Does Your DevSecOps Pipeline Only Function As Intended? Software Engineering Institute (SEI) Webcast Series podcast

Artwork

Tech Cybersecurity Securecoding Softwarearchitecture Softwaredevelopment Softwareengineering Carnegie Mellon University Software Engineering Institute SEI Members of Technical Staff Video Podcasting Education

Player FM - Internet Radio Done Right

63 subscribers

اضافه شده در nine سال پیش

محتوای ارائه شده توسط Carnegie Mellon University Software Engineering Institute and SEI Members of Technical Staff. تمام محتوای پادکست شامل قسمت‌ها، گرافیک‌ها و توضیحات پادکست مستقیماً توسط Carnegie Mellon University Software Engineering Institute and SEI Members of Technical Staff یا شریک پلتفرم پادکست آن‌ها آپلود و ارائه می‌شوند. اگر فکر می‌کنید شخصی بدون اجازه شما از اثر دارای حق نسخه‌برداری شما استفاده می‌کند، می‌توانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal

Software Engineering Institute (SEI) Webcast Series « »
Does your DevSecOps Pipeline only Function as Intended?

۲ سال پیش 52:40

اشتراک گذاری

MP4•خانه قسمت

محتوای ارائه شده توسط Carnegie Mellon University Software Engineering Institute and SEI Members of Technical Staff. تمام محتوای پادکست شامل قسمت‌ها، گرافیک‌ها و توضیحات پادکست مستقیماً توسط Carnegie Mellon University Software Engineering Institute and SEI Members of Technical Staff یا شریک پلتفرم پادکست آن‌ها آپلود و ارائه می‌شوند. اگر فکر می‌کنید شخصی بدون اجازه شما از اثر دارای حق نسخه‌برداری شما استفاده می‌کند، می‌توانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal

Understanding and articulating cybersecurity risk is hard. With the adoption of DevSecOps tools and techniques and the increased coupling between the product being built and the tools used to build them, the attack surface of the product continues to grow by incorporating segments of the development environment. Thus, many enterprises are concerned that DevSecOps pipeline weaknesses can be abused to inject exploitable vulnerabilities into their products and services.

Using Model Based Systems Engineering (MBSE), a DevSecOps model can be built that considers system assurance and enables organizations to design and execute a fully integrated DevSecOps strategy in which stakeholder needs are addressed with cybersecurity in all aspects of the DevSecOps pipeline. An assurance case can be used to show the adequacy of the model for both the pipeline and the embedded or distributed system. While builders of embedded and distributed systems want to achieve the flexibility and speed expected when applying DevSecOps, reference material and a repeatable defensible process are needed to confirm that a given DevSecOps pipeline is implemented in a secure, safe, and sustainable way.

What Attendees will Learn:

an approach to evaluate and mitigate the risk associated with attackers exploiting DevSecOps pipeline weaknesses and vulnerabilities
how to structure an assurance case around the core capabilities of a DevSecOps pipeline

… continue reading

166 قسمت

#Tech #Cybersecurity #Securecoding #Softwarearchitecture #Softwaredevelopment #Softwareengineering #Carnegie Mellon University Software Engineering Institute #SEI Members of Technical Staff #Video #Podcasting Education

Artwork

Does your DevSecOps Pipeline only Function as Intended?

Software Engineering Institute (SEI) Webcast Series

63 subscribers

published ۲ سال پیش

اشتراک گذاری

MP4•خانه قسمت

محتوای ارائه شده توسط Carnegie Mellon University Software Engineering Institute and SEI Members of Technical Staff. تمام محتوای پادکست شامل قسمت‌ها، گرافیک‌ها و توضیحات پادکست مستقیماً توسط Carnegie Mellon University Software Engineering Institute and SEI Members of Technical Staff یا شریک پلتفرم پادکست آن‌ها آپلود و ارائه می‌شوند. اگر فکر می‌کنید شخصی بدون اجازه شما از اثر دارای حق نسخه‌برداری شما استفاده می‌کند، می‌توانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal

Understanding and articulating cybersecurity risk is hard. With the adoption of DevSecOps tools and techniques and the increased coupling between the product being built and the tools used to build them, the attack surface of the product continues to grow by incorporating segments of the development environment. Thus, many enterprises are concerned that DevSecOps pipeline weaknesses can be abused to inject exploitable vulnerabilities into their products and services.

Using Model Based Systems Engineering (MBSE), a DevSecOps model can be built that considers system assurance and enables organizations to design and execute a fully integrated DevSecOps strategy in which stakeholder needs are addressed with cybersecurity in all aspects of the DevSecOps pipeline. An assurance case can be used to show the adequacy of the model for both the pipeline and the embedded or distributed system. While builders of embedded and distributed systems want to achieve the flexibility and speed expected when applying DevSecOps, reference material and a repeatable defensible process are needed to confirm that a given DevSecOps pipeline is implemented in a secure, safe, and sustainable way.

What Attendees will Learn:

an approach to evaluate and mitigate the risk associated with attackers exploiting DevSecOps pipeline weaknesses and vulnerabilities
how to structure an assurance case around the core capabilities of a DevSecOps pipeline

… continue reading

166 قسمت

#Tech #Cybersecurity #Securecoding #Softwarearchitecture #Softwaredevelopment #Softwareengineering #Carnegie Mellon University Software Engineering Institute #SEI Members of Technical Staff #Video #Podcasting Education

همه قسمت ها

×

1
An Introduction to the MLOps Tool Evaluation Rubric 1:00:23

۳ روز پیش1:00:23

پخش در آینده

پخش در آینده

دوست داشته شد

1:00:23

Organizations looking to build and adopt artificial intelligence (AI)–enabled systems face the challenge of identifying the right capabilities and tools to support Machine Learning Operations (MLOps) pipelines. Navigating the wide range of available tools can be especially difficult for organizations new to AI or those that have not yet deployed systems at scale. This webcast introduces the MLOps Tool Evaluation Rubric, designed to help acquisition teams pinpoint organizational priorities for MLOps tooling, customize rubrics to evaluate those key capabilities, and ultimately select tools that will effectively support ML developers and systems throughout the entire lifecycle, from exploratory data analysis to model deployment and monitoring. This webcast will walk viewers through the rubric’s design and content, share lessons learned from applying the rubric in practice, and conclude with a brief demo. What Attendees Will Learn: • How to identify and prioritize key capabilities for MLOps tooling within their organizations • How to customize and apply the MLOps Tool Evaluation Rubric to evaluate potential tools effectively • Best practices and lessons learned from real-world use of the rubric in AI projects…

1
The State of DevSecOps in the DoD: Where We Are, and What’s Next 58:42

۵ weeks پیش58:42

پخش در آینده

پخش در آینده

دوست داشته شد

58:42

DevSecOps practices foster collaboration among software development, security, and operations teams to build, test, and release software quickly and reliably. A high-stakes, high-security environment has challenged the implementation of these practices within the Department of Defense (DoD). The DoD Chief Information Officer (CIO) organization partnered with the Software Engineering Institute (SEI) to conduct the first study to baseline the state of DoD DevSecOps, highlight successes, and offer insights for next steps. George Lamb, DoD’s Director of Cloud and Software Modernization, joins the SEI team to discuss key results and how they will help the DoD ensure that its software ecosystem is effective, scalable, and adaptable to meet the challenges of today and tomorrow. What Attendees Will Learn: Highlights from important success stories in DoD’s DevSecOps journey How the DoD is harvesting grassroot successes by individual software organizations to implement those successes at scale Keys to using data and building effective measurement strategies to enable optimization of software delivery…

1
I Spy with My Hacker Eye: How Hackers Use Public Info to Crack Your Creds 57:16

۵ weeks پیش57:16

پخش در آینده

پخش در آینده

دوست داشته شد

57:16

Did you know there are 500 million tweets per day? 3 billion monthly active Facebook users? 1 billion LinkedIn members? Are you one of them? In this webcast, Destiney Marie Plaza reveals how a hacker can use seemingly benign public information to customize an attack on a victim by showing a scenario-based attack and demo (using free and open-source tools). Additionally, you will learn how hackers can gather information about you, common mistakes that put your information at risk, and how to protect yourself. What Attendees Will Learn: how to use open-source tools used to crack passwords, along with a methodology for how hackers may gain access to your accounts what makes a strong password and how such passwords can stave off automated cracking tools how a hacker sees you, so that you can take appropriate steps to protect yourself…

1
A New Performance Zone for Software for National Security 1:02:23

۶ weeks پیش1:02:23

پخش در آینده

پخش در آینده

دوست داشته شد

1:02:23

Today, we have seen our national security organizations working to adopt modern software practices, particularly Agile methods and DevSecOps practices, efforts challenged by a mismatch of tempos between operational needs and development processes. The newly mandated Software Acquisition Pathway helps to align those tempos. However, to sustain a competitive advantage through software, we need to see our defense organizations recall and reapply disciplined engineering practices. What Attendees Will Learn: An assessment of current efforts to adopt modern software practices Why and where the pace of adoption faces challenges Characteristics of the needed new level of performance…

1
Identifying and Mitigating Cyber Risk 47:33

۸ weeks پیش47:33

پخش در آینده

پخش در آینده

دوست داشته شد

47:33

An organization’s cyber risk management practices must be rooted in organizational goals to be truly effective. In this webcast, Matt Butkovic, Greg Crabbe and Beth-Anne Bygum explore how best to align business and resilience objectives.

1
Cyber Maturity Model Certification (CMMC): Protecting the Nation’s Defense Industrial Base 28:02

10 weeks پیش28:02

پخش در آینده

پخش در آینده

دوست داشته شد

28:02

The Defense Industrial Base (DIB) is a core element of the national security ecosystem. This point of intersection between private industry and the Department of Defense is a perpetual target for the Nation’s adversaries. In this Intersect, Matthew Butkovic and John Haller explore the development, and implementation, of the Cyber Maturity Model Certification (CMMC) as a means to better protect the DIB.…

1
Threat Hunting: What Should Keep All of Us Up at Night 57:09

12 weeks پیش57:09

پخش در آینده

پخش در آینده

دوست داشته شد

57:09

When it comes to recognizing threats, cybersecurity professionals may become distracted by big promises or ignore some obvious inspections. New claims made by the latest and greatest new apps draw attention away from network situational awareness best practices—like a dog distracted when it spots a squirrel. We also may deviate from making routine inspections that point toward further investigation—overlooking obvious needs right under our noses. Either becoming distracted or missing obvious inspections can cause us not to detect threats. What Attendees Will Learn: • The distinction between anomalies and threats • Steps to analyze data to detect a threat • The benefits of completing work on one threat…

1
Can a Cybersecurity Parametric Cost Model be Developed? 56:25

14 weeks پیش56:25

پخش در آینده

پخش در آینده

دوست داشته شد

56:25

Can a cybersecurity parametric cost estimation model be developed? Every Department of Defense (DoD) program needs to account for, credibly estimate, budget/plan for, and assess the performance of its cybersecurity activities. Creating a cybersecurity parametric model would allow DoD programs to reliably estimate the effort and cost of cybersecurity activities, estimate an overall cybersecurity cost for a program, and obtain a defined and normalized set of cybersecurity data. In this webcast, Christopher Miller shares insights from a Carnegie Mellon University Software Engineering Institute study on cybersecurity cost estimating that can help national security organizations successfully deploy parametric cost modeling. What Attendees Will Learn: • a proposed work breakdown structure identifying cybersecurity-related activities and cost items, and existing descriptions of secure coding practices and levels of rigor for those practices based on data availability • an approach to develop a cybersecurity parametric cost model • a methodology to develop the cost model…

1
Elements of Effective Communications for Cybersecurity Teams 34:00

16 weeks پیش34:00

پخش در آینده

پخش در آینده

دوست داشته شد

34:00

Communications, both in times of crisis and during normal operations, are essential to the overall success and sustainability of an incident response or security operations team. How you plan for and manage these communications and how they are received and actioned by your audience will influence your trustworthiness, reputation, and ultimately your ability to perform incident management services effectively. This webcast leverages the National Institute of Standards and Technology (NIST) Cybersecurity Framework and the Forum of Incident Response and Security Teams (FIRST) CSIRT Services Framework to present communications responsibilities as part of both the standard incident management lifecycle and as an integral piece of crisis management support. What Attendees Will Learn: • various communication types or mechanisms for normal and crisis situations • foundational aspects of managing communications with constituents, the public, and the media • building blocks for an effective communications plan…

1
Operational Resilience Fundamentals: Building Blocks of a Survivable Enterprise 52:07

18 weeks پیش52:07

پخش در آینده

پخش در آینده

دوست داشته شد

52:07

Surviving disruptive cyber events requires a specific form of planning. One must strike a balance between defending against threats (e.g., managing conditions) and effectively handling the effects of disruption (e.g., managing consequences). Employing a model (such as the CERT Resilience Management Model) provides a catalog of practices and a system of measurement. Focusing on key attributes of performance permits a level of prediction not possible with a basic checklist. In this webcast, Greg Crabbe and Matt Butkovic share their experiences in establishing and maintaining operational resilience programs. What Attendees Will Learn: • how to link mission outcome with asset resilience • how managing for security differs from managing for resilience • how to apply a capability maturity model to the challenge • how to begin analyzing requirements and constructing an operational resilience management program…

1
Cybersecurity Priorities in 2025 32:21

19 weeks پیش32:21

پخش در آینده

پخش در آینده

دوست داشته شد

32:21

Chief Information Security Officers (CISOs) perpetually navigate a dynamic set of challenges. Applying focus and aligning resources is imperative for success. In this Intersect, Matthew Butkovic and Gregory Touhill, reflect on 2024 and explore the topics that should be front of mind for CISOs in 2025. They provide insights and advice for those contemplating cybersecurity priorities.…

1
Understanding the Need for Cyber Resilience: A Conversation with Ray Umerley 53:02

24 weeks پیش53:02

پخش در آینده

پخش در آینده

دوست داشته شد

53:02

No organization can comprehensively avoid disruptive cyber events. All must strive to maintain operational resilience during times of organizational stress. Ransomware incidents create disruption that can be fatal to the unprepared. In this webcast, we explore how to maintain operational resilience during a ransomware incident. Experts with varied backgrounds provide practical advice for improving your resilience and survivability. What attendees will learn: • best practices for ransomware response • moving beyond security and planning for resilience • pitfalls to avoid in the planning and response processes…

1
Exploring the Fundamentals of Counter AI 27:57

24 weeks پیش27:57

پخش در آینده

پخش در آینده

دوست داشته شد

27:57

As the strategic importance of AI increases, so too does the importance of defending those AI systems. To understand AI defense, it is necessary to understand AI offense—that is, counter AI. In this session, Matthew Butkovic, CISA, CISSP, technical director for risk and resilience, and Nathan VanHoudnos, senior machine learning researcher explore the fundamentals of counter AI.…

1
Cyber Challenges in Health Care: Managing for Operational Resilience 53:37

33 weeks پیش53:37

پخش در آینده

پخش در آینده

دوست داشته شد

53:37

Health-care organizations are seemingly besieged by a complex set of cyber threats. The consequences of disruptive cyber events in health care are in many ways uniquely troubling. Health-care organizations often face these challenges with modest resources. In this webcast, Matthew Butkovic and Darrell Keeling will explore approaches to maximize return on cybersecurity investment in the health-care context. This will include applying fundamental measures of operational resilience. What Attendees Will Learn: How to yield maximum return on cybersecurity investment in health care How to shift thinking from cybersecurity to operational resilience How to employ free or low-cost cybersecurity resources in the health-care context…

1
Independent Verification and Validation for Agile Projects 1:02:23

33 weeks پیش1:02:23

پخش در آینده

پخش در آینده

دوست داشته شد

1:02:23

Traditionally, independent verification and validation (IV&V) is performed by an independent team throughout a program’s milestones or once the software is formally delivered. This approach allows the IV&V team to provide input at the various milestone gates. As more programs move to an Agile approach, those milestones aren’t as clearly defined since requirements, design, implementation, and testing all happen iteratively, sometimes over years of development. In this new paradigm, IV&V teams are struggling to figure out how to add value to the program earlier in the lifecycle by getting in phase with development. This webcast will highlight a novel approach to providing IV&V for projects using an Agile or iterative software development. What Attendees Will Learn: What adopting an Agile mindset for IV&V could look like How focusing on capabilities and using a risk-based perspective could help drive planning for your team Techniques to help the IV&V team get more in phase with the developer while remaining independent…

به Player FM خوش آمدید!

Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.

به بیش از 500 موضوع گوش کنید

راهنمای مرجع سریع

پادکست های برتر

Timche podcast | پادکست اقتصادی تیمچه

طنزپردازی | tanzpardazi

نود و هشت، پنجاه و سه

GoushFilm | گوش‌فیلم

Alireza Nourizadeh

رادیو فردا

ChannelB پادکست فارسی

در حین کاوش به این نمایش گوش دهید