Best Carnegie Mellon University Software Engineering Institute Podcasts (2024)

1
Developing and Using a Software Bill of Materials Framework 37:37

14d ago37:37

37:37

With the increasing complexity of software systems, the use of third-party components has become a widespread practice. Cyber disruptions, such as SolarWinds and Log4j, demonstrate the harm that can occur when organizations fail to manage third-party components in their software systems. In this podcast from the Carnegie Mellon University Software …

1
The Importance of Diversity in Cybersecurity: Carol Ware 26:37

28d ago26:37

26:37

In this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Ware, a senior cybersecurity engineer in the SEI’s CERT Division, discusses her career path, the value of mentorship, and the importance of diversity in cybersecurity.By Carol Ware

1
The Importance of Diversity in Software Engineering: Suzanne Miller 29:02

29d ago29:02

29:02

In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Suzanne Miller, a principal researcher in the SEI’s Software Solutions Division, discusses her career path, the value of mentorship, and the importance of diversity in software engineering.By Suzanne Miller

1
The Importance of Diversity in Artificial Intelligence: Violet Turri 16:57

1M ago16:57

16:57

Across the globe, women account for less than 30 percent of professionals in technical fields. That number drops to 22 percent in the field of Artificial Intelligence (AI). In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Violet Turri, a software developer in the SEI’s AI Division, discusses the evolution of…

1
Using Large Language Models in the National Security Realm 34:45

2M ago34:45

34:45

At the request of the White House, the Office of the Director of National Intelligence (ODNI) began exploring use cases for large language models (LLMs) within the Intelligence Community (IC). As part of this effort, ODNI sponsored the Mayflower Project at Carnegie Mellon University’s Software Engineering Institute (SEI) from May 2023 through Septe…

1
Atypical Applications of Agile and DevSecOps Principles 33:41

2M ago33:41

33:41

Modern software engineering practices of Agile and DevSecOps have provided a foundation for producing working software products faster and more reliably than ever before. Far too often, however, these practices do not address the non-software concerns of business mission and capability delivery even though these concerns are critical to the success…

1
Ask Us Anything: Supply Chain Risk Management 41:11

3M ago41:11

41:11

According to the Verizon Data Breach Report, Log4j-related exploits have occurred less frequently over the past year. However, this Common Vulnerabilities and Exposures (CVE) flaw was originally documented in 2021. The threat still exists despite increased awareness. Over the past few years, the Software Engineering Institute (SEI) has developed gu…

1
When Agile and Earned Value Management Collide: 7 Considerations for Successful Interaction 35:21

3M ago35:21

35:21

Increasingly in government acquisition of software-intensive systems, we are seeing programs using Agile development methodology and earned value management. While there are many benefits to using both Agile and EVM, there are important considerations that software program managers must first address. In this podcast, Patrick Place, a senior engine…

1
The Future of Software Engineering and Acquisition with Generative AI 1:32:10

3M ago1:32:10

1:32:10

We stand at a pivotal moment in software engineering, with artificial intelligence (AI) playing a crucial role in driving approaches poised to enhance software acquisition, analysis, verification, and automation. While generative AI tools initially sparked excitement for their potential to reduce errors, scale changes effortlessly, and drive innova…

1
The Impact of Architecture on Cyber-Physical Systems Safety 34:05

3M ago34:05

34:05

As developers continue to build greater autonomy into cyber-physical systems (CPSs), such as unmanned aerial vehicles (UAVs) and automobiles, these systems aggregate data from an increasing number of sensors. However, more sensors not only create more data and more precise data, but they require a complex architecture to correctly transfer and proc…

1
ChatGPT and the Evolution of Large Language Models: A Deep Dive into 4 Transformative Case Studies 46:22

4M ago46:22

46:22

To better understand the potential uses of large language models (LLMs) and their impact, a team of researchers at the Carnegie Mellon University Software Engineering Institute CERT Division conducted four in-depth case studies. The case studies span multiple domains and call for vastly different capabilities. In this podcast, Matthew Walsh, a seni…

1
The Cybersecurity of Quantum Computing: 6 Areas of Research 23:01

5M ago23:01

23:01

Research and development of quantum computers continues to grow at a rapid pace. The U.S. government alone spent more than $800 million on quantum information science research in 2022. Thomas Scanlon, who leads the data science group in the SEI CERT Division, was recently invited to be a participant in the Workshop on Cybersecurity of Quantum Compu…

1
User-Centric Metrics for Agile 31:41

5M ago31:41

31:41

Far too often software programs continue to collect metrics for no other reason than that is how it has always been done. This leads to situations where, for any given environment, a metrics program is defined by a list of metrics that must be collected. A top-down, deterministic specification of graphs or other depictions of data required by the m…

1
The Product Manager’s Evolving Role in Software and Systems Development 24:19

5M ago24:19

24:19

In working with software and systems teams developing technical products, Judy Hwang, a senior software engineer in the SEI CERT Division, observed that teams were not investing the time, resources and effort required to manage the product lifecycle of a successful product. These activities include thoroughly exploring the problem space by talking …

1
Measuring the Trustworthiness of AI Systems 19:27

6M ago19:27

19:27

The ability of artificial intelligence (AI) to partner with the software engineer, doctor, or warfighter depends on whether these end users trust the AI system to partner effectively with them and deliver the outcome promised. To build appropriate levels of trust, expectations must be managed for what AI can realistically deliver. In this podcast f…

1
Cyber Supply Chain Risk Management: No Silver Bullet 38:40

7M ago38:40

38:40

Compliance standards, privileged access management, software bills of materials (SBOMs), maturity models, cloud services, vulnerability management, etc. The list of potential solutions to supply chain risk management (SCRM) challenges seems unending as much as it is daunting to address. In this webcast, Brett Tucker explores some of these solutions…

1
Ask Us Anything: Generative AI Edition 1:30:37

7M ago1:30:37

1:30:37

Generative AI (GenAI) has been around for decades, but the latest leap in progress, fueled by high-capability large language models (LLMs), image and video generators, and AI pair programmers, has captivated audiences across a variety of disciplines. What can GenAI do well? What are the risks and opportunities of using GenAI? SEI experts Doug Schmi…

1
Evaluating Trustworthiness of AI Systems 1:02:08

7M ago1:02:08

1:02:08

AI system trustworthiness is dependent on end users’ confidence in the system’s ability to augment their needs. This confidence is gained through evidence of the system’s capabilities. Trustworthy systems are designed with an understanding of the context of use and careful attention to end-user needs. In this webcast, SEI researchers discuss how to…

1
Actionable Data in the DevSecOps Pipeline 31:58

7M ago31:58

31:58

In this podcast from the Carnegie Mellon University Software Engineering Institute, Bill Nichols and Julie Cohen talk with Suzanne Miller about how automation within DevSecOps product-development pipelines provides new opportunities for program managers (PMs) to confidently make decisions with the help of readily available data. As in commercial co…

1
Insider Risk Management in the Post-Pandemic Workplace 47:34

7M ago47:34

47:34

In the wake of the COVID pandemic, the workforce decentralized and shifted toward remote and hybrid environments. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Dan Costa, technical manager of enterprise threat and vulnerability management, and Randy Trzeciak, deputy director of Cyber Risk and Resilience, …

1
Leveraging Software Bill of Materials Practices for Risk Reduction 1:02:03

7M ago1:02:03

1:02:03

A Software Bill of Materials (SBOM) is a comprehensive list of software components involved in the development of a software product. While recently gaining attention in the context of security, SBOMs have limited value unless properly integrated into effective cyber risk management processes and practices. The SEI SBOM Framework compiles a set of …

1
Institutionalizing the Fundamentals of Insider Risk Management 56:33

8M ago56:33

56:33

Insider threats pose an enduring, ever-evolving risk to an organization’s critical assets that require enterprise-wide participation to manage effectively. Many organizations struggle to make critical tasks in insider risk management “stick,” relying on several crutches to drive temporary organizational change, only to see those changes come undone…

1
What’s Wrong with ROI for Model-Based Analysis of Cyber-Physical Systems? 56:06

8M ago56:06

56:06

In this webcast, Fred Schenker, Jerome Hugues, and Linda Parker Gates discuss the benefits of using a model-based approach to improve the design of a CPS’ embedded computing resources. This is accomplished by (1) building virtual architectural models of the CPS’ embedded computing resources early in the system development lifecycle and (2) using th…

1
An Agile Approach to Independent Verification and Validation 31:57

8M ago31:57

31:57

Independent verification and validation (IV&V) is a significant step in the process of deploying systems for mission-critical applications in the Department of Defense (DoD). In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Justin Smith, senior Agile transformation leader in the SEI Software Solutions Divisi…

1
Will Rust Solve Software Security? 53:38

9M ago53:38

53:38

The Rust programming language makes some strong claims about the security of Rust code. In this webcast, David Svoboda and Joe Sible will evaluate the Rust programming language from a cybersecurity perspective. They will examine Rust's security model, both in what it promises and its limitations. They will also examine how secure Rust code has been…

1
Zero Trust Architecture: Best Practices Observed in Industry 27:53

9M ago27:53

27:53

Zero trust architecture has the potential to improve an enterprise’s security posture. There is still considerable uncertainty about the zero trust transformation process, however, as well as how zero trust architecture will ultimately appear in practice. Recent executive orders have accelerated the timeline for zero trust adoption in the federal s…

1
Automating Infrastructure as Code with Ansible and Molecule 39:38

9M ago39:38

39:38

In Ansible, roles allow system administrators to automate the loading of certain variables, tasks, files, templates, and handlers based on a known file structure. Grouping content by roles allows for easy sharing and reuse. When developing roles, users must deal with various concerns, including what operating system(s) and version(s) will be suppor…

1
Identifying and Preventing the Next SolarWinds 46:04

10M ago46:04

46:04

In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Gregory J. Touhill, director of the SEI CERT Division, talks with principal researcher Suzanne Miller about the 2020 attack on Solar Winds software and how to prevent a recurrence of another major attack on key systems that are in widespread use. Solar Winds i…

1
A Penetration Testing Findings Repository 25:47

10M ago25:47

25:47

In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI) Marisa Midler and Samantha Chaves, penetration testers with the SEI’s CERT Division, talk with Suzanne Miller about a penetration-testing repository that they helped to build. The repository is a source of information for active directory, phishing, mobile tech…

1
Understanding Vulnerabilities in the Rust Programming Language 36:45

11M ago36:45

36:45

While the memory safety and security features of the Rust programming language can be effective in many situations, Rust’s compiler is very particular on what constitutes good software design practices. Whenever design assumptions disagree with real-world data and assumptions, there is the possibility of security vulnerabilities–and malicious softw…

Podcasts Worth a Listen

Carnegie Mellon University Software Engineering Institute Podcasts

Podcasts Worth a Listen

Quick Reference Guide