Bobbie) Stempfley

Roberta "Bobbie" Stempfley discusses her career and journey to becoming the director of the SEI's CERT Division.

December 11, 2018 • Podcast

By Eliezer Kanal, Eugene Leventhal

Eliezer Kanal and Eugene Leventhal discuss blockchain research at Carnegie Mellon University and beyond.

November 29, 2018 • Podcast

By Timur D. Snoke, Timothy J. Shimeall

Tim Shimeall and Timur Snoke, both researchers in the SEI's CERT Division, highlight some best practices (and application of these practices) that they have observed in network traffic analysis.

November 27, 2018 • Podcast

By Carson Sestili, Ritwik Gupta

Ritwik Gupta and Carson Sestili discuss the future of deep learning.

November 27, 2018 • Podcast

By Ritwik Gupta, Carson Sestili

Ritwik Gupta of the SEI's Emerging Technology Center and Carson Sestili, formerly of the SEI's CERT Division and now with Google, discuss adversarial machine learning.

November 15, 2018 • Podcast

By Peter H. Feiler

Peter Feiler discusses the cost savings (26.1 percent) realized when using the System Architecture Virtual Integration approach on the development of software-reliant systems for aircraft.

November 8, 2018 • Podcast

By Carson Sestili, Ritwik Gupta

Ritwik Gupta of the SEI's Emerging Technology Center and Carson Sestili, formerly of the SEI's CERT Division and now with Google, discuss the importance of diverse perspectives in deep learning.

November 1, 2018 • Podcast

By Roberta (Bobbie) Stempfley

Roberta "Bobbie" Stempfley, who was appointed director of the SEI's CERT Division in June 2017, discusses a technical strategy for cybersecurity.

October 25, 2018 • Podcast

By Timothy Morrow, Donald Faatz

Don Faatz and Tim Morrow, researchers with the SEI's CERT Division, outline best practices that organizations should use to address the vulnerabilities and risks in moving applications and data to …

October 18, 2018 • Podcast

By Timothy Morrow, Donald Faatz

Tim Morrow and Donald Faatz outline the risks, threats, and vulnerabilities that organizations face when moving applications or data to the cloud.

October 11, 2018 • Podcast

By Ritwik Gupta, Carson Sestili

Ritwik Gupta and Carson Sestili describe their use of deep learning in IARPA's Functional Map of the World Challenge.

October 4, 2018 • Podcast

By Ritwik Gupta, Carson Sestili

In this podcast excerpt, Ritwik Gupta and Carson Sestili describe deep learning and how it differs from machine learning.

September 20, 2018 • Podcast

By Zachary Kurtz, Lori Flynn

CERT researchers Lori Flynn and Zach Kurtz discuss ongoing research using test suites as a source of labeled training data to create classifiers for static analysis alerts.

September 13, 2018 • Podcast

By Timothy J. Shimeall, Timur D. Snoke

Tim Shimeall and Timur Snoke, researchers in the SEI's CERT Division, examine the role of the network traffic analyst in capturing and evaluating ever-increasing volumes of network data.

August 28, 2018 • Podcast

By Carrie Gardner, Tracy Cassidy

Tracy Cassidy and Carrie Gardner, researchers with the CERT National Insider Threat Center, discuss research on using technology to detect an employee's intent to cause physical harm.

August 16, 2018 • Podcast

By Paul Nielsen

Dr. Paul Nielsen discusses his involvement on a Defense Science Board Task Force that concluded that the software factory should be a key player in the acquisition and sustainment of …

August 2, 2018 • Podcast

By Michael D. Konrad, Robert W. Stoddard

Mike Konrad and Bob Stoddard discuss an approach known as causal learning that can help the Department of Defense identify which factors cause software costs to escalate and, therefore, serve …

July 26, 2018 • Podcast

By Carol Woody

Carol Woody discusses opportunities and risks in cybersecurity engineering, software assurance, and the resulting CERT Cybersecurity Engineering and Software Assurance Professional Certificate.

July 10, 2018 • Podcast

By Mike Phillips, Harry L. Levinson

Mike Phillips and Harry Levinson examine the intersection of three themes that emerged during the SEI's work with one government program: product line practices, software sustainment, and public-private partnerships.

June 25, 2018 • Podcast

By Jared Ettinger

Jared Ettinger describes preliminary findings and best practices in cyber intelligence identified through a study sponsored by the U.S. Office of the Director of National Intelligence.

June 7, 2018 • Podcast

By Ritwik Gupta, Carson Sestili

Ritwik Gupta and Carson Sestili describe deep learning, a popular and quickly growing subfield of machine learning.

May 24, 2018 • Podcast

By Summer C. Fowler, Ari Lightman

Summer Fowler and Ari Lightman discuss the evolving role of the chief risk officer and a Chief Risk Officer Program that is developed and delivered jointly by CMU's Heinz College …

May 10, 2018 • Podcast

By Michael Coblenz (Carnegie Mellon School of Computer Science), Eliezer Kanal

Eliezer Kanal and Michael Coblenz discuss the creation of Obsidian, a novel programming language specifically tailored to secure blockchain software development that significantly reduces the risk of coding errors.

April 19, 2018 • Podcast

By Eileen Wrubel, Hasan Yasar

Eileen Wrubel and Hasan Yasar discuss how Agile and DevOps can be deployed together to meet organizational needs.

April 5, 2018 • Podcast

By Jeria Quesenberry, Grace Lewis, Carol Frieze

Carol Frieze, Grace Lewis, and Jeria Quesenberry discuss CMU's approach to creating a more inclusive environment for all computer science students, regardless of gender.

March 15, 2018 • Podcast

By Jeff Boleng

In this podcast, the panel discusses technical innovations that can be applied to the Department of Defense including improved situational awareness, human-machine interactions, artificial intelligence, machine learning, data, and continuous …

February 8, 2018 • Podcast

By Jeff Boleng

In this podcast, which was excerpted from the webinar Is Software Spoiling Us?, the panel discusses awesome innovations in daily life that are made possible because of software.

February 1, 2018 • Podcast

By Timothy A. Chick, Eileen Wrubel, Hasan Yasar, Will Hayes

In this podcast, Eileen Wrubel, technical lead for the SEI's Agile-in-Government program leads a roundtable discussion into how Agile, DevOps, and the Risk Management Framework can work together.

December 28, 2017 • Podcast

By Randall F. Trzeciak

Randy Trzeciak, technical manager of the CERT National Insider Threat Center, discusses five best practices for preventing and responding to insider threat.

December 12, 2017 • Podcast

By Jeff Gennari

Jeff Gennari discusses updates to the Pharos framework, which automates reverse engineering of malware analysis, including new tools, improvements, and bug fixes.

November 30, 2017 • Podcast

By Daniel Bauer, Andrew P. Moore

Andrew Moore and Daniel Bauer highlight results from our recent research that suggests organizations need to take a more holistic approach to mitigating insider threat.

November 16, 2017 • Podcast

By Satya Venneti

Satya Venneti presents exploratory research undertaken by the SEI's Emerging Technology Center to design algorithms to extract heart rate from video capture of non-stationary subjects in real-time.

October 24, 2017 • Podcast

By Dan J. Klinedinst

In this podcast, CERT vulnerability analyst Dan Klinedinst discusses research aimed at helping the Department of Homeland Security United States Computer Emergency Readiness Team (US-CERT) understand future technologies and their …

October 12, 2017 • Podcast

By Vijay S. Sarvepalli

In this podcast, CERT researcher Vijay Sarvepalli explores Domain Name System or DNS Blocking, the idea of disrupting communications from malicious code such as ransomware that is used to lock …

September 21, 2017 • Podcast

By Rachel Kartch

In this podcast, the latest in a series on best practices for network security, Rachel Kartch explores best practices for network border protection at the Internet router and firewall.

September 7, 2017 • Podcast

By Mark Sherman

In this podcast, Mark Sherman discusses research aimed at examining whether developers could build an IBM Watson application to support an assurance review.

August 31, 2017 • Podcast

By Christopher J. Alberts, Carol Woody

In this podcast, Carol Woody and Christopher Alberts introduce the prototype Software Assurance Framework, a collection of cybersecurity practices that programs can apply across the acquisition lifecycle and supply chain.

August 3, 2017 • Podcast

By Will Hayes, Eileen Wrubel

In this podcast, Will Hayes and Eileen Wrubel present five perspectives on scaling Agile from leading thinkers in the field, including Scott Ambler, Steve Messenger, Craig Larman, Jeff Sutherland, and …

July 14, 2017 • Podcast

By Alexander Volynkin, Angela Horneman

In this podcast, CERT researchers spell out several best practices for prevention and response to a ransomware attack.

June 29, 2017 • Podcast

By Hasan Yasar

In this podcast, Hasan Yasar discusses how Secure DevOps attempts to shift the paradigm for tough security problems from following rules to creatively determining solutions.

June 15, 2017 • Podcast

By Peter H. Feiler

Peter Feiler was named an SEI Fellow in August 2016. This podcast is the second in a series highlighting interviews with SEI Fellows.

May 25, 2017 • Podcast

By Timur D. Snoke

In this podcast, Timur Snoke explores the challenges of NTP and prescribes some best practices for securing accurate time with this protocol.

May 18, 2017 • Podcast

By Grace Lewis

In this podcast, Grace Lewis presents a solution for establishing trusted identities in disconnected environments based on secure key generation and exchange in the field, as well as an evaluation …

April 20, 2017 • Podcast

By James Edmondson

In this podcast, James Edmondson discusses his work to bring distributed artificial intelligence to a next generation, renewable power grid in space.

March 27, 2017 • Podcast

By James Edmondson, Sagar Chaki

In this podcast, James Edmondson and Sagar Chaki describe an architecture and approach to engineering high-assurance software for Distributed Adaptive Real-Time (DART) systems.

March 23, 2017 • Podcast

By Christopher King

Researchers in the SEI's CERT Division recently examined the security of a large swath of technology domains being developed in industry and maturing over the next five years.

February 27, 2017 • Podcast

By Ipek Ozkaya

In this podcast, Ipek Ozkaya talks about managing technical debt as a core software engineering practice and its importance in the education of future software engineers.

February 23, 2017 • Podcast

By Mark Langston

In this podcast, Mark Langston discusses best practices for designing a secure, reliable DNS infrastructure.

January 26, 2017 • Podcast

By John Klein

This podcast explores three roles and three failure patterns of software architects that he has observed working with industry and government software projects.

January 12, 2017 • Podcast

By Julien Delange

In this podcast, Julien Delange discusses security modeling tools that his team developed and how to use them to capture vulnerabilities and their propagation path in an architecture.

December 19, 2016 • Podcast

By Rachel Kartch

In this podcast, CERT researcher Rachel Kartch provides an overview of DDoS attacks and best practices for mitigating and responding to them.

December 8, 2016 • Podcast

By Carol Woody, Nancy R. Mead

In this podcast Nancy Mead and Carol Woody discuss their new book, Cyber Security Engineering: A Practical Approach for Systems and Software Assurance, which introduces a set of seven principles …

November 30, 2016 • Podcast

By Andrew O. Mellinger

In this podcast, Andrew Mellinger, a senior software developer in the SEI's Emerging Technology Center discusses work to develop a platform to organize dynamic defenses.

November 10, 2016 • Podcast

By Jared Ettinger

In this podcast, Jared Ettinger of the SEI's Emerging Technology Center (ETC) talks about the ETC's work in cyber intelligence as well as the Cyber Intelligence Research Consortium.

October 27, 2016 • Podcast

By Peter H. Feiler

In this podcast, Peter Feiler describes a textual requirement specification language for the Architecture Analysis & Design Language (AADL) called ReqSpec.

October 19, 2016 • Podcast

By Darrell Keeling (Parkview Health), Lisa R. Young

In this podcast, Darrell Keeling, Vice President of Information Security and HIPAA Security Officer at Parkview Health, discusses the knowledge, skills, and abilities needed to become a CISO in today's …

October 13, 2016 • Podcast

By Carol Woody

In this podcast, Dr. Carol Woody explores the connection between measurement, methods for software assurance, and security.

September 29, 2016 • Podcast

By Timothy J. Shimeall

In this podcast, Timothy Shimeall discusses approaches for analyzing network security using and going beyond network flow data to gain situational awareness to improve security.

September 15, 2016 • Podcast

By Girish Seshagiri (Advanced Information Services Inc)

In this podcast, Girish Seshagiri discusses a two-year community college software assurance program that he developed and facilitated with SEI Fellow Nancy Mead at Illinois Central College.

August 25, 2016 • Podcast

By Art Manion

In this podcast, CERT researcher Art Manion discusses work that his team is doing with the Department of Homeland Security to examine and secure IoT devices.

August 10, 2016 • Podcast

By Nancy R. Mead

This podcast is the first in a series highlighting interviews with SEI Fellows.

July 28, 2016 • Podcast

By Julien Delange

In this podcast, Dr. Julien Delange discusses fault tree analysis and introduces a new tool to design and analyze fault trees.

July 18, 2016 • Podcast

By John Haller, Edna M. Conway (Cisco Systems, Inc.), Lisa R. Young

In this podcast, Edna Conway and John Haller discuss the global value chain for organizations and critical infrastructures and how this expanded view can be used to improve ICT supply …

June 21, 2016 • Podcast

By Lisa R. Young, Douglas Gray

In this podcast, Douglas Gray, a member of the CERT Cyber Risk Management team, discusses how to operationalize intelligence products to build operational resilience of organizational assets and services using …

May 26, 2016 • Podcast

By Harry L. Levinson

In this podcast, Harry Levinson discusses the SEI's work with the Air Force to further evolve the AF DCGS system using Agile techniques working in incremental, iterative approaches to deliver …

May 12, 2016 • Podcast

By Allen D. Householder, Art Manion

Art Manion and Allen Householder of the CERT Vulnerability Analysis team, talk about threat modeling and its use in improving the security of the Internet of Things (IoT).

April 14, 2016 • Podcast

By Donald Firesmith

Don Firesmith discusses how acquisition professionals and system integrators can apply OSA practices to effectively decompose large, monolithic business and technical architectures into manageable and modular solutions.

March 18, 2016 • Podcast

By Julien Delange

Dr. Julien Delange discusses the Effective Reduction of Avoidable Complexity in Embedded Systems (ERACES) project, which aims to identify and remove complexity in software models.

March 18, 2016 • Podcast

By Mike Phillips

Mike Phillips discusses effective sustainment engineering efforts in the Army and Air Force, using examples from across their software engineering centers and how they tie in to SEI research.

March 8, 2016 • Podcast

By Neil Ernst

Dr. Neil Ernst discusses industry practices such as slicing and ratcheting used to develop business capabilities and suggests approaches to enable large-scale iteration.

February 19, 2016 • Podcast

By David Svoboda

In this podcast, CERT researcher David Svoboda analyzes secure coding rules for both C and Java to determine if they indeed refute the conventional wisdom that Java is more secure …

February 4, 2016 • Podcast

By Carol Woody, Rick Kazman

In this podcast, Rick Kazman and Carol Woody discuss an approach for identifying architecture debt in a large-scale industrial software project by modeling software architecture as design rule spaces.

February 3, 2016 • Podcast

By Gary McGraw, Lisa R. Young

In this podcast, Gary McGraw, the Chief Technology Officer for Cigital, discusses the latest version of BSIMM and how to take advantage of observed practices from high-performing organizations.

January 12, 2016 • Podcast

By Grady Booch

During a recent visit to the SEI, Grady Booch, chief scientist for IBM and author of the Unified Modeling Language, sat down for an interview with SEI Fellow Nancy Mead …

December 23, 2015 • Podcast

By Julia H. Allen, Nader Mehravari, Lisa R. Young

In this podcast, Nader Mehravari and Julia Allen, members of the CERT Cyber Risk Management team, discuss an effective approach for defining a CISO team structure and functions for large, …

November 9, 2015 • Podcast

By Chip Block, Lisa R. Young

In this podcast, Chip Block, Vice President at Evolver, discusses the growth of the cyber insurance industry and how it is beginning to drive the way that organizations manage risk …

October 15, 2015 • Podcast

By Neil Ernst

In this podcast, Dr. Neil Ernst discusses the findings of a recent field study to assess the state of the practice and current thinking regarding technical debt and guide the …

October 1, 2015 • Podcast

By Lisa R. Young, Sean Sweeney (University of Pittsburgh)

In this podcast, Sean Sweeney, Information Security Officer (ISO) for the University of Pittsburgh (PITT), discusses their use of the NIST (National Institute of Standards and Technology) CSF (Cybersecurity Framework).

September 24, 2015 • Podcast

By Nancy R. Mead

In this podcast, Nancy Mead discusses how, with support from the Department of Homeland Security, SEI researchers developed software assurance curricula and programs for graduate, undergraduate, and community colleges.

September 10, 2015 • Podcast

By Donald Firesmith

In this podcast, Donald Firesmith explains the importance of shift left testing and defines four approaches using variants of the classic V model to illustrate them.

August 27, 2015 • Podcast

By Scott McMillan, Eric Werner

In this podcast, Scott McMillan and Eric Werner of the SEI's Emerging Technology Center discuss work to create a software library for graph analytics that would take advantage of more …

August 27, 2015 • Podcast

By Richard O. Young, Julia H. Allen, Samuel J. Perl

In this podcast, Dr. Richard Young, a professor with CMU, and Sam Perl, a member of the CERT Division, discuss their research on how expert cybersecurity incident handlers react when …

August 13, 2015 • Podcast

By Peter H. Feiler

The case study shows that by combining an analytical approach with confidence maps, we can present a structured argument that system requirements have been met and problems in the design …

July 30, 2015 • Podcast

By Donald Firesmith

In this podcast, Donald Firesmith introduces a taxonomy of testing types to help testing stakeholders understand and select those that are best for their specific programs.

July 16, 2015 • Podcast

By Sarah Sheard

In this podcast, Sarah Sheard discusses research to investigate the nature of complexity, how it manifests in software-reliant systems such as avionics, how to measure it, and how to tell …

June 25, 2015 • Podcast

By Christopher J. Alberts

In this podcast, CERT researcher Christopher Alberts introduces the SERA Framework, a systematic approach for analyzing complex security risks in software-reliant systems and systems of systems early in the lifecycle.

June 11, 2015 • Podcast

By Eileen Wrubel

This podcast Eileen Wrubel highlights research examining Agile techniques in the software sustainment arena—specifically Air Force programs.

May 28, 2015 • Podcast

By Will Hayes, Julie B. Cohen

In this podcast, Will Hayes and Julie Cohen discuss a generalized technique that could be used with any type of system to assist the program office in addressing and resolving …

May 14, 2015 • Podcast

By Dr. Anind Dey, Jeff Boleng

Dr. Jeff Boleng and Dr. Anind Dey discuss joint research to understand the mission, role, and task of dismounted soldiers using context derived from sensors on them and their mobile …

April 23, 2015 • Podcast

By Jeff Boleng, Dr. Anind Dey

Dr. Anind Dey and Dr. Jeff Boleng introduce context-aware computing and explore issues related to sensor-fueled data in the internet of things.

April 9, 2015 • Podcast

By Art Manion, Michael D. Konrad

In 2012, SEI researchers began investigating vulnerabilities reported to the SEI's CERT Division. A research project was launched to investigate design-related vulnerabilities and quantify their effects.

March 26, 2015 • Podcast

By Suzanne Miller, Mary Ann Lapham

In this episode, Suzanne Miller and Mary Ann Lapham explore the application of the 12th Agile principle in the Department of Defense.

March 26, 2015 • Podcast

By Matthew J. Butkovic, John Haller, Julia H. Allen

In this podcast, Matt Butkovic and John Haller discuss approaches for more effectively managing supply chain risks, focusing on risks arising from “external entities that provide, sustain, or operate Information …

March 12, 2015 • Podcast

By Michael J. Gagliardi

In this podcast, Mike Gagliardi introduces the Mission Thread Workshop, a method for understanding architectural and engineering considerations for developing and sustaining systems of systems.

February 26, 2015 • Podcast

By Suzanne Miller, Mary Ann Lapham

In this podcast, the tenth in a series by Suzanne Miller and Mary Ann Lapham exploring the application of Agile principles in the Department of Defense, the two researchers discuss …

February 20, 2015 • Podcast

By Michelle A. Valdez, Lisa R. Young, Julia H. Allen, Katie C. Stewart

This podcast summarizes the inaugural Measuring What Matters Workshop conducted in November 2014, and the team's experiences planning and executing the workshop, and identifying improvements for future offerings.

February 12, 2015 • Podcast

By Mary Ann Lapham, Suzanne Miller

In this podcast, part of an ongoing series, Mary Ann Lapham and Suzanne Miller discuss the application of the tenth Agile principle: Simplicity—the art of maximizing the amount of work …

January 29, 2015 • Podcast

By Bill Nichols, Carol Woody

In this podcast, the authors discuss how a combination of software development and quality techniques can improve software security.

January 16, 2015 • Podcast

By Mary Ann Lapham, Suzanne Miller

In this episode, Suzanne Miller and Mary Ann Lapham discuss the application of the ninth Agile principle, "Continuous attention to technical excellence and good design enhances Agile."

January 8, 2015 • Podcast

By David W. White, Julia H. Allen, James J. Cebula

In this podcast, Jim Cebula and David White discuss cyber insurance and its potential role in reducing operational and cybersecurity risk.

December 18, 2014 • Podcast

By Peter H. Feiler, Thierry Cornilleau (Dassault Aviation)

In this podcast, Peter Feiler and Thierry Cornilleau discuss their experiences with the Architecture Analysis and Design Language.

December 4, 2014 • Podcast

By Suzanne Miller, Grace Lewis

In this podcast, Grace Lewis discusses five approaches that her team developed and tested for using tactical cloudlets as a strategy for providing infrastructure to support computation offload and data …

November 27, 2014 • Podcast

By Suzanne Miller, Eileen Wrubel

In this podcast, Eileen Wrubel and Suzanne Miller discuss issues with Agile software teams engaging systems engineering functions in developing and acquiring software-reliant systems.

November 13, 2014 • Podcast

By Julien Delange, Suzanne Miller

In this podcast, Julien Delange summarizes different perspectives on research related to code generation from software architecture models.

October 30, 2014 • Podcast

By Alistair Cockburn, Suzanne Miller

In this podcast, Alistair Cockburn, an Agile pioneer and one of the original signers of the Agile Manifesto, and SEI principal researcher Suzanne Miller discuss the current state of Agile …

October 9, 2014 • Podcast

By Mary Ann Lapham, Suzanne Miller

In this episode, the eighth in a series exploring Agile principles across the DoD, Suzanne Miller and Mary Ann Lapham discuss the eighth Agile principle.

October 7, 2014 • Podcast

By Julia H. Allen, James J. Cebula

In this podcast, James Cebula describes how to use a taxonomy to increase confidence that your organization is identifying cyber security risks.

September 25, 2014 • Podcast

By Suzanne Miller, Will Hayes

In this podcast Will Hayes and Suzanne Miller discuss research intended to aid U. S. Department of Defense acquisition professionals in the use of Agile software development methods.

September 11, 2014 • Podcast

By Ian Gorton, Suzanne Miller

In this podcast, Ian Gorton describes four general principles that hold for any scalable, big data system.

August 28, 2014 • Podcast

By Joseph P. Elm

In this podcast, Joseph P. Elm analyzes differences in systems-engineering activities for defense and non-defense projects and finds differences in both deployment and effectiveness.

August 14, 2014 • Podcast

By Suzanne Miller, Grace Lewis

In this podcast, Grace Lewis discusses research that explores the feasibility of using HTML5 for developing mobile applications, for "edge" environments where resources and connectivity are uncertain, such as in …

July 24, 2014 • Podcast

By Mary Ann Lapham, Suzanne Miller

In this podcast, Suzanne Miller and Mary Ann Lapham explore the application of the seventh Agile principle in the Department of Defense, working software is the primary measure of progress.

July 10, 2014 • Podcast

By Peter H. Feiler, Suzanne Miller, Serban Gheorghe (Edgewater Computer Systems, Inc.)

In this podcast, Peter Feiler and Serban Gheorghe of Edgewater discuss their work on the Architecture Analysis and Design Language.

June 26, 2014 • Podcast

By Carol Woody, Suzanne Miller, Christopher J. Alberts

In this podcast, Carol Woody and Christopher Alberts discuss guidelines that they developed to ensure that the WEA service remains robust and resilient against cyber attacks.

June 12, 2014 • Podcast

By Julien Delange, Suzanne Miller

Julien Delange discusses two extensions to the Architecture Analysis and Design Language: the behavior annex and the error-model annex.

May 29, 2014 • Podcast

By Mary Ann Lapham, Suzanne Miller

In this podcast, Suzanne Miller and Mary Ann Lapham discuss the application of the sixth Agile principle in the Department of Defense.

May 29, 2014 • Podcast

By Julia H. Allen, Jose A. Morales

In this podcast, Jose Morales discusses how to prioritize malware samples, helping analysts to identify the most destructive malware to examine first.

May 15, 2014 • Podcast

By Patrick R. Place, Suzanne Miller

In this podcast, Patrick Place describes research aimed at determining how acquisition quality attributes can be expressed and used to facilitate alignment among the software architecture and acquisition strategy.

April 29, 2014 • Podcast

By Robert J. Ellison, Suzanne Miller, Carol Woody

In this podcast, CERT researchers Robert Ellison and Carol Woody discuss research aimed at increasing alert originators' trust in the WEA service and the public's trust in the alerts that …

April 10, 2014 • Podcast

By Suzanne Miller, Donald Firesmith

In this podcast, Don Firesmith presents three variations on the V model of software or system development.

March 27, 2014 • Podcast

By Suzanne Miller, Bill Nichols

In this podcast, Bill Nichols discusses a proposal for integrating the Verified Design by Contract method into PSP to reduce the number of defects present at the unit-testing phase, while …

March 25, 2014 • Podcast

By Ben Tomhave, Erik Heidt, Julia H. Allen

In this podcast, the presenters discuss IT risk assessment and analysis, and comparison factors for selecting methods that are a good fit for your organization.

March 13, 2014 • Podcast

By Peter H. Feiler, Suzanne Miller, Myron Hecht (The Aerospace Corporation)

In this podcast, Peter Feiler and Myron Hecht discuss the use of AADL by the Aerospace Corporation.

February 27, 2014 • Podcast

By Suzanne Miller, Naomi Anderson, Kate Ambrose

In this podcast, Kate Ambrose Sereno and Naomi Anderson discuss research aimed at developing adoptable, evidence-based, data-driven approaches to evaluating (open source) software.

February 13, 2014 • Podcast

By Suzanne Miller, Rick Kazman

In this podcast, Rick Kazman discusses these challenges and a solution he has developed for achieving system security qualities through use of patterns.

February 11, 2014 • Podcast

By Julia H. Allen, Jason Christopher (U.S. Department of Energy), Nader Mehravari

ES-C2M2 helps improve the operational resilience of the U.S. power grid.

January 30, 2014 • Podcast

By Mary Ann Lapham, Suzanne Miller

In this episode, the fifth in a series, Suzanne Miller and Mary Ann Lapham discuss the application of the fifth principle, Build projects around motivated individuals.

January 16, 2014 • Podcast

By Charles Weinstock, Suzanne Miller

In this podcast, Charles Weinstock introduces assurance cases and how they can be used to assure safety, security, and reliability.

January 7, 2014 • Podcast

By Robert C. Seacord, Julia H. Allen

In this podcast, Robert Seacord describes the CERT-led effort to publish an ISO/IEC technical specification for secure coding rules for compilers and analyzers.

December 26, 2013 • Podcast

By Etienne Borde, Peter H. Feiler

Real-World Applications of the Architecture Analysis and Design Language (AADL)

December 12, 2013 • Podcast

By Suzanne Miller, Timothy A. Chick, Gene Miluk

In this podcast, Tim Chick and Gene Miluk discuss methodology and outputs of the Checkpoint Diagnostic, a tool that provides organizations with actionable performance related information and analysis closely linked …

November 27, 2013 • Podcast

By John Klein, Ian Gorton, Suzanne Miller

In this episode, Ian Gorton and John Klein discuss big data and the challenges it presents for software engineers. With help from fellow SEI researchers, the two have developed a …

November 26, 2013 • Podcast

By Julia H. Allen, Matthew J. Butkovic, Kevin Dillon (Department of Homeland Security)

In this podcast, the presenters explain how CRRs allow critical infrastructure owners to compare their cybersecurity performance with their peers.

November 14, 2013 • Podcast

By Soumya Simanta, Suzanne Miller

In this podcast Soumya Simanta describes research aimed at creating a software prototype that allows warfighters and first responders to rapidly integrate or mash geo-tagged situational awareness data from multiple …

October 31, 2013 • Podcast

By Suzanne Miller, Mary Ann Lapham

In this episode, the fourth in a series about the application of agile principles in the DOD, Suzanne Miller and Mary Ann Lapham discuss the application of the fourth principle, …

October 17, 2013 • Podcast

By Eric Werner, Suzanne Miller

In this episode, Eric Werner discusses research that he and several of his colleagues are conducting to help software developers create systems for the many-core central processing units in massively …

September 26, 2013 • Podcast

By William E. Novak, Suzanne Miller

In this episode, Bill Novak talks about his work with acquisition archetypes and how they can be used to help government programs avoid problems in software development and systems acquisition.

September 12, 2013 • Podcast

By James Edmondson, Suzanne Miller

In this episode, James Edmondson discusses his research on autonomous systems, specifically robotic systems and autonomous systems for robotic systems.

August 29, 2013 • Podcast

By Adam Miller (Huntingdon County, Pennsylvania, Emergency Management Agency), Mike Petock, Bill Pollak

Learn about the SEI's Advanced Mobile Systems Team's work with the Huntingdon County, Pennsylvania, Emergency Management Agency.

August 27, 2013 • Podcast

By Julia H. Allen, Richard A. Caralli

In this podcast, Rich Caralli explains how maturity models provide measurable value in improving an organization's cybersecurity capabilities.

August 15, 2013 • Podcast

By Mary Ann Lapham, Suzanne Miller

A discussion of the application of the third Agile principle, "Deliver working software frequently, from a couple of weeks to a couple of months, with a preference to the shorter …

July 30, 2013 • Podcast

By Gene Kim (IP Services and ITPI), Julia H. Allen

In this podcast, Gene Kim explains how the "release early, release often" approach significantly improves software performance, stability, and security.

July 25, 2013 • Podcast

By Suzanne Miller, Grace Lewis

In this podcast, researcher Grace Lewis discusses application virtualization as a more lightweight alternative to VM synthesis for cloudlet provisioning.

July 11, 2013 • Podcast

By Donald Firesmith, Suzanne Miller

Don Firesmith discusses problems that occur during testing as well as a framework that lists potential symptoms by which each can be recognized, potential negative consequences, and potential causes, and …

June 27, 2013 • Podcast

By William E. Novak

In this episode, SEI researcher Bill Novak discusses joint programs and social dilemmas, which have become increasingly common in defense acquisition, and the ways in joint program outcomes can be …

June 13, 2013 • Podcast

By Mary Ann Lapham, Suzanne Miller

In this episode, SEI researchers discuss the application of the second Agile principle, “Welcome changing requirements, even late in development.

June 11, 2013 • Podcast

By Nader Mehravari, Julia H. Allen

In this podcast, the participants describe four experience reports that demonstrate how the CERT-RMM can be applied to manage operational risks.

May 23, 2013 • Podcast

By Peter H. Feiler

In this podcast, Peter Feiler discusses his recent work to improve the quality of software-reliant systems through an approach known as the Reliability Validation and Improvement Framework.

May 9, 2013 • Podcast

By Dave Mundie, Julia H. Allen

In this podcast, Dave Mundie explains why a common language is essential to developing a shared understanding to better analyze malicious code.

May 9, 2013 • Podcast

By Suzanne Miller, Joseph P. Elm

Joe Elm discusses the results of a recent technical report, which establishes clear links between the application of systems engineering (SE) best practices to projects and programs and the performance …

April 18, 2013 • Podcast

By Suzanne Miller, Mary Ann Lapham

In this episode, Suzanne Miller and Mary Ann Lapham discuss the application of the first Agile principle, "Our highest priority is to satisfy the customer through early and continuous delivery …

April 4, 2013 • Podcast

By William E. Novak, Andrew P. Moore

In this podcast, Bill Novak and Andy Moore describe a recent technical report, The Evolution of a Science Project, which intends to improve acquisition staff decision-making.

March 26, 2013 • Podcast

By Julia H. Allen, Joseph Mayes

In this podcast, Joe Mayes discusses how to ensure the security of personal mobile devices that have access to enterprise networks.

March 21, 2013 • Podcast

By Peter H. Feiler

In this podcast, Peter Feiler discusses the latest changes to the Architecture Analysis & Design Language (AADL) standard.

March 7, 2013 • Podcast

By Suzanne Miller, Troy Townsend, Jay McAllister

In this podcast, Troy Townsend and Jay McAllister discuss their findings on the state of the practice of cyber intelligence.

February 28, 2013 • Podcast

By George Silowash, Lori Flynn, Julia H. Allen

In this podcast, participants explain how 371 cases of insider attacks led to 4 new and 15 updated best practices for mitigating insider threats.

February 21, 2013 • Podcast

By Michael S. Bandor, Suzanne Miller

Michael Bandor discusses technology readiness assessments, which the DoD defines as a formal, systematic, metrics-based process and accompanying report that assess the maturity of critical hardware and software technologies to …

February 7, 2013 • Podcast

By Grace Lewis

In this podcast, Grace Lewis discusses her latest research exploring the role of standards in cloud-computing interoperability.

January 31, 2013 • Podcast

By Nader Mehravari, Julia H. Allen

In this podcast, Nader Mehravari describes how governments and markets are calling for the integration of plans for and responses to disruptive events.

January 17, 2013 • Podcast

By Peter H. Feiler, Julien Delange

Julien Delange and Peter Feiler discuss the latest developments with the Architecture Analysis and Design Language (AADL) standard.

January 3, 2013 • Podcast

By Timothy A. Chick

In this episode, Tim Chick, a senior member of the technical staff in the Team Software Process (TSP) initiative, discusses the fundamentals of agile, specifically what it means for an …

December 20, 2012 • Podcast

By Edwin J. Morris

In this episode, Ed Morris describes research to create a software application for smartphones that allows soldier end-users to program their smartphones to provide an interface tailored to the information …

December 19, 2012 • Podcast

By Nader Mehravari, Julia H. Allen

In this podcast, Nader Mehravari describes how today's high-risk, global, fast, and very public business environment demands a more integrated approach.

December 6, 2012 • Podcast

By Grace Lewis

Grace Lewis discusses general guidelines for architecting service-oriented systems, how common service-oriented system components support these principles, and the effect these principles and their implementation have on system quality attributes.

November 15, 2012 • Podcast

By Bill Scherlis

In this podcast, Bill Scherlis discusses the development of the strategic plan of the SEI to advance the practice of software engineering for the DoD.

November 1, 2012 • Podcast

By James McCurley, Robert W. Stoddard

In this podcast episode, Jim McCurley and Robert Stoddard discuss a new method developed by the SEI's Software Engineering Measurement and Analysis (SEMA) team, Quantifying Uncertainty in Early Lifecycle Cost …

October 23, 2012 • Podcast

By Sid Faber, Austin Whisnant, Julia H. Allen

In this podcast, participants discuss how a network profile can help identify unintended points of entry, misconfigurations, and other weaknesses.

October 18, 2012 • Podcast

By Jim McHale, Felix Bachmann

In this episode, Felix Bachmann and James McHale discuss their work on a project between the SEI and Bursatec to create a reliable and fast new trading system for Groupo …

October 4, 2012 • Podcast

By David Zubrow

In this episode, Dave Zubrow discusses the importance of data quality and research that his team is undertaking in this area.

September 25, 2012 • Podcast

By Julia H. Allen, Art Manion

In this podcast, Greg Crabb explains how CERT-RMM can be used to establish and meet resilience requirements for a wide range of business objectives.

September 20, 2012 • Podcast

By William E. Novak

In this episode, Novak discusses misaligned incentives, misaligned people incentives in software acquisition programs, and how the wrong incentives can undermine acquisition programs and produce poor outcomes.

September 4, 2012 • Podcast

By Bill Nichols

In this podcast, Bill Nichols discusses how a disciplined process enables and enhances agility

September 4, 2012 • Podcast

By Suzanne Miller, Mary Ann Lapham

This podcast explores the SEI's research and work to assist the DoD in Agile acquisition.

September 4, 2012 • Podcast

By Ipek Ozkaya

In this podcast, Ipek Ozkaya discusses the SEI's research on the strategic management of technical debt, which involves decisions made to defer necessary work during the planning or execution of …

September 4, 2012 • Podcast

By Grace Lewis

Grace Lewis discusses her research to overcome challenges for battlefield computing by using cloudlets: localized, lightweight servers running one or more virtual machines on which soldiers can offload expensive computations …

August 21, 2012 • Podcast

By Gregory Crabb (United States Postal Service), Julia H. Allen

In this podcast, Greg Crabb explains how CERT-RMM can be used to establish and meet resilience requirements for a wide range of business objectives.

July 17, 2012 • Podcast

By Julia H. Allen, Lisa R. Young

In this podcast, Lisa Young explains that implementing CERT-RMM requires well-defined improvement objectives, sponsorship, and more.

April 24, 2012 • Podcast

By Joji Montelibano, Julia H. Allen, Ron Ross (NIST)

In this podcast, participants discuss why security controls, including those for insider threat, are necessary to protect information and information systems.

February 28, 2012 • Podcast

By Julia H. Allen, Martin Sebor (Cisco)

In this podcast, Martin Sebor explains how implementing secure coding standards is a sound business decision.

January 31, 2012 • Podcast

By Dennis M. Allen, Julia H. Allen

In this podcast, Dennis Allen explains that protecting the internet and its users against cyber attacks requires more skilled cyber warriors.

December 20, 2011 • Podcast

By Deborah Lafky (Healthcare Information Technology (HIT) Security/Cybersecurity), Matthew J. Butkovic, Julia H. Allen

In this podcast, participants discuss how using electronic health records bring many benefits along with security and privacy challenges.

October 4, 2011 • Podcast

By Julia H. Allen, Pamela D. Curtis

In this podcast, Julia Allen explains that measures of operational resilience should answer key questions, inform decisions, and affect behavior.

September 6, 2011 • Podcast

By Julia H. Allen, Alex Nicoll

Use of Domain Name System security extensions can help prevent website hijacking attacks.

August 2, 2011 • Podcast

By Jonathan Spring, Art Manion, Julia H. Allen

In this podcast, participants explain that it depends on the service model how cloud providers and customers can use controls to protect sensitive information.

July 12, 2011 • Podcast

By Jeff Gennari, Julia H. Allen

In this podcast, Jeff Gennari explains that analyzing malware is essential to assessing the damage and reducing the impact associated with ongoing infection.

May 5, 2011 • Podcast

By David W. White, Julia H. Allen

In this podcast, David White describes how over 100 electric power utilities are using the Smart Grid Maturity Model.

March 29, 2011 • Podcast

By Ron Ross (NIST), Julia H. Allen, James J. Cebula

In this podcast, participants explain why and how business leaders must address risk at the enterprise, business process, and system levels.

February 22, 2011 • Podcast

By Brett Lambo (U.S. Department of Homeland Security), Julia H. Allen, Matthew J. Butkovic

In this podcast, participants discuss exercises that help organizations, governments, and nations prepare for, identify, and mitigate cyber risks.

January 25, 2011 • Podcast

By Julia H. Allen, Michael Hanley

In this podcast, Michael Hanley explains how technical controls can be effective in helping to prevent, detect, and respond to insider crimes.

December 9, 2010 • Podcast

By David W. White, Julia H. Allen, Richard A. Caralli

In this podcast, Richard Caralli explains how CERT-RMM can ensure that critical assets and services perform as expected in the face of stress and disruption.

November 30, 2010 • Podcast

By Philip Huff (Arkansas Electric Cooperative Corporation), Julia H. Allen, Samuel A. Merrell, John Haller

In this podcast, participants explain that knowledge of software assurance is essential to ensure that complex systems function as intended.

October 26, 2010 • Podcast

By Richard C. Linger (Oak Ridge National Laboratory), Nancy R. Mead, Julia H. Allen, Thomas B. Hilburn (Embry-Riddle Aeronautical University)

In this podcast, participants explain how knowledge about software assurance is essential to ensure that complex systems function as intended.

September 28, 2010 • Podcast

By Sammy Migues (Cigital), Gary McGraw, Julia H. Allen

In this podcast, participants discuss how organizations can benchmark their software security practices against 109 observed activities from 30 organizations.

August 31, 2010 • Podcast

By Julia H. Allen, Jonathan Frederick

In this podcast, Jonathan Frederick explains how internet-connected mobile devices are becoming increasingly attractive targets.

August 19, 2010 • Podcast

By Jeffrey J. Carpenter, Julia H. Allen, John Haller

In this podcast, participants discuss how essential a national CSIRT is for protecting national and economic security and continuity.

July 27, 2010 • Podcast

By Julia H. Allen, Art Manion

In this podcast, Julia Allen how critical it is to secure systems that control physical switches, valves, pumps, meters, and manufacturing lines.

May 25, 2010 • Podcast

By Will Dormann, Julia H. Allen

In this podcast, Will Dormann urges listeners to subject their software to fuzz testing to help identify and eliminate security vulnerabilities.

April 27, 2010 • Podcast

By Chad Dougherty, Julia H. Allen

Organized criminals recruit unsuspecting intermediaries to help steal funds from small businesses.

March 3, 2010 • Podcast

By Julia H. Allen, Matthew Meyer (M&I Corporation)

In this podcast, Matthew Meyer explains that being able to respond effectively when faced with a disruptive event requires becoming more resilient.

March 2, 2010 • Podcast

By Julia H. Allen, Pravir Chandra (Fortify Software)

In this podcast, Pravir Chandra warns that CISOs must leave no room for doubt that they understand what is expected of them when developing secure software.

February 2, 2010 • Podcast

By Julia H. Allen, Kristopher Rush

In this podcast, Kris Rush describes how students learn to combine multiple facets of digital forensics and draw conclusions to support investigations.

January 12, 2010 • Podcast

By Ray Jones (APQC), Julia H. Allen

In this podcast, Ray Jones explains how the SGMM provides a roadmap to guide an organization's transformation to the smart grid.

January 9, 2010 • Podcast

By John Christiansen (Christiansen IT Law), Julia H. Allen

In this podcast, John Christiansen explains that effectively responding to e-discovery requests depends on well-defined policies, procedures, and processes.

December 22, 2009 • Podcast

By Julia H. Allen, Ralph Hood (Microsoft), Kim Howell (Microsoft)

In this podcast, participants explain that addressing privacy during software development is just as important as addressing security.

December 1, 2009 • Podcast

By Timothy J. Shimeall, Julia H. Allen

In this podcast, Timothy Shimeall describes how network defenders and business leaders can use NetSA measures to protect their networks.

November 10, 2009 • Podcast

By Julia H. Allen, Gary Daniels (Marshall & Ilsley Corporation)

In this podcast, Gary Daniels explains that providing critical services during times of stress depends on documented, tested business continuity plans.

October 20, 2009 • Podcast

By Julia H. Allen, David W. White

In this podcast, David White explains why a defined, managed process for third party relationships is essential, particularly when business is disrupted.

September 29, 2009 • Podcast

By James F. Stevens, Julia H. Allen

In this podcast, James Stevens explains how using the smart grid comes with some new privacy and security challenges.

September 8, 2009 • Podcast

By Julia H. Allen, Robert Charette (ITABHI Corporation)

In this podcast, Robert Charette explains why electronic health records (EHRs) are possibly the most complicated area of IT today.

August 18, 2009 • Podcast

By Dawn Cappelli, Randall F. Trzeciak, Andrew P. Moore, Julia H. Allen

Two hundred and eighty-two cases of actual insider attacks suggest 16 best practices for preventing and detecting insider threat.

July 7, 2009 • Podcast

By Julia H. Allen, Christopher J. Alberts

In this podcast, Christopher Alberts urges business leaders to adopt new approaches to addressing risks across the life cycle and supply chain.

June 16, 2009 • Podcast

By Julia H. Allen, Tim Mather (RSA)

In this podcast, Tim Mather advises business leaders considering cloud services to weigh the economic benefits against the security and privacy risks.

May 26, 2009 • Podcast

By Julia H. Allen, Martin Linder

In this podcast, Martin Linder urges business leaders to take action to better mitigate sophisticated social engineering attacks.

May 5, 2009 • Podcast

By Robert Charette (ITABHI Corporation), Julia H. Allen

In this podcast, Robert Charette suggests when to examine responsibilities when developing software with known, preventable errors.

April 14, 2009 • Podcast

By Rodney Petersen (EDUCAUSE), Julia H. Allen

In this podcast, Rodney Peterson explains why capitalizing on the cultural norms of the Net Generation is essential when developing security awareness programs.

March 31, 2009 • Podcast

By Julia H. Allen, Sammy Migues (Cigital), Brian Chess (Fortify Software), Gary McGraw

In this podcast, participants discuss how observed practice, represented as a maturity model, can serve as a basis for developing more secure software.

March 17, 2009 • Podcast

By Julia H. Allen, Robert C. Seacord

In this podcast, Robert Seacord explains how requiring secure coding practices when building or buying software can dramatically reduce vulnerabilities.

March 3, 2009 • Podcast

By Julia H. Allen, Roland Cloutier (EMC Corporation), Laura Robinson (Robinson Insight)

In this podcast, participants describe how making security strategic to business innovation involves seven strategies.

February 17, 2009 • Podcast

By Christopher May, Julia H. Allen

In this podcast, Christopher May explains how teams are better prepared to respond to incidents if realistic, hands-on training is part of their normal routine.

February 3, 2009 • Podcast

By Brian Chess (Fortify Software), Julia H. Allen

In this podcast, Brian Chess explain how standards, compliance, and process are better than risk management for ensuring information and software security.

January 20, 2009 • Podcast

By Julia H. Allen, Richard D. Pethia

In this podcast, Rich Pethia reflects on the CERT Division's 20-year history and discusses its future IT and security challenges.

December 9, 2008 • Podcast

By Julia H. Allen, Richard Power (Carnegie Mellon CyLab)

In this podcast, Richard Power explains how climate change requires new strategies for dealing with traditional IT and information security risks.

November 25, 2008 • Podcast

By Julia H. Allen, Jim Wrubel

In this podcast, Jim Wrubel explains how virtual training environments can deliver high quality content to security professionals on-demand, anywhere, anytime.

November 11, 2008 • Podcast

By David Matthews (City of Seattle), Julia H. Allen

In this podcast, Julia Allen explains how responding to an e-discovery request involves many of the same steps and roles as responding to a security incident.

October 28, 2008 • Podcast

By Jennifer Bayuk (No Affiliation), Julia H. Allen

In this podcast, Jennifer Bayuk explains how successful security programs are based on strategy, policy, awareness, implementation, monitoring, and remediation.

October 14, 2008 • Podcast

By Jan Wolynski (Royal Canadian Mounted Police), Julia H. Allen

In this podcast, Jan Wolynski advises business leaders to evaluate risks and opportunities when considering conducting business in online, virtual communities.

September 30, 2008 • Podcast

By Julia H. Allen, Mary Ann Davidson (Oracle)

In this podcast, Mary Ann Davidson explains how integrating security into university curricula is a key solution to developing more secure software.

September 16, 2008 • Podcast

By Julia H. Allen, Lisa R. Young

In this podcast, Lisa Young describes OCTAVE Allegro, a streamlined assessment method that focuses on risks to information used by critical business services.

September 2, 2008 • Podcast

By Julia H. Allen, Clint Kreitner (The Center for Internet Security)

Well-defined metrics are essential to determine which security practices are worth the investment.

August 20, 2008 • Podcast

By Gary McGraw, Julia H. Allen

In this podcast, Gary McGraw explains how to achieve software security by thinking like an attacker and integrating practices into the development lifecycle.

August 5, 2008 • Podcast

By Bradford J. Willke, Julia H. Allen

In this podcast, Bradford Willke explain how protecting critical infrastructures and the information they use are essential for preserving our way of life.

July 28, 2008 • Podcast

By Julia H. Allen, Derek Gabbard

In this podcast, Derek Gabbard discusses automation, innovation, reaction, and expansion as the foundation for meaningful network traffic intelligence.

July 22, 2008 • Podcast

By Julia H. Allen, Art Manion

In this podcast, Art Manion explains that determining which security vulnerabilities to address should be based on the importance of the information asset.

July 8, 2008 • Podcast

By Nancy R. Mead, Julia H. Allen

In this podcast, Nancy Mead explains that during requirements engineering, software engineers need to think about how software should behave when under attack.

June 24, 2008 • Podcast

By Julia H. Allen, Paul Love (The Standard)

In this podcast, Paul Love argues that targeted, innovative communications and a robust lifecycle are keys for security policy success.

June 10, 2008 • Podcast

By Julia H. Allen, Brian P. Gallagher

Managing software that is developed by an outside organization can be more challenging than building it yourself.

May 27, 2008 • Podcast

By Mike Petock, Bill Pollak, Julia H. Allen

In this podcast, Julia Allen explains how software security is about building more defect-free software to reduce vulnerabilities targeted by attackers.

May 13, 2008 • Podcast

By Julia H. Allen, Gene Kim (IP Services and ITPI)

In this podcast, Gene Kim describes how high performing organizations must integrate information security controls into their IT operational processes.

April 29, 2008 • Podcast

By Julia H. Allen, Gary Hinson (No Affiliation)

In this podcast, Betsy Nichols tells us how benchmark results can compare results with peers, drive performance, and help determine how much security is enough.

April 15, 2008 • Podcast

By Julia H. Allen, Betsy Nichols (PlexLogic)

In this podcast, Betsy Nichols describes how benchmark results can be used to help determine how much security is enough.

April 1, 2008 • Podcast

By Julia H. Allen, Kim Hargraves (Microsoft)

In this podcast, Kim Hargraves describes three keys to ensuring information privacy in an organization.

March 18, 2008 • Podcast

By Samuel A. Merrell, Julia H. Allen

In this podcast, Samuel Merrell explains that a sound security metrics program should select data relevant to consumers from repeatable processes.

March 4, 2008 • Podcast

By Dawn Cappelli, Julia H. Allen

In this podcast, Dawn Cappelli explains how insider threat vulnerabilities can be introduced during all phases of the software development lifecycle.

February 19, 2008 • Podcast

By Nicholas Ianelli, Julia H. Allen

In this podcast, Nicholas Ianelli cautions business leaders to understand the risks to their organizations caused by the proliferation of botnets.

February 5, 2008 • Podcast

By Betsy Nichols (PlexLogic), Julia H. Allen

In this podcast, Betsy Nichols explains that reporting meaningful security metrics depends on topic selection, context definition, and data access.

January 22, 2008 • Podcast

By M. Eric Johnson (Dartmouth College), Scott Dynes (Dartmouth College), Julia H. Allen

In this podcast, participants discuss how peer-to-peer networks are being used to unintentionally disclose government, commercial, and personal information.

January 8, 2008 • Podcast

By Tom Smedinghoff (Wildman Harrold), Julia H. Allen

In this podcast, Tom Smedinghoff reminds directors and executives that they are personally accountable for protecting information entrusted to their care.

December 10, 2007 • Podcast

By Julia H. Allen, Dan Swanson (Dan Swanson and Associates)

In this podcast, Dan Swanson explains how an internal audit can serve a key role in establishing an effective information security program.

November 27, 2007 • Podcast

By Sean Beggs (Carnegie Mellon University), Stephanie Losi

In this podcast, participants discuss whether information security degree programs meet the needs of business leaders seeking knowledgeable employees.

November 13, 2007 • Podcast

By Julia H. Allen, William R. Wilson

In this podcast, William Wilson explains how an information security risk assessment, performed with operational risk management, can contribute to compliance.

October 30, 2007 • Podcast

By Stephanie Losi, Cal Waits

In this podcast, participants discuss how business leaders can play a key role in computer forensics by establishing and testing strong policies.

October 16, 2007 • Podcast

By Scott Dynes (Dartmouth College), Stephanie Losi

In this podcast, participants discuss how a business resilience argument can bridge the gap between information security officers and business leaders.

October 15, 2007 • Podcast

By Lisa R. Young, Julia H. Allen

In this podcast, Lisa Young suggests that by taking a holistic view of business resilience, business leaders can help their organizations stand up to threats.

September 18, 2007 • Podcast

By Greg Newby (Arctic Region Supercomputing Center), Stephanie Losi

In this podcast, participants explain that it's easy to think of security as a collection of technologies and tools, but that people are the real key.

September 4, 2007 • Podcast

By Bill Boni (Motorola), Julia H. Allen, Patty Morrison (Motorola)

In this podcast, participants explain that since you can't secure everything, managing security risk to a "commercially reasonable degree" is best.

August 7, 2007 • Podcast

By Jeffrey J. Carpenter, Julia H. Allen

In this podcast, Clint Kreitner explains how information security costs can be reduced by enforcing standard configurations for widely deployed systems.

August 7, 2007 • Podcast

By Clint Kreitner (The Center for Internet Security), Julia H. Allen

In this podcast, participants explain that since you can't secure everything, , managing security risk to a "commercially reasonable degree" is best.

July 24, 2007 • Podcast

By Mike Petock, Bill Pollak, Pamela Fusco (FishNet Security)

In this podcast, William Wilson advises business leaders to use international standards to create a business- and risk-based information security program.

July 10, 2007 • Podcast

By Julia H. Allen, William R. Wilson

In this podcast, William Wilson explains how business leaders can use international standards to create a business- and risk-based information security program.

June 26, 2007 • Podcast

By Julia H. Allen, Stephanie Losi

In this podcast, participants explain that enterprise security governance can be achieved by implementing a defined, repeatable process.

June 12, 2007 • Podcast

By Julia H. Allen, Bill Crowell (No Affiliation), Brian Contos (ArcSight)

In this podcast, participants recommend deploying common solutions for physical and IT security as a cost-effective way to reduce risk and save money.

May 29, 2007 • Podcast

By Stephanie Losi, Steve Kalinowski, Steve Huth

In this podcast, participants discuss how organizations may occasionally need to redefine their IT infrastructures and be ready to handle tricky situations.

May 15, 2007 • Podcast

By Mike Hubbard (Womble Carlyle Sandridge & Rice, PLLC), Stephanie Losi, Scott Ganow (Verispan)

In this podcast, participants discuss the complex legal compliance landscape and how de-identification can help organizations share data more securely.

May 1, 2007 • Podcast

By Stephanie Losi, Richard A. Caralli

In this podcast, participants discuss how businesses leaders need to keep their critical processes and services up and running in the face of the unexpected.

April 17, 2007 • Podcast

By Richard Nolan, Stephanie Losi

In this podcast, participants discuss how computer forensics is often overlooked when planning an incident response strategy.

April 3, 2007 • Podcast

By Stephanie Losi, Georgia Killcrece, Robin Ruefle

In this podcast, participants explain that incident management is not just technical response, but a cross-enterprise effort.

March 20, 2007 • Podcast

By Stephanie Losi, Jody R. Westby

In this podcast, participants encourage business leaders, including legal counsel, to understand how to tackle complex security issues for a global enterprise.

March 6, 2007 • Podcast

By Larry Rogers, Stephanie Losi

System administrators increasingly need business savvy in addition to technical skills, and IT training courses must try to keep pace with this trend.

February 20, 2007 • Podcast

By Stephanie Losi, Kelly Kimberland

In this podcast, participants alert business leaders to be prepared to communicate with the media and their staff during high-profile security incidents.

February 6, 2007 • Podcast

By Julia H. Allen, Christopher J. Alberts

In this podcast, participants discuss analysis tools for assessing complex organizational and technological issues that are beyond traditional approaches.

January 23, 2007 • Podcast

By Alessandro Acquisiti (Carnegie Mellon University), Stephanie Losi

In this podcast, participants discuss a trend toward more data disclosure that may cause users to become desensitized to privacy breaches.

January 9, 2007 • Podcast

By Julia H. Allen, Barbara Laswell

In this podcast, Barbara Laswell describes specifications that define the knowledge, skills, and competencies required for a range of security positions.

December 26, 2006 • Podcast

By Thomas A. Longstaff, Julia H. Allen

In this podcast, participants discuss how business models are evolving as security threats become more covert and technology enables information migration.

December 19, 2006 • Podcast

By Stephanie Losi, Kristopher Rush

In this podcast, participants discuss defense-in-depth, a path toward enterprise resilience.

November 28, 2006 • Podcast

By Dawn Cappelli, Julia H. Allen

In this podcast, Dawn Cappelli describes the real and substantial threat of attack from insiders.

November 14, 2006 • Podcast

By Gene Kim (IP Services and ITPI), Stephanie Losi

In this podcast, Gene Kim reports how a recent security survey found one factor that separated high performers from the rest of the pack: change management.

October 31, 2006 • Podcast

By Julia H. Allen, Richard D. Pethia

In this podcast, Richard Pethia voices his view of the internet security landscape and the future of the CERT Division.

October 17, 2006 • Podcast