All Episodes
Software Engineering Institute (SEI) Podcast Series — 428 episodes
Goal-Line Defense: A Tool to Discover and Mitigate UEFI Vulnerabilities
Leadership, Legacy, and the Power of Mentors: Insights from Dr. Paul Nielsen
With a Little Help from Our Civilian Friends: Cybersecurity Reserve Is Both Feasible and Advisable
Maturing AI Adoption: From Chaos to Consistency
Temporal Memory Safety in C and C++: An AI-Enhanced Pointer Ownership Model
AI for the Warfighter: Acquisition Challenges and Guidance
Visibility Through the Clouds with Network Flow Logs
Orchestrating the Chaos: Protecting Wireless Networks from Cyber Attacks
From Data to Performance: Understanding and Improving Your AI Model
What Could Possibly Go Wrong? Safety Analysis for AI Systems
Getting Your Software Supply Chain In Tune with SBOM Harmonization
API Security: An Emerging Concern in Zero Trust Implementations
Delivering Next-Generation AI Capabilities
The Benefits of Rust Adoption for Mission-and-Safety-Critical Systems
Threat Modeling: Protecting Our Nation's Complex Software-Intensive Systems
Understanding Container Reproducibility Challenges: Stopping the Next Solar Winds
Mitigating Cyber Risk with Secure by Design
The Magic in the Middle: Evolving Scaled Software Solutions for National Defense
Making Process Respectable Again: Advancing DevSecOps in the DoD Mission Space
Deploying on the Edge
The Best and Brightest: 6 Years of Supporting the President's Cup Cybersecurity Competition
Updating Risk Assessment in the CERT Secure Coding Standard
Delivering Next Generation Cyber Capabilities to the DoD Warfighter
Getting the Most Out of Your Insider Risk Data with IIDES
Grace Lewis Outlines Vision for IEEE Computer Society Presidency
Improving Machine Learning Test and Evaluation with MLTE
DOD Software Modernization: SEI Impact and Innovation
Securing Docker Containers: Techniques, Challenges, and Tools
An Introduction to Software Cost Estimation
Cybersecurity Metrics: Protecting Data and Understanding Threats
3 Key Elements for Designing Secure Systems
Using Role-Playing Scenarios to Identify Bias in LLMs
Best Practices and Lessons Learned in Standing Up an AISIRT
3 API Security Risks (and How to Protect Against Them)
Evaluating Large Language Models for Cybersecurity Tasks: Challenges and Best Practices
Capability-based Planning for Early-Stage Software Development
Safeguarding Against Recent Vulnerabilities Related to Rust
Developing a Global Network of Computer Security Incident Response Teams (CSIRTs)
Automated Repair of Static Analysis Alerts
Developing and Using a Software Bill of Materials Framework
Using Large Language Models in the National Security Realm
Atypical Applications of Agile and DevSecOps Principles
When Agile and Earned Value Management Collide: 7 Considerations for Successful Interaction
The Impact of Architecture on Cyber-Physical Systems Safety
ChatGPT and the Evolution of Large Language Models: A Deep Dive into 4 Transformative Case Studies
The Cybersecurity of Quantum Computing: 6 Areas of Research
User-Centric Metrics for Agile
The Product Manager's Evolving Role in Software and Systems Development
Measuring the Trustworthiness of AI Systems
Actionable Data in the DevSecOps Pipeline
Insider Risk Management in the Post-Pandemic Workplace
An Agile Approach to Independent Verification and Validation
Zero Trust Architecture: Best Practices Observed in Industry
Automating Infrastructure as Code with Ansible and Molecule
Identifying and Preventing the Next SolarWinds
A Penetration Testing Findings Repository
Understanding Vulnerabilities in the Rust Programming Language
We Live in Software: Engineering Societal-Scale Systems
Secure by Design, Secure by Default
Key Steps to Integrate Secure by Design into Acquisition and Development
An Exploration of Enterprise Technical Debt
The Messy Middle of Large Language Models
An Infrastructure-Focused Framework for Adopting DevSecOps
Software Security in Rust
Improving Interoperability in Coordinated Vulnerability Disclosure with Vultron
Asking the Right Questions to Coordinate Security in the Supply Chain
Securing Open Source Software in the DoD
A Model-Based Tool for Designing Safety-Critical Systems
Managing Developer Velocity and System Security with DevSecOps
A Method for Assessing Cloud Adoption Risks
Software Architecture Patterns for Deployability
ML-Driven Decision Making in Realistic Cyber Exercises
A Roadmap for Creating and Using Virtual Prototyping Software
Software Architecture Patterns for Robustness
A Platform-Independent Model for DevSecOps
Using the Quantum Approximate Optimization Algorithm (QAOA) to Solve Binary-Variable Optimization Problems
Trust and AI Systems
A Dive into Deepfakes
Challenges and Metrics in Digital Engineering
The 4 Phases of the Zero Trust Journey
DevSecOps for AI Engineering
Undiscovered Vulnerabilities: Not Just for Critical Software
Explainable AI Explained
Model-Based Systems Engineering Meets DevSecOps
Incorporating Supply-Chain Risk and DevSecOps into a Cybersecurity Strategy
Software and Systems Collaboration in the Era of Smart Systems
Securing the Supply Chain for the Defense Industrial Base
Building on Ghidra: Tools for Automating Reverse Engineering and Malware Analysis
Envisioning the Future of Software Engineering
Implementing the DoD's Ethical AI Principles
Walking Fast Into the Future: Evolvable Technical Reference Frameworks for Mixed-Criticality Systems
Software Engineering for Machine Learning: Characterizing and Understanding Mismatch in ML Systems
A Discussion on Automation with Watts Humphrey Award Winner Rajendra Prasad
Enabling Transition From Sustainment to Engineering Within the DoD
The Silver Thread of Cyber in the Global Supply Chain
Measuring DevSecOps: The Way Forward
Bias in AI: Impact, Challenges, and Opportunities
Agile Strategic Planning: Concepts and Methods for Success
Applying Scientific Methods in Cybersecurity
Zero Trust Adoption: Benefits, Applications, and Resources
Uncertainty Quantification in Machine Learning: Measuring Confidence in Predictions
11 Rules for Ensuring a Security Model with AADL and Bell–LaPadula
Benefits and Challenges of Model-Based Systems Engineering
Can DevSecOps Make Developers Happier?
Is Your Organization Ready for AI?
Managing Vulnerabilities in Machine Learning and Artificial Intelligence Systems
AI Workforce Development
Moving from DevOps to DevSecOps
Mission-Based Prioritization: A New Method for Prioritizing Agile Backlogs
Digital Engineering and DevSecOps
A 10-Step Framework for Managing Risk
7 Steps to Engineer Security into Ongoing and Future Container Adoption Efforts
Ransomware: Evolution, Rise, and Response
VINCE: A Software Vulnerability Coordination Platform
Work From Home: Threats, Vulnerabilities, and Strategies for Protecting Your Network
An Introduction to CMMC Assessment Guides
The CMMC Level 3 Assessment Guide: A Closer Look
The CMMC Level 1 Assessment Guide: A Closer Look
Achieving Continuous Authority to Operate (ATO)
Challenging the Myth of the 10x Programmer
A Stakeholder-Specific Approach to Vulnerability Management
Optimizing Process Maturity in CMMC Level 5
Reviewing and Measuring Activities for Effectiveness in CMMC Level 4
Situational Awareness for Cybersecurity: Beyond the Network
Quantum Computing: The Quantum Advantage
CMMC Scoring 101
Developing an Effective CMMC Policy
The Future of Cyber: Educating the Cybersecurity Workforce
Documenting Process for CMMC
Agile Cybersecurity
CMMC Levels 1-3: Going Beyond NIST SP-171
The Future of Cyber: Secure Coding
Challenges to Implementing DevOps in Highly Regulated Environments
The Future of Cyber: Cybercrime
An Ethical AI Framework
The CERT Guide to Coordinated Vulnerability Disclosure
The Future of Cyber: Security and Privacy
The Future of Cyber: Security and Resilience
Reverse Engineering Object-Oriented Code with Ghidra and New Pharos Tools
Benchmarking Organizational Incident Management Practices
Machine Learning in Cybersecurity: 7 Questions for Decision Makers
Human Factors in Software Engineering
Improving the Common Vulnerability Scoring System
Why Software Architects Must Be Involved in the Earliest Systems Engineering Activities
Selecting Metrics for Software Assurance
AI in Humanitarian Assistance and Disaster Response
The AADL Error Library: 4 Families of Systems Errors
Privacy in the Blockchain Era
Cyber Intelligence: Best Practices and Biggest Challenges
Assessing Cybersecurity Training
DevOps in Highly Regulated Environments
The Role of the Software Factory in Acquisition and Sustainment
Defending Your Organization Against Business Email Compromise
Managing Technical Debt: A Focus on Automation, Design, and Architecture
Leading in the Age of Artificial Intelligence
Applying Best Practices in Network Traffic Analysis
10 Types of Application Security Testing Tools and How to Use Them
Using Test Suites for Static Analysis Alert Classifiers
Blockchain at CMU and Beyond
System Architecture Virtual Integration: ROI on Early Discovery of Defects
A Technical Strategy for Cybersecurity
Best Practices for Security in Cloud Computing
Risks, Threats, and Vulnerabilities in Moving to the Cloud
How to Be a Network Traffic Analyst
Workplace Violence and Insider Threat
Why Does Software Cost So Much?
Cybersecurity Engineering & Software Assurance: Opportunities & Risks
Software Sustainment and Product Lines
Best Practices in Cyber Intelligence
The Evolving Role of the Chief Risk Officer
Obsidian: A Safer Blockchain Programming Language
Agile DevOps
Is Software Spoiling Us? Technical Innovations in the Department of Defense
Is Software Spoiling Us? Innovations in Daily Life from Software
How Risk Management Fits into Agile & DevOps in Government
5 Best Practices for Preventing and Responding to Insider Threat
Pharos Binary Static Analysis: An Update
Positive Incentives for Reducing Insider Threat
Mission-Practical Biometrics
At Risk Emerging Technology Domains
DNS Blocking to Disrupt Malware
Best Practices: Network Border Protection
Verifying Software Assurance with IBM's Watson
The CERT Software Assurance Framework
Scaling Agile Methods
Ransomware: Best Practices for Prevention and Response
Integrating Security in DevOps
SEI Fellows Series: Peter Feiler
NTP Best Practices
Establishing Trust in Disconnected Environments
Distributed Artificial Intelligence in Space
Verifying Distributed Adaptive Real-Time Systems
10 At-Risk Emerging Technologies
Technical Debt as a Core Software Engineering Practice
DNS Best Practices
Three Roles and Three Failure Patterns of Software Architects
Security Modeling Tools
Best Practices for Preventing and Responding to Distributed Denial of Service (DDoS) Attacks
Cyber Security Engineering for Software and Systems Assurance
Moving Target Defense
Improving Cybersecurity Through Cyber Intelligence
A Requirement Specification Language for AADL
Becoming a CISO: Formal and Informal Requirements
Predicting Quality Assurance with Software Metrics and Security Methods
Network Flow and Beyond
A Community College Curriculum for Secure Software Development
Security and the Internet of Things
The SEI Fellow Series: Nancy Mead
An Open Source Tool for Fault Tree Analysis
Global Value Chain – An Expanded View of the ICT Supply Chain
Intelligence Preparation for Operational Resilience
Evolving Air Force Intelligence with Agile Techniques
Threat Modeling and the Internet of Things
Open Systems Architectures: When & Where to Be Closed
Effective Reduction of Avoidable Complexity in Embedded Systems
Toward Efficient and Effective Software Sustainment
Quality Attribute Refinement and Allocation
Is Java More Secure Than C?
Identifying the Architectural Roots of Vulnerabilities
Build Security In Maturity Model (BSIMM) – Practices from Seventy Eight Organizations
An Interview with Grady Booch
Structuring the Chief Information Security Officer Organization
How Cyber Insurance Is Driving Risk and Technology Management
A Field Study of Technical Debt
How the University of Pittsburgh Is Using the NIST Cybersecurity Framework
A Software Assurance Curriculum for Future Engineers
Four Types of Shift Left Testing
Toward Speed and Simplicity: Creating a Software Library for Graph Analytics
Capturing the Expertise of Cybersecurity Incident Handlers
Improving Quality Using Architecture Fault Analysis with Confidence Arguments
A Taxonomy of Testing Types
Reducing Complexity in Software & Systems
Designing Security Into Software-Reliant Systems
Agile Methods in Air Force Sustainment
Defect Prioritization With the Risk Priority Number
SEI-HCII Collaboration Explores Context-Aware Computing for Soldiers
An Introduction to Context-Aware Computing
Data Driven Software Assurance
Applying Agile in the DoD: Twelfth Principle
Supply Chain Risk Management: Managing Third Party and External Dependency Risk
Introduction to the Mission Thread Workshop
Applying Agile in the DoD: Eleventh Principle
A Workshop on Measuring What Matters
Applying Agile in the DoD: Tenth Principle
Predicting Software Assurance Using Quality and Reliability Measures
Applying Agile in the DoD: Ninth Principle
Cyber Insurance and Its Role in Mitigating Cybersecurity Risk
AADL and Dassault Aviation
Tactical Cloudlets
Agile Software Teams and How They Engage with Systems Engineering on DoD Acquisition Programs
Coding with AADL
The State of Agile
Applying Agile in the DoD: Eighth Principle
A Taxonomy of Operational Risks for Cyber Security
Agile Metrics
Four Principles for Engineering Scalable, Big Data Systems
An Appraisal of Systems Engineering: Defense v. Non-Defense
HTML5 for Mobile Apps at the Edge
Applying Agile in the DoD: Seventh Principle
AADL and Edgewater
Security and Wireless Emergency Alerts
Safety and Behavior Specification Using the Architecture Analysis and Design Language
Applying Agile in the DoD: Sixth Principle
Characterizing and Prioritizing Malicious Code
Using Quality Attributes to Improve Acquisition
Best Practices for Trust in the Wireless Emergency Alerts Service
Three Variations on the V Model for System and Software Testing
Adapting the PSP to Incorporate Verified Design by Contract
Comparing IT Risk Assessment and Analysis Methods
AADL and Aerospace
Assuring Open Source Software
Security Pattern Assurance through Roundtrip Engineering
The Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2)
Applying Agile in the DoD: Fifth Principle
Software Assurance Cases
Raising the Bar - Mainstreaming CERT C Secure Coding Rules
AADL and Télécom Paris Tech
From Process to Performance-Based Improvement
An Approach to Managing the Software Engineering Challenges of Big Data
Using the Cyber Resilience Review to Help Critical Infrastructures Better Manage Operational Resilience
Situational Awareness Mashups
Applying Agile in the DoD: Fourth Principle
Architecting Systems of the Future
Acquisition Archetypes
Human-in-the-Loop Autonomy
Mobile Applications for Emergency Managers
Why Use Maturity Models to Improve Cybersecurity: Key Concepts, Principles, and Definitions
Applying Agile in the DoD: Third Principle
DevOps - Transform Development and Operations for Fast, Secure Deployments
Application Virtualization as a Strategy for Cyber Foraging
Common Testing Problems: Pitfalls to Prevent and Mitigate
Joint Programs and Social Dilemmas
Applying Agile in the DoD: Second Principle
Managing Disruptive Events - CERT-RMM Experience Reports
Reliability Validation and Improvement Framework
Using a Malware Ontology to Make Progress Towards a Science of Cybersecurity
The Business Case for Systems Engineering
Applying Agile in the DoD: First Principle
The Evolution of a Science Project
Securing Mobile Devices aka BYOD
What's New With Version 2 of the AADL Standard?
The State of the Practice of Cyber Intelligence
Mitigating Insider Threat - New and Improved Practices Fourth Edition
Technology Readiness Assessments
Standards in Cloud Computing Interoperability
Managing Disruptive Events: Demand for an Integrated Approach to Better Manage Risk
The Latest Developments in AADL
The Fundamentals of Agile
Software for Soldiers who use Smartphones
Managing Disruptive Events: Making the Case for Operational Resilience
Architecting Service-Oriented Systems
The SEI Strategic Plan
Quantifying Uncertainty in Early Lifecycle Cost Estimation
Using Network Flow Data to Profile Your Network and Reduce Vulnerabilities
Architecting a Financial System with TSP
The Importance of Data Quality
How to More Effectively Manage Vulnerabilities and the Attacks that Exploit Them
Misaligned Incentives
How a Disciplined Process Enhances & Enables Agility
Agile Acquisition
An Architecture-Focused Measurement Framework for Managing Technical Debt
Cloud Computing for the Battlefield
U.S. Postal Inspection Service Use of the CERT Resilience Management Model
Insights from the First CERT Resilience Management Model Users Group
NIST Catalog of Security and Privacy Controls, Including Insider Threat
Cisco's Adoption of CERT Secure Coding Standards
How to Become a Cyber Warrior
Considering Security and Privacy in the Move to Electronic Health Records
Measuring Operational Resilience
Why Organizations Need a Secure Domain Name System
Controls for Monitoring the Security of Cloud Services
Building a Malware Analysis Capability
Using the Smart Grid Maturity Model (SGMM)
Integrated, Enterprise-Wide Risk Management: NIST 800-39 and CERT-RMM
Conducting Cyber Exercises at the National Level
Indicators and Controls for Mitigating Insider Threat
How Resilient Is My Organization?
Public-Private Partnerships: Essential for National Cyber Security
Software Assurance: A Master's Level Curriculum
How to Develop More Secure Software - Practices from Thirty Organizations
Mobile Device Security: Threats, Risks, and Actions to Take
Establishing a National Computer Security Incident Response Team (CSIRT)
Securing Industrial Control Systems
The Power of Fuzz Testing to Reduce Security Vulnerabilities
Protect Your Business from Money Mules
Train for the Unexpected
The Role of the CISO in Developing More Secure Software
Computer and Network Forensics: A Master's Level Curriculum
Introducing the Smart Grid Maturity Model (SGMM)
Leveraging Security Policies and Procedures for Electronic Evidence Discovery
Integrating Privacy Practices into the Software Development Life Cycle
Using the Facts to Protect Enterprise Networks: CERT's NetSA Team
Ensuring Continuity of Operations When Business Is Disrupted
Managing Relationships with Business Partners to Achieve Operational Resiliency
The Smart Grid: Managing Electrical Power Distribution and Use
Electronic Health Records: Challenges for Patient Privacy and Security
Mitigating Insider Threat: New and Improved Practices
Rethinking Risk Management
The Upside and Downside of Security in the Cloud
More Targeted, Sophisticated Attacks: Where to Pay Attention
Is There Value in Identifying Software Security "Never Events?"
Cyber Security, Safety, and Ethics for the Net Generation
An Experience-Based Maturity Model for Software Security
Mainstreaming Secure Coding Practices
Security: A Key Enabler of Business Innovation
Better Incident Response Through Scenario Based Training
An Alternative to Risk Management for Information and Software Security
Tackling Tough Challenges: Insights from CERT's Director Rich Pethia
Climate Change: Implications for Information Technology and Security
Using High Fidelity, Online Training to Stay Sharp
Integrating Security Incident Response and e-Discovery
Concrete Steps for Implementing an Information Security Program
Virtual Communities: Risks and Opportunities
Developing Secure Software: Universities as Supply Chain Partners
Security Risk Assessment Using OCTAVE Allegro
Getting to a Useful Set of Security Metrics
How to Start a Secure Software Development Program
Managing Risk to Critical Infrastructures at the National Level
Analyzing Internet Traffic for Better Cyber Situational Awareness
Managing Security Vulnerabilities Based on What Matters Most
Identifying Software Security Requirements Early, Not After the Fact
Making Information Security Policy Happen
Becoming a Smart Buyer of Software
Building More Secure Software
Connecting the Dots Between IT Operations and Security
Getting in Front of Social Engineering
Using Benchmarks to Make Better Security Decisions
Protecting Information Privacy - How To and Lessons Learned
Initiating a Security Metrics Program: Key Points to Consider
Insider Threat and the Software Development Life Cycle
Tackling the Growing Botnet Threat
Building a Security Metrics Program
Inadvertent Data Disclosure on Peer-to-Peer Networks
Information Compliance: A Growing Challenge for Business Leaders
Internal Audit's Role in Information Security: An Introduction
What Business Leaders Can Expect from Security Degree Programs
The Path from Information Security Risk Assessment to Compliance
Computer Forensics for Business Leaders: Building Robust Policies and Processes
Business Resilience: A More Compelling Argument for Information Security
Resiliency Engineering: Integrating Security, IT Operations, and Business Continuity
The Human Side of Security Trade-Offs
Dual Perspectives: A CIO's and CISO's Take on Security
Tackling Security at the National Level: A Resource for Leaders
Reducing Security Costs with Standard Configurations: U.S. Government Initiatives
Real-World Security for Business Leaders
Using Standards to Build an Information Security Program
Getting Real About Security Governance
Convergence: Integrating Physical and IT Security
IT Infrastructure: Tips for Navigating Tough Spots
The Value of De-Identified Personal Data
Adapting to Changing Risk Environments: Operational Resilience
Computer Forensics for Business Leaders: A Primer
The Real Secrets of Incident Management
The Legal Side of Global Security
A New Look at the Business of IT Education
Crisis Communications During a Security Incident
Assuring Mission Success in Complex Environments
Privacy: The Slow Tipping Point
Building Staff Competence in Security
Evolving Business Models, Threats, and Technologies: A Conversation with CERT's Deputy Director for Technology
Inside Defense-in-Depth
Protecting Against Insider Threat
Change Management: The Security 'X' Factor
CERT Lessons Learned: A Conversation with Rich Pethia, Director of CERT
The ROI of Security
Compliance vs. Buy-in
Why Leaders Should Care About Security
Proactive Remedies for Rising Threats