374 episodes

The SEI Podcast Series presents conversations in software engineering, cybersecurity, and future technologies.

Software Engineering Institute (SEI) Podcast Series Members of Technical Staff at the Software Engineering Institute

    • Technology
    • 4.5 • 17 Ratings

The SEI Podcast Series presents conversations in software engineering, cybersecurity, and future technologies.

    The 4 Phases of the Zero Trust Journey

    The 4 Phases of the Zero Trust Journey

    Over the past several years, zero trust architecture has emerged as an important topic within the field of cybersecurity. Heightened federal requirements and pandemic-related challenges have accelerated the timeline for zero trust adoption within the federal sector. Private sector organizations are also looking to adopt zero trust to bring their technical infrastructure and processes in line with cybersecurity best practices. Real-world preparation for zero trust, however, has not caught up with existing cybersecurity frameworks and literature. NIST standards have defined the desired outcomes for zero trust transformation, but the implementation process is still relatively undefined. As the nation’s first federally funded research and development center with a clear emphasis on cybersecurity, the Carnegie Mellon University Software Engineering Institute (SEI) is uniquely positioned to bridge the gap between NIST standards and real-world implementation. In this podcast, Tim Morrow and Matthew Nicolai, researchers with the SEI’s CERT Division, have outlined 4 steps that organizations can take to implement and maintain zero trust architecture.

    • 34 min
    DevSecOps for AI Engineering

    DevSecOps for AI Engineering

    In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Hasan Yasar, technical director, Continuous Deployment of Capability at the SEI, and Jay Palat, interim director of AI for Mission in the SEI’s AI Division, discuss how to engineer AI systems with DevSecOps and explore the relationship between MLOps and DevSecOps.

    • 43 min
    Undiscovered Vulnerabilities: Not Just for Critical Software

    Undiscovered Vulnerabilities: Not Just for Critical Software

    In this podcast from the Carnegie Mellon University Software Engineering Institute, Jonathan Spring, a senior vulnerability researcher, discusses with Suzanne Miller the findings in a paper he published recently analyzing the number of undiscovered vulnerabilities in information systems. This paper examines the paradigm that the number of undiscovered vulnerabilities is manageably small through the lens of mathematical concepts from the theory of computing. 

    • 35 min
    Explainable AI Explained

    Explainable AI Explained

    As the field of artificial intelligence (AI) has matured, increasingly complex opaque models have been developed and deployed to solve hard problems. Unlike many predecessor models, these models, by the nature of their architecture, are harder to understand and oversee. When such models fail or do not behave as expected or hoped, it can be hard for developers and end-users to pinpoint why or determine methods for addressing the problem. Explainable AI (XAI) meets the emerging demands of AI engineering by providing insight into the inner workings of these opaque models. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Violet Turri and Rachel Dzombak, both with the SEI's AI Division, discuss explainable AI, which encompasses all the techniques that make the decision-making processes of AI systems understandable to humans. 

    • 25 min
    Model-Based Systems Engineering Meets DevSecOps

    Model-Based Systems Engineering Meets DevSecOps

    In this podcast from the Carnegie Mellon University Software Engineering Institute, senior researchers Jerome Hugues and Joe Yankel discuss ModDevOps, an extension of DevSecOps that embraces model-based systems engineering (MBSE) practices and technology. Hugues and Yankel also discuss how making this integration between DevSecOps and MBSE explicit unlocks both the speed of DevSecOps and the risk reduction of MBSE.

    • 34 min
    Incorporating Supply-Chain Risk and DevSecOps into a Cybersecurity Strategy

    Incorporating Supply-Chain Risk and DevSecOps into a Cybersecurity Strategy

    Organizations are turning to DevSecOps to produce code faster and at lower cost, but the reality is that much of the code is actually coming from the software supply chain through code libraries, open source, and third-party components where reuse is rampant. The downside is that this reused code contains defects unknown to the new user, which, in turn, propagate vulnerabilities into new systems. This is troubling news in an operational climate already rife with cybersecurity risk. Organizations must develop a cybersecurity engineering strategy for systems that addresses the integration of DevSecOps with the software supply chain. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Carol Woody, a principal researcher in the SEI’s CERT Division, talks with Suzanne Miller about supply-chain issues and the planning needed to integrate software from the supply chain into operational environments. The discussion includes building a cybersecurity engineering strategy for DevSecOps that addresses those supply-chain challenges.

    • 31 min

Customer Reviews

4.5 out of 5
17 Ratings

17 Ratings

JoshCrist ,

Empowering, insightful and actionable! 👏👏👏

Whether you’re well established as someone innovating in the cybersecurity ecosystem, or just getting started as a catalyst for change within your organization - this is a must-listen podcast for you! Bobbie and the entire SEI team do an incredible job leading conversations that cover a huge breadth of topics related to the ins and outs of navigating an ever changing data and technological landscape - from leaders who’ve actually walked the path. Highly recommend listening and subscribing!

Top Podcasts In Technology

Lex Fridman
Jason Calacanis
NPR
Jack Rhysider
The Verge
PJ Vogt

You Might Also Like

se-radio@computer.org
Software Engineering Daily
Thoughtworks
Changelog Media
Michael Kennedy (@mkennedy)
Tobias Macey

More by Carnegie Mellon University

Members of Technical Staff
SEI Members of Technical Staff
Members of Technical Staff at the Software Engineering Institute
CMU Engineering