Software Engineering Institute (SEI) Podcast Series-logo

Software Engineering Institute (SEI) Podcast Series

Technology Podcasts

The SEI Podcast Series presents conversations in software engineering, cybersecurity, and future technologies.

The SEI Podcast Series presents conversations in software engineering, cybersecurity, and future technologies.

Location:

United States

Description:

The SEI Podcast Series presents conversations in software engineering, cybersecurity, and future technologies.

Language:

English


Episodes

Achieving Continuous Authority to Operate (ATO)

11/24/2020
Authority to Operate (ATO) is a process that certifies a system to operate for a certain period of time by evaluating the risk of the system's security controls. ATO is based on the National Institute of Standards and Technology’s Risk Management Framework (NIST 800-37). In this podcast, Shane Ficorilli and Hasan Yasar, both with the Carnegie Mellon University Software Engineering Institute, discuss continuous ATO, including challenges, the role of DevSecOps, and cultural issues that...

Duration:00:33:28

Challenging the Myth of the 10x Programmer

11/9/2020
A pervasive belief in software engineering is that some programmers are much, much better than others (the times-10, or 10x, programmer), and that the skills, abilities, and talents of these programmers exert an outsized influence on that organizations’ success or failure. Bill Nichols, a researcher with the Carnegie Mellon University Software Engineering Institute, recently examined the veracity and relevance of this widely held notion. Using data from a study conducted at the SEI, Nichols...

Duration:00:20:59

A Stakeholder-Specific Approach to Vulnerability Management

10/27/2020
Many organizations use the Common Vulnerability Scoring System (CVSS) to prioritize actions during vulnerability management. This podcast—which highlights the latest work in prioritizing actions during vulnerability management—presents a testable Stakeholder-Specific Vulnerability Categorization (SSVC) that avoids some problems with CVSS. SSVC takes the form of decision trees for different vulnerability management communities. During this podcast, CERT vulnerability researchers Eric...

Duration:00:37:10

Optimizing Process Maturity in CMMC Level 5

10/13/2020
The Cybersecurity Maturity Model Certification (CMMC) for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB...

Duration:00:09:35

Reviewing and Measuring Activities for Effectiveness in CMMC Level 4

10/7/2020
The Cybersecurity Maturity Model Certification (CMMC) for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB...

Duration:00:13:37

Situational Awareness for Cybersecurity: Beyond the Network

9/30/2020
Situational awareness makes it possible to get relevant information from across an organization, to integrate that information, and to disseminate it to help leaders make more informed decisions. In this SEI Podcast, Angela Horneman and Timothy Morrow, researchers in the SEI's CERT Division, discuss the importance of looking beyond the network to acquire situational awareness for cybersecurity.

Duration:00:25:35

Quantum Computing: The Quantum Advantage

9/17/2020
While actual quantum computers are available from several different companies, we are currently in the Noisy Intermediate-Scale Quantum (NISQ) era. Working in the NISQ era presents a number of challenges, and the SEI is working to use NISQ devices not only to solve specific mission applications for the Department of Defense, but also to help determine when they will demonstrate so-called quantum advantage: a quantum computer solving a problem of practical interest faster than a classical...

Duration:00:30:34

CMMC Scoring 101

9/2/2020
The Cybersecurity Maturity Model Certification (CMMC) for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB...

Duration:00:10:14

Developing an Effective CMMC Policy

8/17/2020
The Cybersecurity Maturity Model Certification (CMMC) for the Defense Industrial Base (DIB) defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB...

Duration:00:05:41

The Future of Cyber: Educating the Cybersecurity Workforce

8/10/2020
The culture of computers and information technology changes quickly. The Future of Cyber Podcast series explores the future of cyber and whether we can use the innovations of the past to address the problems of the future. In our latest episode, Bobbie Stempfley, director of the SEI’s CERT Division, interviews Dr. Diana Burley, executive director and chair of the Institute for Information Infrastructure Protection, or I3P, and vice provost for research at American University. Their...

Duration:00:28:51

Documenting Process for CMMC

7/30/2020
The Cybersecurity Maturity Model Certification (CMMC) for the Defense Industrial Base (DIB) defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB...

Duration:00:09:56

Agile Cybersecurity

7/20/2020
Software development is shifting to incremental delivery to meet the demand for software quicker and at lower costs. With the current cyber threat climate, the demand for cybersecurity is growing but existing compliance processes focus on a completed product and do not support incremental delivery. Cybersecurity must be carefully woven into each increment deliver results with sufficient security and quality. Previous SEI research has shown that improved quality results in improved...

Duration:00:25:46

CMMC Levels 1-3: Going Beyond NIST SP-171

7/1/2020
The Cybersecurity Maturity Model Certification (CMMC) defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from Defense Industrial Base (DIB) entities and the...

Duration:00:13:26

The Future of Cyber: Secure Coding

6/15/2020
For more than 30 years, the cybersecurity community has worked to increase the effectiveness of our cybersecurity and resilience efforts. Today we face an explosion of devices, the pervasiveness of software, the threat of adversarial capability, and the dependence of national capabilities on the cyber domain. These challenges demand that we think about how to achieve the future we need, which is the subject of a new series of podcasts, The Future of Cyber. In this episode, Bobbie Stempfley,...

Duration:00:41:15

Challenges to Implementing DevOps in Highly Regulated Environments

5/28/2020
In this SEI podcast, Hasan Yasar and Jose Morales discuss challenges to implementing DevOps in highly regulated environments (HREs), exploring issues such as environment parity, the approval process, and compliance. This podcast is the second to explore DevOps in HREs.

Duration:00:38:41

The Future of Cyber: Cybercrime

5/7/2020
The culture of computers and information technology evolves quickly. In this environment, how can we build a culture of security through regulations and best practices when technology can move so much faster than legislative bodies? The Future of Cyber Podcast Series explores whether we can use the innovations of the past to address the problems of the future. In this SEI Podcast, David Hickton, founding director of the University of Pittsburgh Institute for Cyber Law, Policy, and Security,...

Duration:00:35:02

An Ethical AI Framework

4/28/2020
Artificially intelligent (AI) systems hold great promise to empower us with knowledge and enhance human effectiveness. As a senior research scientist in human-machine interaction at the Software Engineering Institute's Emerging Technology Center, Carol Smith works to further understand how humans and machines can better collaborate to solve important problems and also understand our responsibilities and how that work continues once AI systems are operational. In this podcast, Smith discusses...

Duration:00:15:57

My Story in Computing: Madison Quinn Oliver

4/13/2020
Those who work in computing today bring a wide array of backgrounds and experiences to the profession. In this podcast learn how Madison Quinn Oliver, who wanted to work at Carnegie Mellon University since childhood, relied on a strong work ethic and lifelong pursuit of education to become an associate vulnerability engineer on the Vulnerability Coordination Team within the SEI’s CERT Division. This is the second installment in our My Story in Computing podcast series.

Duration:00:23:08

The CERT Guide to Coordinated Vulnerability Disclosure

3/26/2020
In this podcast, Allen Householder and David Warren discuss the CERT Guide to Coordinated Vulnerability Disclosure, which is intended for use by security researchers, software vendors, and other stakeholders in navigating the complexities of informing others about security vulnerabilities.

Duration:00:35:00

Women in Software and Cybersecurity: Dr. April Galyardt

3/11/2020
Dr. April Galyardt, a machine learning research scientist at the SEI, discusses her career journey, challenges, and lessons learned along the way. This episode is the latest installment in our series highlighting the work of women in software and cybersecurity.

Duration:00:13:28