Software Engineering Institute (SEI) Podcast Series
426 episodes - English - Latest episode: 14 days ago - ★★★★★ - 18 ratingsThe SEI Podcast Series presents conversations in software engineering, cybersecurity, and future technologies.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Deep Learning in Depth: The Future of Deep Learning
November 28, 2018 17:00 - 6 minutes - 13.7 MBRitwik Gupta and Carson Sestili discuss the future of deep learning. “Here is amazing research being done all over the world on how we make what is called explainable AI. How do we explain what the deep learning is trying to do? This is a problem across all fields.”
Deep Learning in Depth: Adversarial Machine Learning
November 27, 2018 17:00 - 12 minutes - 23.9 MBRitwik Gupta of the SEI’s Emerging Technology Center and Carson Sestili, formerly of the SEI’s CERT Division and now with Google, discuss adversarial machine learning.
System Architecture Virtual Integration: ROI on Early Discovery of Defects
November 15, 2018 17:00 - 29 minutes - 54.7 MBPeter Feiler discusses the cost savings (26.1 percent) realized when using the System Architecture Virtual Integration approach on the development of software-reliant systems for aircraft. “If you discover [software defects] at system integration test, the cost of fixing a problem is 300 to 1,000 times higher than doing it upfront. So if upfront, you spent $10,000 fixing it, it’s between $3 and $10 million on the backend that you are saving by the way.”
Deep Learning in Depth: The Importance of Diverse Perspectives
November 07, 2018 17:00 - 9 minutes - 16.9 MBRitwik Gupta of the SEI’s Emerging Technology Center and Carson Sestili, formerly of the SEI’s CERT Division and now with Google, discuss the importance of diverse perspectives in deep learning. “If you feel like I am an OK programmer, but I am a good deep thinker and a good mathematician, that is actually one of the corners of what it takes to be a successful data scientist. Again, in regard to our previous conversation, you cannot get away with only knowing math. But if you do know math, ...
A Technical Strategy for Cybersecurity
November 04, 2018 17:00 - 14 minutes - 27.7 MBRoberta “Bobbie” Stempfley, who was appointed director of the SEI’s CERT Division in June 2017, discusses a technical strategy for cybersecurity. “There is never enough time, money, power, resources—whatever it is—and we make design tradeoffs. Adversaries are looking at what opportunities that creates. They are looking at failures in implementation.”
Best Practices for Security in Cloud Computing
October 26, 2018 16:00 - 19 minutes - 35.9 MBDon Faatz and Tim Morrow, researchers with the SEI’s CERT Division, outline best practices that organizations should use to address the vulnerabilities and risks in moving applications and data to cloud services.
Risks, Threats, and Vulnerabilities in Moving to the Cloud
October 22, 2018 16:00 - 18 minutes - 20.8 MBTim Morrow and Donald Faatz outline the risks, threats, and vulnerabilities that organizations face when moving applications or data to the cloud. “If you look at large organizations like the DoD, they have embraced this. They are looking to buy infrastructures as a service and even moving office automation to the cloud. For smaller organizations, though, it is something of a challenge, so we wanted to look at and give people some ideas about the challenges they will face when they do this....
Deep Learning in Depth: IARPA's Functional Map of the World Challenge
October 12, 2018 16:00 - 12 minutes - 23.8 MBRitwik Gupta and Carson Sestili describe their use of deep learning in IARPA’s Functional Map of the World Challenge. “The idea is how can you take these very minute differences, not only in scale, but also in landscape, the buildings on there, etc., and identify different land functions. This makes it very different from just a traditional image classification problem because you have to take in not only the object of interest, which is like let’s say a building, but also its entire surrou...
Deep Learning in Depth: Deep Learning versus Machine Learning
October 05, 2018 16:00 - 13 minutes - 24.6 MBIn this podcast excerpt, Ritwik Gupta and Carson Sestili describe deep learning and how it differs from machine learning. “As you compose more and more non-linear functions together, you can represent a much wider function space than you could with just one non-linear function. That is why deep learning is different from shallow learning. Shallow learning doesn’t compose multiple things together. Deep learning does.”
How to Be a Network Traffic Analyst
September 14, 2018 16:00 - 21 minutes - 39.5 MBTim Shimeall and Timur Snoke, researchers in the SEI’s CERT Division, examine the role of the network traffic analyst in capturing and evaluating ever-increasing volumes of network data. “Part of it is the ability to use a wide variety of tools to answer questions about what is happening on the network and to figure out ways to go past inference and supposition and to get facts that can actually provide support for the hypothesis that you’re coming up with.
Workplace Violence and Insider Threat
August 28, 2018 16:00 - 15 minutes - 28 MBTracy Cassidy and Carrie Gardner, researchers with the CERT National Insider Threat Center, discuss research on using technology to detect an employee’s intent to cause physical harm. “A chronology naturally fell out that gave a temporal description of how a particular incident unfolded. So we can see precursor events that foreshadowed the event or the escalation of events that were to
Why Does Software Cost So Much?
August 02, 2018 16:00 - 31 minutes - 58.2 MBTo contain costs, it is essential to understand which factors drive costs over the longer term and can be controlled. In studies of software development, as a research community, we have not done an adequate job of differentiating causal influences from noncausal statistical correlations. In this podcast, Mike Konrad and Bob Stoddard discuss the use of an approach known as causal learning that can help the Department of Defense identify which factors cause software costs to escalate and, the...
Cybersecurity Engineering & Software Assurance: Opportunities & Risks
July 26, 2018 17:00 - 8 minutes - 16.6 MBIn this podcast, Dr. Carol Woody discusses opportunities and risks in cybersecurity engineering, software assurance, and the resulting CERT Cybersecurity Engineering and Software Assurance Professional Certificate. The courses for this certificate program focus on software-reliant systems engineering and acquisition activities. The goal of the program is to infuse an awareness of cybersecurity (and an approach to identifying security requirements, engineering risk, and supply chain risk) ear...
Software Sustainment and Product Lines
July 10, 2018 17:00 - 28 minutes - 52.8 MBIn the SEI’s examination of the software sustainment phase of the Department of Defense (DoD) acquisition lifecycle, we have noted that the best descriptor for sustainment efforts for software is “continuous engineering.” Typically, during this phase, the hardware elements are repaired or have some structural modifications to carry new weapons or sensors. Software, on the other hand, continues to evolve in response to new security threats, new safety approaches, or new functionality provided...
Best Practices in Cyber Intelligence
June 25, 2018 17:00 - 19 minutes - 36.2 MBThe SEI Emerging Technology Center is conducting a study sponsored by the U.S. Office of the Director of National Intelligence to understand cyber intelligence best practices, common challenges, and future technologies that we will culminate in a published report. Through interviews with U.S.-based organizations from a variety of sectors, researchers are identifying tools, practices, and resources that help those organizations make informed decisions that protect their information and assets...
Deep Learning in Depth: The Good, the Bad, and the Future
June 07, 2018 17:00 - 51 minutes - 96.9 MBAlthough traditional machine learning methods are being successfully used to solve many problems in cybersecurity, their success often depends on choosing and extracting the right features from a data set, which can be hard with complex data. In this podcast, Ritwik Gupta and Carson Sestili explore deep learning, a popular and quickly growing subfield of machine learning that has had great success on problems about these data sets, and on many other problems where picking the right features ...
The Evolving Role of the Chief Risk Officer
May 24, 2018 17:00 - 28 minutes - 52.9 MBIn today's global business environment, risk management must be aligned to business strategy. As companies continue to shift their business models, strategies change and risk management becomes even more important. A company must find the right balance between risk resiliency and risk agility. The chief risk officer (CRO) role is an important catalyst to make that happen, so a company's long term strategic objectives may be realized. The CRO Certificate Program is developed and delivered by ...
Obsidian: A Safer Blockchain Programming Language
May 10, 2018 17:00 - 31 minutes - 58.9 MBThe Defense Advanced Research Projects Agency (DARPA) and other agencies are expressing significant interest in blockchain technology because it promises inherent transparency, resiliency, forgery-resistance, and nonrepudiation, which can be used to protect sensitive infrastructure. At the same time, numerous high-profile incidents of blockchain coding errors that cause major damage to organizations have raised serious concerns about blockchain adoption. In this podcast, Eliezer Kanal and Mi...
Agile DevOps
April 19, 2018 17:00 - 33 minutes - 62 MBDevOps breaks down software development silos to encourage free communication and constant collaboration. Agile, an iterative approach to development, emphasizes frequent deliveries of software. In this podcast, Eileen Wrubel, technical lead for the SEI’s Agile-in-Government program, and Hasan Yasar, technical manager of the Secure Lifecycle Solutions Group in the SEI’s CERT Division, discuss how Agile and DevOps can be deployed together to meet organizational needs. Listen on Apple Podcasts.
Kicking Butt in Computer Science: Women in Computing at Carnegie Mellon University
April 05, 2018 17:00 - 28 minutes - 53.2 MBIn fall 2017, Carnegie Mellon hit the news when an unprecedented 49 percent of women entered the computer science degree program. Furthermore, since 1999, the School of Computer Science has enrolled and sustained well above national averages of women in the CS major, all without changing the curriculum to be “pink” in any way (as is often presumed). In this podcast, Carol Frieze, Grace Lewis, and Jeria Quesenberry discuss CMU’s approach to creating a more inclusive environment for all comput...
Is Software Spoiling Us? Technical Innovations in the Department of Defense
March 15, 2018 17:00 - 21 minutes - 39.5 MBThis series of podcasts presents excerpts from a recent SEI virtual event, Is Software Spoiling Us? Jeff Boleng, acting chief technical officer, moderated the discussion, which featured a panel of SEI researchers: Grace Lewis, Eliezer Kanal, Joseph Yankel, and Satya Venneti. In this segment, the panel discusses technical innovations that can be applied to the Department of Defense including improved situational awareness, human-machine interactions, artificial intelligence, machine learning, ...
Is Software Spoiling Us? Innovations in Daily Life from Software
February 08, 2018 17:00 - 16 minutes - 31.2 MBThis series of podcasts presents excerpts from a recent SEI virtual event, Is Software Spoiling Us. Jeff Boleng, acting chief technical officer, moderated the discussion, which featured a panel of SEI researchers: Grace Lewis, Eliezer Kanal, Joseph Yankel, and Satya Venneti. In this podcast, the panel discusses awesome innovations in daily life that are made possible because of software. Listen on Apple Podcasts.
How Risk Management Fits into Agile & DevOps in Government
February 01, 2018 17:00 - 34 minutes - 63.8 MBDevOps, which breaks down software development silos to encourage free communication and constant collaboration, reinforces many Agile methodologies. Equally important, the Risk Management Framework, provides a clearly defined framework that helps program managers incorporate security and risk management activities into the software and systems development life cycle. In this podcast, Eileen Wrubel, technical lead for the SEI’s Agile-in-Government program leads a roundtable discussion into ho...
5 Best Practices for Preventing and Responding to Insider Threat
December 28, 2017 17:00 - 11 minutes - 21 MBInsider threat continues to be a problem with approximately 50 percent of organizations experiencing at least one malicious insider incident per year, according to the 2017 U.S. State of Cybercrime Survey. Although the attack methods vary depending on the industry, the primary types of attacks identified by researchers at the CERT Insider Threat Center—theft of intellectual property, sabotage, fraud, and espionage—continue to hold true. In our work with public and private industry, we continu...
Pharos Binary Static Analysis: An Update
December 12, 2017 17:00 - 10 minutes - 18.8 MBPharos was created by the SEI CERT Division to automate the reverse engineering of binaries, with a focus on malicious code analysis. Pharos, which was recently released on Github, builds upon the ROSE compiler infrastructure developed by Lawrence Livermore National Laboratory for disassembly, control flow analysis, instruction semantics, and more. In this podcast, the SEI CERT Division’s Jeff Gennari discusses updates to the Pharos framework including new tools, improvements, and bug fixes. ...
Positive Incentives for Reducing Insider Threat
November 30, 2017 17:00 - 24 minutes - 44.9 MBIn the 2016 Cyber Security Intelligence Index, IBM found that 60 percent of all cyber attacks were carried out by insiders. One reason that insider threat remains so problematic is that organizations typically respond to these threats with negative technical incentives, such as practices that monitor and constrain employee behavior, detect and punish misbehavior, and otherwise try to force employees to act in the best interest of the organization. In this podcast, Andrew Moore and Dan Bauer h...
Mission-Practical Biometrics
November 16, 2017 17:00 - 20 minutes - 38.3 MBDr. Andrew Moore, who is the Dean of the School of Computer Science at CMU, predicted that 2016 would be a watershed year for machine emotional intelligence. Evidence of this can be seen in the Department of Defense, which increasingly relies on biometric data, such as iris scans, gait recognition, and heart-rate monitoring to protect against both cyber and physical attacks. Current state-of-the-art approaches do not make it possible to gather biometric data in real-world settings, such as bo...
At Risk Emerging Technology Domains
October 24, 2017 17:00 - 10 minutes - 19.8 MBIn today’s increasingly interconnected world, the information security community must be prepared to address emerging vulnerabilities that may arise from new technology domains. Understanding trends and emerging technologies can help information security professionals, leaders of organizations, and others interested in information security to anticipate and prepare for such vulnerabilities. In this podcast, CERT vulnerability analyst Dan Klinedinst discusses research aimed at helping the Depa...
DNS Blocking to Disrupt Malware
October 12, 2017 17:00 - 15 minutes - 28.2 MBFor some time now, the cyber world has been under attack by a diffused set of enemies who improvise their own tools in many different varieties and hide them where they can do much damage. In this podcast, CERT researcher Vijay Sarvepalli explores Domain Name System or DNS Blocking, the idea of disrupting communications from malicious code such as ransomware that is used to lock up your digital assets, or data-exfiltration software that is used to steal your digital data. DNS blocking ensures...
Best Practices: Network Border Protection
September 21, 2017 17:00 - 24 minutes - 44.7 MBWhen it comes to network traffic, it’s important to establish a filtering process that identifies and blocks potential cyberattacks, such as worms spreading ransomware and intruders exploiting vulnerabilities, while permitting the flow of legitimate traffic. In this podcast, the latest in a series on best practices for network security, Rachel Kartch explores best practices for network border protection at the Internet router and firewall. It is important to note that these recommendations ar...
Verifying Software Assurance with IBM’s Watson
September 07, 2017 17:00 - 19 minutes - 36.7 MBSince its debut on Jeopardy in 2011, IBM’s Watson has generated a lot of interest in potential applications across many industries. As detailed in this podcast, Mark Sherman recently led a research team investigating whether the Department of Defense could use Watson to improve software assurance and help acquisition professionals assemble and review relevant evidence from documents. Specifically, Sherman and his team examined whether typical developers could build an IBM Watson application t...
The CERT Software Assurance Framework
August 31, 2017 17:00 - 19 minutes - 35.7 MBSoftware is a growing component of modern business- and mission-critical systems. As organizations become more dependent on software, security-related risks to their organizational missions also increase. Traditional security-engineering approaches rely on addressing security risks during the operation and maintenance of software-reliant systems. The costs required to control security risks increase significantly when organizations wait until systems are deployed to address those risks. Field...
Scaling Agile Methods
August 03, 2017 17:00 - 24 minutes - 45.5 MBAll major defense contractors in the market can tell you about their approaches to implementing the values and principles found in the Agile Manifesto. Published frameworks and methodologies are rapidly maturing, and a wave of associated terminology is part of the modern lexicon. We are seeing consultants feuding on Internet forums as well, each claiming to have the “true” answer for what Agile is and how to make it work in your organization. The challenge now is to scale Agile to work in com...
Ransomware: Best Practices for Prevention and Response
July 14, 2017 17:00 - 30 minutes - 56.4 MBOn May 12, 2017, in the course of a day, the WannaCry ransomware attack infected nearly a quarter million computers. WannaCry is the latest in a growing number of ransomware attacks where, instead of stealing data, cyber criminals hold data hostage and demand a ransom payment. WannaCry was perhaps the largest ransomware attack to date, taking over a wide swath of global computers from FedEx in the United States to the systems that power Britain’s healthcare system to systems across Asia, acco...
Integrating Security in DevOps
June 29, 2017 17:00 - 28 minutes - 54 MBThe term "software security" often evokes negative feelings among software developers because it is associated with additional programming effort, uncertainty, and road blocks to fast development and release. To secure software, developers must follow numerous guidelines that, while intended to satisfy some regulation or other, can be very restrictive and hard to understand. As a result, a lot of fear, uncertainty, and doubt can surround software security. In this podcast, Hasan Yas...
SEI Fellows Series: Peter Feiler
June 15, 2017 17:00 - 40 minutes - 76.1 MBThe position of SEI Fellow is awarded to people who have made an outstanding contribution of the work of the SEI and from home the SEI leadership may expect valuable advice for continued success in the institute’s mission. Peter Feiler was named an SEI Fellow in August 2016. This podcast is the second in a series highlighting interviews with SEI Fellows Listen on Apple Podcasts.
NTP Best Practices
May 25, 2017 17:00 - 12 minutes - 23 MBThe network time protocol (NTP) synchronizes the time of a computer client or server to another server or within a few milliseconds of Coordinated Universal Time (UTC). NTP servers, long considered a foundational service of the Internet, have more recently been used to amplify large-scale Distributed Denial of Service (DDoS) attacks. While 2016 did not see a noticeable uptick in the frequency of DDoS attacks, the last 12 months have witnessed some of the largest DDoS attacks, according to Aka...
Establishing Trust in Disconnected Environments
May 18, 2017 17:00 - 17 minutes - 33.3 MBFirst responders, search-and-rescue teams, and military personnel often work in “tactical edge” environments defined by limited computing resources, rapidly changing mission requirements, high levels of stress, and limited connectivity. In these tactical edge environments, software applications that enable tasks such as face recognition, language translation, decision support, and mission planning and execution are critical due to computing and battery limitations on mobile devices. Our work...
Distributed Artificial Intelligence in Space
April 20, 2017 17:00 - 18 minutes - 33.8 MBIn 2014-2015, a group of researchers across various disciplines gathered at the Caltech Keck Institute for Space Studies (KISS) to explore whether recent advances in multifunctional, reconfigurable, and adaptive structures could enable a microenvironment control to support space exploration in extreme environments. The workshop series spawned multiple working groups and project ideas for pushing the state-of-the-art in space exploration, colonization and infrastructure. One such project, call...
Verifying Distributed Adaptive Real-Time Systems
March 27, 2017 17:00 - 47 minutes - 87.4 MBMaking sure government and privately owned drones share international air space safely and effectively is a top priority for government officials. Distributed Adaptive Real-Time (DART) systems are key to many areas of Department of Defense (DoD) capability, including the safe execution of autonomous, multi-unmanned aerial systems missions having civilian benefits. DART systems promise to revolutionize several such areas of mutual civilian-DoD interest, such as robotics, transportation, energy...
10 At-Risk Emerging Technologies
March 23, 2017 17:00 - 17 minutes - 13.8 MBIn today's increasingly interconnected world, the information security community must be prepared to address vulnerabilities that may arise from new technologies. Understanding trends in emerging technologies can help information security professionals, leaders of organizations, and others interested in information security identify areas for further study. Researchers in the SEI's CERT Division recently examined the security of a large swath of technology domains being developed in industry ...
Technical Debt as a Core Software Engineering Practice
February 27, 2017 17:00 - 23 minutes - 43.1 MBAs software developers deal with issues such as legacy modernization, agile adoption, and architecture, they need to be able to articulate the tradeoffs of design and business decisions. In this podcast, Ipek Ozkaya talks about managing technical debt as a core software engineering practice and its importance in the education of future software engineers. Listen on Apple Podcasts.
DNS Best Practices
February 23, 2017 17:00 - 27 minutes - 50.5 MBThe Domain Name System (DNS) is an essential component of the Internet, a virtual phone book of names and numbers, but we rarely think about it until something goes wrong. DNS also serves as the backbone for other services critical to organizations including email, external web access, file sharing and voice over IP (VoIP). There are steps, however, that network administrators can take to ensure the security and resilience of their DNS infrastructure and avoid security pitfalls. In this podca...
Three Roles and Three Failure Patterns of Software Architects
January 26, 2017 17:00 - 13 minutes - 7.85 MBAs a software system moves through its lifecycle, each phase calls for the architect to use a different mix of skills. This podcast explores three roles and three failure patterns of software architects that he has observed working with industry and government software projects. This blog post by John Klein is read by Bill Thomas. Listen on Apple Podcasts.
Security Modeling Tools
January 12, 2017 17:00 - 23 minutes - 44.2 MBRecent research indicates that security is no longer only a matter of code and is tightly linked to software architecture. SEI researchers have created security-focused modeling tools that capture vulnerabilities and their propagation paths in an architecture. These security-focused modeling tools help security analysts and researchers improve system and software analysis. In this podcast, Julien Delange discusses the motivation for the work, the available tools, and how to use them. List...
Best Practices for Preventing and Responding to Distributed Denial of Service (DDoS) Attacks
December 19, 2016 17:00 - 33 minutes - 61.6 MBIn November 2016, Internet users across the Eastern Seaboard of the United States had trouble accessing popular websites, such as Reddit, Netflix, and the New York Times. Known as the Dyn attack, the disruption was the result of multiple distributed denial of service (DDoS) attacks against a single organization: Dyn, a New Hampshire-based Internet infrastructure company. DDoS attacks can be extremely disruptive, and they are on the rise. The Verisign Distributed Denial of Service Trends Repor...
Cyber Security Engineering for Software and Systems Assurance
December 08, 2016 17:00 - 18 minutes - 33.8 MBEffective cybersecurity engineering requires the integration of security into the software acquisition and development lifecycle. For engineering to address security effectively, requirements that establish the target goal for security must be in place. Risk management must include identification of possible threats and vulnerabilities within the system, along with the ways to accept or address them. There will always be cyber security risk, but engineers, managers, and organizations must be ...
Moving Target Defense
November 30, 2016 17:00 - 13 minutes - 24.4 MBDynamic network defense (or moving target defense) is based on a simple premise: a moving target is harder to attack than a stationary target. In recent years the government has invested substantially into moving target and adaptive cyber defense. This rapidly growing field has seen recent developments of many new technologies—defenses that range from shuffling of client-to-server assignments to protect against distributed denial-of-service (DDoS) attacks, to packet header rewriting, to reboo...
Improving Cybersecurity Through Cyber Intelligence
November 10, 2016 17:00 - 18 minutes - 34.8 MBCyber intelligence is the acquisition of information to identify, track, or predict the cyber capabilities and actions of malicious actors to offer courses of action to decision makers charged with protecting organizations. In this podcast, Jared Ettinger of the SEI’s Emerging Technology Center (ETC) talks about the ETC’s latest work in cyber intelligence as well as the Cyber Intelligence Research Consortium, which brings together organizations from a variety of sectors to exchange cyber inte...
A Requirement Specification Language for AADL
October 27, 2016 17:00 - 30 minutes - 57.4 MBIn this podcast, Peter Feiler describes a textual requirement specification language for the Architecture Analysis & Design Language (AADL) called ReqSpec. ReqSpec is based on the draft Requirements Definition and Analysis Language Annex, which defines a meta-model for requirement specification as annotations to AADL models. A set of plug-ins to the Open Source AADL Tool Environment (OSATE) toolset supports the ReqSpec language. Users can follow an architecture-led requirement specificati...