Software Engineering Institute (SEI) Podcast Series-logo

Software Engineering Institute (SEI) Podcast Series

Technology Podcasts

The SEI Podcast Series presents conversations in software engineering, cybersecurity, and future technologies.

The SEI Podcast Series presents conversations in software engineering, cybersecurity, and future technologies.

Location:

United States

Description:

The SEI Podcast Series presents conversations in software engineering, cybersecurity, and future technologies.

Language:

English


Episodes

My Story in Computing with Carol Smith

4/9/2021
Those who work in computing today bring a wide array of backgrounds and experiences to the profession. In this podcast, part of the My Story in Computing series, learn how Carol Smith, who trained as a photojournalist, discusses how a love of telling people’s stories led to a career in human-computer interaction working in artificial intelligence with the SEI’s Emerging Technology Center.

Duration:00:17:18

Digital Engineering and DevSecOps

3/16/2021
Digital engineering is an integrated digital approach that uses authoritative sources of systems data and models as a continuum across disciplines to support lifecycle activities from concept through disposal. With digital engineering, models are developed for everything, not just for software, but for all components of a system of systems, hardware and software. The models and associated data are stored in a singular repository of knowledge and are the single source that is used by all...

Duration:00:31:35

A 10-Step Framework for Managing Risk

3/9/2021
Brett Tucker, a technical manager for cyber risk in the SEI CERT Division, discusses the Operationally Critical Threat, Asset, and Vulnerability Evaluation for the Enterprise (OCTAVE FORTE) Model, which helps organizations evaluate security risks and use principles of enterprise risk management to bridge the gap between executives and practitioners. In this SEI Podcast, Tucker outlines OCTAVE FORTE's 10-step framework to guide organizations in managing risk.

Duration:00:31:07

7 Steps to Engineer Security into Ongoing and Future Container Adoption Efforts

2/23/2021
If organizations take more steps to address security-related activities now, they will be less likely to encounter security incidents in the future. When it comes to application containers, security is achieved through adopting a series of best practices and guidelines. In this SEI Podcast, Tom Scanlon and Richard Laughlin, researchers with the SEI's CERT Division, discuss seven steps that developers can take to engineer security into ongoing and future container adoption efforts.

Duration:00:15:28

Ransomware: Evolution, Rise, and Response

2/16/2021
In this SEI Podcast, Marisa Midler and Tim Shimeall, network defense analysts within the SEI's CERT Division, discuss the growing problem of ransomware including the rise of ransomware as a service threats. Ransom payments from Quarter 3 of 2019 were on average $42,000, and in Quarter 1 of 2020, that average increased $70,000 to $112,000. The volume of attacks also increased by 25 percent in Quarter 4 of 2019 and by another 25 percent in Quarter 1 of 2020. The sophistication of the attacks...

Duration:00:34:20

VINCE: A Software Vulnerability Coordination Platform

1/21/2021
Software vulnerability coordination at the CERT Coordination Center (CERT/CC) has traditionally relied on a hub-and-spoke model, with reports submitted to analysts at the CERT/CC analysts who would then work with contact affected vendors. To scale communications and increase the level of collaboration between vulnerability reporters, coordinators, and software vendors, the CERT/CC team has created a web-based platform for software vulnerability reporting and coordination called the...

Duration:00:39:27

Work From Home: Threats, Vulnerabilities, and Strategies for Protecting Your Network

1/6/2021
The COVID-19 pandemic has forced significant changes in enterprise work practices, including an increased use of telecommunications technologies required by the new work-from-home policies that most organizations have instituted in response. In this podcast, Phil Groce, a senior network defense analyst in the CERT Division of the Carnegie Mellon University Software Engineering Institute, discusses the security implications of this dramatic increase in the number of people in organizations...

Duration:00:47:08

An Introduction to CMMC Assessment Guides

12/8/2020
The Cybersecurity Maturity Model Certification (CMMC) for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB...

Duration:00:08:22

The CMMC Level 3 Assessment Guide: A Closer Look

12/7/2020
The Cybersecurity Maturity Model Certification (CMMC) for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB...

Duration:00:13:53

The CMMC Level 1 Assessment Guide: A Closer Look

12/7/2020
The Cybersecurity Maturity Model Certification (CMMC) for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB...

Duration:00:20:50

Achieving Continuous Authority to Operate (ATO)

11/24/2020
Authority to Operate (ATO) is a process that certifies a system to operate for a certain period of time by evaluating the risk of the system's security controls. ATO is based on the National Institute of Standards and Technology’s Risk Management Framework (NIST 800-37). In this podcast, Shane Ficorilli and Hasan Yasar, both with the Carnegie Mellon University Software Engineering Institute, discuss continuous ATO, including challenges, the role of DevSecOps, and cultural issues that...

Duration:00:33:28

Challenging the Myth of the 10x Programmer

11/9/2020
A pervasive belief in software engineering is that some programmers are much, much better than others (the times-10, or 10x, programmer), and that the skills, abilities, and talents of these programmers exert an outsized influence on that organizations’ success or failure. Bill Nichols, a researcher with the Carnegie Mellon University Software Engineering Institute, recently examined the veracity and relevance of this widely held notion. Using data from a study conducted at the SEI, Nichols...

Duration:00:20:59

A Stakeholder-Specific Approach to Vulnerability Management

10/27/2020
Many organizations use the Common Vulnerability Scoring System (CVSS) to prioritize actions during vulnerability management. This podcast—which highlights the latest work in prioritizing actions during vulnerability management—presents a testable Stakeholder-Specific Vulnerability Categorization (SSVC) that avoids some problems with CVSS. SSVC takes the form of decision trees for different vulnerability management communities. During this podcast, CERT vulnerability researchers Eric...

Duration:00:37:10

Optimizing Process Maturity in CMMC Level 5

10/13/2020
The Cybersecurity Maturity Model Certification (CMMC) for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB...

Duration:00:09:35

Reviewing and Measuring Activities for Effectiveness in CMMC Level 4

10/7/2020
The Cybersecurity Maturity Model Certification (CMMC) for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB...

Duration:00:13:37

Situational Awareness for Cybersecurity: Beyond the Network

9/30/2020
Situational awareness makes it possible to get relevant information from across an organization, to integrate that information, and to disseminate it to help leaders make more informed decisions. In this SEI Podcast, Angela Horneman and Timothy Morrow, researchers in the SEI's CERT Division, discuss the importance of looking beyond the network to acquire situational awareness for cybersecurity.

Duration:00:25:35

Quantum Computing: The Quantum Advantage

9/17/2020
While actual quantum computers are available from several different companies, we are currently in the Noisy Intermediate-Scale Quantum (NISQ) era. Working in the NISQ era presents a number of challenges, and the SEI is working to use NISQ devices not only to solve specific mission applications for the Department of Defense, but also to help determine when they will demonstrate so-called quantum advantage: a quantum computer solving a problem of practical interest faster than a classical...

Duration:00:30:34

CMMC Scoring 101

9/2/2020
The Cybersecurity Maturity Model Certification (CMMC) for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB...

Duration:00:10:14

Developing an Effective CMMC Policy

8/17/2020
The Cybersecurity Maturity Model Certification (CMMC) for the Defense Industrial Base (DIB) defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB...

Duration:00:05:41

The Future of Cyber: Educating the Cybersecurity Workforce

8/10/2020
The culture of computers and information technology changes quickly. The Future of Cyber Podcast series explores the future of cyber and whether we can use the innovations of the past to address the problems of the future. In our latest episode, Bobbie Stempfley, director of the SEI’s CERT Division, interviews Dr. Diana Burley, executive director and chair of the Institute for Information Infrastructure Protection, or I3P, and vice provost for research at American University. Their...

Duration:00:28:51