Best Carnegie Mellon University Software Engineering Institute Podcasts (2024)

1
An Introduction to Capability-Based Planning 33:55

41m ago33:55

33:55

Capability-Based Planning (CBP) defines a framework that has an all-encompassing view of existing abilities and future needs for strategically deciding what is needed and how to effectively achieve it. Both business and government acquisition domains use CBP for financial success or to design a well-balanced defense system. The definitions understa…

1
Safeguarding Against Recent Vulnerabilities Related to Rust 26:25

12d ago26:25

26:25

What can the recently discovered vulnerabilities related to Rust tell us about the security of the language? In this podcast from the Carnegie Mellon University Software Engineering Institute, David Svoboda discusses two vulnerabilities, their sources, and how to mitigate them.

1
Generative AI and Software Engineering Education 1:02:05

19d ago1:02:05

1:02:05

Within a very short amount of time, the productivity and creativity improvements envisioned by generative artificial intelligence (AI), such as using tools based on large language models (LLMs), have taken the software engineering community by storm. The industry is in a race to develop your next best software development tool. Organizations are pe…

1
Developing a Global Network of Computer Security Incident Response Teams (CSIRTs) 30:51

22d ago30:51

30:51

Cybersecurity risks aren’t just a national concern. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), the CERT division’s Tracy Bills, senior cybersecurity operations researcher and team lead, and James Lord, security operations technical manager, discuss the SEI’s work developing Computer Security Incident R…

1
Secure Systems Don’t Happen by Accident 59:08

30d ago59:08

59:08

Traditionally, cybersecurity has focused on finding and removing vulnerabilities. This is like driving backward down the highway using your rearview mirror. Most breaches are due to defects in design or code; thus, the only way to truly address the issue is to design and build more secure solutions. In this webcast, Tim Chick discusses how security…

1
Can You Rely on Your AI? Applying the AIR Tool to Improve Classifier Performance 38:50

1M ago38:50

38:50

Modern analytic methods, including artificial intelligence (AI) and machine learning (ML) classifiers, depend on correlations; however, such approaches fail to account for confounding in the data, which prevents accurate modeling of cause and effect and often leads to prediction bias. The Software Engineering Institute (SEI) has developed a new AI …

1
Automated Repair of Static Analysis Alerts 27:05

2M ago27:05

27:05

Developers know that static analysis helps make code more secure. However, static analysis tools often produce a large number of false positives, hindering their usefulness. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), David Svoboda, a software security engineer in the SEI’s CERT Division, discusses Rede…

1
Cyber Career Pathways and Opportunities 31:23

2M ago31:23

31:23

Not all paths to cybersecurity careers look the same. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Randy Trzeciak, deputy director of cyber risk and resilience in the SEI’s CERT division, discusses his career journey, resources for pursuing a career in cybersecurity, and the importance of building a dive…

1
Using a Scenario to Reason About Implementing a Zero Trust Strategy 1:02:22

2M ago1:02:22

1:02:22

There is a lot of documentation about a zero trust architecture, as well as directives that it be used for U.S. federal agencies and the Department of Defense (DoD), but little information on how to go about implementing it to improve an organization’s enterprise or DoD weapon system security. Use cases typically describe requirements for these sys…

1
My Story in Computing with Sam Procter 37:15

3M ago37:15

37:15

Sam Procter started out studying computer science at the University of Nebraska, but he didn’t love it. It wasn’t until he took his first software engineering course that he knew he’d found his career path. In this podcast from the Carnegie Mellon University Software Engineering Institute, Sam Procter discusses the early influences that shaped his …

1
Developing and Using a Software Bill of Materials Framework 37:37

3M ago37:37

37:37

With the increasing complexity of software systems, the use of third-party components has become a widespread practice. Cyber disruptions, such as SolarWinds and Log4j, demonstrate the harm that can occur when organizations fail to manage third-party components in their software systems. In this podcast from the Carnegie Mellon University Software …

1
The Importance of Diversity in Cybersecurity: Carol Ware 26:37

4M ago26:37

26:37

In this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Ware, a senior cybersecurity engineer in the SEI’s CERT Division, discusses her career path, the value of mentorship, and the importance of diversity in cybersecurity.By Carol Ware

1
The Importance of Diversity in Software Engineering: Suzanne Miller 29:02

4M ago29:02

29:02

In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Suzanne Miller, a principal researcher in the SEI’s Software Solutions Division, discusses her career path, the value of mentorship, and the importance of diversity in software engineering.By Suzanne Miller

1
The Importance of Diversity in Artificial Intelligence: Violet Turri 16:57

4M ago16:57

16:57

Across the globe, women account for less than 30 percent of professionals in technical fields. That number drops to 22 percent in the field of Artificial Intelligence (AI). In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Violet Turri, a software developer in the SEI’s AI Division, discusses the evolution of…

1
Using Large Language Models in the National Security Realm 34:45

5M ago34:45

34:45

At the request of the White House, the Office of the Director of National Intelligence (ODNI) began exploring use cases for large language models (LLMs) within the Intelligence Community (IC). As part of this effort, ODNI sponsored the Mayflower Project at Carnegie Mellon University’s Software Engineering Institute (SEI) from May 2023 through Septe…

1
Atypical Applications of Agile and DevSecOps Principles 33:41

5M ago33:41

33:41

Modern software engineering practices of Agile and DevSecOps have provided a foundation for producing working software products faster and more reliably than ever before. Far too often, however, these practices do not address the non-software concerns of business mission and capability delivery even though these concerns are critical to the success…

1
Ask Us Anything: Supply Chain Risk Management 41:11

6M ago41:11

41:11

According to the Verizon Data Breach Report, Log4j-related exploits have occurred less frequently over the past year. However, this Common Vulnerabilities and Exposures (CVE) flaw was originally documented in 2021. The threat still exists despite increased awareness. Over the past few years, the Software Engineering Institute (SEI) has developed gu…

1
When Agile and Earned Value Management Collide: 7 Considerations for Successful Interaction 35:21

6M ago35:21

35:21

Increasingly in government acquisition of software-intensive systems, we are seeing programs using Agile development methodology and earned value management. While there are many benefits to using both Agile and EVM, there are important considerations that software program managers must first address. In this podcast, Patrick Place, a senior engine…

1
The Future of Software Engineering and Acquisition with Generative AI 1:32:10

6M ago1:32:10

1:32:10

We stand at a pivotal moment in software engineering, with artificial intelligence (AI) playing a crucial role in driving approaches poised to enhance software acquisition, analysis, verification, and automation. While generative AI tools initially sparked excitement for their potential to reduce errors, scale changes effortlessly, and drive innova…

1
The Impact of Architecture on Cyber-Physical Systems Safety 34:05

6M ago34:05

34:05

As developers continue to build greater autonomy into cyber-physical systems (CPSs), such as unmanned aerial vehicles (UAVs) and automobiles, these systems aggregate data from an increasing number of sensors. However, more sensors not only create more data and more precise data, but they require a complex architecture to correctly transfer and proc…

1
ChatGPT and the Evolution of Large Language Models: A Deep Dive into 4 Transformative Case Studies 46:22

7M ago46:22

46:22

To better understand the potential uses of large language models (LLMs) and their impact, a team of researchers at the Carnegie Mellon University Software Engineering Institute CERT Division conducted four in-depth case studies. The case studies span multiple domains and call for vastly different capabilities. In this podcast, Matthew Walsh, a seni…

1
The Cybersecurity of Quantum Computing: 6 Areas of Research 23:01

8M ago23:01

23:01

Research and development of quantum computers continues to grow at a rapid pace. The U.S. government alone spent more than $800 million on quantum information science research in 2022. Thomas Scanlon, who leads the data science group in the SEI CERT Division, was recently invited to be a participant in the Workshop on Cybersecurity of Quantum Compu…

1
User-Centric Metrics for Agile 31:41

8M ago31:41

31:41

Far too often software programs continue to collect metrics for no other reason than that is how it has always been done. This leads to situations where, for any given environment, a metrics program is defined by a list of metrics that must be collected. A top-down, deterministic specification of graphs or other depictions of data required by the m…

1
The Product Manager’s Evolving Role in Software and Systems Development 24:19

8M ago24:19

24:19

In working with software and systems teams developing technical products, Judy Hwang, a senior software engineer in the SEI CERT Division, observed that teams were not investing the time, resources and effort required to manage the product lifecycle of a successful product. These activities include thoroughly exploring the problem space by talking …

1
Measuring the Trustworthiness of AI Systems 19:27

9M ago19:27

19:27

The ability of artificial intelligence (AI) to partner with the software engineer, doctor, or warfighter depends on whether these end users trust the AI system to partner effectively with them and deliver the outcome promised. To build appropriate levels of trust, expectations must be managed for what AI can realistically deliver. In this podcast f…

1
Cyber Supply Chain Risk Management: No Silver Bullet 38:40

10M ago38:40

38:40

Compliance standards, privileged access management, software bills of materials (SBOMs), maturity models, cloud services, vulnerability management, etc. The list of potential solutions to supply chain risk management (SCRM) challenges seems unending as much as it is daunting to address. In this webcast, Brett Tucker explores some of these solutions…

1
Ask Us Anything: Generative AI Edition 1:30:37

10M ago1:30:37

1:30:37

Generative AI (GenAI) has been around for decades, but the latest leap in progress, fueled by high-capability large language models (LLMs), image and video generators, and AI pair programmers, has captivated audiences across a variety of disciplines. What can GenAI do well? What are the risks and opportunities of using GenAI? SEI experts Doug Schmi…

1
Evaluating Trustworthiness of AI Systems 1:02:08

10M ago1:02:08

1:02:08

AI system trustworthiness is dependent on end users’ confidence in the system’s ability to augment their needs. This confidence is gained through evidence of the system’s capabilities. Trustworthy systems are designed with an understanding of the context of use and careful attention to end-user needs. In this webcast, SEI researchers discuss how to…

1
Actionable Data in the DevSecOps Pipeline 31:58

10M ago31:58

31:58

In this podcast from the Carnegie Mellon University Software Engineering Institute, Bill Nichols and Julie Cohen talk with Suzanne Miller about how automation within DevSecOps product-development pipelines provides new opportunities for program managers (PMs) to confidently make decisions with the help of readily available data. As in commercial co…

1
Insider Risk Management in the Post-Pandemic Workplace 47:34

10M ago47:34

47:34

In the wake of the COVID pandemic, the workforce decentralized and shifted toward remote and hybrid environments. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Dan Costa, technical manager of enterprise threat and vulnerability management, and Randy Trzeciak, deputy director of Cyber Risk and Resilience, …

Podcasts Worth a Listen

Carnegie Mellon University Software Engineering Institute Podcasts

Podcasts Worth a Listen

Quick Reference Guide