SEI Podcasts-logo

SEI Podcasts

Technology Podcasts >

Conversations in software engineering

Conversations in software engineering
More Information


United States


Conversations in software engineering








The Role of the Software Factory in Acquisition and Sustainment

Dr. Paul Nielsen discusses his involvement on a Defense Science Board Task Force that concluded that the software factory should be a key player in the acquisition and sustainment of software for defense. “This is one case where the military or the government can learn from industry, sort of a spin-in to the government. The government has traditionally followed other approaches that were very requirements-based. They have perfected requirements engineering. What we have found is that in...


Defending Your Organization Against Business Email Compromise

Operation Wire Wire, a coordinated law enforcement effort by the U.S. Department of Justice, U.S. Department of Homeland Security, U.S. Department of the Treasury, and the U.S. Postal Inspection Service, was conducted over a six-month period and resulted in 74 arrests in the United States and overseas, including 29 in Nigeria and 3 in Canada, Mauritius, and Poland. The operation also resulted in the seizure of nearly $2.4 million and the disruption and recovery of approximately $14 million...


My Story in Computing with Dr. Eliezer Kanal

Those who work in computing today bring a wide array of backgrounds and experiences to the profession. In this podcast, the first in a series, Dr. Eliezer Kanal—a former premed student, computational neuroscientist, health-care technical manager, financial quantitative analyst, freelance web developer, and IT consultant—discusses his background and education, all of which led to his current work leading a team of data scientists in the SEI’s CERT Division.


Women in Software and Cybersecurity: Eileen Wrubel

In this SEI Podcast, which highlights the work of Women in Software and Cybersecurity, Eileen Wrubel, co-lead of the SEI’s Agile/DevOps Transformation directorate, discusses her career journey.


Managing Technical Debt: A Focus on Automation, Design, and Architecture

Technical debt communicates the tradeoff between the short-term benefits of rapid delivery and the long-term value of developing a software system that is easy to evolve, modify, repair, and sustain. In this SEI Podcast, Rod Nord and Ipek Ozkaya discuss the SEI's current work in technical debt including the development of analysis techniques to help software engineers and decision makers manage the effect of technical debt on their software projects.


Women in Software and Cybersecurity: Grace Lewis

In her work at the SEI, Grace Lewis focuses on securely pushing cloud resources to the edge and integrating IoT devices into systems. Lewis’s research helps soldiers in the field access cloud resources even if they are not fully connected to the cloud. It also enables IoT devices to securely integrate with edge resources to pre-process data on its way to the cloud. In this SEI Podcast, Lewis discusses her career journey, which led to her leading Tactical Edge Computing at the SEI. This...


Women in Software and Cybersecurity: Bobbie Stempfley

In this SEI Podcast interview, Roberta (Bobbie) Stempfley discusses her career and journey to becoming the director of the SEI’s CERT Division. This podcast is one of the inaugural interviews in our Women in Software and Cybersecurity podcast series.


Women in Software and Cybersecurity: Dr. Lorrie Cranor

In this SEI Podcast, Dr. Lorrie Cranor, director of CyLab, discusses her career, her work in privacy and security, and her upcoming keynote at the 2019 Women in Cybersecurity Conference, March 28-30 in Pittsburgh. This podcast is one of the inaugural interviews in our Women in Software and Cybersecurity podcast series.


Leading in the Age of Artificial Intelligence

Tom Longstaff, who in 2018 was hired as the SEI’s chief technology officer, discusses the challenges of leading a technical organization in the age of artificial intelligence.


Applying Best Practices in Network Traffic Analysis

In today's operational climate, threats and attacks against network infrastructures have become far too common. Researchers in the SEI’s CERT Division work with organizations and large enterprises, many of whom analyze their network traffic data for ongoing status, attacks, or potential attacks. Through this work we have observed both challenges and best practices as these network traffic analysts analyze incoming contacts to the network, including packets traces or flows. In this SEI...


10 Types of Application Security Testing Tools and How to Use Them

Bugs and weaknesses in software are common: 84 percent of system breaches exploit vulnerabilities at the application layer. The prevalence of software-related problems is a key motivation for using application security testing tools. With a growing number of application security testing tools available, it can be confusing for leaders, developers, and engineers to know which tools address which issues. In this podcast, Thomas Scanlon, a researcher in the SEI’s CERT Division, discusses the...


Using Test Suites for Static Analysis Alert Classifiers

Static analysis tools used to identify potential vulnerabilities in source code produce a large number of alerts with high false-positive rates that engineers must painstakingly examine to find legitimate flaws. Researchers in the SEI’s CERT Division have developed the SCALe (Source Code Analysis Laboratory) tool to help analysts be more efficient and effective at auditing static analysis alerts. In this podcast, CERT researchers Lori Flynn and Zach Kurtz discuss ongoing research using test...


Blockchain at CMU and Beyond

Beyond its financial hype, researchers are exploring and understanding the promise of Blockchain technologies. In this SEI Podcast, Eliezer Kanal and Eugene Leventhal discuss blockchain research at Carnegie Mellon University and beyond.


Deep Learning in Depth: The Future of Deep Learning

Ritwik Gupta and Carson Sestili discuss the future of deep learning. “Here is amazing research being done all over the world on how we make what is called explainable AI. How do we explain what the deep learning is trying to do? This is a problem across all fields.”


Deep Learning in Depth: Adversarial Machine Learning

Ritwik Gupta of the SEI’s Emerging Technology Center and Carson Sestili, formerly of the SEI’s CERT Division and now with Google, discuss adversarial machine learning.


System Architecture Virtual Integration: ROI on Early Discovery of Defects

Peter Feiler discusses the cost savings (26.1 percent) realized when using the System Architecture Virtual Integration approach on the development of software-reliant systems for aircraft. “If you discover [software defects] at system integration test, the cost of fixing a problem is 300 to 1,000 times higher than doing it upfront. So if upfront, you spent $10,000 fixing it, it’s between $3 and $10 million on the backend that you are saving by the way.”


Deep Learning in Depth: The Importance of Diverse Perspectives

Ritwik Gupta of the SEI’s Emerging Technology Center and Carson Sestili, formerly of the SEI’s CERT Division and now with Google, discuss the importance of diverse perspectives in deep learning. “If you feel like I am an OK programmer, but I am a good deep thinker and a good mathematician, that is actually one of the corners of what it takes to be a successful data scientist. Again, in regard to our previous conversation, you cannot get away with only knowing math. But if you do know math,...


A Technical Strategy for Cybersecurity

Roberta “Bobbie” Stempfley, who was appointed director of the SEI’s CERT Division in June 2017, discusses a technical strategy for cybersecurity. “There is never enough time, money, power, resources—whatever it is—and we make design tradeoffs. Adversaries are looking at what opportunities that creates. They are looking at failures in implementation.”


Best Practices for Security in Cloud Computing

Don Faatz and Tim Morrow, researchers with the SEI’s CERT Division, outline best practices that organizations should use to address the vulnerabilities and risks in moving applications and data to cloud services.


Risks, Threats, and Vulnerabilities in Moving to the Cloud

Tim Morrow and Donald Faatz outline the risks, threats, and vulnerabilities that organizations face when moving applications or data to the cloud. “If you look at large organizations like the DoD, they have embraced this. They are looking to buy infrastructures as a service and even moving office automation to the cloud. For smaller organizations, though, it is something of a challenge, so we wanted to look at and give people some ideas about the challenges they will face when they do...