Software Engineering Institute (SEI) Podcast Series-logo

Software Engineering Institute (SEI) Podcast Series

Technology Podcasts >

The SEI Podcast Series presents conversations in software engineering, cybersecurity, and future technologies.

The SEI Podcast Series presents conversations in software engineering, cybersecurity, and future technologies.
More Information

Location:

United States

Description:

The SEI Podcast Series presents conversations in software engineering, cybersecurity, and future technologies.

Language:

English


Episodes

Cybersecurity Engineering & Software Assurance: Opportunities & Risks

7/26/2018
More
In this podcast, Dr. Carol Woody discusses opportunities and risks in cybersecurity engineering, software assurance, and the resulting CERT Cybersecurity Engineering and Software Assurance Professional Certificate. The courses for this certificate program focus on software-reliant systems engineering and acquisition activities. The goal of the program is to infuse an awareness of cybersecurity (and an approach to identifying security requirements, engineering risk, and supply chain risk)...

Software Sustainment and Product Lines

7/10/2018
More
In the SEI’s examination of the software sustainment phase of the Department of Defense (DoD) acquisition lifecycle, we have noted that the best descriptor for sustainment efforts for software is “continuous engineering.” Typically, during this phase, the hardware elements are repaired or have some structural modifications to carry new weapons or sensors. Software, on the other hand, continues to evolve in response to new security threats, new safety approaches, or new functionality...

Duration:00:28:48

Best Practices in Cyber Intelligence

6/25/2018
More
The SEI Emerging Technology Center is conducting a study sponsored by the U.S. Office of the Director of National Intelligence to understand cyber intelligence best practices, common challenges, and future technologies that we will culminate in a published report. Through interviews with U.S.-based organizations from a variety of sectors, researchers are identifying tools, practices, and resources that help those organizations make informed decisions that protect their information and...

Duration:00:19:44

Deep Learning in Depth: The Good, The Bad, and the Future

6/7/2018
More
Although traditional machine learning methods are being successfully used to solve many problems in cybersecurity, their success often depends on choosing and extracting the right features from a dataset, which can be hard for complex data. In this podcast, Ritwik Gupta and Carson Sestili deep learning, a popular and quickly-growing subfield of machine learning that has had great success on problems about these datasets, and on many other problems where picking the right features for the...

Duration:00:52:54

The Evolving Role of the Chief Risk Officer

5/24/2018
More
In today's global business environment, risk management must be aligned to business strategy. As companies continue to shift their business models, strategies change and risk management becomes even more important. A company must find the right balance between risk resiliency and risk agility. The chief risk officer (CRO) role is an important catalyst to make that happen, so a company's long term strategic objectives may be realized. The CRO Certificate Program is developed and delivered...

Duration:00:28:51

Obsidian: A Safer Blockchain Programming Language

5/10/2018
More
The Defense Advanced Research Projects Agency (DARPA) and other agencies are expressing significant interest in blockchain technology because it promises inherent transparency, resiliency, forgery-resistance, and nonrepudiation, which can be used to protect sensitive infrastructure. At the same time, numerous high-profile incidents of blockchain coding errors that cause major damage to organizations have raised serious concerns about blockchain adoption. In this podcast, Eliezer Kanal and...

Duration:00:32:10

Agile DevOps

4/19/2018
More
DevOps breaks down software development silos to encourage free communication and constant collaboration. Agile, an iterative approach to development, emphasizes frequent deliveries of software. In this podcast, Eileen Wrubel, technical lead for the SEI’s Agile-in-Government program, and Hasan Yasar, technical manager of the Secure Lifecycle Solutions Group in the SEI’s CERT Division, discuss how Agile and DevOps can be deployed together to meet organizational needs.

Duration:00:33:50

Kicking Butt in Computer Science: Women in Computing at Carnegie Mellon University

4/5/2018
More
In fall 2017, Carnegie Mellon hit the news when an unprecedented 49 percent of women entered the computer science degree program. Furthermore, since 1999, the School of Computer Science has enrolled and sustained well above national averages of women in the CS major, all without changing the curriculum to be “pink” in any way (as is often presumed). In this podcast, Carol Frieze, Grace Lewis, and Jeria Quesenberry discuss CMU’s approach to creating a more inclusive environment for all...

Duration:00:29:01

Is Software Spoiling Us? Technical Innovations in the Department of Defense

3/15/2018
More
This series of podcasts presents excerpts from a recent SEI virtual event, Is Software Spoiling Us? Jeff Boleng, acting chief technical officer, moderated the discussion, which featured a panel of SEI researchers: Grace Lewis, Eliezer Kanal, Joseph Yankel, and Satya Venneti. In this segment, the panel discusses technical innovations that can be applied to the Department of Defense including improved situational awareness, human-machine interactions, artificial intelligence, machine...

Duration:00:21:34

Is Software Spoiling Us? Innovations in Daily Life from Software

2/8/2018
More
This series of podcasts presents excerpts from a recent SEI virtual event, Is Software Spoiling Us. Jeff Boleng, acting chief technical officer, moderated the discussion, which featured a panel of SEI researchers: Grace Lewis, Eliezer Kanal, Joseph Yankel, and Satya Venneti. In this podcast, the panel discusses awesome innovations in daily life that are made possible because of software.

Duration:00:17:03

How Risk Management Fits into Agile & DevOps in Government

2/1/2018
More
DevOps, which breaks down software development silos to encourage free communication and constant collaboration, reinforces many Agile methodologies. Equally important, the Risk Management Framework, provides a clearly defined framework that helps program managers incorporate security and risk management activities into the software and systems development life cycle. In this podcast, Eileen Wrubel, technical lead for the SEI’s Agile-in-Government program leads a roundtable discussion into...

Duration:00:34:49

5 Best Practices for Preventing and Responding to Insider Threat

12/28/2017
More
Insider threat continues to be a problem with approximately 50 percent of organizations experiencing at least one malicious insider incident per year, according to the 2017 U.S. State of Cybercrime Survey. Although the attack methods vary depending on the industry, the primary types of attacks identified by researchers at the CERT Insider Threat Center—theft of intellectual property, sabotage, fraud, and espionage—continue to hold true. In our work with public and private industry, we...

Duration:00:11:27

Pharos Binary Static Analysis: An Update

12/12/2017
More
Pharos was created by the SEI CERT Division to automate the reverse engineering of binaries, with a focus on malicious code analysis. Pharos, which was recently released on Github, builds upon the ROSE compiler infrastructure developed by Lawrence Livermore National Laboratory for disassembly, control flow analysis, instruction semantics, and more. In this podcast, the SEI CERT Division’s Jeff Gennari discusses updates to the Pharos framework including new tools, improvements, and bug fixes.

Duration:00:10:14

Positive Incentives for Reducing Insider Threat

11/30/2017
More
In the 2016 Cyber Security Intelligence Index, IBM found that 60 percent of all cyber attacks were carried out by insiders. One reason that insider threat remains so problematic is that organizations typically respond to these threats with negative technical incentives, such as practices that monitor and constrain employee behavior, detect and punish misbehavior, and otherwise try to force employees to act in the best interest of the organization. In this podcast, Andrew Moore and Dan...

Duration:00:24:30

Mission-Practical Biometrics

11/16/2017
More
Dr. Andrew Moore, who is the Dean of the School of Computer Science at CMU, predicted that 2016 would be a watershed year for machine emotional intelligence. Evidence of this can be seen in the Department of Defense, which increasingly relies on biometric data, such as iris scans, gait recognition, and heart-rate monitoring to protect against both cyber and physical attacks. Current state-of-the-art approaches do not make it possible to gather biometric data in real-world settings, such as...

Duration:00:20:56

At Risk Emerging Technology Domains

10/24/2017
More
In today’s increasingly interconnected world, the information security community must be prepared to address emerging vulnerabilities that may arise from new technology domains. Understanding trends and emerging technologies can help information security professionals, leaders of organizations, and others interested in information security to anticipate and prepare for such vulnerabilities. In this podcast, CERT vulnerability analyst Dan Klinedinst discusses research aimed at helping the...

Duration:00:10:47

DNS Blocking to Disrupt Malware

10/12/2017
More
For some time now, the cyber world has been under attack by a diffused set of enemies who improvise their own tools in many different varieties and hide them where they can do much damage. In this podcast, CERT researcher Vijay Sarvepalli explores Domain Name System or DNS Blocking, the idea of disrupting communications from malicious code such as ransomware that is used to lock up your digital assets, or data-exfiltration software that is used to steal your digital data. DNS blocking...

Duration:00:15:23

Best Practices: Network Border Protection

9/21/2017
More
When it comes to network traffic, it’s important to establish a filtering process that identifies and blocks potential cyberattacks, such as worms spreading ransomware and intruders exploiting vulnerabilities, while permitting the flow of legitimate traffic. In this podcast, the latest in a series on best practices for network security, Rachel Kartch explores best practices for network border protection at the Internet router and firewall. It is important to note that these recommendations...

Duration:00:24:25

Verifying Software Assurance with IBM’s Watson

9/7/2017
More
Since its debut on Jeopardy in 2011, IBM’s Watson has generated a lot of interest in potential applications across many industries. As detailed in this podcast, Mark Sherman recently led a research team investigating whether the Department of Defense could use Watson to improve software assurance and help acquisition professionals assemble and review relevant evidence from documents. Specifically, Sherman and his team examined whether typical developers could build an IBM Watson application...

Duration:00:20:02

The CERT Software Assurance Framework

8/31/2017
More
Software is a growing component of modern business- and mission-critical systems. As organizations become more dependent on software, security-related risks to their organizational missions also increase. Traditional security-engineering approaches rely on addressing security risks during the operation and maintenance of software-reliant systems. The costs required to control security risks increase significantly when organizations wait until systems are deployed to address those risks....

Duration:00:19:28