Software Engineering Institute (SEI) Podcast Series

By Members of Technical Staff at the Software Engineering Institute

Technology Education

What's Software Engineering Institute (SEI) Podcast Series about?

Software Engineering Institute (SEI) Podcast Series

Download our free app to listen on your phone

LAST EPISODE

Work From Home: Threats, Vu...

01.06.2021

Phil Groce, a senior network defense analyst in the CERT Division of the Carnegie Mellon University Software Engineering Institute, discusses the security implications of this dramatic increase in the number of people in organizations who are working from home, examines ...

Software Engineering Institute (SEI) Podcast Series episodes:

01.06.2021 Work From Home: Threats, Vulnerabilities, and Strategies for Protecting Your Network Phil Groce, a senior network defense analyst in the CERT Division of the Carnegie Mellon University Software Engineering Institute, discusses the security implications of this dramatic increase in the number of people in organizations who are working from home, examines ...
12.08.2020 An Introduction to CMMC Assessment Guides The Cybersecurity Maturity Model Certification (CMMC) defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. In this SEI Podcast, Andrew Hoover and Katie Stewart, architects of ...
12.07.2020 The CMMC Level 3 Assessment Guide: A Closer Look The Cybersecurity Maturity Model Certification (CMMC) for Defense Industrial Base suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. In this SEI podcast, Andrew Hoover ...
12.07.2020 The CMMC Level 1 Assessment Guide: A Closer Look The Cybersecurity Maturity Model Certification (CMMC) for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. In this SEI Podcast, Andrew ...
11.24.2020 Achieving Continuous Authority to Operate (ATO) Authority to Operate (ATO) is a process that certifies a system to operate for a certain period of time by evaluating the risk of the system's security controls. In this podcast, Shane Ficorilli and Hasan Yasar, both with the Carnegie ...
11.09.2020 Challenging the Myth of the 10x Programmer A pervasive belief in software engineering is that some programmers are much, much better than others (the times-10, or 10x, programmer), and that the skills, abilities, and talents of these programmers exert an outsized influence on that organizations’ success or ...
10.27.2020 A Stakeholder-Specific Approach to Vulnerability Management CERT vulnerability researchers Eric Hatleback, Allen Householder, and Dr. Jonathan Spring present an alternative system for vulnerability categorization, Stakeholder-Specific Vulnerability Categorization (SSVC) and also take audience members through a sample scoring vulnerability. SSVC takes the form of decision trees for ...
10.13.2020 Optimizing Process Maturity in CMMC Level 5 The Cybersecurity Maturity Model Certification (CMMC) for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. In this SEI Podcast, Andrew ...
10.07.2020 Reviewing and Measuring Activities for Effectiveness in CMMC Level 4 When fully implemented, CMMC will require all DIB companies to achieve certification at one of the five CMMC levels, which includes both technical security practices and maturity processes. In this SEI Podcast, Andrew Hoover and Katie Stewart, architects of the ...
09.30.2020 Situational Awareness for Cybersecurity: Beyond the Network Situational awareness makes it possible to get relevant information from across an organization, to integrate that information, and to disseminate it to help leaders make more informed decisions. In this SEI Podcast, Angela Horneman and Timothy Morrow discuss the importance ...
09.17.2020 Quantum Computing: The Quantum Advantage In this episode, the latest from the SEI Podcast Series, Dr. Jason Larkin, a researcher in the SEI's Emerging Technology Center, discusses the quantum advantage and the challenges of working in the NISQ era. Dr. Larkin also provides a list ...
09.02.2020 CMMC Scoring 101 Andrew Hoover and Katie Stewart, architects of the Cybersecurity Maturity Model Certification (CMMC), discuss how assessed Defense Industrial Base organizations are scored according to the model.
08.17.2020 Developing an Effective CMMC Policy The Cybersecurity Maturity Model Certification (CMMC) for the Defense Industrial Base (DIB) defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. In this SEI Podcast, Andrew ...
08.12.2020 Developing an Effective CMMC Policy The Cybersecurity Maturity Model Certification (CMMC) for the Defense Industrial Base (DIB) defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. In this SEI Podcast, Andrew ...
08.10.2020 The Future of Cyber: Educating the Cybersecurity Workforce In the latest episode of our Future of Cyber Podcast Series, Bobbie Stempfley, director of the SEI’s CERT Division, interviews Dr. Diana Burley, executive director and chair of the Institute for Information Infrastructure Protection, or I3P, and vice provost for ...
07.30.2020 Documenting Process for CMMC In this SEI Podcast, Andrew Hoover and Katie Stewart, architects of the Cybersecurity Maturity Model Certification (CMMC), discuss process documentation, a Level 2 requirement.
07.20.2020 Agile Cybersecurity With the current cyber threat climate, the demand for cybersecurity is growing but existing compliance processes focus on a completed product and do not support incremental delivery. Cybersecurity must be carefully woven into each increment deliver results with sufficient security ...
07.01.2020 CMMC Levels 1-3: Going Beyond NIST SP-171 The Cybersecurity Maturity Model Certification (CMMC) defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. In this SEI Podcast, Andrew Hoover and Katie Stewart, architects of ...
06.15.2020 The Future of Cyber: Secure Coding In this episode of the Future of Cyber, Bobbie Stempfley, director of the CERT Division of the SEI, explores the future of secure coding with Steve Lipner, the executive director of SAFECode and former director of software security at Microsoft, ...
05.28.2020 Challenges to Implementing DevOps in Highly Regulated Environments In this SEI podcast, Hasan Yasar and Jose Morales discuss challenges to implementing DevOps in highly regulated environments (HREs), exploring issues such as environment parity, the approval process, and compliance. This podcast is the second to explore DevOps in HREs.
05.07.2020 The Future of Cyber: Cybercrime The Future of Cyber Podcast Series explores whether we can use the innovations of the past to address the problems of the future. In this SEI Podcast, David Hickton, founding director of the University of Pittsburgh Institute for Cyber Law, ...
04.28.2020 An Ethical AI Framework As a senior research scientist in human-machine interaction at the SEI's Emerging Technology Center, Carol Smith works to understand how humans and machines can better collaborate to solve important problems and also understand our responsibilities and how that work continues ...
04.13.2020 My Story in Computing: Madison Quinn Oliver Those who work in computing today bring a wide array of backgrounds and experiences to the profession. In this podcast learn how Madison Quinn Oliver, who wanted to work at Carnegie Mellon University since childhood, relied on a strong work ...
03.26.2020 The CERT Guide to Coordinated Vulnerability Disclosure In this podcast, Allen Householder and David Warren discuss the CERT Guide to Coordinated Vulnerability Disclosure, which is intended for use by security researchers, software vendors, and other stakeholders in navigating the complexities of informing others about security vulnerabilities.
03.11.2020 Women in Software and Cybersecurity: Dr. April Galyardt Dr. April Galyardt, a machine learning research scientist at the SEI, discusses her career journey, challenges, and lessons learned along the way. This episode is the latest installment in our series highlighting the work of women in software and cybersecurity.
02.26.2020 The Future of Cyber: Security and Privacy Dr. Lorrie Faith Cranor, director of CyLab, sits down with Bobbie Stempfley, director of the SEI’s CERT Division, to talk about the future of cyber in security and privacy.
02.14.2020 The Future of Cyber: Security and Resilience In this podcast, the first in a series exploring The Future of Cyber, Bobbie Stempfley, director of the CERT Division of the SEI, and Dr. Michael McQuade, vice-president for research at Carnegie Mellon University, explore past and present technologies that ...
02.07.2020 Reverse Engineering Object-Oriented Code with Ghidra and New Pharos Tools Jeff Gennari and Cory Cohen discuss updates to the Pharos Binary Analysis Framework in GitHub, including a new plug-in to import OOAnalyzer analysis into the NSA's recently released Ghidra software reverse engineering tool suite.
01.29.2020 Women in Software and Cybersecurity: Dr. Carol Woody Dr. Carol Woody discusses the career path that led to her current role as technical manager for the Cybersecurity Engineering (CSE) team in the SEI’s CERT Division.
12.17.2019 Benchmarking Organizational Incident Management Practices In this SEI Podcast, Robin Ruefle and Mark Zajicek discuss recent work that provides a baseline or benchmark of incident management practices for an organization and detail how important it is to focus on preparation for incident management along with ...
12.11.2019 Machine Learning in Cybersecurity: 7 Questions for Decision Makers April Galyardt, Angela Horneman, and Jonathan Spring discuss seven key questions that managers and decision makers should ask about machine learning to effectively solve cybersecurity problems.
11.26.2019 Women in Software and Cybersecurity: Kristi Roth In this SEI Podcast, Kristi Roth, a summer 2019 intern in the Software Solutions Division at the Software Engineering Institute, discusses the path that led from a childhood spent calculating math problems in her head to a high school Introduction ...
11.12.2019 Human Factors in Software Engineering Solving the technical aspects isn’t enough to build reliable, enduring, resilient software and systems. Human decision making, behavioral factors, and cultural factors influence software engineering, acquisition, and cybersecurity. In this SEI Podcast roundtable, Andrew Mellinger, Suzanne Miller, and Hasan Yasar ...
10.15.2019 Women in Software and Cybersecurity: Anita Carleton In this SEI Podcast, Anita Carleton discusses the career path that led to her current role as acting director of the SEI’s Software Solutions Division and the challenges and mentors (Watts Humphrey) that she encountered along the way.
10.04.2019 Improving the Common Vulnerability Scoring System In this podcast, the authors discuss a 2019 paper that outlines challenges with the Common Vulnerability Scoring System (CVSS) and proposes changes to improve it.
10.01.2019 Why Software Architects Must Be Involved in the Earliest Systems Engineering Activities Software by its nature spans physical items: it provides the inter-system communication that has a direct influence on most capabilities, and thus must be architected intelligently, especially when pieces are built by different contractors. As Dr. Sarah Sheard discusses in ...
09.24.2019 Selecting Metrics for Software Assurance In this podcast, Dr. Carol Woody discusses the selection of metrics for measuring the software assurance of a product as it is developed and delivered to function in a specific system context.
09.18.2019 AI in Humanitarian Assistance and Disaster Response In 2017 and 2018, the world witnessed a record number of climate and weather-related disasters. Government agencies are increasingly interested in the use of artificial intelligence (AI) to help first responders in locating survivors, identifying structures in satellite imagery, and ...
08.30.2019 The AADL Error Library: 4 Families of Systems Errors In this SEI Podcast, researchers Peter Feiler and Sam Procter present the Architecture Analysis and Design Language (AADL) EMV2 Error Library, which is an established taxonomy that draws on a broad range of previous work in classifying system errors.
08.22.2019 Women in Software and Cybersecurity: Suzanne Miller As a principle researcher at the SEI, Suzanne Miller works to help the Department of Defense develop and field software to the warfighter. In this SEI Podcast, the latest in a series highlighting the work of women in software and ...
07.29.2019 Privacy in the Blockchain Era In this SEI Podcast, Dr. Giulia Fanti, an assistant professor of Electrical and Computer Engineering at Carnegie Mellon University, discusses her latest research including privacy problems in the cryptocurrency and blockchain space and generative adversarial networks.
07.25.2019 Cyber Intelligence: Best Practices and Biggest Challenges Cyber Intelligence is a rapidly changing field, and many organizations do not have the people, time, and funding in place to build a cyber intelligence team, according to a report released in late May by the SEI’s Emerging Technology Center. ...
07.12.2019 Assessing Cybersecurity Training If we can record informative traces of activity in simulation environments and draw accurate inferences about trainee capabilities, then we can provide evidence-based guidance on performance, assess mission readiness, optimize training schedules, and refine training modules. April Galyardt, a machine ...
06.27.2019 DevOps in Highly Regulated Environments Highly regulated environments (HREs), such as finance and healthcare, are mandated by policies for various reasons, most often general security and protection of intellectual property. These policies make the sharing and open access principles of DevOps that much harder to ...
06.20.2019 Women in Software and Cybersecurity: Dr. Ipek Ozkaya After earning a degree in architecture, Dr. Ipek Ozkaya studied computational design at Carnegie Mellon University. Now at the Software Engineering Institute, Ozkaya researches better ways for designing software and helping organizations manage technical debt in large-scale, complex software-intensive systems. ...
06.11.2019 The Role of the Software Factory in Acquisition and Sustainment Dr. Paul Nielsen discusses his involvement on a Defense Science Board Task Force that concluded that the software factory should be a key player in the acquisition and sustainment of software for defense.
05.30.2019 Defending Your Organization Against Business Email Compromise Operation Wire Wire, a coordinated law enforcement effort by the U.S. Department of Justice, U.S. Department of Homeland Security, U.S. Department of the Treasury, and the U.S. Postal Inspection Service, resulted in 74 arrests in the United States and overseas, ...
05.21.2019 My Story in Computing with Dr. Eliezer Kanal Those who work in computing today bring a wide array of backgrounds and experiences to the profession. In this podcast, the first in a series, Dr. Eliezer Kanal—a former premed student, computational neuroscientist, health-care technical manager, financial quantitative analyst, freelance ...
04.19.2019 Women in Software and Cybersecurity: Eileen Wrubel In this SEI Podcast, which highlights the work of Women in Software and Cybersecurity, Eileen Wrubel, co-lead of the SEI’s Agile/DevOps Transformation directorate, discusses her career journey.
03.21.2019 Managing Technical Debt: A Focus on Automation, Design, and Architecture In this SEI Podcast, Rod Nord and Ipek Ozkaya discuss the SEI's current work in technical debt including the development of analysis techniques to help software engineers and decision makers manage the effect of technical debt on their software projects.

Older episodes

Software Engineering Institute (SEI) Podcast Series

What's Software Engineering Institute (SEI) Podcast Series about?

Download our free app to listen on your phone

Software Engineering Institute (SEI) Podcast Series episodes:

Work From Home: Threats, Vulnerabilities, and Strategies for Protecting Your Network

An Introduction to CMMC Assessment Guides

The CMMC Level 3 Assessment Guide: A Closer Look

The CMMC Level 1 Assessment Guide: A Closer Look

Achieving Continuous Authority to Operate (ATO)

Challenging the Myth of the 10x Programmer

A Stakeholder-Specific Approach to Vulnerability Management

Optimizing Process Maturity in CMMC Level 5

Reviewing and Measuring Activities for Effectiveness in CMMC Level 4

Situational Awareness for Cybersecurity: Beyond the Network

Quantum Computing: The Quantum Advantage

CMMC Scoring 101

Developing an Effective CMMC Policy

Developing an Effective CMMC Policy

The Future of Cyber: Educating the Cybersecurity Workforce

Documenting Process for CMMC

Agile Cybersecurity

CMMC Levels 1-3: Going Beyond NIST SP-171

The Future of Cyber: Secure Coding

Challenges to Implementing DevOps in Highly Regulated Environments

The Future of Cyber: Cybercrime

An Ethical AI Framework

My Story in Computing: Madison Quinn Oliver

The CERT Guide to Coordinated Vulnerability Disclosure

Women in Software and Cybersecurity: Dr. April Galyardt

The Future of Cyber: Security and Privacy

The Future of Cyber: Security and Resilience

Reverse Engineering Object-Oriented Code with Ghidra and New Pharos Tools

Women in Software and Cybersecurity: Dr. Carol Woody

Benchmarking Organizational Incident Management Practices

Machine Learning in Cybersecurity: 7 Questions for Decision Makers

Women in Software and Cybersecurity: Kristi Roth

Human Factors in Software Engineering

Women in Software and Cybersecurity: Anita Carleton

Improving the Common Vulnerability Scoring System

Why Software Architects Must Be Involved in the Earliest Systems Engineering Activities

Selecting Metrics for Software Assurance

AI in Humanitarian Assistance and Disaster Response

The AADL Error Library: 4 Families of Systems Errors

Women in Software and Cybersecurity: Suzanne Miller

Privacy in the Blockchain Era

Cyber Intelligence: Best Practices and Biggest Challenges

Assessing Cybersecurity Training

DevOps in Highly Regulated Environments

Women in Software and Cybersecurity: Dr. Ipek Ozkaya

The Role of the Software Factory in Acquisition and Sustainment

Defending Your Organization Against Business Email Compromise

My Story in Computing with Dr. Eliezer Kanal

Women in Software and Cybersecurity: Eileen Wrubel

Managing Technical Debt: A Focus on Automation, Design, and Architecture

Other shows like Software Engineering Institute (SEI) Podcast Series: