Podcasts
The SEI Podcast Series presents conversations in software engineering, cybersecurity, artificial intelligence engineering, and future technologies.
Subscribe
Filter by
-
Improving Machine Learning Test and Evaluation with MLTE
• Podcast
By Grace Lewis, Sebastián Echeverría, Katherine R. Maffey (AI Integration Center, U.S. Army), Alex Derr
Machine learning (ML) models commonly experience issues when integrated into production systems. MLTE provides a process and infrastructure for ML test and evaluation.
LISTEN -
DOD Software Modernization: SEI Impact and Innovation
• Podcast
By Paul Nielsen
As software size, complexity, and interconnectedness continues to grow, modernization has become more important than ever. Paul Nielsen outlines the SEI's work with the DoD on this front in the …
LISTEN -
Securing Docker Containers: Techniques, Challenges, and Tools
• Podcast
By Maxwell Trdina, Sasank Vishnubhatla
With the increasing prevalence of cloud computing environments, containers are increasingly providing their underlying architecture.
LISTEN -
An Introduction to Software Cost Estimation
• Podcast
By Anandi Hira
Software cost estimation is an important first step when beginning a project. It addresses budget, staffing, scheduling, and whether the current environment will support the project.
LISTEN -
Cybersecurity Metrics: Protecting Data and Understanding Threats
• Podcast
By Bill Nichols
Scoping down objectives and determining what kinds of data to gather are persistent challenges in cybersecurity. Bill Nichols explores cyber metrics in our latest podcast.
LISTEN -
3 Key Elements for Designing Secure Systems
• Podcast
By Timothy A. Chick
To make secure software by design a reality, engineers must intentionally build security throughout the software development lifecycle.
LISTEN -
Using Role-Playing Scenarios to Identify Bias in LLMs
• Podcast
By Katherine-Marie Robinson, Violet Turri
Harmful biases in large language models (LLMs) make AI less trustworthy and secure. Katie Robinson and Violet Turri discuss their recent work using role-playing game scenarios to identify biases in …
LISTEN -
Best Practices and Lessons Learned in Standing Up an AISIRT
• Podcast
By Lauren McIlvenny
In the wake of widespread adoption of AI practices in critical infrastructure, best practices and lessons learned in standing up a AI Security Incident Response Team (AISIRT).
LISTEN -
3 API Security Risks (and How to Protect Against Them)
• Podcast
By McKinley Sconiers-Hasan
McKinley Sconiers-Hasan discusses three API risks and how to address them through the lens of zero trust.
LISTEN -
Evaluating Large Language Models for Cybersecurity Tasks: Challenges and Best Practices
• Podcast
By Samuel J. Perl, Jeff Gennari
Jeff Gennari and Sam Perl discuss applications for LLMs in cybersecurity, potential challenges, and recommendations for evaluating LLMs.
LISTEN -
Capability-based Planning for Early-Stage Software Development
• Podcast
By Bill Nichols, Anandi Hira
This SEI podcast introduces capability-based planning (CBP) and its use and application in software acquisition.
LISTEN -
Safeguarding Against Recent Vulnerabilities Related to Rust
• Podcast
By David Svoboda
David Svoboda discusses two vulnerabilities related to Rust, their sources, and how to mitigate them.
LISTEN -
Developing a Global Network of Computer Security Incident Response Teams (CSIRTs)
• Podcast
By James Lord, Tracy Bills
Tracy Bills and James Lord discuss the SEI’s work developing Computer Security Incident Response Teams (CSIRTs) across the globe.
LISTEN -
Automated Repair of Static Analysis Alerts
• Podcast
By David Svoboda
David Svoboda discusses Redemption, a new open source tool that automatically repairs common errors in C/C++ code generated from static analysis alerts.
LISTEN -
Developing and Using a Software Bill of Materials Framework
• Podcast
By Carol Woody, Michael S. Bandor
Carol Woody and Michael Bandor discuss a Software Bill of Materials framework to help organizations establish a comprehensive set of practices and processes.
LISTEN -
Using Large Language Models in the National Security Realm
• Podcast
By Shannon Gallagher
Shannon Gallagher discusses findings and recommendations from the Mayflower Project and provides additional background information about LLMs and how they can be engineered for national security use.
LISTEN -
Atypical Applications of Agile and DevSecOps Principles
• Podcast
By David Sweeney, Lyndsi A. Hughes
Lyndsi Hughes and David Sweeney discuss their experiences leveraging DevSecOps pipelines in atypical situations for capability delivery and business mission.
LISTEN -
When Agile and Earned Value Management Collide: 7 Considerations for Successful Interaction
• Podcast
By Stephen Wilson, Patrick R. Place
Patrick Place and Stephen Wilson discuss seven considerations for successful use of Agile and EVM.
LISTEN -
The Impact of Architecture on the Safety of Cyber-Physical Systems
• Podcast
By Jerome Hugues
Jerome Hugues discusses challenges that arise from the increasing autonomy in cyber-physical systems including transferring and processing multiple data streams.
LISTEN -
ChatGPT and the Evolution of Large Language Models: 4 Case Studies
• Podcast
By Matthew Walsh, Dominic A. Ross
Matthew Walsh, a senior data scientists in CERT, and Dominic Ross, Multi-Media Design Team Lead, discuss their work in developing four case studies to understand limitations and future uses of …
LISTEN -
The Cybersecurity of Quantum Computing: 6 Areas of Research
• Podcast
By Tom Scanlon
Thomas Scanlon, lead of the SEI Data Science Group, discusses how to create the discipline of cyber protection of quantum computing and outlines six areas of future research in the …
LISTEN -
User-Centric Metrics for Agile
• Podcast
By Patrick R. Place, Will Hayes
Will Hayes and Pat Place discuss the importance of user stories in Agile metrics.
LISTEN -
The Product Manager’s Evolving Role in Software and Systems Development
• Podcast
By Judy Hwang
Judy Hwang discusses the importance of implementing product management principles in software and systems development and resources to strengthen Agile product delivery practices.
LISTEN -
Measuring the Trustworthiness of AI Systems
• Podcast
By Carol J. Smith, Alexandrea Steiner, Katherine-Marie Robinson
Carol Smith, Katie Robinson, and Alex Steiner discuss how to measure the trustworthiness of an AI system as well as questions that organizations should ask before determining if they want …
LISTEN -
Actionable Data in the DevSecOps Pipeline
• Podcast
By Bill Nichols, Julie B. Cohen
Bill Nichols and Julie Cohen talk with Suzanne Miller about how automation within DevSecOps product-development pipelines provides new opportunities for program managers (PMs) to confidently make decisions with the help …
LISTEN -
Insider Risk Management in the Post-Pandemic Workplace
• Podcast
By Randall F. Trzeciak, Daniel L. Costa
Dan Costa and Randy Trzeciak discuss how remote work in the post-pandemic world is changing expectations about employee behavior monitoring and insider risk detection.
LISTEN -
An Agile Approach to Independent Verification and Validation
• Podcast
By Justin Smith
Justin Smith, senior Agile transformation leader in the SEI Software Solutions Division, talks with principal researcher Suzanne Miller about how to bring concepts from Lean and Agile software development into …
LISTEN -
Zero Trust Architecture: Best Practices Observed in Industry
• Podcast
By Matthew Nicolai, Nathaniel Richmond
Matthew Nicolai and Nathaniel Richmond discuss five best practices in implementing a zero trust architecture, explain their significance, and provide commentary and analysis on ways to empower your organization’s zero …
LISTEN -
Automating Infrastructure as Code with Ansible and Molecule
• Podcast
By Matthew Heckathorn
Matthew Heckathorn, an integration engineer with the SEI’s CERT Division, offers guidance for systems engineers, system administrators, and others on developing Ansible roles and automating infrastructure as code.
LISTEN -
Identifying and Preventing the Next SolarWinds
• Podcast
By Greg Touhill
Gregory J. Touhill, director of the SEI CERT Division, talks with Suzanne Miller about the 2020 attack on SolarWinds software and how to prevent a recurrence of another major attack …
LISTEN -
A Penetration Testing Findings Repository
• Podcast
By Samantha Chaves, Marisa Midler
Marisa Midler and Samantha Chaves talk with Suzanne Miller about an open-source penetration testing findings repository that they created.
LISTEN -
Understanding Vulnerability Analysis in the Rust Programming Language
• Podcast
By Garret Wassermann, David Svoboda
David Svoboda and Garret Wassermann explore tools for understanding vulnerabilities in Rust whether the original source code is available or not.
LISTEN -
We Live in Software: Engineering Societal-Scale Systems
• Podcast
By John E. Robert, Forrest Shull
John Robert, deputy director of the SEI’s Software Solutions Division, and Forrest Shull, lead for defense software acquisition policy research at the SEI, discuss issues that must be considered when …
LISTEN -
Secure by Design, Secure by Default
• Podcast
By Greg Touhill
Gregory J. Touhill, director of the SEI CERT Division, talks with Suzanne Miller about secure by design, secure by default, a longstanding tenet of the work of the SEI and …
LISTEN -
Key Steps to Integrate Secure by Design into Acquisition and Development
• Podcast
By Robert Schiela, Carol Woody
Robert Schiela and Carol Woody talk with Suzanne Miller about the importance of integrating the practices and mindset of secure by design into the acquisition and development of software-reliant systems.
LISTEN -
An Exploration of Enterprise Technical Debt
• Podcast
By Stephany Bellomo
Stephany Bellomo, a principal engineer in the SEI’s Software Solutions Division, talks with principal researcher Suzanne Miller about identifying and remediating enterprise technical debt.
LISTEN -
The Messy Middle of Large Language Models
• Podcast
By Jay Palat, Rachel Dzombak
Jay Palat and Rachel Dzombak discuss the current landscape of large language models (LLMs) and how to leverage tools built on top of LLMs, such as ChatGPT and Copilot.
LISTEN -
An Infrastructure-Focused Framework for Adopting DevSecOps
• Podcast
By Vanessa B. Jackson, Lyndsi A. Hughes
Vanessa Jackson and Lyndsi Hughes discuss the DevSecOps adoption framework, which guides organizations in the planning and implementation of a roadmap to functional CI/CD pipeline capabilities.
LISTEN -
Software Security in Rust
• Podcast
By David Svoboda, Joe Sible
David Svoboda and Joe Sible talk with Suzanne Miller about the Rust programming language and its security-related features.
LISTEN -
Improving Interoperability in Coordinated Vulnerability Disclosure with Vultron
• Podcast
By Allen D. Householder
Allen Householder, a senior vulnerability and incident researcher with the SEI’s CERT Division, talks with SEI principal investigator Suzanne Miller about Vultron, a protocol for multi-party coordinated vulnerability disclosure (MPCVD).
LISTEN -
Asking the Right Questions to Coordinate Security in the Supply Chain
• Podcast
By Carol Woody
Carol Woody talks with Suzanne Miller about the SEI’s newly released Acquisition Security Framework, which helps programs coordinate the management of engineering and supply-chain risks across system components.
LISTEN -
Securing Open Source Software in the DoD
• Podcast
By Scott Hissam, Linda Parker Gates
Scott Hissam talks with Linda Parker Gates about the use of free and open-source software (FOSS) in the DoD, building on insights that surfaced in a recent workshop held for …
LISTEN -
A Model-Based Tool for Designing Safety-Critical Systems
• Podcast
By Sam Procter, Lutz Wrage
Sam Procter and Lutz Wrage discuss with Suzanne Miller the Guided Architecture Trade Space Explorer (GATSE), a new SEI-developed model-based tool to help with the design of safety-critical systems.
LISTEN -
Managing Developer Velocity and System Security with DevSecOps
• Podcast
By Alejandro Gomez
Alejandro Gomez talks with Suzanne Miller about how his team explored—and eventually resolved—the two competing forces of developer velocity and cybersecurity enforcement by implementing DevSecOps.
LISTEN -
A Method for Assessing Cloud Adoption Risks
• Podcast
By Christopher J. Alberts
Chris Alberts discusses with Suzanne Miller a prototype set of cloud adoption risk factors and describes a method that managers can employ to assess their cloud initiatives against these risk …
LISTEN -
Software Architecture Patterns for Deployability
• Podcast
By Rick Kazman
Rick Kazman, an SEI visiting scientist and coauthor of Software Architecture in Practice, talks with principal researcher Suzanne Miller about using patterns for software deployability.
LISTEN -
A Roadmap for Creating and Using Virtual Prototyping Software
• Podcast
By Richard Kendall, Douglass Post
Douglass Post and Richard Kendall discuss their experiences applying virtual prototyping in Computational Research and Engineering Acquisition Tools and Environments (CREATE).
LISTEN -
ML-Driven Decision-Making in Realistic Cyber Exercises
• Podcast
By Dustin D. Updyke, Thomas G. Podnar
Thomas Podnar and Dustin Updyke discuss efforts by the SEI CERT Division to apply machine learning to increase the realism of non-player characters (NPCs) in cyber training exercises.
LISTEN -
Software Architecture Patterns for Robustness
• Podcast
By Rick Kazman
Rick Kazman discusses software architecture patterns and the effect that certain architectural patterns have on quality attributes, such as availability and robustness.
LISTEN -
A Platform-Independent Model for DevSecOps
• Podcast
By Joe Yankel, Timothy A. Chick
Tim Chick and Joe Yankel present a DevSecOps Platform-Independent Model that uses model-based systems engineering (MBSE) to formalize the practices of DevSecOps pipelines and organize relevant guidance.
LISTEN -
Using the Quantum Approximate Optimization Algorithm (QAOA) to Solve Binary-Variable Optimization Problems
• Podcast
By Daniel Justice, Jason Larkin
Jason Larkin and Daniel Justice, researchers in the SEI’s AI Division, discuss a paper outlining their efforts to simulate the performance of Quantum Approximate Optimization Algorithm (QAOA) for the Max-Cut …
LISTEN -
A Dive into Deepfakes
• Podcast
By Shannon Gallagher, Dominic A. Ross
Shannon Gallagher, a data scientist with SEI’s CERT Division, and Dominic Ross, multimedia team lead for the SEI, discuss deepfakes, their exponential growth in recent years, and their increasing technical …
LISTEN -
Trust and AI Systems
• Podcast
By Carol J. Smith, Dustin D. Updyke
Carol Smith, a senior research scientist in human machine interaction, and Dustin Updyke, a senior cybersecurity engineering in the SEI’s CERT Division, discuss the construction of trustworthy AI systems and …
LISTEN -
Challenges and Metrics in Digital Engineering
• Podcast
By Bill Nichols
Bill Nichols and Suzanne Miller discuss the challenges in making the transition from traditional development practices to digital engineering.
LISTEN -
The 4 Phases of the Zero Trust Journey
• Podcast
By Matthew Nicolai, Timothy Morrow
Tim Morrow and Matthew Nicolai outline 4 steps that organizations can take to implement and maintain a zero trust architecture.
LISTEN -
DevSecOps for AI Engineering
• Podcast
By Hasan Yasar, Jay Palat
Hasan Yasar and Jay Palat discuss how to engineer AI systems with DevSecOps and explore the relationship between MLOps and DevSecOps.
LISTEN -
Undiscovered Vulnerabilities: Not Just for Critical Software
• Podcast
By Jonathan Spring
Jonathan Spring discusses the findings in a recent paper that analyzes the number of undiscovered vulnerabilities in information systems.
LISTEN -
Explainable AI Explained
• Podcast
By Violet Turri
Violet Turri discusses explainable AI, which encompasses all the techniques that make the decision-making processes of AI systems understandable to humans.
LISTEN -
Model-Based Systems Engineering Meets DevSecOps
• Podcast
By Joe Yankel, Jerome Hugues
Jerome Hugues and Joe Yankel discuss ModDevOps, an extension of DevSecOps that embraces model-based systems engineering (MBSE) practices and technology.
LISTEN -
Incorporating Supply Chain Risk and DevSecOps into a Cybersecurity Strategy
• Podcast
By Carol Woody
Carol Woody, a principal researcher in the SEI's CERT Division, talks with Suzanne Miller about supply-chain issues and the planning needed to integrate software from the supply chain into operational …
LISTEN -
Software and Systems Collaboration in the Era of Smart Systems
• Podcast
By Paul Nielsen
SEI director Paul Nielsen talks with principal researcher Suzanne Miller about how the advent of smart systems has led to a growing need for effective collaboration between the disciplines of …
LISTEN -
Securing the Supply Chain for the Defense Industrial Base
• Podcast
By Gavin Jurecko, Katie C. Stewart
Gavin Jurecko, who leads the SEI’s Resilience Diagnostics Team, talks with Katie Stewart about risks associated with defense industrial base (DIB) supply chains and how the SEI works with the …
LISTEN -
Building on Ghidra: Tools for Automating Reverse Engineering and Malware Analysis
• Podcast
By Jeff Gennari, Garret Wassermann
Jeffrey Gennari and Garret Wassermann talk with Suzanne Miller about Kaiju, a series of tools that they have developed that allows for malware analysis and reverse engineering. Kaiju helps analysts …
LISTEN -
Envisioning the Future of Software Engineering
• Podcast
By Forrest Shull, Anita Carleton
Anita Carleton and Forrest Shull discuss the recently published SEI-led study Architecting the Future of Software Engineering: A National Agenda for Software Engineering Research & Development.
LISTEN -
Implementing the DoD's Ethical AI Principles
• Podcast
By Alexandrea Steiner, Carol J. Smith
In this SEI podcast, Alex Van Deusen and Carol Smith, both with the SEI's AI Division, discuss a recent project in which they helped the Defense Innovation Unit of the …
LISTEN -
Walking Fast Into the Future: Evolvable Technical Reference Frameworks for Mixed-Criticality Systems
• Podcast
By Douglas Schmidt (William & Mary), Nickolas Guertin
In this SEI Podcast, Suzanne Miller talks with Nickolas Guertin and Douglas Schmidt about strategies for creating architectures for large-scale, complex systems that comprise functions with a wide range of …
LISTEN -
Software Engineering for Machine Learning
• Podcast
By Ipek Ozkaya, Grace Lewis
Grace Lewis and Ipek Ozkaya discuss their research into software engineering for machine learning (ML) with host Jonathan Spring.
LISTEN -
A Discussion on Automation with Watts Humphrey Award Winner Rajendra Prasad
• Podcast
By Rajendra T. Prasad (Accenture)
In this SEI Podcast, 2020 IEEE Computer Society SEI Watts Humphrey Software Quality Award winner Rajendra Prasad of Accenture talks with Mike Konrad of the SEI about automation.
LISTEN -
Enabling Transition from Sustainment to Engineering within the DoD
• Podcast
By Douglas Schmidt (William & Mary), Thomas Evans
Thomas Evans and Douglas C. Schmidt discuss challenges sustainment teams face when transitioning from sustainment to engineering in the DoD.
LISTEN -
The Silver Thread of Cyber in the Global Supply Chain
• Podcast
By Matthew J. Butkovic
Matt Butkovic, technical director of risk and resilience in the SEI's CERT Division, discusses with Suzanne Miller the importance of cyber in the global supply chain and his team's work …
LISTEN -
Measuring DevSecOps: The Way Forward
• Podcast
By Bill Nichols, Hasan Yasar
Bill Nichols and Hasan Yasar discuss the ways in which DevSecOps practices yield valuable information about software performance that is likely to lead to innovations in software engineering metrics.
LISTEN -
Bias in AI: Impact, Challenges, and Opportunities
• Podcast
By Carol J. Smith, Jonathan Spring
Carol Smith discusses with Jonathan Spring the hidden sources of bias in artificial intelligence (AI) systems and how systems developers can raise their awareness of bias, mitigate consequences, and reduce …
LISTEN -
Agile Strategic Planning: Concepts and Methods for Success
• Podcast
By Suzanne Miller, Linda Parker Gates
Linda Parker Gates, initiative lead, Software Acquisition Pathways, and Suzanne Miller, principal researcher in the SEI's Software Solutions Division, discuss the principles of Agile strategic planning and methods for success.
LISTEN -
Applying Scientific Methods in Cybersecurity
• Podcast
By Leigh B. Metcalf, Jonathan Spring
Leigh Metcalf and Jonathan Spring discuss with Suzanne Miller the application of scientific methods to cybersecurity, a subject of their recently published book, Using Science in Cybersecurity.
LISTEN -
Zero Trust Adoption: Benefits, Applications, and Resources
• Podcast
By Geoff Sanders
Geoff Sanders, a senior network defense analyst in the SEI's CERT Division, discusses zero trust adoption and its benefits, applications, and available resources.
LISTEN -
Uncertainty Quantification in Machine Learning: Measuring Confidence in Predictions
• Podcast
By Eric Heim
Eric Heim, a senior machine learning research scientist at the Software Engineering Institute at Carnegie Mellon University, discusses the quantification of uncertainty in machine-learning (ML) systems.
LISTEN -
11 Rules for Ensuring a Security Model with AADL and Bell–LaPadula
• Podcast
By Aaron Greenhouse
Aaron Greenhouse, a senior software architecture researcher, discusses 11 analysis rules that must be enforced over an AADL instance to ensure the consistency of a security model.
LISTEN -
Benefits and Challenges of Model-Based Systems Engineering
• Podcast
By Nataliya Shevchenko, Mary Popeck
Nataliya [Natasha] Shevchenko and Mary Popeck discuss the use of model-based systems engineering (MBSE), which, in contrast to document-centric engineering, puts models at the center of system design.
LISTEN -
Can DevSecOps Make Developers Happier?
• Podcast
By Hasan Yasar
Hasan Yasar discusses the cultural aspects of DevSecOps practices.
LISTEN -
Is Your Organization Ready for AI?
• Podcast
By Carol J. Smith, Rachel Dzombak
Digital transformation lead Dr. Rachel Dzombak and research scientist Carol Smith discuss how AI Engineering can support organizations to implement AI systems.
LISTEN -
Managing Vulnerabilities in Machine Learning and Artificial Intelligence Systems
• Podcast
By Nathan M. VanHoudnos, Jonathan Spring, Allen D. Householder
Allen Householder, Jonathan Spring, and Nathan VanHoudnos discuss how to manage vulnerabilities in AI/ML systems.
LISTEN -
AI Workforce Development
• Podcast
By Rachel Dzombak, Jay Palat
Rachel Dzombak and Jay Palat discuss growth in the field of artificial intelligence (AI) and how organizations can hire and train staff to take advantage of the opportunities afforded by …
LISTEN -
Moving from DevOps to DevSecOps
• Podcast
By Hasan Yasar
Hasan Yasar discusses how organizations can transition from DevOps to DevSecOps.
LISTEN -
Mission-Based Prioritization: A New Method for Prioritizing Agile Backlogs
• Podcast
By Keith Korzec
Keith Korzec discusses the Misson-Based Prioritization method for prioritizing Agile backlogs.
LISTEN -
Digital Engineering and DevSecOps
• Podcast
By David James Shepard
David Shepard, a software developer with the SEI's Software Solutions Division, discusses digital engineering and its relationship with DevSecOps.
LISTEN -
A 10-Step Framework for Managing Risk
• Podcast
By Brett Tucker
Brett Tucker outlines OCTAVE FORTE, a 10-step framework to guide organizations in managing risk.
LISTEN -
7 Steps to Engineer Security into Ongoing and Future Container Adoption Efforts
• Podcast
By Richard Laughlin, Tom Scanlon
Thomas Scanlon and Richard Laughlin discuss seven steps that developers can take to engineer security into ongoing and future container adoption efforts.
LISTEN -
Ransomware: Evolution, Rise, and Response
• Podcast
By Marisa Midler, Timothy J. Shimeall
Marisa Midler and Tim Shimeall, analysts with the SEI's CERT Division, discuss steps and strategies that organizations can adopt to minimize their exposure to the risks and threats associated with …
LISTEN -
VINCE: A Software Vulnerability Coordination Platform
• Podcast
By Emily Sarneso, Art Manion
Emily Sarneso, the architect of VINCE, and Art Manion, technical manager of the Vulnerability Analysis Team in the SEI CERT Division, discuss the rollout of VINCE, how to use it, …
LISTEN -
Work From Home: Threats, Vulnerabilities, and Strategies for Protecting Your Network
• Podcast
By Phil Groce
Phil Groce, a senior network defense analyst in the SEI's CERT Division, discusses the security implications of remote work.
LISTEN -
An Introduction to CMMC Assessment Guides
• Podcast
By Katie C. Stewart, Andrew F. Hoover
In this SEI Podcast, Andrew Hoover and Katie Stewart, architects of the CMMC 1.0 model, discuss the CMMC assessment guides, how they were developed, and how they can be used.
LISTEN -
The CMMC Level 3 Assessment Guide: A Closer Look
• Podcast
By Katie C. Stewart, Andrew F. Hoover
Andrew Hoover and Katie Stewart, architects of the CMMC 1.0 model, discuss the Level 3 Assessment Guide for the CMMC and how it differs from the Level 1 Assessment Guide.
LISTEN -
The CMMC Level 1 Assessment Guide: A Closer Look
• Podcast
By Andrew F. Hoover, Katie C. Stewart
Andrew Hoover and Katie Stewart, architects of the CMMC 1.0 model, discuss the Level 1 Assessment Guide for the CMMC.
LISTEN -
Achieving Continuous Authority to Operate (ATO)
• Podcast
By Shane Ficorilli, Hasan Yasar
Shane Ficorilli and Hasan Yasar sit down with Suzanne Miller to discuss Continuous ATO, including challenges, the role of DevSecOps, and cultural issues that organizations must address.
LISTEN -
Challenging the Myth of the 10x Programmer
• Podcast
By Bill Nichols
Bill Nichols, a researcher in the SEI's Software Solution Division, recently examined the veracity and relevance of the widely held notion that some programmers are much better than others (the …
LISTEN -
A Stakeholder-Specific Vulnerability Categorization
• Podcast
By Eric Hatleback, Allen D. Householder, Jonathan Spring
Eric Hatleback, Allen Householder, and Jonathan Spring, vulnerability and incident researchers in the SEI CERT Division, discuss SSVC and also take audience members through a sample scoring vulnerability.
LISTEN -
Optimizing Process Maturity in CMMC Level 5
• Podcast
By Andrew F. Hoover, Katie C. Stewart
Andrew Hoover and Katie Stewart, architects of the CMMC 1.0 model, discuss the Level 5 process maturity requirements, which are standardizing and optimizing a documented approach for CMMC.
LISTEN -
Reviewing and Measuring Activities for Effectiveness in CMMC Level 4
• Podcast
By Katie C. Stewart, Andrew F. Hoover
Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss reviewing and communicating CMMC activities and measuring those activities for effectiveness, which are requirements of Level 4 of the …
LISTEN -
Situational Awareness for Cybersecurity: Beyond the Network
• Podcast
By Timothy Morrow, Angela Horneman
Angela Horneman and Timothy Morrow discuss the importance of looking beyond the network to gain situational awareness for cybersecurity.
LISTEN -
Quantum Computing: The Quantum Advantage
• Podcast
By Jason Larkin
Dr. Jason Larkin discusses the challenges of working in the NISQ era and the work that the SEI is doing in quantum computing.
LISTEN -
CMMC Scoring 101
• Podcast
By Andrew F. Hoover, Katie C. Stewart
Andrew Hoover and Katie Stewart, architects of the Cybersecurity Maturity Model Certification (CMMC) 1.0, discuss how assessed DIB organizations are scored according to the model.
LISTEN -
Developing an Effective CMMC Policy
• Podcast
By Andrew F. Hoover, Katie C. Stewart
Andrew Hoover and Katie Stewart, architects of the Cybersecurity Maturity Model Certification (CMMC) 1.0, present guidelines for developing an effective CMMC policy.
LISTEN -
The Future of Cyber: Educating the Cybersecurity Workforce
• Podcast
By Dr. Diana Burley, Roberta (Bobbie) Stempfley
Bobbie Stempfley, director of the SEI's CERT Division, interviews Dr. Diana Burley, executive director and chair of I3P, and vice provost for research for American University.
LISTEN -
Documenting Process for CMMC
• Podcast
By Katie C. Stewart, Andrew F. Hoover
Andrew Hoover and Katie Stewart, architects of the Cybersecurity Maturity Model Certification (CMMC) 1.0, discuss process documentation, a Level 2 requirement.
LISTEN -
Agile Cybersecurity
• Podcast
By Will Hayes, Carol Woody
Dr. Carol Woody and Will Hayes discuss an approach that allows organizations to integrate cybersecurity into the agile pipeline.
LISTEN -
CMMC Levels 1-3: Going Beyond NIST SP-171
• Podcast
By Katie C. Stewart, Andrew F. Hoover
Andrew Hoover and Katie Stewart, CMMC architects, discuss Levels 1-3 of the model and what steps organizations need to take to move beyond NIST 800-171.
LISTEN -
The Future of Cyber: Secure Coding
• Podcast
By Steve Lipner, Roberta (Bobbie) Stempfley
Bobbie Stempfley, director of the CERT Division of the SEI, explores the future of secure coding with Steve Lipner, the executive director of SAFECode and former director of software security …
LISTEN -
Challenges to Implementing DevOps in Highly Regulated Environments
• Podcast
By Jose A. Morales, Hasan Yasar
Hasan Yasar and Jose Morales discuss challenges to implementing DevOps in highly regulated environment (HREs), exploring issues such as environment parity, the approval process, and compliance.
LISTEN -
The Future of Cyber: Cybercrime
• Podcast
By Roberta (Bobbie) Stempfley, David Hickton
David Hickton, founding director of the University of Pittsburgh Institute for Cyber Law, Policy, and Security, sits down with Bobbie Stempfley, director of the SEI's CERT Division, to talk about …
LISTEN -
Designing Trustworthy AI
• Podcast
By Carol J. Smith
Carol Smith discusses a framework that builds upon the importance of diverse teams and ethical standards to ensure that AI systems are trustworthy and able to effectively augment warfighters.
LISTEN -
The CERT Guide to Coordinated Vulnerability Disclosure
• Podcast
By Allen D. Householder, David Warren
Allen Householder and David Warren discuss the CERT Guide to Coordinated Vulnerability Disclosure, which is used by security researchers, software vendors, and other stakeholders in informing others about security vulnerabilities.
LISTEN -
The Future of Cyber: Security and Privacy
• Podcast
By Dr. Lorrie Cranor, Roberta (Bobbie) Stempfley
Dr. Lorrie Faith Cranor, director of CyLab, sits down with Bobbie Stempfley, director of the SEI's CERT Division, to talk about the future of cyber in security and privacy.
LISTEN -
The Future of Cyber: Security and Resilience
• Podcast
By Roberta (Bobbie) Stempfley, J. Michael McQuade, Ph.D.
Bobbie Stempfley, director of the CERT Division of the SEI, and Dr. Michael McQuade, vice-president for research at Carnegie Mellon University, discuss the future of cyber in security and resilience.
LISTEN -
Reverse Engineering Object-Oriented Code with Ghidra and New Pharos Tools
• Podcast
By Cory Cohen, Jeff Gennari
Jeff Gennari and Cory Cohen discuss updates to the Pharos Binary Analysis Framework in GitHub, including a new plug-in to import OOAnalyzer analysis into the NSA's recently released Ghidra software …
LISTEN -
Benchmarking Organizational Incident Management Practices
• Podcast
By Mark Zajicek, Robin Ruefle
Robin Ruefle and Mark Zajicek discuss recent work that provides a baseline or benchmark of incident management practices for an organization.
LISTEN -
Machine Learning in Cybersecurity: 7 Questions for Decision Makers
• Podcast
By Angela Horneman, April Galyardt, Jonathan Spring
April Galyardt, Angela Horneman, and Jonathan Spring discuss key questions that managers and decision makers should ask about machine learning to effectively solve cybersecurity problems.
LISTEN -
Human Factors in Software Engineering
• Podcast
By Andrew O. Mellinger, Suzanne Miller, Hasan Yasar
Andrew Mellinger, Suzanne Miller, and Hasan Yasar discuss the human factors that impact software engineering, from the communication tools they use to the environments where they work.
LISTEN -
Improving the Common Vulnerability Scoring System
• Podcast
By Jonathan Spring, Art Manion, Deana Shick
Art Manion, Deana Shick, and Jonathan Spring discuss a 2019 paper that outlines challenges with the Common Vulnerability Scoring System (CVSS) and proposes changes to improve it.
LISTEN -
Why Software Architects Must Be Involved in the Earliest Systems Engineering Activities
• Podcast
By Sarah Sheard
Dr. Sarah Sheard discusses the importance of including software architects in the earliest systems engineering activities.
LISTEN -
Selecting Metrics for Software Assurance
• Podcast
By Carol Woody
Dr. Carol Woody discusses the selection of metrics for measuring the software assurance of a product as it is developed and delivered to function in a specific system context.
LISTEN -
AI in Humanitarian Assistance and Disaster Response
• Podcast
By Ritwik Gupta
Ritwik Gupta, a machine learning research scientist in the SEI's Emerging Technology Center, discusses the use of AI in humanitarian assistance and disaster response (HADR) efforts.
LISTEN -
The AADL Error Library
• Podcast
By Peter H. Feiler, Sam Procter
Peter Feiler and Sam Procter present the Architecture Analysis and Design Language (AADL) EMV2 Error Library, which is an established taxonomy that draws on a broad range of previous work …
LISTEN -
Privacy in the Blockchain Era
• Podcast
By Dr. Giulia Fanti (Electrical and Computer Engineering, CMU College of Engineering)
Dr. Giulia Fanti, an assistant professor of Electrical and Computer Engineering at Carnegie Mellon University, discusses her latest research including privacy problems in the cryptocurrency and blockchain space.
LISTEN -
Cyber Intelligence: Best Practices and Biggest Challenges
• Podcast
By Jared Ettinger
Jared Ettinger, a cyber intelligence researcher in the SEI's Emerging Technology Center, discusses the findings of a report that outlines challenges and best practices in cyber intelligence.
LISTEN -
Assessing Cybersecurity Training
• Podcast
By April Galyardt
April Galyardt, a machine learning research scientist, discusses efforts to develop a new approach to assessing the skills of the cybersecurity workforce.
LISTEN -
DevOps in Highly Regulated Environments
• Podcast
By Hasan Yasar, Jose A. Morales
Hasan Yasar and Jose Morales discuss the process, challenges, approaches, and lessons learned in implementing DevOps in the software development lifecycle in highly regulated environments.
LISTEN -
Defending Your Organization Against Business Email Compromise
• Podcast
By Anne Connell
Anne Connell discusses recent business email compromise attacks, such as Operation Wire Wire, and offers guidance on how individuals and organizations can protect themselves from these sophisticated new modes of …
LISTEN -
Managing Technical Debt: A Focus on Automation, Design, and Architecture
• Podcast
By Ipek Ozkaya, Robert Nord
Rod Nord and Ipek Ozkaya discuss the SEI's current work in technical debt including the development of analysis techniques to help software engineers and decision makers manage the effect of …
LISTEN -
10 Types of Application Security Testing Tools and How to Use Them
• Podcast
By Tom Scanlon
Thomas Scanlon, a researcher in the SEI's CERT Division, discusses the different types of application security testing tools and provides guidance on how and when to use each tool.
LISTEN -
Leading in the Age of Artificial Intelligence
• Podcast
By Thomas A. Longstaff
Tom Longstaff, who in 2018 was hired as the SEI's chief technology officer, discusses the challenges of leading a technical organization in the age of artificial intelligence.
LISTEN -
Blockchain at CMU and Beyond
• Podcast
By Eugene Leventhal, Eliezer Kanal
Eliezer Kanal and Eugene Leventhal discuss blockchain research at Carnegie Mellon University and beyond.
LISTEN -
Applying Best Practices in Network Traffic Analysis
• Podcast
By Timothy J. Shimeall, Timur D. Snoke
Tim Shimeall and Timur Snoke, both researchers in the SEI's CERT Division, highlight some best practices (and application of these practices) that they have observed in network traffic analysis.
LISTEN -
System Architecture Virtual Integration: ROI on Early Discovery of Defects
• Podcast
By Peter H. Feiler
Peter Feiler discusses the cost savings (26.1 percent) realized when using the System Architecture Virtual Integration approach on the development of software-reliant systems for aircraft.
LISTEN -
A Technical Strategy for Cybersecurity
• Podcast
By Roberta (Bobbie) Stempfley
Roberta "Bobbie" Stempfley, who was appointed director of the SEI's CERT Division in June 2017, discusses a technical strategy for cybersecurity.
LISTEN -
Best Practices for Security in Cloud Computing
• Podcast
By Donald Faatz, Timothy Morrow
Don Faatz and Tim Morrow, researchers with the SEI's CERT Division, outline best practices that organizations should use to address the vulnerabilities and risks in moving applications and data to …
LISTEN -
Risks, Threats, and Vulnerabilities in Moving to the Cloud
• Podcast
By Donald Faatz, Timothy Morrow
Tim Morrow and Donald Faatz outline the risks, threats, and vulnerabilities that organizations face when moving applications or data to the cloud.
LISTEN -
Using Test Suites for Static Analysis Alert Classifiers
• Podcast
By Lori Flynn, Zachary Kurtz
CERT researchers Lori Flynn and Zach Kurtz discuss ongoing research using test suites as a source of labeled training data to create classifiers for static analysis alerts.
LISTEN -
How to Be a Network Traffic Analyst
• Podcast
By Timothy J. Shimeall, Timur D. Snoke
Tim Shimeall and Timur Snoke, researchers in the SEI's CERT Division, examine the role of the network traffic analyst in capturing and evaluating ever-increasing volumes of network data.
LISTEN -
Workplace Violence and Insider Threat
• Podcast
By Carrie Gardner, Tracy Cassidy
Tracy Cassidy and Carrie Gardner, researchers with the CERT National Insider Threat Center, discuss research on using technology to detect an employee's intent to cause physical harm.
LISTEN -
The Role of the Software Factory in Acquisition and Sustainment
• Podcast
By Paul Nielsen
Dr. Paul Nielsen discusses his involvement on a Defense Science Board Task Force that concluded that the software factory should be a key player in the acquisition and sustainment of …
LISTEN -
Why Does Software Cost So Much?
• Podcast
By Robert W. Stoddard, Michael D. Konrad
Mike Konrad and Bob Stoddard discuss an approach known as causal learning that can help the Department of Defense identify which factors cause software costs to escalate and, therefore, serve …
LISTEN -
Cybersecurity Engineering & Software Assurance: Opportunities & Risks
• Podcast
By Carol Woody
Carol Woody discusses opportunities and risks in cybersecurity engineering, software assurance, and the resulting CERT Cybersecurity Engineering and Software Assurance Professional Certificate.
LISTEN -
Software Sustainment and Product Lines
• Podcast
By Mike Phillips, Harry L. Levinson
Mike Phillips and Harry Levinson examine the intersection of three themes that emerged during the SEI's work with one government program: product line practices, software sustainment, and public-private partnerships.
LISTEN -
Best Practices in Cyber Intelligence
• Podcast
By Jared Ettinger
Jared Ettinger describes preliminary findings and best practices in cyber intelligence identified through a study sponsored by the U.S. Office of the Director of National Intelligence.
LISTEN -
The Evolving Role of the Chief Risk Officer
• Podcast
By Summer C. Fowler, Ari Lightman
Summer Fowler and Ari Lightman discuss the evolving role of the chief risk officer and a Chief Risk Officer Program that is developed and delivered jointly by CMU's Heinz College …
LISTEN -
Obsidian: A Safer Blockchain Programming Language
• Podcast
By Michael Coblenz (Carnegie Mellon School of Computer Science), Eliezer Kanal
Eliezer Kanal and Michael Coblenz discuss the creation of Obsidian, a novel programming language specifically tailored to secure blockchain software development that significantly reduces the risk of coding errors.
LISTEN -
Agile DevOps
• Podcast
By Eileen Wrubel, Hasan Yasar
Eileen Wrubel and Hasan Yasar discuss how Agile and DevOps can be deployed together to meet organizational needs.
LISTEN -
Is Software Spoiling Us? Technical Innovations in the Department of Defense
• Podcast
By Jeff Boleng
In this podcast, the panel discusses technical innovations that can be applied to the Department of Defense including improved situational awareness, human-machine interactions, artificial intelligence, machine learning, data, and continuous …
LISTEN -
Is Software Spoiling Us? Innovations in Daily Life from Software
• Podcast
By Jeff Boleng
In this podcast, which was excerpted from the webinar Is Software Spoiling Us?, the panel discusses awesome innovations in daily life that are made possible because of software.
LISTEN -
How Risk Management Fits into Agile & DevOps in Government
• Podcast
By Hasan Yasar, Eileen Wrubel, Timothy A. Chick, Will Hayes
In this podcast, Eileen Wrubel, technical lead for the SEI's Agile-in-Government program leads a roundtable discussion into how Agile, DevOps, and the Risk Management Framework can work together.
LISTEN -
5 Best Practices for Preventing and Responding to Insider Threat
• Podcast
By Randall F. Trzeciak
Randy Trzeciak, technical manager of the CERT National Insider Threat Center, discusses five best practices for preventing and responding to insider threat.
LISTEN -
Pharos Binary Static Analysis: An Update
• Podcast
By Jeff Gennari
Jeff Gennari discusses updates to the Pharos framework, which automates reverse engineering of malware analysis, including new tools, improvements, and bug fixes.
LISTEN -
Positive Incentives for Reducing Insider Threat
• Podcast
By Daniel Bauer, Andrew P. Moore
Andrew Moore and Daniel Bauer highlight results from our recent research that suggests organizations need to take a more holistic approach to mitigating insider threat.
LISTEN -
Mission-Practical Biometrics
• Podcast
By Satya Venneti
Satya Venneti presents exploratory research undertaken by the SEI's Emerging Technology Center to design algorithms to extract heart rate from video capture of non-stationary subjects in real-time.
LISTEN -
At Risk Emerging Technology Domains
• Podcast
By Dan J. Klinedinst
In this podcast, CERT vulnerability analyst Dan Klinedinst discusses research aimed at helping the Department of Homeland Security United States Computer Emergency Readiness Team (US-CERT) understand future technologies and their …
LISTEN -
DNS Blocking to Disrupt Malware
• Podcast
By Vijay S. Sarvepalli
In this podcast, CERT researcher Vijay Sarvepalli explores Domain Name System or DNS Blocking, the idea of disrupting communications from malicious code such as ransomware that is used to lock …
LISTEN -
Best Practices: Network Border Protection
• Podcast
By Rachel Kartch
In this podcast, the latest in a series on best practices for network security, Rachel Kartch explores best practices for network border protection at the Internet router and firewall.
LISTEN -
Verifying Software Assurance with IBM’s Watson
• Podcast
By Mark Sherman
In this podcast, Mark Sherman discusses research aimed at examining whether developers could build an IBM Watson application to support an assurance review.
LISTEN -
The CERT Software Assurance Framework
• Podcast
By Carol Woody, Christopher J. Alberts
In this podcast, Carol Woody and Christopher Alberts introduce the prototype Software Assurance Framework, a collection of cybersecurity practices that programs can apply across the acquisition lifecycle and supply chain.
LISTEN -
Scaling Agile Methods
• Podcast
By Will Hayes, Eileen Wrubel
In this podcast, Will Hayes and Eileen Wrubel present five perspectives on scaling Agile from leading thinkers in the field, including Scott Ambler, Steve Messenger, Craig Larman, Jeff Sutherland, and …
LISTEN -
Ransomware: Best Practices for Prevention and Response
• Podcast
By Alexander Volynkin, Angela Horneman
In this podcast, CERT researchers spell out several best practices for prevention and response to a ransomware attack.
LISTEN -
Integrating Security in DevOps
• Podcast
By Hasan Yasar
In this podcast, Hasan Yasar discusses how Secure DevOps attempts to shift the paradigm for tough security problems from following rules to creatively determining solutions.
LISTEN -
SEI Fellows Series: Peter Feiler
• Podcast
By Peter H. Feiler
Peter Feiler was named an SEI Fellow in August 2016. This podcast is the second in a series highlighting interviews with SEI Fellows.
LISTEN -
NTP Best Practices
• Podcast
By Timur D. Snoke
In this podcast, Timur Snoke explores the challenges of NTP and prescribes some best practices for securing accurate time with this protocol.
LISTEN -
Establishing Trust in Disconnected Environments
• Podcast
By Grace Lewis
In this podcast, Grace Lewis presents a solution for establishing trusted identities in disconnected environments based on secure key generation and exchange in the field, as well as an evaluation …
LISTEN -
Distributed Artificial Intelligence in Space
• Podcast
By James Edmondson
In this podcast, James Edmondson discusses his work to bring distributed artificial intelligence to a next generation, renewable power grid in space.
LISTEN -
Verifying Distributed Adaptive Real-Time Systems
• Podcast
By James Edmondson, Sagar Chaki
In this podcast, James Edmondson and Sagar Chaki describe an architecture and approach to engineering high-assurance software for Distributed Adaptive Real-Time (DART) systems.
LISTEN -
10 At-Risk Emerging Technologies
• Podcast
By Christopher King
Researchers in the SEI's CERT Division recently examined the security of a large swath of technology domains being developed in industry and maturing over the next five years.
LISTEN -
Technical Debt as a Core Software Engineering Practice
• Podcast
By Ipek Ozkaya
In this podcast, Ipek Ozkaya talks about managing technical debt as a core software engineering practice and its importance in the education of future software engineers.
LISTEN -
DNS Best Practices
• Podcast
By Mark Langston
In this podcast, Mark Langston discusses best practices for designing a secure, reliable DNS infrastructure.
LISTEN -
Three Roles and Three Failure Patterns of Software Architects
• Podcast
By John Klein
This podcast explores three roles and three failure patterns of software architects that he has observed working with industry and government software projects.
LISTEN -
Security Modeling Tools
• Podcast
By Julien Delange
In this podcast, Julien Delange discusses security modeling tools that his team developed and how to use them to capture vulnerabilities and their propagation path in an architecture.
LISTEN -
Best Practices for Preventing and Responding to Distributed Denial of Service (DDoS) Attacks
• Podcast
By Rachel Kartch
In this podcast, CERT researcher Rachel Kartch provides an overview of DDoS attacks and best practices for mitigating and responding to them.
LISTEN -
Cyber Security Engineering for Software and Systems Assurance
• Podcast
By Nancy R. Mead, Carol Woody
In this podcast Nancy Mead and Carol Woody discuss their new book, Cyber Security Engineering: A Practical Approach for Systems and Software Assurance, which introduces a set of seven principles …
LISTEN -
Moving Target Defense
• Podcast
By Andrew O. Mellinger
In this podcast, Andrew Mellinger, a senior software developer in the SEI's Emerging Technology Center discusses work to develop a platform to organize dynamic defenses.
LISTEN -
Improving Cybersecurity Through Cyber Intelligence
• Podcast
By Jared Ettinger
In this podcast, Jared Ettinger of the SEI's Emerging Technology Center (ETC) talks about the ETC's work in cyber intelligence as well as the Cyber Intelligence Research Consortium.
LISTEN -
A Requirement Specification Language for AADL
• Podcast
By Peter H. Feiler
In this podcast, Peter Feiler describes a textual requirement specification language for the Architecture Analysis & Design Language (AADL) called ReqSpec.
LISTEN -
Becoming a CISO: Formal and Informal Requirements
• Podcast
By Lisa R. Young, Darrell Keeling (Parkview Health)
In this podcast, Darrell Keeling, Vice President of Information Security and HIPAA Security Officer at Parkview Health, discusses the knowledge, skills, and abilities needed to become a CISO in today's …
LISTEN -
Predicting Quality Assurance with Software Metrics and Security Methods
• Podcast
By Carol Woody
In this podcast, Dr. Carol Woody explores the connection between measurement, methods for software assurance, and security.
LISTEN -
Network Flow and Beyond
• Podcast
By Timothy J. Shimeall
In this podcast, Timothy Shimeall discusses approaches for analyzing network security using and going beyond network flow data to gain situational awareness to improve security.
LISTEN -
A Community College Curriculum for Secure Software Development
• Podcast
By Girish Seshagiri (Advanced Information Services Inc)
In this podcast, Girish Seshagiri discusses a two-year community college software assurance program that he developed and facilitated with SEI Fellow Nancy Mead at Illinois Central College.
LISTEN -
Security and the Internet of Things
• Podcast
By Art Manion
In this podcast, CERT researcher Art Manion discusses work that his team is doing with the Department of Homeland Security to examine and secure IoT devices.
LISTEN -
The SEI Fellow Series: Nancy Mead
• Podcast
By Nancy R. Mead
This podcast is the first in a series highlighting interviews with SEI Fellows.
LISTEN -
An Open Source Tool for Fault Tree Analysis
• Podcast
By Julien Delange
In this podcast, Dr. Julien Delange discusses fault tree analysis and introduces a new tool to design and analyze fault trees.
LISTEN -
Global Value Chain – An Expanded View of the ICT Supply Chain
• Podcast
By John Haller, Edna M. Conway (Cisco Systems, Inc.), Lisa R. Young
In this podcast, Edna Conway and John Haller discuss the global value chain for organizations and critical infrastructures and how this expanded view can be used to improve ICT supply …
LISTEN -
Intelligence Preparation for Operational Resilience
• Podcast
By Douglas Gray, Lisa R. Young
In this podcast, Douglas Gray, a member of the CERT Cyber Risk Management team, discusses how to operationalize intelligence products to build operational resilience of organizational assets and services using …
LISTEN -
Evolving Air Force Intelligence with Agile Techniques
• Podcast
By Harry L. Levinson
In this podcast, Harry Levinson discusses the SEI's work with the Air Force to further evolve the AF DCGS system using Agile techniques working in incremental, iterative approaches to deliver …
LISTEN -
Threat Modeling and the Internet of Things
• Podcast
By Art Manion, Allen D. Householder
Art Manion and Allen Householder of the CERT Vulnerability Analysis team, talk about threat modeling and its use in improving the security of the Internet of Things (IoT).
LISTEN -
Open Systems Architectures: When & Where to Be Closed
• Podcast
By Donald Firesmith
Don Firesmith discusses how acquisition professionals and system integrators can apply OSA practices to effectively decompose large, monolithic business and technical architectures into manageable and modular solutions.
LISTEN -
Effective Reduction of Avoidable Complexity in Embedded Systems
• Podcast
By Julien Delange
Dr. Julien Delange discusses the Effective Reduction of Avoidable Complexity in Embedded Systems (ERACES) project, which aims to identify and remove complexity in software models.
LISTEN -
Toward Efficient and Effective Software Sustainment
• Podcast
By Mike Phillips
Mike Phillips discusses effective sustainment engineering efforts in the Army and Air Force, using examples from across their software engineering centers and how they tie in to SEI research.
LISTEN -
Quality Attribute Refinement and Allocation
• Podcast
By Neil Ernst
Dr. Neil Ernst discusses industry practices such as slicing and ratcheting used to develop business capabilities and suggests approaches to enable large-scale iteration.
LISTEN -
Is Java More Secure Than C?
• Podcast
By David Svoboda
In this podcast, CERT researcher David Svoboda analyzes secure coding rules for both C and Java to determine if they indeed refute the conventional wisdom that Java is more secure …
LISTEN -
Identifying the Architectural Roots of Vulnerabilities
• Podcast
By Carol Woody, Rick Kazman
In this podcast, Rick Kazman and Carol Woody discuss an approach for identifying architecture debt in a large-scale industrial software project by modeling software architecture as design rule spaces.
LISTEN -
Build Security In Maturity Model (BSIMM) – Practices from Seventy Eight Organizations
• Podcast
By Gary McGraw, Lisa R. Young
In this podcast, Gary McGraw, the Chief Technology Officer for Cigital, discusses the latest version of BSIMM and how to take advantage of observed practices from high-performing organizations.
LISTEN -
An Interview with Grady Booch
• Podcast
By Grady Booch
During a recent visit to the SEI, Grady Booch, chief scientist for IBM and author of the Unified Modeling Language, sat down for an interview with SEI Fellow Nancy Mead …
LISTEN -
Structuring the Chief Information Security Officer Organization
• Podcast
By Julia H. Allen, Nader Mehravari, Lisa R. Young
In this podcast, Nader Mehravari and Julia Allen, members of the CERT Cyber Risk Management team, discuss an effective approach for defining a CISO team structure and functions for large, …
LISTEN -
How Cyber Insurance Is Driving Risk and Technology Management
• Podcast
By Chip Block, Lisa R. Young
In this podcast, Chip Block, Vice President at Evolver, discusses the growth of the cyber insurance industry and how it is beginning to drive the way that organizations manage risk …
LISTEN -
A Field Study of Technical Debt
• Podcast
By Neil Ernst
In this podcast, Dr. Neil Ernst discusses the findings of a recent field study to assess the state of the practice and current thinking regarding technical debt and guide the …
LISTEN -
How the University of Pittsburgh Is Using the NIST Cybersecurity Framework
• Podcast
By Lisa R. Young, Sean Sweeney (University of Pittsburgh)
In this podcast, Sean Sweeney, Information Security Officer (ISO) for the University of Pittsburgh (PITT), discusses their use of the NIST (National Institute of Standards and Technology) CSF (Cybersecurity Framework).
LISTEN -
A Software Assurance Curriculum for Future Engineers
• Podcast
By Nancy R. Mead
In this podcast, Nancy Mead discusses how, with support from the Department of Homeland Security, SEI researchers developed software assurance curricula and programs for graduate, undergraduate, and community colleges.
LISTEN -
Four Types of Shift Left Testing
• Podcast
By Donald Firesmith
In this podcast, Donald Firesmith explains the importance of shift left testing and defines four approaches using variants of the classic V model to illustrate them.
LISTEN -
Toward Speed and Simplicity: Creating a Software Library for Graph Analytics
• Podcast
By Scott McMillan, Eric Werner
In this podcast, Scott McMillan and Eric Werner of the SEI's Emerging Technology Center discuss work to create a software library for graph analytics that would take advantage of more …
LISTEN -
Capturing the Expertise of Cybersecurity Incident Handlers
• Podcast
By Richard O. Young, Samuel J. Perl, Julia H. Allen
In this podcast, Dr. Richard Young, a professor with CMU, and Sam Perl, a member of the CERT Division, discuss their research on how expert cybersecurity incident handlers react when …
LISTEN -
Improving Quality Using Architecture Fault Analysis with Confidence Arguments
• Podcast
By Peter H. Feiler
The case study shows that by combining an analytical approach with confidence maps, we can present a structured argument that system requirements have been met and problems in the design …
LISTEN -
A Taxonomy of Testing Types
• Podcast
By Donald Firesmith
In this podcast, Donald Firesmith introduces a taxonomy of testing types to help testing stakeholders understand and select those that are best for their specific programs.
LISTEN -
Reducing Complexity in Software & Systems
• Podcast
By Sarah Sheard
In this podcast, Sarah Sheard discusses research to investigate the nature of complexity, how it manifests in software-reliant systems such as avionics, how to measure it, and how to tell …
LISTEN -
Designing Security Into Software-Reliant Systems
• Podcast
By Christopher J. Alberts
In this podcast, CERT researcher Christopher Alberts introduces the SERA Framework, a systematic approach for analyzing complex security risks in software-reliant systems and systems of systems early in the lifecycle.
LISTEN -
Agile Methods in Air Force Sustainment
• Podcast
By Eileen Wrubel
This podcast Eileen Wrubel highlights research examining Agile techniques in the software sustainment arena—specifically Air Force programs.
LISTEN -
Defect Prioritization With the Risk Priority Number
• Podcast
By Julie B. Cohen, Will Hayes
In this podcast, Will Hayes and Julie Cohen discuss a generalized technique that could be used with any type of system to assist the program office in addressing and resolving …
LISTEN -
SEI-HCII Collaboration Explores Context-Aware Computing for Soldiers
• Podcast
By Dr. Anind Dey, Jeff Boleng
Dr. Jeff Boleng and Dr. Anind Dey discuss joint research to understand the mission, role, and task of dismounted soldiers using context derived from sensors on them and their mobile …
LISTEN -
An Introduction to Context-Aware Computing
• Podcast
By Jeff Boleng, Dr. Anind Dey
Dr. Anind Dey and Dr. Jeff Boleng introduce context-aware computing and explore issues related to sensor-fueled data in the internet of things.
LISTEN -
Data Driven Software Assurance
• Podcast
By Michael D. Konrad, Art Manion
In 2012, SEI researchers began investigating vulnerabilities reported to the SEI's CERT Division. A research project was launched to investigate design-related vulnerabilities and quantify their effects.
LISTEN -
Applying Agile in the DoD: Twelfth Principle
• Podcast
By Mary Ann Lapham, Suzanne Miller
In this episode, Suzanne Miller and Mary Ann Lapham explore the application of the 12th Agile principle in the Department of Defense.
LISTEN -
Supply Chain Risk Management: Managing Third Party and External Dependency Risk
• Podcast
By Matthew J. Butkovic, John Haller, Julia H. Allen
In this podcast, Matt Butkovic and John Haller discuss approaches for more effectively managing supply chain risks, focusing on risks arising from “external entities that provide, sustain, or operate Information …
LISTEN -
Introduction to the Mission Thread Workshop
• Podcast
By Michael J. Gagliardi
In this podcast, Mike Gagliardi introduces the Mission Thread Workshop, a method for understanding architectural and engineering considerations for developing and sustaining systems of systems.
LISTEN -
Applying Agile in the DoD: Eleventh Principle
• Podcast
By Suzanne Miller, Mary Ann Lapham
In this podcast, the tenth in a series by Suzanne Miller and Mary Ann Lapham exploring the application of Agile principles in the Department of Defense, the two researchers discuss …
LISTEN -
A Workshop on Measuring What Matters
• Podcast
By Katie C. Stewart, Julia H. Allen, Michelle A. Valdez, Lisa R. Young
This podcast summarizes the inaugural Measuring What Matters Workshop conducted in November 2014, and the team's experiences planning and executing the workshop, and identifying improvements for future offerings.
LISTEN -
Applying Agile in the DoD: Tenth Principle
• Podcast
By Mary Ann Lapham, Suzanne Miller
In this podcast, part of an ongoing series, Mary Ann Lapham and Suzanne Miller discuss the application of the tenth Agile principle: Simplicity—the art of maximizing the amount of work …
LISTEN -
Predicting Software Assurance Using Quality and Reliability Measures
• Podcast
By Bill Nichols, Carol Woody
In this podcast, the authors discuss how a combination of software development and quality techniques can improve software security.
LISTEN -
Applying Agile in the DoD: Ninth Principle
• Podcast
By Mary Ann Lapham, Suzanne Miller
In this episode, Suzanne Miller and Mary Ann Lapham discuss the application of the ninth Agile principle, "Continuous attention to technical excellence and good design enhances Agile."
LISTEN -
Cyber Insurance and Its Role in Mitigating Cybersecurity Risk
• Podcast
By David W. White, James J. Cebula, Julia H. Allen
In this podcast, Jim Cebula and David White discuss cyber insurance and its potential role in reducing operational and cybersecurity risk.
LISTEN -
AADL and Dassault Aviation
• Podcast
By Peter H. Feiler, Thierry Cornilleau (Dassault Aviation)
In this podcast, Peter Feiler and Thierry Cornilleau discuss their experiences with the Architecture Analysis and Design Language.
LISTEN -
Tactical Cloudlets
• Podcast
By Suzanne Miller, Grace Lewis
In this podcast, Grace Lewis discusses five approaches that her team developed and tested for using tactical cloudlets as a strategy for providing infrastructure to support computation offload and data …
LISTEN -
Agile Software Teams and How They Engage with Systems Engineering on DoD Acquisition Programs
• Podcast
By Eileen Wrubel, Suzanne Miller
In this podcast, Eileen Wrubel and Suzanne Miller discuss issues with Agile software teams engaging systems engineering functions in developing and acquiring software-reliant systems.
LISTEN -
Coding with AADL
• Podcast
By Suzanne Miller, Julien Delange
In this podcast, Julien Delange summarizes different perspectives on research related to code generation from software architecture models.
LISTEN -
The State of Agile
• Podcast
By Suzanne Miller, Alistair Cockburn
In this podcast, Alistair Cockburn, an Agile pioneer and one of the original signers of the Agile Manifesto, and SEI principal researcher Suzanne Miller discuss the current state of Agile …
LISTEN -
Applying Agile in the DoD: Eighth Principle
• Podcast
By Suzanne Miller, Mary Ann Lapham
In this episode, the eighth in a series exploring Agile principles across the DoD, Suzanne Miller and Mary Ann Lapham discuss the eighth Agile principle.
LISTEN -
A Taxonomy of Operational Risks for Cyber Security
• Podcast
By James J. Cebula, Julia H. Allen
In this podcast, James Cebula describes how to use a taxonomy to increase confidence that your organization is identifying cyber security risks.
LISTEN -
Agile Metrics
• Podcast
By Will Hayes, Suzanne Miller
In this podcast Will Hayes and Suzanne Miller discuss research intended to aid U. S. Department of Defense acquisition professionals in the use of Agile software development methods.
LISTEN -
Four Principles for Engineering Scalable, Big Data Systems
• Podcast
By Ian Gorton, Suzanne Miller
In this podcast, Ian Gorton describes four general principles that hold for any scalable, big data system.
LISTEN -
An Appraisal of Systems Engineering: Defense v. Non-Defense
• Podcast
By Joseph P. Elm
In this podcast, Joseph P. Elm analyzes differences in systems-engineering activities for defense and non-defense projects and finds differences in both deployment and effectiveness.
LISTEN -
HTML5 for Mobile Apps at the Edge
• Podcast
By Grace Lewis, Suzanne Miller
In this podcast, Grace Lewis discusses research that explores the feasibility of using HTML5 for developing mobile applications, for "edge" environments where resources and connectivity are uncertain, such as in …
LISTEN -
Applying Agile in the DoD: Seventh Principle
• Podcast
By Suzanne Miller, Mary Ann Lapham
In this podcast, Suzanne Miller and Mary Ann Lapham explore the application of the seventh Agile principle in the Department of Defense, working software is the primary measure of progress.
LISTEN -
AADL and Edgewater
• Podcast
By Suzanne Miller, Peter H. Feiler, Serban Gheorghe (Edgewater Computer Systems, Inc.)
In this podcast, Peter Feiler and Serban Gheorghe of Edgewater discuss their work on the Architecture Analysis and Design Language.
LISTEN -
Security and Wireless Emergency Alerts
• Podcast
By Christopher J. Alberts, Carol Woody, Suzanne Miller
In this podcast, Carol Woody and Christopher Alberts discuss guidelines that they developed to ensure that the WEA service remains robust and resilient against cyber attacks.
LISTEN -
Safety and Behavior Specification Using the Architecture Analysis and Design Language
• Podcast
By Julien Delange, Suzanne Miller
Julien Delange discusses two extensions to the Architecture Analysis and Design Language: the behavior annex and the error-model annex.
LISTEN -
Applying Agile in the DoD: Sixth Principle
• Podcast
By Mary Ann Lapham, Suzanne Miller
In this podcast, Suzanne Miller and Mary Ann Lapham discuss the application of the sixth Agile principle in the Department of Defense.
LISTEN -
Characterizing and Prioritizing Malicious Code
• Podcast
By Julia H. Allen, Jose A. Morales
In this podcast, Jose Morales discusses how to prioritize malware samples, helping analysts to identify the most destructive malware to examine first.
LISTEN -
Using Quality Attributes to Improve Acquisition
• Podcast
By Suzanne Miller, Patrick R. Place
In this podcast, Patrick Place describes research aimed at determining how acquisition quality attributes can be expressed and used to facilitate alignment among the software architecture and acquisition strategy.
LISTEN -
Best Practices for Trust in the Wireless Emergency Alerts Service
• Podcast
By Carol Woody, Robert J. Ellison, Suzanne Miller
In this podcast, CERT researchers Robert Ellison and Carol Woody discuss research aimed at increasing alert originators' trust in the WEA service and the public's trust in the alerts that …
LISTEN -
Three Variations on the V Model for System and Software Testing
• Podcast
By Donald Firesmith, Suzanne Miller
In this podcast, Don Firesmith presents three variations on the V model of software or system development.
LISTEN -
Adapting the PSP to Incorporate Verified Design by Contract
• Podcast
By Suzanne Miller, Bill Nichols
In this podcast, Bill Nichols discusses a proposal for integrating the Verified Design by Contract method into PSP to reduce the number of defects present at the unit-testing phase, while …
LISTEN -
Comparing IT Risk Assessment and Analysis Methods
• Podcast
By Julia H. Allen, Erik Heidt, Ben Tomhave
In this podcast, the presenters discuss IT risk assessment and analysis, and comparison factors for selecting methods that are a good fit for your organization.
LISTEN -
AADL and Aerospace
• Podcast
By Myron Hecht (The Aerospace Corporation), Suzanne Miller, Peter H. Feiler
In this podcast, Peter Feiler and Myron Hecht discuss the use of AADL by the Aerospace Corporation.
LISTEN -
Assuring Open Source Software
• Podcast
By Suzanne Miller, Naomi Anderson, Kate Ambrose
In this podcast, Kate Ambrose Sereno and Naomi Anderson discuss research aimed at developing adoptable, evidence-based, data-driven approaches to evaluating (open source) software.
LISTEN -
Security Pattern Assurance through Roundtrip Engineering
• Podcast
By Suzanne Miller, Rick Kazman
In this podcast, Rick Kazman discusses these challenges and a solution he has developed for achieving system security qualities through use of patterns.
LISTEN -
The Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2)
• Podcast
By Nader Mehravari, Julia H. Allen, Jason Christopher (U.S. Department of Energy)
ES-C2M2 helps improve the operational resilience of the U.S. power grid.
LISTEN -
Applying Agile in the DoD: Fifth Principle
• Podcast
By Suzanne Miller, Mary Ann Lapham
In this episode, the fifth in a series, Suzanne Miller and Mary Ann Lapham discuss the application of the fifth principle, Build projects around motivated individuals.
LISTEN -
Software Assurance Cases
• Podcast
By Charles Weinstock, Suzanne Miller
In this podcast, Charles Weinstock introduces assurance cases and how they can be used to assure safety, security, and reliability.
LISTEN -
Raising the Bar - Mainstreaming CERT C Secure Coding Rules
• Podcast
By Robert C. Seacord, Julia H. Allen
In this podcast, Robert Seacord describes the CERT-led effort to publish an ISO/IEC technical specification for secure coding rules for compilers and analyzers.
LISTEN -
AADL and Télécom Paris Tech
• Podcast
By Peter H. Feiler, Etienne Borde
Real-World Applications of the Architecture Analysis and Design Language (AADL)
LISTEN -
From Process to Performance-Based Improvement
• Podcast
By Timothy A. Chick, Suzanne Miller, Gene Miluk
In this podcast, Tim Chick and Gene Miluk discuss methodology and outputs of the Checkpoint Diagnostic, a tool that provides organizations with actionable performance related information and analysis closely linked …
LISTEN -
An Approach to Managing the Software Engineering Challenges of Big Data
• Podcast
By Ian Gorton, Suzanne Miller, John Klein
In this episode, Ian Gorton and John Klein discuss big data and the challenges it presents for software engineers. With help from fellow SEI researchers, the two have developed a …
LISTEN -
Using the Cyber Resilience Review to Help Critical Infrastructures Better Manage Operational Resilience
• Podcast
By Matthew J. Butkovic, Julia H. Allen, Kevin Dillon (Department of Homeland Security)
In this podcast, the presenters explain how CRRs allow critical infrastructure owners to compare their cybersecurity performance with their peers.
LISTEN -
Situational Awareness Mashups
• Podcast
By Soumya Simanta, Suzanne Miller
In this podcast Soumya Simanta describes research aimed at creating a software prototype that allows warfighters and first responders to rapidly integrate or mash geo-tagged situational awareness data from multiple …
LISTEN -
Applying Agile in the DoD: Fourth Principle
• Podcast
By Suzanne Miller, Mary Ann Lapham
In this episode, the fourth in a series about the application of agile principles in the DOD, Suzanne Miller and Mary Ann Lapham discuss the application of the fourth principle, …
LISTEN -
Architecting Systems of the Future
• Podcast
By Eric Werner, Suzanne Miller
In this episode, Eric Werner discusses research that he and several of his colleagues are conducting to help software developers create systems for the many-core central processing units in massively …
LISTEN -
Acquisition Archetypes
• Podcast
By Suzanne Miller, William E. Novak
In this episode, Bill Novak talks about his work with acquisition archetypes and how they can be used to help government programs avoid problems in software development and systems acquisition.
LISTEN -
Human-in-the-Loop Autonomy
• Podcast
By James Edmondson, Suzanne Miller
In this episode, James Edmondson discusses his research on autonomous systems, specifically robotic systems and autonomous systems for robotic systems.
LISTEN -
Mobile Applications for Emergency Managers
• Podcast
By Mike Petock, Bill Pollak, Adam Miller (Huntingdon County, Pennsylvania, Emergency Management Agency)
Learn about the SEI's Advanced Mobile Systems Team's work with the Huntingdon County, Pennsylvania, Emergency Management Agency.
LISTEN -
Why Use Maturity Models to Improve Cybersecurity: Key Concepts, Principles, and Definitions
• Podcast
By Julia H. Allen, Richard A. Caralli
In this podcast, Rich Caralli explains how maturity models provide measurable value in improving an organization's cybersecurity capabilities.
LISTEN -
Applying Agile in the DoD: Third Principle
• Podcast
By Mary Ann Lapham, Suzanne Miller
A discussion of the application of the third Agile principle, "Deliver working software frequently, from a couple of weeks to a couple of months, with a preference to the shorter …
LISTEN -
DevOps - Transform Development and Operations for Fast, Secure Deployments
• Podcast
By Julia H. Allen, Gene Kim (IP Services and ITPI)
In this podcast, Gene Kim explains how the "release early, release often" approach significantly improves software performance, stability, and security.
LISTEN -
Application Virtualization as a Strategy for Cyber Foraging
• Podcast
By Suzanne Miller, Grace Lewis
In this podcast, researcher Grace Lewis discusses application virtualization as a more lightweight alternative to VM synthesis for cloudlet provisioning.
LISTEN -
Common Testing Problems: Pitfalls to Prevent and Mitigate
• Podcast
By Suzanne Miller, Donald Firesmith
Don Firesmith discusses problems that occur during testing as well as a framework that lists potential symptoms by which each can be recognized, potential negative consequences, and potential causes, and …
LISTEN -
Joint Programs and Social Dilemmas
• Podcast
By William E. Novak
In this episode, SEI researcher Bill Novak discusses joint programs and social dilemmas, which have become increasingly common in defense acquisition, and the ways in joint program outcomes can be …
LISTEN -
Applying Agile in the DoD: Second Principle
• Podcast
By Suzanne Miller, Mary Ann Lapham
In this episode, SEI researchers discuss the application of the second Agile principle, “Welcome changing requirements, even late in development.
LISTEN -
Managing Disruptive Events - CERT-RMM Experience Reports
• Podcast
By Julia H. Allen, Nader Mehravari
In this podcast, the participants describe four experience reports that demonstrate how the CERT-RMM can be applied to manage operational risks.
LISTEN -
Reliability Validation and Improvement Framework
• Podcast
By Peter H. Feiler
In this podcast, Peter Feiler discusses his recent work to improve the quality of software-reliant systems through an approach known as the Reliability Validation and Improvement Framework.
LISTEN -
Using a Malware Ontology to Make Progress Towards a Science of Cybersecurity
• Podcast
By Dave Mundie, Julia H. Allen
In this podcast, Dave Mundie explains why a common language is essential to developing a shared understanding to better analyze malicious code.
LISTEN -
The Business Case for Systems Engineering
• Podcast
By Suzanne Miller, Joseph P. Elm
Joe Elm discusses the results of a recent technical report, which establishes clear links between the application of systems engineering (SE) best practices to projects and programs and the performance …
LISTEN -
Applying Agile in the DoD: First Principle
• Podcast
By Mary Ann Lapham, Suzanne Miller
In this episode, Suzanne Miller and Mary Ann Lapham discuss the application of the first Agile principle, "Our highest priority is to satisfy the customer through early and continuous delivery …
LISTEN -
The Evolution of a Science Project
• Podcast
By William E. Novak, Andrew P. Moore
In this podcast, Bill Novak and Andy Moore describe a recent technical report, The Evolution of a Science Project, which intends to improve acquisition staff decision-making.
LISTEN -
Securing Mobile Devices aka BYOD
• Podcast
By Julia H. Allen, Joseph Mayes
In this podcast, Joe Mayes discusses how to ensure the security of personal mobile devices that have access to enterprise networks.
LISTEN -
What's New With Version 2 of the AADL Standard?
• Podcast
By Peter H. Feiler
In this podcast, Peter Feiler discusses the latest changes to the Architecture Analysis & Design Language (AADL) standard.
LISTEN -
The State of the Practice of Cyber Intelligence
• Podcast
By Troy Townsend, Jay McAllister, Suzanne Miller
In this podcast, Troy Townsend and Jay McAllister discuss their findings on the state of the practice of cyber intelligence.
LISTEN -
Mitigating Insider Threat - New and Improved Practices Fourth Edition
• Podcast
By George Silowash, Julia H. Allen, Lori Flynn
In this podcast, participants explain how 371 cases of insider attacks led to 4 new and 15 updated best practices for mitigating insider threats.
LISTEN -
Technology Readiness Assessments
• Podcast
By Suzanne Miller, Michael S. Bandor
Michael Bandor discusses technology readiness assessments, which the DoD defines as a formal, systematic, metrics-based process and accompanying report that assess the maturity of critical hardware and software technologies to …
LISTEN -
Standards in Cloud Computing Interoperability
• Podcast
By Grace Lewis
In this podcast, Grace Lewis discusses her latest research exploring the role of standards in cloud-computing interoperability.
LISTEN -
Managing Disruptive Events: Demand for an Integrated Approach to Better Manage Risk
• Podcast
By Julia H. Allen, Nader Mehravari
In this podcast, Nader Mehravari describes how governments and markets are calling for the integration of plans for and responses to disruptive events.
LISTEN -
The Latest Developments in AADL
• Podcast
By Julien Delange, Peter H. Feiler
Julien Delange and Peter Feiler discuss the latest developments with the Architecture Analysis and Design Language (AADL) standard.
LISTEN -
The Fundamentals of Agile
• Podcast
By Timothy A. Chick
In this episode, Tim Chick, a senior member of the technical staff in the Team Software Process (TSP) initiative, discusses the fundamentals of agile, specifically what it means for an …
LISTEN -
Software for Soldiers who use Smartphones
• Podcast
By Edwin J. Morris
In this episode, Ed Morris describes research to create a software application for smartphones that allows soldier end-users to program their smartphones to provide an interface tailored to the information …
LISTEN -
Managing Disruptive Events: Making the Case for Operational Resilience
• Podcast
By Nader Mehravari, Julia H. Allen
In this podcast, Nader Mehravari describes how today's high-risk, global, fast, and very public business environment demands a more integrated approach.
LISTEN -
Architecting Service-Oriented Systems
• Podcast
By Grace Lewis
Grace Lewis discusses general guidelines for architecting service-oriented systems, how common service-oriented system components support these principles, and the effect these principles and their implementation have on system quality attributes.
LISTEN -
The SEI Strategic Plan
• Podcast
By Bill Scherlis
In this podcast, Bill Scherlis discusses the development of the strategic plan of the SEI to advance the practice of software engineering for the DoD.
LISTEN -
Quantifying Uncertainty in Early Lifecycle Cost Estimation
• Podcast
By James McCurley, Robert W. Stoddard
In this podcast episode, Jim McCurley and Robert Stoddard discuss a new method developed by the SEI's Software Engineering Measurement and Analysis (SEMA) team, Quantifying Uncertainty in Early Lifecycle Cost …
LISTEN -
Using Network Flow Data to Profile Your Network and Reduce Vulnerabilities
• Podcast
By Austin Whisnant, Sid Faber, Julia H. Allen
In this podcast, participants discuss how a network profile can help identify unintended points of entry, misconfigurations, and other weaknesses.
LISTEN -
Architecting a Financial System with TSP
• Podcast
By Felix Bachmann, Jim McHale
In this episode, Felix Bachmann and James McHale discuss their work on a project between the SEI and Bursatec to create a reliable and fast new trading system for Groupo …
LISTEN -
The Importance of Data Quality
• Podcast
By David Zubrow
In this episode, Dave Zubrow discusses the importance of data quality and research that his team is undertaking in this area.
LISTEN -
How to More Effectively Manage Vulnerabilities and the Attacks that Exploit Them
• Podcast
By Julia H. Allen, Art Manion
In this podcast, Greg Crabb explains how CERT-RMM can be used to establish and meet resilience requirements for a wide range of business objectives.
LISTEN -
Misaligned Incentives
• Podcast
By William E. Novak
In this episode, Novak discusses misaligned incentives, misaligned people incentives in software acquisition programs, and how the wrong incentives can undermine acquisition programs and produce poor outcomes.
LISTEN -
How a Disciplined Process Enhances & Enables Agility
• Podcast
By Bill Nichols
In this podcast, Bill Nichols discusses how a disciplined process enables and enhances agility
LISTEN -
Agile Acquisition
• Podcast
By Suzanne Miller, Mary Ann Lapham
This podcast explores the SEI's research and work to assist the DoD in Agile acquisition.
LISTEN -
An Architecture-Focused Measurement Framework for Managing Technical Debt
• Podcast
By Ipek Ozkaya
In this podcast, Ipek Ozkaya discusses the SEI's research on the strategic management of technical debt, which involves decisions made to defer necessary work during the planning or execution of …
LISTEN -
Cloud Computing for the Battlefield
• Podcast
By Grace Lewis
Grace Lewis discusses her research to overcome challenges for battlefield computing by using cloudlets: localized, lightweight servers running one or more virtual machines on which soldiers can offload expensive computations …
LISTEN -
U.S. Postal Inspection Service Use of the CERT Resilience Management Model
• Podcast
By Julia H. Allen, Gregory Crabb (United States Postal Service)
In this podcast, Greg Crabb explains how CERT-RMM can be used to establish and meet resilience requirements for a wide range of business objectives.
LISTEN -
Insights from the First CERT Resilience Management Model Users Group
• Podcast
By Julia H. Allen, Lisa R. Young
In this podcast, Lisa Young explains that implementing CERT-RMM requires well-defined improvement objectives, sponsorship, and more.
LISTEN -
NIST Catalog of Security and Privacy Controls, Including Insider Threat
• Podcast
By Ron Ross (NIST), Julia H. Allen, Joji Montelibano
In this podcast, participants discuss why security controls, including those for insider threat, are necessary to protect information and information systems.
LISTEN -
Cisco's Adoption of CERT Secure Coding Standards
• Podcast
By Julia H. Allen, Martin Sebor (Cisco)
In this podcast, Martin Sebor explains how implementing secure coding standards is a sound business decision.
LISTEN -
How to Become a Cyber Warrior
• Podcast
By Dennis M. Allen, Julia H. Allen
In this podcast, Dennis Allen explains that protecting the internet and its users against cyber attacks requires more skilled cyber warriors.
LISTEN -
Considering Security and Privacy in the Move to Electronic Health Records
• Podcast
By Julia H. Allen, Matthew J. Butkovic, Deborah Lafky (Healthcare Information Technology (HIT) Security/Cybersecurity)
In this podcast, participants discuss how using electronic health records bring many benefits along with security and privacy challenges.
LISTEN -
Measuring Operational Resilience
• Podcast
By Pamela D. Curtis, Julia H. Allen
In this podcast, Julia Allen explains that measures of operational resilience should answer key questions, inform decisions, and affect behavior.
LISTEN -
Why Organizations Need a Secure Domain Name System
• Podcast
By Alex Nicoll, Julia H. Allen
Use of Domain Name System security extensions can help prevent website hijacking attacks.
LISTEN -
Controls for Monitoring the Security of Cloud Services
• Podcast
By Julia H. Allen, Jonathan Spring, Art Manion
In this podcast, participants explain that it depends on the service model how cloud providers and customers can use controls to protect sensitive information.
LISTEN -
Building a Malware Analysis Capability
• Podcast
By Julia H. Allen, Jeff Gennari
In this podcast, Jeff Gennari explains that analyzing malware is essential to assessing the damage and reducing the impact associated with ongoing infection.
LISTEN -
Using the Smart Grid Maturity Model (SGMM)
• Podcast
By David W. White, Julia H. Allen
In this podcast, David White describes how over 100 electric power utilities are using the Smart Grid Maturity Model.
LISTEN -
Integrated, Enterprise-Wide Risk Management: NIST 800-39 and CERT-RMM
• Podcast
By James J. Cebula, Julia H. Allen, Ron Ross (NIST)
In this podcast, participants explain why and how business leaders must address risk at the enterprise, business process, and system levels.
LISTEN -
Conducting Cyber Exercises at the National Level
• Podcast
By Brett Lambo (U.S. Department of Homeland Security), Julia H. Allen, Matthew J. Butkovic
In this podcast, participants discuss exercises that help organizations, governments, and nations prepare for, identify, and mitigate cyber risks.
LISTEN -
Indicators and Controls for Mitigating Insider Threat
• Podcast
By Michael Hanley, Julia H. Allen
In this podcast, Michael Hanley explains how technical controls can be effective in helping to prevent, detect, and respond to insider crimes.
LISTEN -
How Resilient Is My Organization?
• Podcast
By Julia H. Allen, Richard A. Caralli, David W. White
In this podcast, Richard Caralli explains how CERT-RMM can ensure that critical assets and services perform as expected in the face of stress and disruption.
LISTEN -
Public-Private Partnerships: Essential for National Cyber Security
• Podcast
By Philip Huff (Arkansas Electric Cooperative Corporation), John Haller, Samuel A. Merrell, Julia H. Allen
In this podcast, participants explain that knowledge of software assurance is essential to ensure that complex systems function as intended.
LISTEN -
Software Assurance: A Master's Level Curriculum
• Podcast
By Richard C. Linger (Oak Ridge National Laboratory), Thomas B. Hilburn (Embry-Riddle Aeronautical University), Nancy R. Mead, Julia H. Allen
In this podcast, participants explain how knowledge about software assurance is essential to ensure that complex systems function as intended.
LISTEN -
How to Develop More Secure Software - Practices from Thirty Organizations
• Podcast
By Julia H. Allen, Gary McGraw, Sammy Migues (Cigital)
In this podcast, participants discuss how organizations can benchmark their software security practices against 109 observed activities from 30 organizations.
LISTEN -
Mobile Device Security: Threats, Risks, and Actions to Take
• Podcast
By Jonathan Frederick, Julia H. Allen
In this podcast, Jonathan Frederick explains how internet-connected mobile devices are becoming increasingly attractive targets.
LISTEN -
Establishing a National Computer Security Incident Response Team (CSIRT)
• Podcast
By Jeffrey J. Carpenter, Julia H. Allen, John Haller
In this podcast, participants discuss how essential a national CSIRT is for protecting national and economic security and continuity.
LISTEN -
Securing Industrial Control Systems
• Podcast
By Art Manion, Julia H. Allen
In this podcast, Julia Allen how critical it is to secure systems that control physical switches, valves, pumps, meters, and manufacturing lines.
LISTEN -
The Power of Fuzz Testing to Reduce Security Vulnerabilities
• Podcast
By Will Dormann, Julia H. Allen
In this podcast, Will Dormann urges listeners to subject their software to fuzz testing to help identify and eliminate security vulnerabilities.
LISTEN -
Protect Your Business from Money Mules
• Podcast
By Julia H. Allen, Chad Dougherty
Organized criminals recruit unsuspecting intermediaries to help steal funds from small businesses.
LISTEN -
Train for the Unexpected
• Podcast
By Matthew Meyer (M&I Corporation), Julia H. Allen
In this podcast, Matthew Meyer explains that being able to respond effectively when faced with a disruptive event requires becoming more resilient.
LISTEN -
The Role of the CISO in Developing More Secure Software
• Podcast
By Pravir Chandra (Fortify Software), Julia H. Allen
In this podcast, Pravir Chandra warns that CISOs must leave no room for doubt that they understand what is expected of them when developing secure software.
LISTEN -
Computer and Network Forensics: A Master's Level Curriculum
• Podcast
By Julia H. Allen, Kristopher Rush
In this podcast, Kris Rush describes how students learn to combine multiple facets of digital forensics and draw conclusions to support investigations.
LISTEN -
Introducing the Smart Grid Maturity Model (SGMM)
• Podcast
By Ray Jones (APQC), Julia H. Allen
In this podcast, Ray Jones explains how the SGMM provides a roadmap to guide an organization's transformation to the smart grid.
LISTEN -
Leveraging Security Policies and Procedures for Electronic Evidence Discovery
• Podcast
By John Christiansen (Christiansen IT Law), Julia H. Allen
In this podcast, John Christiansen explains that effectively responding to e-discovery requests depends on well-defined policies, procedures, and processes.
LISTEN -
Integrating Privacy Practices into the Software Development Life Cycle
• Podcast
By Kim Howell (Microsoft), Ralph Hood (Microsoft), Julia H. Allen
In this podcast, participants explain that addressing privacy during software development is just as important as addressing security.
LISTEN -
Using the Facts to Protect Enterprise Networks: CERT's NetSA Team
• Podcast
By Timothy J. Shimeall, Julia H. Allen
In this podcast, Timothy Shimeall describes how network defenders and business leaders can use NetSA measures to protect their networks.
LISTEN -
Ensuring Continuity of Operations When Business Is Disrupted
• Podcast
By Julia H. Allen, Gary Daniels (Marshall & Ilsley Corporation)
In this podcast, Gary Daniels explains that providing critical services during times of stress depends on documented, tested business continuity plans.
LISTEN -
Managing Relationships with Business Partners to Achieve Operational Resiliency
• Podcast
By David W. White, Julia H. Allen
In this podcast, David White explains why a defined, managed process for third party relationships is essential, particularly when business is disrupted.
LISTEN -
The Smart Grid: Managing Electrical Power Distribution and Use
• Podcast
By Julia H. Allen, James F. Stevens
In this podcast, James Stevens explains how using the smart grid comes with some new privacy and security challenges.
LISTEN -
Electronic Health Records: Challenges for Patient Privacy and Security
• Podcast
By Julia H. Allen, Robert Charette (ITABHI Corporation)
In this podcast, Robert Charette explains why electronic health records (EHRs) are possibly the most complicated area of IT today.
LISTEN -
Mitigating Insider Threat: New and Improved Practices
• Podcast
By Julia H. Allen, Dawn Cappelli, Andrew P. Moore, Randall F. Trzeciak
Two hundred and eighty-two cases of actual insider attacks suggest 16 best practices for preventing and detecting insider threat.
LISTEN -
Rethinking Risk Management
• Podcast
By Julia H. Allen, Christopher J. Alberts
In this podcast, Christopher Alberts urges business leaders to adopt new approaches to addressing risks across the life cycle and supply chain.
LISTEN -
The Upside and Downside of Security in the Cloud
• Podcast
By Tim Mather (RSA), Julia H. Allen
In this podcast, Tim Mather advises business leaders considering cloud services to weigh the economic benefits against the security and privacy risks.
LISTEN -
More Targeted, Sophisticated Attacks: Where to Pay Attention
• Podcast
By Martin Linder, Julia H. Allen
In this podcast, Martin Linder urges business leaders to take action to better mitigate sophisticated social engineering attacks.
LISTEN -
Is There Value in Identifying Software Security "Never Events?"
• Podcast
By Robert Charette (ITABHI Corporation), Julia H. Allen
In this podcast, Robert Charette suggests when to examine responsibilities when developing software with known, preventable errors.
LISTEN -
Cyber Security, Safety, and Ethics for the Net Generation
• Podcast
By Julia H. Allen, Rodney Petersen (EDUCAUSE)
In this podcast, Rodney Peterson explains why capitalizing on the cultural norms of the Net Generation is essential when developing security awareness programs.
LISTEN -
An Experience-Based Maturity Model for Software Security
• Podcast
By Brian Chess (Fortify Software), Gary McGraw, Sammy Migues (Cigital), Julia H. Allen
In this podcast, participants discuss how observed practice, represented as a maturity model, can serve as a basis for developing more secure software.
LISTEN -
Mainstreaming Secure Coding Practices
• Podcast
By Julia H. Allen, Robert C. Seacord
In this podcast, Robert Seacord explains how requiring secure coding practices when building or buying software can dramatically reduce vulnerabilities.
LISTEN -
Security: A Key Enabler of Business Innovation
• Podcast
By Roland Cloutier (EMC Corporation), Laura Robinson (Robinson Insight), Julia H. Allen
In this podcast, participants describe how making security strategic to business innovation involves seven strategies.
LISTEN -
Better Incident Response Through Scenario Based Training
• Podcast
By Julia H. Allen, Christopher May
In this podcast, Christopher May explains how teams are better prepared to respond to incidents if realistic, hands-on training is part of their normal routine.
LISTEN -
An Alternative to Risk Management for Information and Software Security
• Podcast
By Julia H. Allen, Brian Chess (Fortify Software)
In this podcast, Brian Chess explain how standards, compliance, and process are better than risk management for ensuring information and software security.
LISTEN -
Tackling Tough Challenges: Insights from CERT’s Director Rich Pethia
• Podcast
By Richard D. Pethia, Julia H. Allen
In this podcast, Rich Pethia reflects on the CERT Division's 20-year history and discusses its future IT and security challenges.
LISTEN -
Climate Change: Implications for Information Technology and Security
• Podcast
By Julia H. Allen, Richard Power (Carnegie Mellon CyLab)
In this podcast, Richard Power explains how climate change requires new strategies for dealing with traditional IT and information security risks.
LISTEN -
Using High Fidelity, Online Training to Stay Sharp
• Podcast
By Julia H. Allen, Jim Wrubel
In this podcast, Jim Wrubel explains how virtual training environments can deliver high quality content to security professionals on-demand, anywhere, anytime.
LISTEN -
Integrating Security Incident Response and e-Discovery
• Podcast
By Julia H. Allen, David Matthews (City of Seattle)
In this podcast, Julia Allen explains how responding to an e-discovery request involves many of the same steps and roles as responding to a security incident.
LISTEN -
Concrete Steps for Implementing an Information Security Program
• Podcast
By Julia H. Allen, Jennifer Bayuk (No Affiliation)
In this podcast, Jennifer Bayuk explains how successful security programs are based on strategy, policy, awareness, implementation, monitoring, and remediation.
LISTEN -
Virtual Communities: Risks and Opportunities
• Podcast
By Julia H. Allen, Jan Wolynski (Royal Canadian Mounted Police)
In this podcast, Jan Wolynski advises business leaders to evaluate risks and opportunities when considering conducting business in online, virtual communities.
LISTEN -
Developing Secure Software: Universities as Supply Chain Partners
• Podcast
By Julia H. Allen, Mary Ann Davidson (Oracle)
In this podcast, Mary Ann Davidson explains how integrating security into university curricula is a key solution to developing more secure software.
LISTEN -
Security Risk Assessment Using OCTAVE Allegro
• Podcast
By Lisa R. Young, Julia H. Allen
In this podcast, Lisa Young describes OCTAVE Allegro, a streamlined assessment method that focuses on risks to information used by critical business services.
LISTEN -
Getting to a Useful Set of Security Metrics
• Podcast
By Clint Kreitner (The Center for Internet Security), Julia H. Allen
Well-defined metrics are essential to determine which security practices are worth the investment.
LISTEN -
How to Start a Secure Software Development Program
• Podcast
By Julia H. Allen, Gary McGraw
In this podcast, Gary McGraw explains how to achieve software security by thinking like an attacker and integrating practices into the development lifecycle.
LISTEN -
Managing Risk to Critical Infrastructures at the National Level
• Podcast
By Bradford J. Willke, Julia H. Allen
In this podcast, Bradford Willke explain how protecting critical infrastructures and the information they use are essential for preserving our way of life.
LISTEN -
Analyzing Internet Traffic for Better Cyber Situational Awareness
• Podcast
By Derek Gabbard, Julia H. Allen
In this podcast, Derek Gabbard discusses automation, innovation, reaction, and expansion as the foundation for meaningful network traffic intelligence.
LISTEN -
Managing Security Vulnerabilities Based on What Matters Most
• Podcast
By Art Manion, Julia H. Allen
In this podcast, Art Manion explains that determining which security vulnerabilities to address should be based on the importance of the information asset.
LISTEN -
Identifying Software Security Requirements Early, Not After the Fact
• Podcast
By Nancy R. Mead, Julia H. Allen
In this podcast, Nancy Mead explains that during requirements engineering, software engineers need to think about how software should behave when under attack.
LISTEN -
Making Information Security Policy Happen
• Podcast
By Julia H. Allen, Paul Love (The Standard)
In this podcast, Paul Love argues that targeted, innovative communications and a robust lifecycle are keys for security policy success.
LISTEN -
Becoming a Smart Buyer of Software
• Podcast
By Brian P. Gallagher, Julia H. Allen
Managing software that is developed by an outside organization can be more challenging than building it yourself.
LISTEN -
Building More Secure Software
• Podcast
By Mike Petock, Julia H. Allen, Bill Pollak
In this podcast, Julia Allen explains how software security is about building more defect-free software to reduce vulnerabilities targeted by attackers.
LISTEN -
Connecting the Dots Between IT Operations and Security
• Podcast
By Julia H. Allen, Gene Kim (IP Services and ITPI)
In this podcast, Gene Kim describes how high performing organizations must integrate information security controls into their IT operational processes.
LISTEN -
Getting in Front of Social Engineering
• Podcast
By Gary Hinson (No Affiliation), Julia H. Allen
In this podcast, Betsy Nichols tells us how benchmark results can compare results with peers, drive performance, and help determine how much security is enough.
LISTEN -
Using Benchmarks to Make Better Security Decisions
• Podcast
By Betsy Nichols (PlexLogic), Julia H. Allen
In this podcast, Betsy Nichols describes how benchmark results can be used to help determine how much security is enough.
LISTEN -
Protecting Information Privacy - How To and Lessons Learned
• Podcast
By Julia H. Allen, Kim Hargraves (Microsoft)
In this podcast, Kim Hargraves describes three keys to ensuring information privacy in an organization.
LISTEN -
Initiating a Security Metrics Program: Key Points to Consider
• Podcast
By Samuel A. Merrell, Julia H. Allen
In this podcast, Samuel Merrell explains that a sound security metrics program should select data relevant to consumers from repeatable processes.
LISTEN -
Insider Threat and the Software Development Life Cycle
• Podcast
By Dawn Cappelli, Julia H. Allen
In this podcast, Dawn Cappelli explains how insider threat vulnerabilities can be introduced during all phases of the software development lifecycle.
LISTEN -
Tackling the Growing Botnet Threat
• Podcast
By Nicholas Ianelli, Julia H. Allen
In this podcast, Nicholas Ianelli cautions business leaders to understand the risks to their organizations caused by the proliferation of botnets.
LISTEN -
Building a Security Metrics Program
• Podcast
By Julia H. Allen, Betsy Nichols (PlexLogic)
In this podcast, Betsy Nichols explains that reporting meaningful security metrics depends on topic selection, context definition, and data access.
LISTEN -
Inadvertent Data Disclosure on Peer-to-Peer Networks
• Podcast
By M. Eric Johnson (Dartmouth College), Julia H. Allen, Scott Dynes (Dartmouth College)
In this podcast, participants discuss how peer-to-peer networks are being used to unintentionally disclose government, commercial, and personal information.
LISTEN -
Information Compliance: A Growing Challenge for Business Leaders
• Podcast
By Tom Smedinghoff (Wildman Harrold), Julia H. Allen
In this podcast, Tom Smedinghoff reminds directors and executives that they are personally accountable for protecting information entrusted to their care.
LISTEN -
Internal Audit's Role in Information Security: An Introduction
• Podcast
By Julia H. Allen, Dan Swanson (Dan Swanson and Associates)
In this podcast, Dan Swanson explains how an internal audit can serve a key role in establishing an effective information security program.
LISTEN -
What Business Leaders Can Expect from Security Degree Programs
• Podcast
By Sean Beggs (Carnegie Mellon University), Stephanie Losi
In this podcast, participants discuss whether information security degree programs meet the needs of business leaders seeking knowledgeable employees.
LISTEN -
The Path from Information Security Risk Assessment to Compliance
• Podcast
By Julia H. Allen, William R. Wilson
In this podcast, William Wilson explains how an information security risk assessment, performed with operational risk management, can contribute to compliance.
LISTEN -
Computer Forensics for Business Leaders: Building Robust Policies and Processes
• Podcast
By Cal Waits, Stephanie Losi
In this podcast, participants discuss how business leaders can play a key role in computer forensics by establishing and testing strong policies.
LISTEN -
Business Resilience: A More Compelling Argument for Information Security
• Podcast
By Scott Dynes (Dartmouth College), Stephanie Losi
In this podcast, participants discuss how a business resilience argument can bridge the gap between information security officers and business leaders.
LISTEN -
Resiliency Engineering: Integrating Security, IT Operations, and Business Continuity
• Podcast
By Lisa R. Young, Julia H. Allen
In this podcast, Lisa Young suggests that by taking a holistic view of business resilience, business leaders can help their organizations stand up to threats.
LISTEN -
The Human Side of Security Trade-Offs
• Podcast
By Stephanie Losi, Greg Newby (Arctic Region Supercomputing Center)
In this podcast, participants explain that it's easy to think of security as a collection of technologies and tools, but that people are the real key.
LISTEN -
Dual Perspectives: A CIO's and CISO's Take on Security
• Podcast
By Patty Morrison (Motorola), Bill Boni (Motorola), Julia H. Allen
In this podcast, participants explain that since you can't secure everything, managing security risk to a "commercially reasonable degree" is best.
LISTEN -
Tackling Security at the National Level: A Resource for Leaders
• Podcast
By Jeffrey J. Carpenter, Julia H. Allen
In this podcast, Clint Kreitner explains how information security costs can be reduced by enforcing standard configurations for widely deployed systems.
LISTEN -
Reducing Security Costs with Standard Configurations: U.S. Government Initiatives
• Podcast
By Clint Kreitner (The Center for Internet Security), Julia H. Allen
In this podcast, participants explain that since you can't secure everything, , managing security risk to a "commercially reasonable degree" is best.
LISTEN -
Real-World Security for Business Leaders
• Podcast
By Bill Pollak, Mike Petock, Pamela Fusco (FishNet Security)
In this podcast, William Wilson advises business leaders to use international standards to create a business- and risk-based information security program.
LISTEN -
Using Standards to Build an Information Security Program
• Podcast
By Julia H. Allen, William R. Wilson
In this podcast, William Wilson explains how business leaders can use international standards to create a business- and risk-based information security program.
LISTEN -
Getting Real About Security Governance
• Podcast
By Julia H. Allen, Stephanie Losi
In this podcast, participants explain that enterprise security governance can be achieved by implementing a defined, repeatable process.
LISTEN -
Convergence: Integrating Physical and IT Security
• Podcast
By Bill Crowell (No Affiliation), Julia H. Allen, Brian Contos (ArcSight)
In this podcast, participants recommend deploying common solutions for physical and IT security as a cost-effective way to reduce risk and save money.
LISTEN -
IT Infrastructure: Tips for Navigating Tough Spots
• Podcast
By Steve Kalinowski, Stephanie Losi, Steve Huth
In this podcast, participants discuss how organizations may occasionally need to redefine their IT infrastructures and be ready to handle tricky situations.
LISTEN -
The Value of De-Identified Personal Data
• Podcast
By Mike Hubbard (Womble Carlyle Sandridge & Rice, PLLC), Scott Ganow (Verispan), Stephanie Losi
In this podcast, participants discuss the complex legal compliance landscape and how de-identification can help organizations share data more securely.
LISTEN -
Adapting to Changing Risk Environments: Operational Resilience
• Podcast
By Stephanie Losi, Richard A. Caralli
In this podcast, participants discuss how businesses leaders need to keep their critical processes and services up and running in the face of the unexpected.
LISTEN -
Computer Forensics for Business Leaders: A Primer
• Podcast
By Richard Nolan, Stephanie Losi
In this podcast, participants discuss how computer forensics is often overlooked when planning an incident response strategy.
LISTEN -
The Real Secrets of Incident Management
• Podcast
By Robin Ruefle, Georgia Killcrece, Stephanie Losi
In this podcast, participants explain that incident management is not just technical response, but a cross-enterprise effort.
LISTEN -
The Legal Side of Global Security
• Podcast
By Stephanie Losi, Jody R. Westby
In this podcast, participants encourage business leaders, including legal counsel, to understand how to tackle complex security issues for a global enterprise.
LISTEN -
A New Look at the Business of IT Education
• Podcast
By Stephanie Losi, Larry Rogers
System administrators increasingly need business savvy in addition to technical skills, and IT training courses must try to keep pace with this trend.
LISTEN -
Crisis Communications During a Security Incident
• Podcast
By Kelly Kimberland, Stephanie Losi
In this podcast, participants alert business leaders to be prepared to communicate with the media and their staff during high-profile security incidents.
LISTEN -
Assuring Mission Success in Complex Environments
• Podcast
By Christopher J. Alberts, Julia H. Allen
In this podcast, participants discuss analysis tools for assessing complex organizational and technological issues that are beyond traditional approaches.
LISTEN -
Privacy: The Slow Tipping Point
• Podcast
By Stephanie Losi, Alessandro Acquisiti (Carnegie Mellon University)
In this podcast, participants discuss a trend toward more data disclosure that may cause users to become desensitized to privacy breaches.
LISTEN -
Building Staff Competence in Security
• Podcast
By Julia H. Allen, Barbara Laswell
In this podcast, Barbara Laswell describes specifications that define the knowledge, skills, and competencies required for a range of security positions.
LISTEN -
Evolving Business Models, Threats, and Technologies: A Conversation with CERT's Deputy Director for Technology
• Podcast
By Julia H. Allen, Thomas A. Longstaff
In this podcast, participants discuss how business models are evolving as security threats become more covert and technology enables information migration.
LISTEN -
Inside Defense-in-Depth
• Podcast
By Kristopher Rush, Stephanie Losi
In this podcast, participants discuss defense-in-depth, a path toward enterprise resilience.
LISTEN -
Protecting Against Insider Threat
• Podcast
By Dawn Cappelli, Julia H. Allen
In this podcast, Dawn Cappelli describes the real and substantial threat of attack from insiders.
LISTEN -
Change Management: The Security 'X' Factor
• Podcast
By Gene Kim (IP Services and ITPI), Stephanie Losi
In this podcast, Gene Kim reports how a recent security survey found one factor that separated high performers from the rest of the pack: change management.
LISTEN -
CERT Lessons Learned: A Conversation with Rich Pethia, Director of CERT
• Podcast
By Julia H. Allen, Richard D. Pethia
In this podcast, Richard Pethia voices his view of the internet security landscape and the future of the CERT Division.
LISTEN -
The ROI of Security
• Podcast
By Julia H. Allen, Stephanie Losi
In this podcast, Julia Allen explains how ROI is a useful tool because it enables comparison among investments in a consistent way.
LISTEN -
Compliance vs. Buy-in
• Podcast
By Stephanie Losi, Julia H. Allen
In this podcast, Julia Allen explains why integrating security into standard business processes is more effective than treating security as a compliance task.
LISTEN -
Why Leaders Should Care About Security
• Podcast
By Julia H. Allen, Mike Petock
In this podcast, Julia Allen urges leaders to be security conscious and treat adequate security as a non-negotiable requirement of being in business.
LISTEN -
Proactive Remedies for Rising Threats
• Podcast
By Julia H. Allen, Martin Linder, Stephanie Losi
In this podcast, participants discuss how threats to information security are increasingly stealthy and must be mitigated through sound policy and strategy.
LISTEN
