Best Softwarearchitecture Podcasts (2024)

1
Ask Us Anything: Supply Chain Risk Management 41:11

2M ago41:11

41:11

According to the Verizon Data Breach Report, Log4j-related exploits have occurred less frequently over the past year. However, this Common Vulnerabilities and Exposures (CVE) flaw was originally documented in 2021. The threat still exists despite increased awareness. Over the past few years, the Software Engineering Institute (SEI) has developed gu…

1
The Future of Software Engineering and Acquisition with Generative AI 1:32:10

3M ago1:32:10

1:32:10

We stand at a pivotal moment in software engineering, with artificial intelligence (AI) playing a crucial role in driving approaches poised to enhance software acquisition, analysis, verification, and automation. While generative AI tools initially sparked excitement for their potential to reduce errors, scale changes effortlessly, and drive innova…

1
Cyber Supply Chain Risk Management: No Silver Bullet 38:40

7M ago38:40

38:40

Compliance standards, privileged access management, software bills of materials (SBOMs), maturity models, cloud services, vulnerability management, etc. The list of potential solutions to supply chain risk management (SCRM) challenges seems unending as much as it is daunting to address. In this webcast, Brett Tucker explores some of these solutions…

1
Ask Us Anything: Generative AI Edition 1:30:37

6M ago1:30:37

1:30:37

Generative AI (GenAI) has been around for decades, but the latest leap in progress, fueled by high-capability large language models (LLMs), image and video generators, and AI pair programmers, has captivated audiences across a variety of disciplines. What can GenAI do well? What are the risks and opportunities of using GenAI? SEI experts Doug Schmi…

1
Evaluating Trustworthiness of AI Systems 1:02:08

7M ago1:02:08

1:02:08

AI system trustworthiness is dependent on end users’ confidence in the system’s ability to augment their needs. This confidence is gained through evidence of the system’s capabilities. Trustworthy systems are designed with an understanding of the context of use and careful attention to end-user needs. In this webcast, SEI researchers discuss how to…

1
Leveraging Software Bill of Materials Practices for Risk Reduction 1:02:03

7M ago1:02:03

1:02:03

A Software Bill of Materials (SBOM) is a comprehensive list of software components involved in the development of a software product. While recently gaining attention in the context of security, SBOMs have limited value unless properly integrated into effective cyber risk management processes and practices. The SEI SBOM Framework compiles a set of …

1
Institutionalizing the Fundamentals of Insider Risk Management 56:33

8M ago56:33

56:33

Insider threats pose an enduring, ever-evolving risk to an organization’s critical assets that require enterprise-wide participation to manage effectively. Many organizations struggle to make critical tasks in insider risk management “stick,” relying on several crutches to drive temporary organizational change, only to see those changes come undone…

1
What’s Wrong with ROI for Model-Based Analysis of Cyber-Physical Systems? 56:06

8M ago56:06

56:06

In this webcast, Fred Schenker, Jerome Hugues, and Linda Parker Gates discuss the benefits of using a model-based approach to improve the design of a CPS’ embedded computing resources. This is accomplished by (1) building virtual architectural models of the CPS’ embedded computing resources early in the system development lifecycle and (2) using th…

1
Will Rust Solve Software Security? 53:38

9M ago53:38

53:38

The Rust programming language makes some strong claims about the security of Rust code. In this webcast, David Svoboda and Joe Sible will evaluate the Rust programming language from a cybersecurity perspective. They will examine Rust's security model, both in what it promises and its limitations. They will also examine how secure Rust code has been…

1
Top 5 Challenges to Overcome on Your DevSecOps Journey 1:00:36

12M ago1:00:36

1:00:36

Historically, a lot of discussion in software security focused on the project level, emphasizing code scanning, penetration testing, reactive approaches for incident response, and so on. Today, the discussion has shifted to the program level to align with business objectives. In the ideal outcome of such a shift, software teams would act in alignme…

1
Improving Analytics Using Enriched Network Flow Data 1:02:25

12M ago1:02:25

1:02:25

Classic tool suites that are used to process network flow records deal with very limited detail on the network connections they summarize. These tools limit detail for several reasons: (1) to maintain long-baseline data, (2) to focus on security-indicative data fields, and (3) to support data collection across large or complex infrastructures. Howe…

1
How Can Data Science Solve Cybersecurity Challenges? 1:00:01

1y ago1:00:01

1:00:01

In this webcast, Tom Scanlon, Matthew Walsh and Jeffrey Mellon discuss approaches to using data science and machine learning to address cybersecurity challenges. They provide an overview of data science, including a discussion of what constitutes a good problem to solve with data science. They also discuss applying data science to cybersecurity cha…

1
AI Next Generation Architecture 1:01:44

1y ago1:01:44

1:01:44

As Artificial Intelligence permeates mission-critical capabilities, it is paramount to design modular solutions to ensure rapid evolution and interoperability. During this webcast, we’ll discuss some of the primary quality attributes guiding such design, and how a Next Generation Architecture can facilitate an integrated future state. What attendee…

1
Addressing Supply Chain Risk and Resilience for Software-Reliant Systems 1:01:31

1y ago1:01:31

1:01:31

All technology acquired by an organization requires the support of (or integration with) components, tools, and services delivered by a diverse set of supply chains. However, the practices critical to addressing supply chain risks are typically scattered across many parts of the acquiring organization, and they are performed in isolated stovepipes.…

1
Does your DevSecOps Pipeline only Function as Intended? 52:40

1+ y ago52:40

52:40

Understanding and articulating cybersecurity risk is hard. With the adoption of DevSecOps tools and techniques and the increased coupling between the product being built and the tools used to build them, the attack surface of the product continues to grow by incorporating segments of the development environment. Thus, many enterprises are concerned…

1
Finding Your Way with Software Engineering Buzzwords 1:01:38

1+ y ago1:01:38

1:01:38

As a Software Engineering community, we started to hear new words with new definitions to achieve some challenges with deciding the shelf life of said terms. Some examples include: DevOps is dead, long live NoOps, SecOps, NoCode, SRE, GitOps, and recently Platform Engineering. We often confuse these terms in order to achieve certain software engine…

1
Infrastructure as Code Through Ansible 54:27

1+ y ago54:27

54:27

Infrastructure as code (IaC) is a concept that enables organizations to automate the provisioning and configuration of their IT infrastructure. This concept also aids organizations in applying the DevOps process (plan, code, build, test, release, deploy, operate, monitor, repeat) to their infrastructure. Ansible is a popular choice within the IaC t…

1
Applying the Principles of Agile to Strengthen the Federal Cyber Workforce 58:42

1+ y ago58:42

58:42

The lack of qualified cybersecurity professionals in the United States is a threat to our national security. We cannot adequately protect the systems that our government, economy, and critical infrastructure sectors rely on without an appropriately sized cyber workforce. By some estimates, there are over 700,000 cybersecurity job openings across th…

1
Ransomware: Defense and Resilience Strategies 58:55

1+ y ago58:55

58:55

Ransomware poses an imminent threat to most organizations. Whereas most traditional cyber attacks require extended threat actor engagement to seeking out critical information, exporting data, and demanding ransom from victims, ransomware shortens the process and puts immediate pressure on the victim to respond with payment. Unfortunately, the rise …

1
Using Open Source to Shrink the Cyber Workforce Gap 50:19

1+ y ago50:19

50:19

By all recent measures, the cybersecurity workforce is woefully understaffed. According to (ISC)², the cyber workforce gap in the United States was 377,000 open positions in 2021. The Software Engineering Institute (SEI) at Carnegie Mellon University (CMU) has been working with the U.S. government to development novel approaches designed to shrink …

1
Exploring an AI Engineering Body of Knowledge 1:02:21

1+ y ago1:02:21

1:02:21

In this webcast, Carol Smith, Carrie Gardner, and Michael Mattarock discuss maturing artificial intelligence (AI) practices based on our current body of knowledge. Much as it did for software engineering in the 1980s, the SEI has begun formalizing the field of AI engineering, beginning with identifying three fundamental pillars to guide AI engineer…

1
What are Deepfakes, and How Can We Detect Them? 1:00:00

1+ y ago1:00:00

1:00:00

In this webcast, Shannon Gallagher and Dominic Ross discuss what deepfakes are, and how they are building AI/ML tech to distinguish real from fake. They will start with some well-known examples of deepfakes and discuss what makes them distinguishable as fake for people and computers.By Shannon Gallagher and Dominic Ross

1
Adapting Agile and DevSecOps to Improve Non-Software Development Teams 1:03:07

1+ y ago1:03:07

1:03:07

Agile and DevSecOps have revolutionized software engineering practices. The strategies put forward in Agile and DevSecOps have eased many software engineering challenges and paved the way for continuous deployment pipelines. But what do you do when you're facing a problem that doesn't fit the model of a pure software engineering project? In this we…

1
Predictable Use of Multicore in the Army and Beyond 58:18

2y ago58:18

58:18

Complex, cyber-physical DoD systems, such as aircraft, depend on correct timing to properly and reliably execute crucial sensing, computing, and actuation functions. In this webcast, SEI staff members Bjorn Andersson, PhD, Dionisio de Niz, PhD, and William Vance of the U.S. Army Combat Capabilities Development Command Aviation & Missile Center disc…

1
Ask Us Anything: Zero Trust Edition 1:02:27

2y ago1:02:27

1:02:27

The Forrester report, "The Definition of Modern Zero Trust," defines Zero Trust as an information security model that denies access to applications and data by default. Zero Trust adoption can be difficult for organizations to undertake. It is not a specific technology to adopt; instead, it’s an initiative that an enterprise must understand, interp…

1
Acquisition Disasters? Ideas For Reducing Acquisition Risk 47:28

2y ago47:28

47:28

The status quo for how we acquire cyber-physical weapon systems (CPS) needs to be changed. It is almost certain (for any acquisition of a CPS) that there will be cost overruns, schedule delays, and/or the loss of promised warfighter capability. Improved product development technologies could be applied, but they have not been adopted widely. We wil…

1
Engineering Tactical and AI-Enabled Systems 22:08

2y ago22:08

22:08

In this episode, Grace Lewis and Shane McGraw discuss how the SEI is applying research, through its highly successful Tactical and AI-Enabled Systems (TAS) initiative, to develop foundational principles, innovative solutions, and best practices for architecting, developing, and deploying tactical and AI-enabled systems. These systems will provide s…

1
A Cybersecurity Engineering Strategy for DevSecOps 59:23

2+ y ago59:23

59:23

In this webcast, Carol Woody presents the scope of a cybersecurity engineering strategy for DevSecOps along with the criticality of sharing information with direct and indirect stakeholders.By Carol Woody

1
CRO Success Factors in the Age of COVID 55:59

2+ y ago55:59

55:59

In this webcast, Brett Tucker, Ryan Zanin, and Abid Adam discuss the critical factors for risk executives to be successful to not only protect critical assets but also to take advantage of new opportunities created via the pandemic.By Brett Tucker, Ryan Zanin, and Abid Adam

1
Zero Trust Journey 1:02:20

2+ y ago1:02:20

1:02:20

Zero Trust Architecture adoption is a challenge for many organizations. It isn't a specific technology to adopt; instead, it’s a security initiative that an enterprise must understand, interpret, and implement. Enterprise security initiatives are never simple, and their goal to improve the enterprise’s cybersecurity posture requires the alignment o…

1
The Future of AI: Scaling AI Through AI Engineering 1:01:59

2+ y ago1:01:59

1:01:59

In its 2021 report, the National Security Commission on AI (NSCAI) wrote, "The impact of artificial intelligence (AI) on the world will extend far beyond narrow national security applications." How do we move beyond those narrow AI applications to gain strategic advantage? Join Dr. Matt Gaston, Director of the SEI AI Division, Dr. Steve Chien, NSCA…

1
AI Engineering: Ask Us Anything About Building AI Better 1:04:47

2+ y ago1:04:47

1:04:47

Self-driving cars are being tested in our cities, bespoke movie and product recommendations populate our apps, and we can count on our phones to route us around highway traffic... Why, then, do most AI deployments fail? What is needed to create, deploy, and maintain AI systems we can trust to meet our mission needs, particularly for defense and nat…

1
Balanced Approaches to Insider Risk Management 1:00:53

2+ y ago1:00:53

1:00:53

Misuse of authorized access to an organization’s critical assets is a significant concern for organizations of all sizes, missions, and industries. We at the CERT National Insider Threat Center have been collecting and analyzing data on incidents involving malicious and unintentional insider since 2001, and have worked with numerous organizations a…

1
Software Development Open Forum: Ask Hasan Anything! 1:03:02

3y ago1:03:02

1:03:02

The software development lifecycle has changed a lot and continues to evolve. Almost every company now is a software company. Meeting business needs and adapting to the speed of the market for new features requires an agility mindset and continuous-delivery techniques throughout application-development lifecycles. You have software development and …

1
Software Supply Chain Concerns for DevSecOps Programs 1:03:47

3y ago1:03:47

1:03:47

In a DevSecOps world the software supply chain extends beyond libraries upon which developed software depends. In this webinar we will look at the Solarwinds incident as a worst-case exemplifying the breadth of the software supply chain issues confronting complex DevSecOps programs. We will explore the important architectural aspects of DevSecOps t…

1
How Do We Teach Cybersecurity? 1:00:17

3y ago1:00:17

1:00:17

How do you teach cybersecurity to a middle school student? To a soldier? To some of the best hackers in the country? How do you evaluate all of these audiences’ skills? Cybersecurity training has been an ongoing challenge for decades. The key to making the best use of your training dollar is to craft training that matches your audience’s needs and …

1
Software Supply Chain Concerns for DevSecOps Programs 1:01:06

3y ago1:01:06

1:01:06

Managing third-party relationships, such as pubic cloud service providers, requires a set of skills often unfamiliar to many technologists. These relationships are constructed on a foundation of verifiable trust. This requires managing the cybersecurity performance of third parties via contractual mechanisms rather than the traditional line-of-sigh…

1
Announcing IEEE 2675 DevOps Standard to Build Reliable and Secure Systems 1:03:29

3y ago1:03:29

1:03:29

IEEE 2675 standard specifies technical principles and practices to build, package, and deploy systems and applications in a reliable and secure way. The standard focuses on establishing effective compliance and IT controls. It presents principles of DevOps including mission first, customer focus, shift-left, continuous everything, and systems think…

1
AI Engineering: The National Initiative for Human-Centered, Robust and Secure, and Scalable AI 1:02:20

3y ago1:02:20

1:02:20

According to recent estimates, around 85% of AI projects fail to move from conceptualization to implementation. Why are these failures happening, and how can we prevent them? AI engineering is an emergent discipline focused on developing tools, systems, and processes to enable the application of artificial intelligence in real-world contexts. The S…

1
Amplifying Your Privacy Program: Strategies for Success 1:01:06

3y ago1:01:06

1:01:06

Privacy protection isn't just a compliance activity. but It’s also a key area of organizational risk that requires enterprise-wide support and participation; careful planning; and forward-leaning, data-driven controls. In this webcast, we highlight best practices for privacy program planning and implementation. We present strategies for leveraging …

1
DevOps Enables Digital Engineering 1:00:44

3y ago1:00:44

1:00:44

There is some confusion about how the paradigms of DevOps and Digital Engineering fit together. In the case of software-intensive systems, we believe DevOps practices are an enabler for Digital Engineering, in many forms. During this webcast, we introduced the relatively new concept of Digital Engineering and how we believe DevOps actually compleme…

1
Modeling DevSecOps to Reduce the Time-to-Deploy and Increase Resiliency 59:45

3y ago59:45

59:45

Many organizations struggle in applying DevSecOps practices and principles in a cybersecurity-constrained environment because programs lack a consistent basis for managing software intensive development, cybersecurity, and operations in a high-speed lifecycle. We will discuss how an authoritative reference, or Platform Independent Model (PIM), is n…

1
SolarWinds Hack: Fallout, Recovery, and Prevention 1:01:18

3y ago1:01:18

1:01:18

The recent SolarWinds incident demonstrated the challenges of securing systems when they are the product of complex supply chains. Responding effectively to breaches and hacks requires a cross-section of technical skills and process insights. In this webcast, we explored the lifecycle of the SolarWinds activity and discussed both technical and risk…

1
Software Engineering for Machine Learning 1:03:11

3y ago1:03:11

1:03:11

In this webcast, Grace Lewis and Ipek Ozkaya provide perspectives involved in the development and operation of ML systems. What attendees will learn: • Perspectives involved in the development and operation of ML systems • Types of mismatch that occur in the development of ML systems • Future work in software engineering for ML systems…

1
Busting the Myths of Programmer Productivity 54:21

3+ y ago54:21

54:21

Are the great programmers really 10 times faster than the rest? What does this difference in productivity even mean? What productivity distribution should we expect between professionals? How can we use this knowledge? In this webcast, we make the most of a large set of programmer training data using repeated measures to explore these questions. Wh…

1
What Is Cybersecurity Engineering and Why Do I Need It? 1:02:05

3+ y ago1:02:05

1:02:05

In this webcast, Carol Woody and Rita Creel discuss how cybersecurity engineering knowledge, methods, and tools throughout the lifecycle of software-intensive systems will reduce their inherent cyber risk and increase their operational cyber resilience.By Carol Woody and Rita Creel

1
Threats for Machine Learning 1:01:23

3+ y ago1:01:23

1:01:23

This webcast illustrated where machine learning applications can be attacked, the means for carrying out the attack and some mitigations that can be employed. The elements in building and deploying a machine learning application are reviewed, considering both data and processes. The impact of attacks on each element is considered in turn. Special a…

1
Follow the CUI: Setting the Boundaries for Your CMMC Assessment 45:56

3+ y ago45:56

45:56

One of the primary drivers of the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) is the congressional mandate to reduce the risk of accidental disclosure of controlled unclassified information (CUI). However, a full CMMC assessment can seem daunting to organizations in the Defense Industrial Base (DIB), and many might…

1
Risk Management for the Enterprise–How Do You Get Executives to Care About Your Risks? 1:01:50

3+ y ago1:01:50

1:01:50

Risk managers must often sift through the cacophony of demands for resources and advocacy to identify a diverse set of risks to include in their organization’s risk register. These managers of cyber risk face this problem when trying to prioritize risks within the scope of their function, only to then turn to executives and justify the need for res…

1
Quality Attribute Concerns for Microservices at the Edge 1:01:34

3+ y ago1:01:34

1:01:34

Bringing computation and data storage closer to the edge, such as disaster and tactical environments, has challenging quality attribute requirements. These include improving response time, saving bandwidth, and implementing security in resource-constrained nodes. In this webcast we review characteristics of edge environments with a focus on archite…

Podcasts Worth a Listen

Softwarearchitecture Podcasts

Podcasts Worth a Listen

Quick Reference Guide