Secure by Design, Secure by Default

Software Engineering Institute (SEI) Podcast Series

Software Engineering Institute (SEI) Podcast Series

Player FM - Internet Radio Done Right

51 subscribers

Engineering

הוסף לפני six שנים

תוכן מסופק על ידי Carnegie Mellon University Software Engineering Institute and Members of Technical Staff at the Software Engineering Institute. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Carnegie Mellon University Software Engineering Institute and Members of Technical Staff at the Software Engineering Institute או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.

Business Transformation Pitch with The CX Goalkeeper

1
#251: Fans favorite: Mastering the Art of Customer Experience: Insights from the CEO of the CXPA 29:41

לפני 16 ימים29:41

הפעל מאוחר יותר

רשימות

לייק

אהבתי

29:41

Greg Melia emphasizes that empathy and curiosity are the foundation of effective customer experience (CX). He believes that organizations must design systems proactively—through tools like journey mapping and predictive analytics—rather than relying solely on reactive fixes. Melia highlights the importance of understanding customer motivations and aligning internal operations to consistently deliver value across all touchpoints. He also stresses the need for cross-functional collaboration and leadership that models CX priorities. When hiring, Melia looks for individuals who demonstrate storytelling ability, problem-solving, and ownership—key traits for driving cultural transformation. His approach reinforces the idea that sustainable CX excellence requires intentional system design, emotionally intelligent talent, and unified leadership around customer-centric goals. About Greg Melia At the helm of CXPA, my focus revolves around championing the global customer experience profession through strategic communications and community building, honed over five transformative years in leadership. Our organization thrives on CX certification, publications, and community that empower customer experience professionals to excel. Resources Customer Experience Professional Association: https://www.cxpa.org/home https://www.cxpa.org/home Please, hit the follow button: Apple Podcast: http://cxgoalkeeper.com/apple Spotify: http://cxgoalkeeper.com/spotify We’d love to hear your thoughts — leave a comment and share your feedback! Follow Gregorio Uglioni on Linkedin: https://www.linkedin.com/in/gregorio-uglioni/ About Gregorio Uglioni: Transforming Business Into Value Generating Engines - Creating Long-Lasting Impact Leveraging Customer Experience - Host Of The Globally Recognized CX Goalkeeper Podcast “Customer Experience Goals” - Speaker at global events & at podcasts - Judge at International Awards - CX Lecturer for several institutions Listen to more podcasts on The Agile Brand network here: https://agilebrandguide.com/the-agile-brand-podcasts/…

לפני שנתיים 54:05

MP3•בית הפרקים

In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI) Gregory J. Touhill, director of the SEI CERT Division, talks with Suzanne Miller about secure by design, secure by default, a longstanding tenet of the work of the SEI and CERT in particular. The SEI has been in the forefront of secure software development, promoting an approach where security weaknesses are addressed, prevented, or eliminated earlier in the software development lifecycle, which not only helps to ensure secure systems, but also saves time and money. Touhill also discusses the CERT strategy in support of SEI sponsors in the U.S. Department of Defense (DoD), the Department of Homeland Security (DHS), and the Cybersecurity Infrastructure Security Agency (CISA) and his vision for the future of cybersecurity and the role of the CERT Division.

418 פרקים

#Engineering #Business #Science #Tech #Artificialintelligenceengineering #Cybersecurity #Futuretech #Softwareengineering #Carnegie Mellon University Software Engineering Institute #Members of Technical Staff at the Software Engineering Institute #Industries

Software Engineering Institute (SEI) Podcast Series

Secure by Design, Secure by Default

Software Engineering Institute (SEI) Podcast Series

51 subscribers

published לפני שנתיים

שתפו

MP3•בית הפרקים

418 פרקים

כל הפרקים

1
Understanding Container Reproducibility Challenges: Stopping the Next Solar Winds 25:10

לפני 12 ימים25:10

25:10

Container images are increasingly being used as the main method for software deployment, so ensuring the reproducibility of container images is becoming a critical step in protecting the software supply chain. In practice, however, builds are often not reproducible due to elements of the build environment that rely on nondeterministic factors such as timestamps and external dependencies. Lack of reproducibility can lead to lack of trust, broken builds, and possibly mask hidden malware insertion. Vessel, a recent tool from the Carnegie Mellon University Software Institute (SEI), helps developers identify the difference between two container images to help sort benign from problematic issues. In this SEI Podcast, Kevin Pitstick, a senior software engineer at the SEI and Vessel’s lead developer, and Lihan Zhan, a software engineer at the SEI working on tactical and AI-enabled systems, sit down with Grace Lewis, lead of the Tactical and AI-Enabled Systems (TAS) applied research and development team at the SEI, to discuss the Vessel tool, its development, and application in mission-critical settings.…

1
Mitigating Cyber Risk with Secure by Design 32:29

לפני 28 ימים32:29

32:29

Software enables our way of life, but market forces have sidelined security concerns leaving systems vulnerable to attack. Fixing this problem will require the software industry to develop an initial standard for creating software that is secure by design. These are the findings of a recently released paper coauthored by Greg Touhill, director of the Software Engineering Institute (SEI) CERT Division. In this latest SEI podcast, Touhill and Matthew Butkovic, director of Cyber Risk and Resilience at CERT, discuss the paper including its recommendations for making software secure by design.…

1
The Magic in the Middle: Evolving Scaled Software Solutions for National Defense 21:25

לפני 8 weeks21:25

21:25

A January 2025 Defense Innovation Board study on scaling nontraditional defense innovation stated, “We must act swiftly to ensure the DoD leads in global innovation and competition over AI and autonomous systems – and is a trendsetter for their responsible use in modern warfare." In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), chief technical officer Tom Longstaff discusses the SEI’s long-standing work to help the DoD rapidly scale technology including artificial intelligence (AI) and autonomous systems.…

1
Making Process Respectable Again: Advancing DevSecOps in the DoD Mission Space 44:26

לפני 10 weeks44:26

44:26

Warfighters in the Department of Defense (DoD) operate in high-stakes environments where security, efficiency, and speed are critical. In such environments DevSecOps has become crucial in the drive toward modernization and overall mission success. A recent study led by researchers at the Carnegie Mellon University Software Engineering Institute (SEI) examined the state of DevSecOps within the Department of Defense. In this podcast, Eileen Wrubel, the SEI’s Transforming Software Acquisition Policy and Practice technical director, sits down with George Lamb, director for DoD Cloud and Software Modernization in the Information Enterprise Office of the DoD CIO, which is responsible for the DoD Software Modernization Strategy and its associated implementation plan, and Bill Nichols, lead of the SEI’s Software Engineering Measurement and Analysis work. They discuss DevSecOps successes in the DoD and opportunities for scaling its impact.…

1
Deploying on the Edge 1:01:02

לפני 11 weeks1:01:02

1:01:02

Deploying cloud-centric technologies such as Kubernetes in edge environments poses challenges, especially for mission-critical defense systems. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Patrick Earl, Doug Reynolds, and Jeffrey Hamed, all DevOps engineers in the SEI's Software Solutions Division, sit down with senior reesearcher Jose Morales to discuss a recent case study involving the deployment of a hypervisor onto edge devices in a resource-constrained environment.…

1
The Best and Brightest: 6 Years of Supporting the President’s Cup Cybersecurity Competition 21:40

לפני 13 weeks21:40

21:40

A strong cyber defense is vital to public- and private-sector activities in the United States. In 2019, in response to an executive order to strengthen America’s cybersecurity workforce, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) partnered with the SEI to develop and run the President’s Cup Cybersecurity Competition, a national cyber competition that identifies and rewards the best cybersecurity talent in the federal workforce. In six years, more than 8,000 people have taken part in the President’s Cup. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Jarrett Booz, technical lead for the President’s Cup, and John DiRicco, a training specialist in the SEI’s CERT Division, sit down with Matthew Butkovic, the CERT technical director of cyber risk and resilience, to reflect on six years of hosting the cup, including challenges, lessons learned, the path forward, and publicly available resources.…

1
Updating Risk Assessment in the CERT Secure Coding Standard 26:04

לפני 17 weeks26:04

26:04

Evaluating source code to ensure secure coding qualities costs time and effort and often involves static analysis. But those who are familiar with static analysis tools know that the alerts are not always reliable and produce false positives that must be detected and disregarded. This year, we plan on making some exciting updates to the SEI CERT C Coding Standard to better harmonize with the current state of the art for static analysis tools as well as simplify the process of source code security auditing. In this SEI podcast, David Svobodaand Joseph Sible, both engineers in CERT’s Applied Systems Group and primary developers and maintainers of the standard, sit down with Robert Schiela, deputy technical director of the Cybersecurity Foundations Directorate in CERT, to discuss the proposed changes, specifically in the area of risk assessment.…

1
Delivering Next Generation Cyber Capabilities to the DoD Warfighter 27:16

לפני 17 weeks27:16

27:16

In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Gregory Touhill, director of the SEI CERT Division, sits down with Matthew Butkovic, technical director of Cyber Risk and Resilience at CERT, to discuss ways in which CERT researchers and technologists are working to deliver rapid capability to warfighters in the Department of Defense.…

1
Getting the Most Out of Your Insider Risk Data with IIDES 39:14

לפני 20 weeks39:14

39:14

Insider incidents cause around 35 percent of data breaches, creating financial and security risks for organizations. In this podcast from the Carnegie Mellon University Software Engineering Institute, Austin Whisnant and Dan Costa discuss the Insider Incident Data Expression Standard (IIDES), a new schema for collecting and sharing data about insider incidents. IIDES facilitates insider incident information handling to help organizations better protect themselves against the compromise of sensitive information and mission-critical systems, which is essential to maintaining national security and defense.…

1
Grace Lewis Outlines Vision for IEEE Computer Society Presidency 18:14

לפני 22 weeks18:14

18:14

Grace Lewis , a principal researcher at the Carnegie Mellon University Software Engineering Institute (SEI) and lead of the SEI’s Tactical and AI-Enabled Systems Initiative, was elected the 2026 president of the IEEE Computer Society (CS), the largest community of computer scientists and engineers, with more than 370,000 members around the world. In this SEI podcast, Lewis sits down with Ipek Ozkaya, technical director of Engineering Intelligent Software Systems, to discuss her vision and plans for the IEEE CS presidency.…

1
Improving Machine Learning Test and Evaluation with MLTE 29:06

לפני 23 weeks29:06

29:06

Machine learning (ML) models commonly experience issues when integrated into production systems. In this podcast, researchers from the Carnegie Mellon University Software Engineering Institute and the U.S. Army AI Integration Center (AI2C) discuss Machine Learning Test and Evaluation (MLTE), a new tool that provides a process and infrastructure for ML test and evaluation. MLTE can aid organizations across the DoD in more effectively negotiating, documenting, and evaluating model and system qualities.…

1
DOD Software Modernization: SEI Impact and Innovation 27:12

לפני 24 weeks27:12

27:12

As software size, complexity, and interconnectedness has grown, software modernization within the Department of Defense (DoD) has become more important than ever. In this discussion moderated by Matthew Butkovic, technical director of risk and resilience in the SEI CERT Division, SEI director Paul Nielsen outlines the SEI’s work with the DoD on software modernization, including controlling the attack surface, incorporating industry practices such as DevSecOps, and the interplay between software, cybersecurity, and AI.…

1
Securing Docker Containers: Techniques, Challenges, and Tools 39:09

לפני 34 weeks39:09

39:09

Containerization allows developers to run individual software applications in an isolated, controlled, repeatable way. With the increasing prevalence of cloud computing environments, containers are providing more and more of their underlying architecture. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Sasank Venkata Vishnubhatla and Maxwell Trdina, both engineers in the SEI CERT Division, sit down with Tim Chick, technical manager of the Applied Systems Group, to explore issues surrounding containerization, including recent vulnerabilities.…

1
An Introduction to Software Cost Estimation 22:55

לפני 36 weeks22:55

22:55

Software cost estimation is an important first step when beginning a project. It addresses important questions regarding budget, staffing, scheduling, and determining if the current environment will support the project. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Anandi Hira, a data scientist on the SEI’s Software Engineering Measurement and Analysis team sits down with Bill Nichols, principal engineer and SEI data science team lead, to discuss software cost estimation including various metrics, best practices, and common challenges when developing or building a model.…

1
Cybersecurity Metrics: Protecting Data and Understanding Threats 27:00

לפני 43 weeks27:00

27:00

One of the biggest challenges in collecting cybersecurity metrics is scoping down objectives and determining what kinds of data to gather. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Bill Nichols, who leads the SEI’s Software Engineering Measurements and Analysis Group, discusses the importance of cybersecurity measurement, what kinds of measurements are used in cybersecurity, and what those metrics can tell us about cyber systems.…

ברוכים הבאים אל Player FM!

Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.