At What Point Does DevSecOps Become Too Risky for the Business?

Software Engineering Institute (SEI) Webcast Series

Software Engineering Institute (SEI) Webcast Series

Player FM - Internet Radio Done Right

63 subscribers

Tech Videos

اضافه شده در nine سال پیش

محتوای ارائه شده توسط Carnegie Mellon University Software Engineering Institute and SEI Members of Technical Staff. تمام محتوای پادکست شامل قسمت‌ها، گرافیک‌ها و توضیحات پادکست مستقیماً توسط Carnegie Mellon University Software Engineering Institute and SEI Members of Technical Staff یا شریک پلتفرم پادکست آن‌ها آپلود و ارائه می‌شوند. اگر فکر می‌کنید شخصی بدون اجازه شما از اثر دارای حق نسخه‌برداری شما استفاده می‌کند، می‌توانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal

Before The Chorus

1
LIVE: Before the Chorus & Open Folk Present: In These Lines feat. Gaby Moreno, Lily Kershaw & James Spaite 33:58

۸ روز پیش33:58

پخش در آینده

لیست ها

پسندیدن

دوست داشته شد

33:58

On June 25th 2025, in collaboration with Open Folk, we presented our first ever live interview event in Los Angeles. As Open Folk put it: "In These Lines is a live event where three artists each bring one song — not just to perform, but to explore. They sit down with Sofia Loporcaro, host of Before The Chorus, to talk about where the song came from, what it meant to write it, and what it still holds. Then they play it. Just the song, and the truth behind it." Find Open Folk on Instagram: @openfolkla Find Gaby on Spotify: https://open.spotify.com/artist/0K9pSmFx0kWESA9jqx8aCW?si=Wz4RUP88Qlm_RKs7QTLvWQ On Apple Music: https://music.apple.com/us/artist/gaby-moreno/472697737 Instagram: https://www.instagram.com/gaby_moreno/ Find Lily on Spotify: https://open.spotify.com/artist/0p0ksmwMDQlAM24TWKu4Ua?si=Bmdg-uIUTHu-zRUc_dqL3g On Apple Music: https://music.apple.com/us/artist/lily-kershaw/526884610 Instagram: https://www.instagram.com/lilykershaw/ Find James on Spotify: https://open.spotify.com/artist/3u50TPoLvMBXNT1KrLa3iT?si=OoLoq7ZTRZyUiytQcz0FsQ On Apple Music: https://music.apple.com/us/artist/james-spaite/905076868 Instagram: https://www.instagram.com/jamesspaite/ Subscribe: ⁠⁠⁠⁠⁠⁠⁠https://beforethechorus.bio.to/listen⁠⁠⁠⁠⁠⁠⁠ Sign up for our newsletter: ⁠⁠⁠⁠⁠⁠⁠https://www.beforethechorus.com/⁠⁠⁠⁠⁠⁠⁠ Follow on Instagram: ⁠⁠⁠⁠⁠⁠⁠@beforethechoruspodcast⁠⁠⁠⁠⁠⁠⁠ & ⁠⁠⁠⁠⁠⁠⁠@soundslikesofia⁠⁠⁠⁠⁠⁠⁠ About the podcast: Welcome to Before the Chorus , where we go beyond the sounds of our favourite songs to hear the stories of the artists who wrote them. Before a song is released, a record is produced, or a chorus is written, the musicians that write them think. A lot. They live. A lot. And they feel. A LOT. Hosted by award-winning interviewer Sofia Loporcaro, Before the Chorus explores the genuine human experiences behind the music. Sofia’s deep knowledge of music and personal journey with mental health help her connect with artists on a meaningful level. This is a space where fans connect with artists, and listeners from all walks of life feel seen through the stories that shape the music we love. About the host: Sofia Loporcaro is an award-winning interviewer and radio host who’s spent over 8 years helping musicians share their stories. She’s hosted shows for Amazing Radio, and Transmission Roundhouse. Now on Before the Chorus, she’s had the chance to host guests like Glass Animals, Feist, Madison Cunningham, Mick Jenkins, & Ru Paul's Drag Race winner Shea Couleé. Learn more about your ad choices. Visit megaphone.fm/adchoices…

۵ سال پیش 57:15

MP4•خانه قسمت

This webcast covered the implementation of an automated, continuous risk pipeline that demonstrates how cyber-resiliency and compliance risk can be traced to and from DevSecOps teams working in the SDLC program and project levels. It will include integration of asset management, DevSecOps tooling, policy-to-procedure platform and risk management platform.

169 قسمت

#Tech #Cybersecurity #Securecoding #Softwarearchitecture #Softwaredevelopment #Softwareengineering #Carnegie Mellon University Software Engineering Institute #SEI Members of Technical Staff #Video #Podcasting Education

Software Engineering Institute (SEI) Webcast Series

At What Point Does DevSecOps Become Too Risky for the Business?

Software Engineering Institute (SEI) Webcast Series

63 subscribers

published ۵ سال پیش

اشتراک گذاری

MP4•خانه قسمت

169 قسمت

Alle afleveringen

Software Engineering Institute (SEI) Webcast Series

1
Identifying AI Talent for the DoD Workforce 1:01:42

۴ روز پیش1:01:42

1:01:42

Finding and growing AI and Data talent is essential for mission success, but many skilled workers remain unseen because they lack traditional credentials. This session introduces practical strategies and prototype tools that help individuals demonstrate what they know while helping managers identify and evaluate emerging talent in these fields. Attendees will explore micro-assessments reflecting real data science and AI workflows, see how skills can be measured meaningfully at scale, and gain insights on fostering AI and Data readiness across the federal workforce. Whether you’re building your career or building your team, come learn how to connect talent with opportunity in the evolving AI landscape. What Attendees Will Learn: • Common barriers to finding and recognizing hidden AI and Data talent. • The role of a practical work role rubric in aligning skills with mission needs. • How prototype assessments and discovery tools can help surface and showcase talent.…

Software Engineering Institute (SEI) Webcast Series

1
Model Your Way to Better Cybersecurity 1:02:54

12 روز پیش1:02:54

1:02:54

Threat modeling is intended to help defend a system from attack. It tops the list of techniques recommended by the National Institute of Standards and Technology (NIST) to secure critical systems. In a world where people with malicious intent have deadlier tools at their disposal, defenders need to take advantage of Model-Based Systems Engineering (MBSE) to form mitigation strategies effective from early in the systems engineering lifecycle. This webcast will preview a workshop to be held during the 2025 Secure Software by Design conference to be held on August 19 and 20. What Attendees Will Learn: How MBSE can aid cybersecurity analysis and design The value of MBSE for cyber threat modeling An overview of threat modeling techniques using MBSE…

Software Engineering Institute (SEI) Webcast Series

1
DevSecOps: See, Use, Succeed 1:00:41

25 روز پیش1:00:41

1:00:41

DevSecOps generates a lot of data valuable for better decision making. However, decision makers may not see all they need to in order to make best use of the data for continuous improvement. The SEI open source Polar tool unlocks the data, giving DevSecOps teams greater capability to automate, which in turn means they can innovate rapidly – without lessening quality or reducing security. What Attendees Will Learn: Issues from complex DevSecOps pipelines What observability adds for DevSecOps efforts The way in which a new open-source tool, Polar, helps…

Software Engineering Institute (SEI) Webcast Series

1
An Introduction to the MLOps Tool Evaluation Rubric 1:00:23

۵ weeks پیش1:00:23

1:00:23

Organizations looking to build and adopt artificial intelligence (AI)–enabled systems face the challenge of identifying the right capabilities and tools to support Machine Learning Operations (MLOps) pipelines. Navigating the wide range of available tools can be especially difficult for organizations new to AI or those that have not yet deployed systems at scale. This webcast introduces the MLOps Tool Evaluation Rubric, designed to help acquisition teams pinpoint organizational priorities for MLOps tooling, customize rubrics to evaluate those key capabilities, and ultimately select tools that will effectively support ML developers and systems throughout the entire lifecycle, from exploratory data analysis to model deployment and monitoring. This webcast will walk viewers through the rubric’s design and content, share lessons learned from applying the rubric in practice, and conclude with a brief demo. What Attendees Will Learn: • How to identify and prioritize key capabilities for MLOps tooling within their organizations • How to customize and apply the MLOps Tool Evaluation Rubric to evaluate potential tools effectively • Best practices and lessons learned from real-world use of the rubric in AI projects…

Software Engineering Institute (SEI) Webcast Series

1
The State of DevSecOps in the DoD: Where We Are, and What’s Next 58:42

۹ weeks پیش58:42

58:42

DevSecOps practices foster collaboration among software development, security, and operations teams to build, test, and release software quickly and reliably. A high-stakes, high-security environment has challenged the implementation of these practices within the Department of Defense (DoD). The DoD Chief Information Officer (CIO) organization partnered with the Software Engineering Institute (SEI) to conduct the first study to baseline the state of DoD DevSecOps, highlight successes, and offer insights for next steps. George Lamb, DoD’s Director of Cloud and Software Modernization, joins the SEI team to discuss key results and how they will help the DoD ensure that its software ecosystem is effective, scalable, and adaptable to meet the challenges of today and tomorrow. What Attendees Will Learn: Highlights from important success stories in DoD’s DevSecOps journey How the DoD is harvesting grassroot successes by individual software organizations to implement those successes at scale Keys to using data and building effective measurement strategies to enable optimization of software delivery…

Software Engineering Institute (SEI) Webcast Series

1
I Spy with My Hacker Eye: How Hackers Use Public Info to Crack Your Creds 57:16

10 weeks پیش57:16

57:16

Did you know there are 500 million tweets per day? 3 billion monthly active Facebook users? 1 billion LinkedIn members? Are you one of them? In this webcast, Destiney Marie Plaza reveals how a hacker can use seemingly benign public information to customize an attack on a victim by showing a scenario-based attack and demo (using free and open-source tools). Additionally, you will learn how hackers can gather information about you, common mistakes that put your information at risk, and how to protect yourself. What Attendees Will Learn: how to use open-source tools used to crack passwords, along with a methodology for how hackers may gain access to your accounts what makes a strong password and how such passwords can stave off automated cracking tools how a hacker sees you, so that you can take appropriate steps to protect yourself…

Software Engineering Institute (SEI) Webcast Series

1
A New Performance Zone for Software for National Security 1:02:23

11 weeks پیش1:02:23

1:02:23

Today, we have seen our national security organizations working to adopt modern software practices, particularly Agile methods and DevSecOps practices, efforts challenged by a mismatch of tempos between operational needs and development processes. The newly mandated Software Acquisition Pathway helps to align those tempos. However, to sustain a competitive advantage through software, we need to see our defense organizations recall and reapply disciplined engineering practices. What Attendees Will Learn: An assessment of current efforts to adopt modern software practices Why and where the pace of adoption faces challenges Characteristics of the needed new level of performance…

Software Engineering Institute (SEI) Webcast Series

1
Identifying and Mitigating Cyber Risk 47:33

13 weeks پیش47:33

47:33

An organization’s cyber risk management practices must be rooted in organizational goals to be truly effective. In this webcast, Matt Butkovic, Greg Crabbe and Beth-Anne Bygum explore how best to align business and resilience objectives.

Software Engineering Institute (SEI) Webcast Series

1
Cyber Maturity Model Certification (CMMC): Protecting the Nation’s Defense Industrial Base 28:02

15 weeks پیش28:02

28:02

The Defense Industrial Base (DIB) is a core element of the national security ecosystem. This point of intersection between private industry and the Department of Defense is a perpetual target for the Nation’s adversaries. In this Intersect, Matthew Butkovic and John Haller explore the development, and implementation, of the Cyber Maturity Model Certification (CMMC) as a means to better protect the DIB.…

Software Engineering Institute (SEI) Webcast Series

1
Threat Hunting: What Should Keep All of Us Up at Night 57:09

17 weeks پیش57:09

57:09

When it comes to recognizing threats, cybersecurity professionals may become distracted by big promises or ignore some obvious inspections. New claims made by the latest and greatest new apps draw attention away from network situational awareness best practices—like a dog distracted when it spots a squirrel. We also may deviate from making routine inspections that point toward further investigation—overlooking obvious needs right under our noses. Either becoming distracted or missing obvious inspections can cause us not to detect threats. What Attendees Will Learn: • The distinction between anomalies and threats • Steps to analyze data to detect a threat • The benefits of completing work on one threat…

Software Engineering Institute (SEI) Webcast Series

1
Can a Cybersecurity Parametric Cost Model be Developed? 56:25

18 weeks پیش56:25

56:25

Can a cybersecurity parametric cost estimation model be developed? Every Department of Defense (DoD) program needs to account for, credibly estimate, budget/plan for, and assess the performance of its cybersecurity activities. Creating a cybersecurity parametric model would allow DoD programs to reliably estimate the effort and cost of cybersecurity activities, estimate an overall cybersecurity cost for a program, and obtain a defined and normalized set of cybersecurity data. In this webcast, Christopher Miller shares insights from a Carnegie Mellon University Software Engineering Institute study on cybersecurity cost estimating that can help national security organizations successfully deploy parametric cost modeling. What Attendees Will Learn: • a proposed work breakdown structure identifying cybersecurity-related activities and cost items, and existing descriptions of secure coding practices and levels of rigor for those practices based on data availability • an approach to develop a cybersecurity parametric cost model • a methodology to develop the cost model…

Software Engineering Institute (SEI) Webcast Series

1
Elements of Effective Communications for Cybersecurity Teams 34:00

20 weeks پیش34:00

34:00

Communications, both in times of crisis and during normal operations, are essential to the overall success and sustainability of an incident response or security operations team. How you plan for and manage these communications and how they are received and actioned by your audience will influence your trustworthiness, reputation, and ultimately your ability to perform incident management services effectively. This webcast leverages the National Institute of Standards and Technology (NIST) Cybersecurity Framework and the Forum of Incident Response and Security Teams (FIRST) CSIRT Services Framework to present communications responsibilities as part of both the standard incident management lifecycle and as an integral piece of crisis management support. What Attendees Will Learn: • various communication types or mechanisms for normal and crisis situations • foundational aspects of managing communications with constituents, the public, and the media • building blocks for an effective communications plan…

Software Engineering Institute (SEI) Webcast Series

1
Operational Resilience Fundamentals: Building Blocks of a Survivable Enterprise 52:07

23 weeks پیش52:07

52:07

Surviving disruptive cyber events requires a specific form of planning. One must strike a balance between defending against threats (e.g., managing conditions) and effectively handling the effects of disruption (e.g., managing consequences). Employing a model (such as the CERT Resilience Management Model) provides a catalog of practices and a system of measurement. Focusing on key attributes of performance permits a level of prediction not possible with a basic checklist. In this webcast, Greg Crabbe and Matt Butkovic share their experiences in establishing and maintaining operational resilience programs. What Attendees Will Learn: • how to link mission outcome with asset resilience • how managing for security differs from managing for resilience • how to apply a capability maturity model to the challenge • how to begin analyzing requirements and constructing an operational resilience management program…

Software Engineering Institute (SEI) Webcast Series

1
Cybersecurity Priorities in 2025 32:21

24 weeks پیش32:21

32:21

Chief Information Security Officers (CISOs) perpetually navigate a dynamic set of challenges. Applying focus and aligning resources is imperative for success. In this Intersect, Matthew Butkovic and Gregory Touhill, reflect on 2024 and explore the topics that should be front of mind for CISOs in 2025. They provide insights and advice for those contemplating cybersecurity priorities.…

Software Engineering Institute (SEI) Webcast Series

1
Understanding the Need for Cyber Resilience: A Conversation with Ray Umerley 53:02

28 weeks پیش53:02

53:02

No organization can comprehensively avoid disruptive cyber events. All must strive to maintain operational resilience during times of organizational stress. Ransomware incidents create disruption that can be fatal to the unprepared. In this webcast, we explore how to maintain operational resilience during a ransomware incident. Experts with varied backgrounds provide practical advice for improving your resilience and survivability. What attendees will learn: • best practices for ransomware response • moving beyond security and planning for resilience • pitfalls to avoid in the planning and response processes…

Software Engineering Institute (SEI) Webcast Series

1
Exploring the Fundamentals of Counter AI 27:57

29 weeks پیش27:57

27:57

As the strategic importance of AI increases, so too does the importance of defending those AI systems. To understand AI defense, it is necessary to understand AI offense—that is, counter AI. In this session, Matthew Butkovic, CISA, CISSP, technical director for risk and resilience, and Nathan VanHoudnos, senior machine learning researcher explore the fundamentals of counter AI.…

Software Engineering Institute (SEI) Webcast Series

1
Cyber Challenges in Health Care: Managing for Operational Resilience 53:37

38 weeks پیش53:37

53:37

Health-care organizations are seemingly besieged by a complex set of cyber threats. The consequences of disruptive cyber events in health care are in many ways uniquely troubling. Health-care organizations often face these challenges with modest resources. In this webcast, Matthew Butkovic and Darrell Keeling will explore approaches to maximize return on cybersecurity investment in the health-care context. This will include applying fundamental measures of operational resilience. What Attendees Will Learn: How to yield maximum return on cybersecurity investment in health care How to shift thinking from cybersecurity to operational resilience How to employ free or low-cost cybersecurity resources in the health-care context…

Software Engineering Institute (SEI) Webcast Series

1
Independent Verification and Validation for Agile Projects 1:02:23

38 weeks پیش1:02:23

1:02:23

Traditionally, independent verification and validation (IV&V) is performed by an independent team throughout a program’s milestones or once the software is formally delivered. This approach allows the IV&V team to provide input at the various milestone gates. As more programs move to an Agile approach, those milestones aren’t as clearly defined since requirements, design, implementation, and testing all happen iteratively, sometimes over years of development. In this new paradigm, IV&V teams are struggling to figure out how to add value to the program earlier in the lifecycle by getting in phase with development. This webcast will highlight a novel approach to providing IV&V for projects using an Agile or iterative software development. What Attendees Will Learn: What adopting an Agile mindset for IV&V could look like How focusing on capabilities and using a risk-based perspective could help drive planning for your team Techniques to help the IV&V team get more in phase with the developer while remaining independent…

Software Engineering Institute (SEI) Webcast Series

1
Generative AI and Software Engineering Education 1:02:05

1 year پیش1:02:05

1:02:05

Within a very short amount of time, the productivity and creativity improvements envisioned by generative artificial intelligence (AI), such as using tools based on large language models (LLMs), have taken the software engineering community by storm. The industry is in a race to develop your next best software development tool. Organizations are perplexed by trying to find the right balance between staying ahead in the race and protecting their data and systems from potential risks presented by using generative AI as part of their software development tool chain. There are haters, evangelists, and everything in between. Software engineering education and educators have a special role. No matter how they perceive the opportunities and challenges of generative AI approaches, software engineering educators are going through a watershed moment that will change how they educate the next generation of software engineers. In this webcast, three experts in software engineering will discuss how generative AI is influencing software engineering education and how to balance key skills development with incorporating generative AI into software engineering curricula. What Attendees Will Learn: • how software engineering education is challenged by the increasing popularity of generative AI tools • how software engineering educators can take advantage of generative AI tools • what fundamental skills will be critical to teach to software engineering students in the era of generative AI…

Software Engineering Institute (SEI) Webcast Series

1
Secure Systems Don’t Happen by Accident 59:08

1 year پیش59:08

59:08

Traditionally, cybersecurity has focused on finding and removing vulnerabilities. This is like driving backward down the highway using your rearview mirror. Most breaches are due to defects in design or code; thus, the only way to truly address the issue is to design and build more secure solutions. In this webcast, Tim Chick discusses how security is an integral aspect of the entire software lifecycle as a result of following deliberate engineering practices focused on reducing security risks through the use of software assurance techniques. What Attendees Will Learn: • The importance of cybersecurity and examples of when security has failed • Qualities to look at when evaluating third-party software • The relationship between quality and security • Engineering techniques used throughout the development lifecycle to reduce cyber risks…

Software Engineering Institute (SEI) Webcast Series

1
Can You Rely on Your AI? Applying the AIR Tool to Improve Classifier Performance 38:50

1 year پیش38:50

38:50

Modern analytic methods, including artificial intelligence (AI) and machine learning (ML) classifiers, depend on correlations; however, such approaches fail to account for confounding in the data, which prevents accurate modeling of cause and effect and often leads to prediction bias. The Software Engineering Institute (SEI) has developed a new AI Robustness (AIR) tool that allows users to gauge AI and ML classifier performance with unprecedented confidence. This project is sponsored by the Office of the Under Secretary of Defense for Research and Engineering to transition use of our AIR tool to AI users across the Department of Defense. During the webcast, the research team will hold a panel discussion on the AIR tool and discuss opportunities for collaboration. Our team efforts focus strongly on transition and provide guidance, training, and software that put our transition collaborators on a path to successful adoption of this technology to meet their AI/ML evaluation needs. What Attendees Will Learn: • How AIR adds analytical capability that didn’t previously exist, enabling an analysis to characterize and measure the overall accuracy of the AI as the underlying environment changes • Examples of the AIR process and results from causal discovery to causal identification to causal inference • Opportunities for partnership and collaboration…

Software Engineering Institute (SEI) Webcast Series

1
Using a Scenario to Reason About Implementing a Zero Trust Strategy 1:02:22

1 year پیش1:02:22

1:02:22

There is a lot of documentation about a zero trust architecture, as well as directives that it be used for U.S. federal agencies and the Department of Defense (DoD), but little information on how to go about implementing it to improve an organization’s enterprise or DoD weapon system security. Use cases typically describe requirements for these systems, but they do not provide the contextual awareness that organizations need to help them create a prioritized roadmap to implement zero trust. In this webcast, Tim Morrow, Rhonda Brown, and Elias Miller discuss an approach that organizations can use to help develop the contextual awareness needed to apply a zero trust strategy. What Attendees Will Learn: Overview of a zero trust strategy Roadmap focusing on zero trust for the DoD Engineering approach for mission/workflow Use of a scenario to help reason about zero trust considerations Awareness of an upcoming SEI Zero Trust Industry Day event…

Software Engineering Institute (SEI) Webcast Series

1
Ask Us Anything: Supply Chain Risk Management 41:11

1 year پیش41:11

41:11

According to the Verizon Data Breach Report , Log4j-related exploits have occurred less frequently over the past year. However, this Common Vulnerabilities and Exposures (CVE) flaw was originally documented in 2021. The threat still exists despite increased awareness. Over the past few years, the Software Engineering Institute (SEI) has developed guidance and practices to help organizations reduce threats to U.S. supply chains. In this webcast, Brett Tucker and Matthew Butkovic, answer your enterprise risk management questions to help your organization achieve operational resilience in the cyber supply chain. What attendees will learn: Enterprise risk governance and how to assess organization’s risk appetite and policy as it relates to and integrates cyber risks into a global risk portfolio Regulatory directives on third-party risk The agenda and topics to be covered in the upcoming CERT Cyber Supply Chain Risk Management Symposium in February…

Software Engineering Institute (SEI) Webcast Series

1
The Future of Software Engineering and Acquisition with Generative AI 1:32:10

1 year پیش1:32:10

1:32:10

We stand at a pivotal moment in software engineering, with artificial intelligence (AI) playing a crucial role in driving approaches poised to enhance software acquisition, analysis, verification, and automation. While generative AI tools initially sparked excitement for their potential to reduce errors, scale changes effortlessly, and drive innovation, concerns have emerged. These concerns encompass security risks, unforeseen failures, and issues of trust. Empirical research on generative AI development assistants reveals that productivity and quality gains depend not only on the sophistication of tools but also on task flow redesign and expert judgment. In this webcast, Software Engineering Institute (SEI) researchers will explore the future of software engineering and acquisition using generative AI technologies. They’ll examine current applications, envision future possibilities, identify research gaps, and discuss the critical skill sets that software engineers and stakeholders need to effectively and responsibly harness generative AI’s potential. Fostering a deeper understanding of AI’s role in software engineering and acquisition accentuates its potential and mitigates its risks. What Attendees Will Learn • how to identify suitable use cases when starting out with generative AI technology • the practical applications of generative AI in software engineering and acquisition • how developers and decision makers can harness generative AI technology…

Software Engineering Institute (SEI) Webcast Series

1
Cyber Supply Chain Risk Management: No Silver Bullet 38:40

۲ years پیش38:40

38:40

Compliance standards, privileged access management, software bills of materials (SBOMs), maturity models, cloud services, vulnerability management, etc. The list of potential solutions to supply chain risk management (SCRM) challenges seems unending as much as it is daunting to address. In this webcast, Brett Tucker explores some of these solutions. More importantly, he renews an emphasis on using robust enterprise risk management to achieve operational resilience in the cyber supply chain. What attendees will learn A means of decomposing strategic objectives and critical services into high-value assets that point to prioritization of limited risk response resources Enterprise risk governance, appetite, and policy as they relate to and integrate cyber risks into a global risk portfolio The application and impacts of Cybersecurity Maturity Model Certification (CMMC) and other regulatory directives on third-party risk A kick-off announcement about the SEI CERT Supply Chain Risk Management Symposium to be held in February 2024…

Software Engineering Institute (SEI) Webcast Series

1
Ask Us Anything: Generative AI Edition 1:30:37

۲ years پیش1:30:37

1:30:37

Generative AI (GenAI) has been around for decades, but the latest leap in progress, fueled by high-capability large language models (LLMs), image and video generators, and AI pair programmers, has captivated audiences across a variety of disciplines. What can GenAI do well? What are the risks and opportunities of using GenAI? SEI experts Doug Schmidt, Rachel Dzombak, Jasmine Ratchford, Matt Walsh, John Robert and Shing-hon Lau conducted a live question-and-answer session driven by the audience. Here’s what attendees will learn: The risks and rewards of generative AI The future of LLMs SEI research in this area…

Software Engineering Institute (SEI) Webcast Series

1
Evaluating Trustworthiness of AI Systems 1:02:08

۲ years پیش1:02:08

1:02:08

AI system trustworthiness is dependent on end users’ confidence in the system’s ability to augment their needs. This confidence is gained through evidence of the system’s capabilities. Trustworthy systems are designed with an understanding of the context of use and careful attention to end-user needs. In this webcast, SEI researchers discuss how to evaluate trustworthiness of AI systems given their dynamic nature and the challenges of managing ongoing responsibility for maintaining trustworthiness. What attendees will learn: Basic understanding of what makes AI systems trustworthy How to evaluate system outputs and confidence How to evaluate trustworthiness to end users (and affected people/communities)…

Software Engineering Institute (SEI) Webcast Series

1
Leveraging Software Bill of Materials Practices for Risk Reduction 1:02:03

۲ years پیش1:02:03

1:02:03

A Software Bill of Materials (SBOM) is a comprehensive list of software components involved in the development of a software product. While recently gaining attention in the context of security, SBOMs have limited value unless properly integrated into effective cyber risk management processes and practices. The SEI SBOM Framework compiles a set of leading practices for building an SBOM and using it to support risk reduction. The SEI SBOM Framework provides a roadmap for managing vulnerabilities and risks in third-party software, including commercial-off-the-shelf (COTS) software, government-off-the-shelf (GOTS) software, and open-source software (OSS). A set of use cases informed the identification of SBOM practices, including building an SBOM and using it to manage risks to software intensive systems. These foundational practices were augmented using key security management concepts, such as the need to address requirements, planning and preparation, infrastructure, and organizational support. In this webcast, Charles Wallen, Carol Woody, and Michael Bandor discuss how organizations can connect SBOMs to acquisition and development to support improved system and software assurance.…

Software Engineering Institute (SEI) Webcast Series

1
Institutionalizing the Fundamentals of Insider Risk Management 56:33

۲ years پیش56:33

56:33

Insider threats pose an enduring, ever-evolving risk to an organization’s critical assets that require enterprise-wide participation to manage effectively. Many organizations struggle to make critical tasks in insider risk management “stick,” relying on several crutches to drive temporary organizational change, only to see those changes come undone and have incidents slip through the cracks. In this webcast, we’ll discuss those crutches and identify themes of best practices observed over two decade of researching insider threat and building insider risk management programs that organizations can use to institutionalize key components of effective insider risk management. What attendees will learn: • How to identify drivers of change to an organization’s insider risk posture • How to differentiate between one-time and routine activities in the planning and implementation of an insider risk management program • How to measure the maturity of those routine activities…

Software Engineering Institute (SEI) Webcast Series

1
What’s Wrong with ROI for Model-Based Analysis of Cyber-Physical Systems? 56:06

۲ years پیش56:06

56:06

In this webcast, Fred Schenker, Jerome Hugues, and Linda Parker Gates discuss the benefits of using a model-based approach to improve the design of a CPS’ embedded computing resources. This is accomplished by (1) building virtual architectural models of the CPS’ embedded computing resources early in the system development lifecycle and (2) using these models to predict computing system constraints and component integration issues. They will discuss the cultural resistance to adopting the model-based approach, and how established justification methods, e.g., Return on Investment, are being used to stifle the adoption. Finally, some alternatives to ROI will be proposed that would be more effective justification mechanisms.…

Software Engineering Institute (SEI) Webcast Series

1
Will Rust Solve Software Security? 53:38

۲ years پیش53:38

53:38

The Rust programming language makes some strong claims about the security of Rust code. In this webcast, David Svoboda and Joe Sible will evaluate the Rust programming language from a cybersecurity perspective. They will examine Rust's security model, both in what it promises and its limitations. They will also examine how secure Rust code has been seen in practice and conclude with discussing the overall maturity and stability of the Rust ecosystem. What attendees will learn: The Rust Security Model Limitations of the Rust Security Model Rust code in the current vulnerability ecosystem Rust code stability and maturity…

Software Engineering Institute (SEI) Webcast Series

1
Top 5 Challenges to Overcome on Your DevSecOps Journey 1:00:36

۲ years پیش1:00:36

1:00:36

Historically, a lot of discussion in software security focused on the project level, emphasizing code scanning, penetration testing, reactive approaches for incident response, and so on. Today, the discussion has shifted to the program level to align with business objectives. In the ideal outcome of such a shift, software teams would act in alignment with business goals, organizational risk, and solution architecture and would understand that security practices are integral to business success. However, the shift from project- to program-level thinking brings lots of challenges. In this webcast, Hasan Yasar and Joe Yankel discuss the top 5 challenges and barriers to implementing DevSecOps practices and describe some solutions for overcoming them. What attendees will learn: The DevSecOps ecosystem and how it aligns with business objectives The DevSecOps challenges and barriers How to overcome the top 5 challenges Practical solutions for your business needs How your system architecture drives your DevSecOps ecosystem…

Software Engineering Institute (SEI) Webcast Series

1
Improving Analytics Using Enriched Network Flow Data 1:02:25

۲ years پیش1:02:25

1:02:25

Classic tool suites that are used to process network flow records deal with very limited detail on the network connections they summarize. These tools limit detail for several reasons: (1) to maintain long-baseline data, (2) to focus on security-indicative data fields, and (3) to support data collection across large or complex infrastructures. However, a consequence of this limited detail is that analysis results based on this data provide information about indications of behavior rather than information that accurately identifies behavior with high confidence. In this webcast, Tim Shimeall and Katherine Prevost discuss how to use IPFIX-formatted data with detail derived from deep packet inspection (DPI) to provide increased confidence in identifying behavior.…

Software Engineering Institute (SEI) Webcast Series

1
How Can Data Science Solve Cybersecurity Challenges? 1:00:01

۲ years پیش1:00:01

1:00:01

In this webcast, Tom Scanlon, Matthew Walsh and Jeffrey Mellon discuss approaches to using data science and machine learning to address cybersecurity challenges. They provide an overview of data science, including a discussion of what constitutes a good problem to solve with data science. They also discuss applying data science to cybersecurity challenges, highlighting specific challenges such as detecting advanced persistent threats (APTs), assessing risk and trust, determining the authenticity of digital content, and detecting deepfakes. What attendees will learn: Basics of data science and what makes for a good data science problem How data science techniques can be applied to cybersecurity Ways to get started using data science to address cybersecurity challenges…

Software Engineering Institute (SEI) Webcast Series

1
AI Next Generation Architecture 1:01:44

۲ years پیش1:01:44

1:01:44

As Artificial Intelligence permeates mission-critical capabilities, it is paramount to design modular solutions to ensure rapid evolution and interoperability. During this webcast, we’ll discuss some of the primary quality attributes guiding such design, and how a Next Generation Architecture can facilitate an integrated future state. What attendees will learn: current challenges facing AI engineering approaches to promoting interoperability across AI solutions considerations for facilitating modularity and reuse in design…

Software Engineering Institute (SEI) Webcast Series

1
Addressing Supply Chain Risk and Resilience for Software-Reliant Systems 1:01:31

۲ years پیش1:01:31

1:01:31

All technology acquired by an organization requires the support of (or integration with) components, tools, and services delivered by a diverse set of supply chains. However, the practices critical to addressing supply chain risks are typically scattered across many parts of the acquiring organization, and they are performed in isolated stovepipes. This situation causes inconsistencies, gaps, and slow response to crises. The Acquisition Security Framework (ASF) addresses this problem by combining leading cyber practices that help organizations manage supply chain risk and define the collaborations critical to securely acquiring, engineering, and operating software-reliant systems. The goals, practices, and processes that structure the ASF have been demonstrated as effective for managing risk and improving resilience. The ASF is consistent with published guidelines for supply chain risk management from ISO, NIST, and DHS. What attendees will learn: This webcast will introduce attendees to the ASF and demonstrate the ways in which the ASF provides a roadmap to help organizations build security and resilience into a system rather than “bolt on” these characteristics after deployment. The webcast will also examine how, following deployment, the ASF guides the ongoing management of system risk and resilience as the technology, threats, and requirements evolve over the system’s lifecycle. ASF includes leading security and resilience practices critical to supply chain risk management a pathway for proactive process management that fosters effective collaboration across the range of stakeholders responsible for acquiring, developing, and deploying software-reliant systems…

Software Engineering Institute (SEI) Webcast Series

1
Does your DevSecOps Pipeline only Function as Intended? 52:40

۳ years پیش52:40

52:40

Understanding and articulating cybersecurity risk is hard. With the adoption of DevSecOps tools and techniques and the increased coupling between the product being built and the tools used to build them, the attack surface of the product continues to grow by incorporating segments of the development environment. Thus, many enterprises are concerned that DevSecOps pipeline weaknesses can be abused to inject exploitable vulnerabilities into their products and services. Using Model Based Systems Engineering (MBSE), a DevSecOps model can be built that considers system assurance and enables organizations to design and execute a fully integrated DevSecOps strategy in which stakeholder needs are addressed with cybersecurity in all aspects of the DevSecOps pipeline. An assurance case can be used to show the adequacy of the model for both the pipeline and the embedded or distributed system. While builders of embedded and distributed systems want to achieve the flexibility and speed expected when applying DevSecOps, reference material and a repeatable defensible process are needed to confirm that a given DevSecOps pipeline is implemented in a secure, safe, and sustainable way. What Attendees will Learn: an approach to evaluate and mitigate the risk associated with attackers exploiting DevSecOps pipeline weaknesses and vulnerabilities how to structure an assurance case around the core capabilities of a DevSecOps pipeline…

Software Engineering Institute (SEI) Webcast Series

1
Finding Your Way with Software Engineering Buzzwords 1:01:38

۳ years پیش1:01:38

1:01:38

As a Software Engineering community, we started to hear new words with new definitions to achieve some challenges with deciding the shelf life of said terms. Some examples include: DevOps is dead, long live NoOps, SecOps, NoCode, SRE, GitOps, and recently Platform Engineering. We often confuse these terms in order to achieve certain software engineering job types. Then the organization decides to implement one or a combination of these terms and restructures the engineering team. However, it can often be cumbersome because many tech professionals are still unfamiliar with the technologies and “new buzzwords” are required to implement a complete SW delivery pipeline to meet the business needs. It is becoming very challenging to find the right way. We should all step back and ask ourselves “what is our why” to deliver new capabilities in a timely, affordable, and secure way. Let’s discuss how we can clear up this word puzzle and find our journey. What Attendees will Learn: • How to align your business objectives with your SW engineering practices? • What is the science behind DevOps? • Understand role vs responsibility • How do I get started on implementing true DevOps? • How to become an agile to overcame new obstacles?…

Software Engineering Institute (SEI) Webcast Series

1
Infrastructure as Code Through Ansible 54:27

۳ years پیش54:27

54:27

Infrastructure as code (IaC) is a concept that enables organizations to automate the provisioning and configuration of their IT infrastructure. This concept also aids organizations in applying the DevOps process (plan, code, build, test, release, deploy, operate, monitor, repeat) to their infrastructure. Ansible is a popular choice within the IaC tool landscape for realizing this goal.…

Software Engineering Institute (SEI) Webcast Series

1
Applying the Principles of Agile to Strengthen the Federal Cyber Workforce 58:42

۳ years پیش58:42

58:42

The lack of qualified cybersecurity professionals in the United States is a threat to our national security. We cannot adequately protect the systems that our government, economy, and critical infrastructure sectors rely on without an appropriately sized cyber workforce. By some estimates, there are over 700,000 cybersecurity job openings across the United States, with 39,000 of those in the public sector alone. Fortunately, the federal government recognizes that the cyber workforce needs to be strengthened and is implementing efforts to address this need at a national strategic level. In this webcast, we will examine how to use principles and concepts from Agile development to help cyber workforce development initiatives remain adaptable and effective in the continuously evolving landscape of the cyber domain.…

Software Engineering Institute (SEI) Webcast Series

1
Ransomware: Defense and Resilience Strategies 58:55

۳ years پیش58:55

58:55

Ransomware poses an imminent threat to most organizations. Whereas most traditional cyber attacks require extended threat actor engagement to seeking out critical information, exporting data, and demanding ransom from victims, ransomware shortens the process and puts immediate pressure on the victim to respond with payment. Unfortunately, the rise of artificial intelligence (AI) and other novel attack techniques have made these attacks more ubiquitous as they are pernicious. In this talk, Brett Tucker will discuss a novel means for assessing an organization to determine its susceptibility to ransomware and explore the organization’s resilience to recover normal operations after a successful attack. Attendees will learn about the key domains for analysis and practical tips for facilitating resilience assessments.…

Software Engineering Institute (SEI) Webcast Series

1
Using Open Source to Shrink the Cyber Workforce Gap 50:19

۳ years پیش50:19

50:19

By all recent measures, the cybersecurity workforce is woefully understaffed. According to (ISC)², the cyber workforce gap in the United States was 377,000 open positions in 2021. The Software Engineering Institute (SEI) at Carnegie Mellon University (CMU) has been working with the U.S. government to development novel approaches designed to shrink this gap. This talk will focus on open source initiatives that bring innovative ideas to cybersecurity modeling and simulation, assessment, and competitions What Attendees will Learn: Understanding of the challenges facing the cyber workforce and how to build engaging content that will help close the workforce gap Where to find open source projects developed by the Software Engineering Institute to build cyber exercises, training labs and simulations Hands on experience that can be immediately applied to workforce development initiatives in their own organization…

Software Engineering Institute (SEI) Webcast Series

1
Exploring an AI Engineering Body of Knowledge 1:02:21

۳ years پیش1:02:21

1:02:21

In this webcast, Carol Smith, Carrie Gardner, and Michael Mattarock discuss maturing artificial intelligence (AI) practices based on our current body of knowledge. Much as it did for software engineering in the 1980s, the SEI has begun formalizing the field of AI engineering, beginning with identifying three fundamental pillars to guide AI engineering: human-centered, scalable, and robust and secure. Watch to learn more about these pillars and how they can be used to help national defense and security agencies adopt and develop AI.…

Software Engineering Institute (SEI) Webcast Series

1
What are Deepfakes, and How Can We Detect Them? 1:00:00

۳ years پیش1:00:00

1:00:00

In this webcast, Shannon Gallagher and Dominic Ross discuss what deepfakes are, and how they are building AI/ML tech to distinguish real from fake. They will start with some well-known examples of deepfakes and discuss what makes them distinguishable as fake for people and computers.

Software Engineering Institute (SEI) Webcast Series

1
Adapting Agile and DevSecOps to Improve Non-Software Development Teams 1:03:07

۳ years پیش1:03:07

1:03:07

Agile and DevSecOps have revolutionized software engineering practices. The strategies put forward in Agile and DevSecOps have eased many software engineering challenges and paved the way for continuous deployment pipelines. But what do you do when you're facing a problem that doesn't fit the model of a pure software engineering project? In this webcast, we will share our experiences applying Agile and DevSecOps practices in atypical ways. We will focus our discussion around two atypical examples: 1) managing a program office’s acquisition process 2) developing and maintaining computing enclave operations Using these examples, we will discuss the specific applications of the tools and practices we used to enhance a team's capabilities and better support end users' missions. We will also share the lessons we learned along the way.…

Software Engineering Institute (SEI) Webcast Series

1
Predictable Use of Multicore in the Army and Beyond 58:18

۳ years پیش58:18

58:18

Complex, cyber-physical DoD systems, such as aircraft, depend on correct timing to properly and reliably execute crucial sensing, computing, and actuation functions. In this webcast, SEI staff members Bjorn Andersson, PhD, Dionisio de Niz, PhD, and William Vance of the U.S. Army Combat Capabilities Development Command Aviation & Missile Center discuss using real-time software on multicore processors. Specifically, they review the challenges that DoD and civilian systems face and the proven solutions that are available.…

Software Engineering Institute (SEI) Webcast Series

1
Ask Us Anything: Zero Trust Edition 1:02:27

۳ years پیش1:02:27

1:02:27

The Forrester report, "The Definition of Modern Zero Trust," defines Zero Trust as an information security model that denies access to applications and data by default. Zero Trust adoption can be difficult for organizations to undertake. It is not a specific technology to adopt; instead, it’s an initiative that an enterprise must understand, interpret, and implement. In this webcast, SEI CERT Division Director Greg Touhill, and Dr. Chase Cunningham, chief strategy officer at Ericom Software, answered questions and discussed what you need to implement a Zero Trust strategy. What You Will Learn • Why Zero Trust is a strategy and not a technology • Steps to implement Zero Trust • Examples of past compromises and historical failures that were not only enabled by, but powered by, inherent trust…

Software Engineering Institute (SEI) Webcast Series

1
Acquisition Disasters? Ideas For Reducing Acquisition Risk 47:28

۳ years پیش47:28

47:28

The status quo for how we acquire cyber-physical weapon systems (CPS) needs to be changed. It is almost certain (for any acquisition of a CPS) that there will be cost overruns, schedule delays, and/or the loss of promised warfighter capability. Improved product development technologies could be applied, but they have not been adopted widely. We will discuss the status quo, alternative approaches, and how to motivate the community of CPS acquirers and suppliers to improve. What attendees will learn: Characteristics of the current status quo how CPS systems are acquired and developed. Principles of Value Engineering and how they can be applied to the acquisition and development of CPS. Approaches that acquirers and suppliers can take to improve the status quo.…

Software Engineering Institute (SEI) Webcast Series

1
Engineering Tactical and AI-Enabled Systems 22:08

۳ years پیش22:08

22:08

In this episode, Grace Lewis and Shane McGraw discuss how the SEI is applying research, through its highly successful Tactical and AI-Enabled Systems (TAS) initiative, to develop foundational principles, innovative solutions, and best practices for architecting, developing, and deploying tactical and AI-enabled systems. These systems will provide solutions for teams operating in remote, tactical edge locations where computing resources are constrained. Lewis and McGraw explain that the TAS initiative is seeking to add a software engineer to conduct research, build prototype technologies, and collaborate with military programs to introduce new technology. The results of this work will be seen in research papers that advance the state-of-the-art in software engineering and in the fielding of better tactical and AI-enabled systems. We are hiring: Software Engineer https://cmu.wd5.myworkdayjobs.com/en-US/SEI/job/Pittsburgh-PA/Software-Engineer_2017511-1…

Software Engineering Institute (SEI) Webcast Series

1
A Cybersecurity Engineering Strategy for DevSecOps 59:23

۴ years پیش59:23

59:23

In this webcast, Carol Woody presents the scope of a cybersecurity engineering strategy for DevSecOps along with the criticality of sharing information with direct and indirect stakeholders.

Software Engineering Institute (SEI) Webcast Series

1
CRO Success Factors in the Age of COVID 55:59

۴ years پیش55:59

55:59

In this webcast, Brett Tucker, Ryan Zanin, and Abid Adam discuss the critical factors for risk executives to be successful to not only protect critical assets but also to take advantage of new opportunities created via the pandemic.

Software Engineering Institute (SEI) Webcast Series

1
Zero Trust Journey 1:02:20

۴ years پیش1:02:20

1:02:20

Zero Trust Architecture adoption is a challenge for many organizations. It isn't a specific technology to adopt; instead, it’s a security initiative that an enterprise must understand, interpret, and implement. Enterprise security initiatives are never simple, and their goal to improve the enterprise’s cybersecurity posture requires the alignment of multiple stakeholders, systems, acquisitions, and exponentially changing technology. This alignment is always a complex undertaking and requires cybersecurity strategy and engineering to succeed. What attendees will learn: • The purpose of a Zero Trust Architecture • Zero Trust Architecture components • How to think about Zero Trust Architecture transition…

Software Engineering Institute (SEI) Webcast Series

1
The Future of AI: Scaling AI Through AI Engineering 1:01:59

۴ years پیش1:01:59

1:01:59

In its 2021 report, the National Security Commission on AI (NSCAI) wrote, "The impact of artificial intelligence (AI) on the world will extend far beyond narrow national security applications." How do we move beyond those narrow AI applications to gain strategic advantage? Join Dr. Matt Gaston, Director of the SEI AI Division, Dr. Steve Chien, NSCAI Commissioner and Technical Group Supervisor of the Artificial Intelligence Group and Senior Research Scientist in the Mission Planning and Execution Section at the Jet Propulsion Laboratory, California Institute of Technology, and Dr. Jane Pinelis, Chief of Test and Evaluation of AI/ML at the DoD Joint AI Center (JAIC) for a discussion on scaling AI. Carnegie Mellon University is proud to partner with NSCAI in this discussion, part of an ongoing series of virtual panel discussions to realize the future of AI. What attendees will learn: • NSCAI recommendations for scaling AI • How AI Engineering can scale the impact of mission capabilities • Where to find leading AI Engineering practices • Challenges and opportunities for the future of AI…

Software Engineering Institute (SEI) Webcast Series

1
AI Engineering: Ask Us Anything About Building AI Better 1:04:47

۴ years پیش1:04:47

1:04:47

Self-driving cars are being tested in our cities, bespoke movie and product recommendations populate our apps, and we can count on our phones to route us around highway traffic... Why, then, do most AI deployments fail? What is needed to create, deploy, and maintain AI systems we can trust to meet our mission needs, particularly for defense and national security? The SEI recently launched an AI Division to ensure that our researchers are working to address these hard questions. In this question and answer session, Dr. Rachel Dzombak and Dr. Matt Gaston share their points of view on what AI engineering is today and where the field is going. Learn about building AI better with the nascent discipline of AI Engineering and how the SEI plans to leverage the new AI Division to advance human-centered, robust and secure, and scalable AI systems. What attendees will learn: • How to find AI Engineering lessons in your own AI practices • What’s needed to build an AI Engineering mindset on your team • Leading AI Engineering practices • How to engage with a national initiative dedicated to advancing the discipline of AI Engineering • How the SEI is growing our portfolio of work in the AI Division…

Software Engineering Institute (SEI) Webcast Series

1
Balanced Approaches to Insider Risk Management 1:00:53

۴ years پیش1:00:53

1:00:53

Misuse of authorized access to an organization’s critical assets is a significant concern for organizations of all sizes, missions, and industries. We at the CERT National Insider Threat Center have been collecting and analyzing data on incidents involving malicious and unintentional insider since 2001, and have worked with numerous organizations across government, industry, and academia to develop and validate controls and best practices to address these concerns. In this webcast, as a part of National Insider Threat Awareness Month, our experts provide an overview of the ongoing research in this area, and answer questions about how the threat landscape continues to evolve, and what organizations can and should do to address insider threats. What Attendees Will Learn: • The complexities of insider risk management and strategies for effectively balancing insider risk management program operations across the dimensions of people, organization, and management. • The latest findings from the CERT National Insider Threat Center’s research into the different types of insider incidents – motivations, vulnerabilities, and common attack paths • The changing landscape of insider threat and a look into the future • The newest best practices and other resource that are available through the CERT National Insider Threat Center…

Software Engineering Institute (SEI) Webcast Series

1
Software Development Open Forum: Ask Hasan Anything! 1:03:02

۴ years پیش1:03:02

1:03:02

The software development lifecycle has changed a lot and continues to evolve. Almost every company now is a software company. Meeting business needs and adapting to the speed of the market for new features requires an agility mindset and continuous-delivery techniques throughout application-development lifecycles. You have software development and deployment questions, such as: Where do I start? How do I establish good continuous integration/deployment practices? What about security? Hasan has the answers! SEI’s Hasan Yasar hosts a software development question and answer session. What attendees will learn: • how DevSecOps and Agile are generating more and more questions in DoD environments • where software development is heading • continuous-delivery techniques throughout application-development lifecycles • why constant interaction between developers and information security teams is needed throughout the entire SDLC…

Software Engineering Institute (SEI) Webcast Series

1
Software Supply Chain Concerns for DevSecOps Programs 1:03:47

۴ years پیش1:03:47

1:03:47

In a DevSecOps world the software supply chain extends beyond libraries upon which developed software depends. In this webinar we will look at the Solarwinds incident as a worst-case exemplifying the breadth of the software supply chain issues confronting complex DevSecOps programs. We will explore the important architectural aspects of DevSecOps that are impacted by the software supply chain that require attention and potential mitigations to detect and respond to potential incidents. What attendees will learn: • The software supply chain issue is broad and impacts multiple aspects of DevSecOps • Programs need to be aware of how the software they leverage presents risks • Mitigation strategies must be put in place to address potential issues at the architectural level…

Software Engineering Institute (SEI) Webcast Series

1
How Do We Teach Cybersecurity? 1:00:17

۴ years پیش1:00:17

1:00:17

How do you teach cybersecurity to a middle school student? To a soldier? To some of the best hackers in the country? How do you evaluate all of these audiences’ skills? Cybersecurity training has been an ongoing challenge for decades. The key to making the best use of your training dollar is to craft training that matches your audience’s needs and engages them in a meaningful manner. When you create an experience so enthralling that your audience is logging in on nights and weekends just to continue participating, the value of immersive training truly shines. Join us during this webinar as Rotem Guttman shares the lessons he’s learned over a decade of developing engaging, immersive training and evaluation environments for a variety of audiences. What attendees will learn: • How to make cybersecurity training engaging • What motivates different types of learners • The history of enhanced cybersecurity training at the SEI…

Software Engineering Institute (SEI) Webcast Series

1
Software Supply Chain Concerns for DevSecOps Programs 1:01:06

۴ years پیش1:01:06

1:01:06

Managing third-party relationships, such as pubic cloud service providers, requires a set of skills often unfamiliar to many technologists. These relationships are constructed on a foundation of verifiable trust. This requires managing the cybersecurity performance of third parties via contractual mechanisms rather than the traditional line-of-sight practices used internal to an organization. Chief among these mechanisms are service-level agreements (SLAs). Cybersecurity SLAs are vital to the success of third-party relationships and a core component of sound governance. What Attendees Will Learn • How to design and implement meaningful SLAs • How best to use SLAs to drive third-party cybersecurity performance • The limits of SLAs as a third-party risk management tool…

Software Engineering Institute (SEI) Webcast Series

1
Announcing IEEE 2675 DevOps Standard to Build Reliable and Secure Systems 1:03:29

۴ years پیش1:03:29

1:03:29

IEEE 2675 standard specifies technical principles and practices to build, package, and deploy systems and applications in a reliable and secure way. The standard focuses on establishing effective compliance and IT controls. It presents principles of DevOps including mission first, customer focus, shift-left, continuous everything, and systems thinking. It also describes how stakeholders, including developers and operations staff, can collaborate and communicate effectively. Co-authors will discuss their personal experience applying the principles and practices in organizations. What attendees will learn: • Learn DevOps for systems of systems • What DevOps standards means • How to read the DevOps standard and apply to your organization • Key DevOps principles and practices…

به Player FM خوش آمدید!

Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.

به بیش از 500 موضوع گوش کنید

63 subscribers

مشابه Software Engineering Institute (SEI) Webcast Series

Bounty Quick Size Paper Towels, White, 8 Family Rolls = 20 Regular Rolls (Packaging May Vary)

Amazon eGift Card - Bright Balloons (Animated)

Mini Mic Pro Wireless Microphone for iPhone, iPad, Android, Lavalier Microphone for Video Recording - 2 Pack iPhone Mic Crystal Clear Recording with USB-C for Podcast, ASMR

پادکست هایی که ارزش شنیدن دارند

Software Engineering Institute (SEI) Webcast Series « » At What Point Does DevSecOps Become Too Risky for the Business?

At What Point Does DevSecOps Become Too Risky for the Business?

پادکست هایی که ارزش شنیدن دارند

به Player FM خوش آمدید!

2024 Topps Baseball Complete Set Factory Sealed Box Set - Baseball Complete Sets

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

Amazon Basics Dog and Puppy Pee Pads, 5-Layer Leak-Proof Super Absorbent, Quick-Dry Surface, Potty Training, Regular (22x22"), 100 Count, Blue & White

Snipe Hunter

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

مشابه Software Engineering Institute (SEI) Webcast Series

راهنمای مرجع سریع

Software Engineering Institute (SEI) Webcast Series « »
At What Point Does DevSecOps Become Too Risky for the Business?