Podcasts about Software Engineering Institute

Episode 88. On this episode of All Quiet, host Tyler Sweat chats with cybersecurity expert Greg Touhill, director of the CERT Division at Carnegie Mellon's Software Engineering Institute. With a rich background as the U.S. government's first Chief Information Security Officer (CISO) and a seasoned executive in the U.S. Air Force and Department of Homeland Security, Greg discusses the trajectory of cybersecurity from its foundational days to its current critical role in national security and private sector strategy. Explore how AI and cybersecurity intersect and the essential steps today's leaders must take to safeguard our digital future.What's Happening on the Second Front:Greg's journey from the U.S. Air Force to leading national cybersecurity initiatives.The impact of AI on cybersecurity—what does the future hold?Cybersecurity in the corporate world: How is it shaping business strategies at the highest levels?Emerging challenges: What are the next big threats, and how are we preparing to tackle them?Connect with GregLinkedIn: Gregory TouhillConnect with TylerLinkedIn: Tyler SweattSEI resources discussed:SEI website: https://www.sei.cmu.edu/AI/AI Security: Artificial Intelligence Security Incident Response Team (AISIRT)Risk and Resilience: Enterprise Risk and Resilience ManagementSEI GitHub: Software Engineering Institute · GitHub

Network defense these days is way more than about desktops, laptops and servers. User endpoints are growing fast, and one of the ways to make them manageable is to use secure by design principles in the Internet of Things ecosystem the government can push the market that way. Greg Touhill is a former Federal Chief Information Security Officer, now the director of the cert Division at the Software Engineering Institute. He spoke with Federal News Network's Jared Serbu. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Network defense these days is way more than about desktops, laptops and servers. User endpoints are growing fast, and one of the ways to make them manageable is to use secure by design principles in the Internet of Things ecosystem the government can push the market that way. Greg Touhill is a former Federal Chief Information Security Officer, now the director of the cert Division at the Software Engineering Institute. He spoke with Federal News Network's Jared Serbu. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Both the aerospace and defense sectors are renowned for long project timelines rife with silos and hurdles that get in the way of productivity. With over 20 years of experience at Lockheed Martin and elsewhere, Robin Yeman literally wrote the book Industrial DevOps on how to implement DevOps principles at traditional behemoths to build faster, safer systems.As Space Domain Lead at Carnegie Mellon's Software Engineering Institute, Robin's pioneering work reveals how applying DevOps principles can significantly improve speed, quality, and collaboration at traditional enterprises. She emphasizes the importance of cross-functional teams, modular architectures, and a growth mindset in driving innovation and overcoming the challenges of digital transformation within the aerospace and defense sectors.Tune in to gain practical insights about the application of DevOps in large-scale systems, the role of organizational design in fostering communication, and how these principles have helped government software teams.Episode Highlights: - 01:12 Robin's book Industrial DevOps- 04:00 How did Robin's work at Lockheed Martin lead to Carnegie Mellon?- 05:46 How should you get started thinking about industrial DevOps?- 08:01 How Robin's research came together across varied experiences- 10:25 What patterns can you adapt to be more successful?- 16:54 Quantitative vs. qualitative data when making long term plans- 20:27 Shifting left in Industrial DevOpsShow Notes: Robin YemanIndustrial DevOpsWiring the Winning Organization - IT RevolutionDownload your copy of the Gen AI Impact Report todaySupport the show: Subscribe to our Substack Leave us a review Subscribe on YouTube Follow us on Twitter or LinkedIn Offers: Learn about Continuous Merge with gitStream Get your DORA Metrics free forever

Ipek Ozkaya, Principal Researcher and Technical Director of the Engineering Intelligent Software Systems group at the Software Engineering Institute, Carnegie Mellon, discusses generative AI for Software Architecture with SE Radio host Priyanka Raghavan. The episode delves into fundamental definitions of software architecture and explores use cases in which gen AI can enhance architecture activities. The conversation spans from straightforward to challenging scenarios and highlights examples of relevant tooling. The episode concludes with insights on verifying the correctness of output for software architecture prompts and future trends in this domain. Brought to you by IEEE Computer Society and IEEE Software magazine.

Because technology changes, cybersecurity threats change, which means cybersecurity practitioners must keep moving to stay on top of their game. To find out about what one expert thinks are the top 10 skills chief information security officers will need in 2024, going beyond the technology, Federal Drive Host Tom Temin spoke with the Director of the CERT division of the Software Engineering Institute, Greg Touhill. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Because technology changes, cybersecurity threats change, which means cybersecurity practitioners must keep moving to stay on top of their game. To find out about what one expert thinks are the top 10 skills chief information security officers will need in 2024, going beyond the technology, Federal Drive Host Tom Temin spoke with the Director of the CERT division of the Software Engineering Institute, Greg Touhill. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's episode, I chat with Verdell Walker, a seasoned consumer-oriented content and marketing professional and board director. Verdell is highly regarded by her peers as a thought leader and someone who fosters an inclusive environment, demonstrated by her effectiveness in leading and working collaboratively with teams. She serves on the board of directors of Scholastic, Inc, and has held roles at Spotify, Mattel, and Sesame Workshop - the makers of Sesame Street. With stints at such iconic brands, a good place for us to start was the tension between legacy and innovation. How did this factor into Verdell's thinking? We discussed her enduring legacy at Spotify; developing the brand's first slate of original kids & family podcasts and garnering nearly 400K listeners less than 5 months after launch! What did she learn taking that journey?And we closed discussing the future of content. In an era punctuated by AI, how will organic creativity shine through?Verdell WalkerVerdell Walker is a seasoned consumer-oriented Content and Marketing professional and board director. She has a proven track record of developing and executing innovative strategies that achieve bottom line growth and increase brand value. She is highly regarded by her peers as a thought leader and someone who fosters an inclusive environment, demonstrated by her effectiveness in leading and working collaboratively with teams. Walker serves on the board of directors of Scholastic, Inc, and has held roles at Spotify, Mattel, and Sesame Workshop. Walker received Bachelor of Arts degrees in Economics and Middle Eastern Studies from Trinity College and an MBA from Harvard Business School. She also holds the CERT Certificate in Cybersecurity Oversight from the Software Engineering Institute at Carnegie Mellon University. LinkedInWebsiteThinking Inside the BoxConstraints drive innovation. We tackle the most complex issues related to work & culture. And if you enjoy the work we're doing here, consider giving us a 5-star rating, leaving a comment & subscribing. It ensures you get updated whenever we release new content & really helps amplify our message.LinkedInWebsiteApple PodcastsGoogle PodcastsSpotifyStitcherPocket CastMatt BurnsMatt Burns is an award-winning executive, social entrepreneur and speaker. He believes in the power of community, simplicity & technology.LinkedInTwitter

As the artificial intelligence phenomenon rolls on, the question emerges: What are the cybersecurity-attack implications of AI? Now Carnegie Mellon University's Software Engineering Institute has formed a team called the Artificial Intelligence Security Incident Response Team. It's working with sponsors in the Defense and Homeland Security Departments. For more, Federal Drive Host Tom Temin spoke with the Director of the CERT division of the Software Engineering Institute, Greg Touhill. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

As the artificial intelligence phenomenon rolls on, the question emerges: What are the cybersecurity-attack implications of AI? Now Carnegie Mellon University's Software Engineering Institute has formed a team called the Artificial Intelligence Security Incident Response Team. It's working with sponsors in the Defense and Homeland Security Departments. For more, Federal Drive Host Tom Temin spoke with the Director of the CERT division of the Software Engineering Institute, Greg Touhill. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of Scotty Stories, we talk to Lisa Masciantonio, Chief Workforce Officer at the ARM Institute (Advanced Robotics for Manufacturing). Lisa both worked and received her Master's at CMU's Software Engineering Institute. After working on some of the biggest projects at SEI, Isaca and the Department of Defense, Lisa is now at the ARM Institute where she drives the national strategy to prepare, empower and train U.S. manufacturing workers to work with robotics and artificial intelligence (AI). Learn how she navigates the new innovative field of AI/robotics within manufacturing. Her insight is invaluable and her take on the future of tech careers is something students need to hear!

GodLight: Possibilities from the Intersections of Science and Spirituality by Bart BarthelemyThis book is about the intersections of science and spirituality.  It was initially motivated by my lifelong observation that light plays such an important role in many aspects of science.  But the real stimulus to write this book was the repeated number of spiritual learnings and experiences that involve light that I have had in recent years.  Because of this, I began to explore the significance of light in both disciplines.  The result of this investigation led to the concept of GodLight, the Light of God, that I believe is foundational to both science and spirituality.  Science is the study of the nature and behavior of natural things and the knowledge that we obtain about them.  Most readers of this book will likely have a general knowledge of science and how our world works.  The fundamental concepts in science are learned during our early education and greatly enhanced by the tremendous amount of information that is available today on the internet and television.  We have more scientific knowledge today than any generation that has lived before us.  Some of us who call ourselves scientist have more specific knowledge in certain areas of science but, in general, we are all aware of the key concepts in science, such as the Big Bang, the expansion of the universe, galaxies, black holes, our solar system, the planets around our sun, the earth, the evolution on human beings and the biological complexity of men and women.  These are the aspects of science that will be discussed in this book.Spirituality is the belief that there is something greater than ourselves, something more to being human than sensory experience, and that the greater whole of which we are a part is cosmic or divine in nature.  Most of us believe this and, while not exact, we often equate spirituality to religion.  At their core, most religions agree that there is a deity called God and that human beings need to respect and love each other.  There are many other specifics that separate the various religions but there are also an amazing number of commonalities.  These are the aspects of spirituality that will be discussed in this book.Each section will look for the intersections and overlap between science and spirituality in a particular area.  There is no attempt to conform science to spirituality or vice versa.  The focus is to simply examine the intersections to see if they suggest possibilities for a better understanding of each area.  If so, these possibilities could lead to opportunities for any of us to be more understanding, more respectful, more collaborative, and more loving.  Even though there are still great mysteries remaining to be studied and understood in both science and spirituality, what we now know and believe in each of these areas is more overlapping and connectable than ever before.As you read each section, ponder the marvels and mysteries of science and spirituality.  Let your mind and your imagination be open to possibilities.  In an attempt to categorize and simplify difficult concepts, the words used by each discipline are often the product of reductionism.  I urge you to think as holistically as possible in order to get beyond the limitations and compartmentalization that result from man-made linguistics and descriptions.  For centuries, human beings have generally separated these two disciplines and often struggled with the conflicts between science and spirituality.  Both science and spirituality are enormous subjects so the potential for overlap is high. This book is an invitation to look at the commonalities and confluence of these two areas so that there is more agreement than separation, more harmony than conflict, and more understanding than argument. Hopefully, the future could be better than the past.  Dr. Bart Barthelemy is the Founding Director of the Wright Brothers Institute and the President of the Collaborative Innovation Institute. Dr. Barthelemy was the National Director of the National Aerospace Plane Program, where he reported to the White House and was responsible for the development of the nation's hypersonic aerospace plane. While a member of the Federal Senior Executive Service, he served as the Technical Director of the Air Force Wright Aeronautical Laboratories at Wright-Patterson Air Force Base in Dayton, Ohio, the Air Force's largest research and development complex. He has been a consultant to a variety of aerospace industry companies and federal government organizations, including Lockheed-Martin, Boeing, the Department of Defense and the Air Force Research Laboratory. Dr. Barthelemy was also a Visiting Scientist at the Software Engineering Institute and Carnegie Mellon University and Adjunct Professor at the University of Dayton. Bart's educational background includes a Bachelor of Science in Chemical Engineering from MIT, Master of Science in Nuclear Engineering and Physics from MIT, and a Doctor of Philosophy in Nuclear Physics/Mechanical Engineering from The Ohio State University.https://godlightsite.com/https://www.amazon.com/GodLight-Possibilities-Intersections-Science-Spirituality/dp/B0B38CX5W5http://www.MainspringBooks.comhttp://www.bluefunkbroadcasting.com/root/twia/31623msb2.mp3   

On this edition of Security Bytes Jim talks to Sharon Mudd, a senior cybersecurity operations researcher with CERT Division at the Software Engineering Institute. In a world where technology is at the center of evaluating cyber risks, the human factor arguably contributes greatly, but how are we measuring and improving?

On today's episode of The Daily Scoop Podcast, Brig. Gen. Gregory Touhill (USAF, ret.), director of the CERT Division at the Software Engineering Institute and former federal chief information security officer, discusses the coordinated government response to cyber attacks. Gordon Bitko, senior vice president at Information Technology Industry Council and former FBI chief information officer, discusses the funding challenges for zero trust initiatives across government. The Daily Scoop Podcast is available every weekday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on Apple Podcasts, Google Podcasts, Spotify and Stitcher. And if you like what you hear, please let us know in the comments.

How do you build cyber resilience? How serious is the threat of cyber warfare? What's new in cybersecurity training? These are things all business owners – large or small – need to know to keep their data safe. We recently asked about these issues and more with Matthew Butkovic, technical director – cyber risk and resilience at the CERT Division of the Software Engineering Institute at Carnegie Mellon University in Pittsburgh.

On today's episode of The Daily Scoop Podcast, the Department of Energy is ready to use a supercomputer to tackle 24 initial science and engineering problems. The Department of Defense will investigate a shared service model for security for contractors. Brig. Gen. Gregory Touhill (USAF, ret.), director of the CERT Division at the Software Engineering Institute at Carnegie Mellon University and former federal chief information security officer, discusses how this will impact the Cybersecurity Maturity Model Certification (CMMC). Dwayne Spriggs, service delivery director at the Department of Justice, tells Scoop News Group's Wyatt Kash how cloud capabilities provides DOJ with flexibility and responsiveness. This interview is part of FedScoop's “Cloud-Driven Innovation in Federal Government” video campaign. The Daily Scoop Podcast is available every weekday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on Apple Podcasts, Google Podcasts, Spotify and Stitcher. And if you like what you hear, please let us know in the comments.

#cybersecurity #security Our reliance on digital infrastructure and the Internet makes everyone vulnerable to cybersecurity attacks. Given the importance of cybersecurity, everyone from CEOs to board members and employees must understand the nature of this threat. Although cybersecurity involves technology, managing the problem relies on people and the willingness of individuals to change their behavior.To learn how to manage a cybersecurity program, we spoke with Gregory Touhill, director of the world-renowned CERT Division of the Carnegie Mellon University Software Engineering Institute (SEI). Proactive cybersecurity strategy should be an important element of any digital transformation effort.The conversation includes these topics:-- On the state of cybersecurity in 2022-- On security weakness arising from the intersection of administrative and operational systems-- On the challenges of enterprise security-- On the importance of prioritizing enterprise cybersecurity-- On managing ransomware attacks-- On creating a culture of cybersecurity-- On the future of managing cybersecuritySubscribe to the CXOTalk newsletter: https://www.cxotalk.com/subscribeRead the full transcript: https://www.cxotalk.com/episode/state-cybersecurity-2022At the SEI Cert Division, Greg Touhill leads a diverse group of researchers, software engineers, security analysts, and digital intelligence specialists working together to research security vulnerabilities in software products, contribute to long-term changes in networked systems, and develop cutting-edge information and training to improve the practice of cybersecurity.Touhill was appointed by former President Barack Obama to be the first chief information security officer (CISO) of the United States government. Previously, he served in the Department of Homeland Security (DHS) as deputy assistant secretary in the Office of Cybersecurity and Communications. Before joining the Software Engineering Institute, he was president of Appgate Federal, a provider of cybersecurity products and services to civilian government and defense agencies.Touhill is a 30-year veteran of the U.S. Air Force where he was an operational commander at the squadron, group, and wing levels. He served as a senior leader of military cybersecurity and information technology programs, culminating as the chief in-formation officer of the United States Transportation Command, one of the nation's 10 combatant commands. A combat veteran, he is the recipient of numerous awards and decorations including the Bronze Star medal and the Air Force Science and Engineering Award. He retired from the Air Force with the rank of brigadier general.He is an adjunct faculty member of the CMU Heinz College of Information Systems and Public Policy and the Deakin University (Australia) Centre for Cybersecurity Research and Innovation. A member of many organizational boards and committees and recipient of many awards, Touhill was recog-nized by Security Magazine as one of its Most Influential People in Security and by Federal Computer Week in the Federal 100. He is the co-author of the books Cybersecurity for Executives: A Practical Guide and Commercialization of Innovative Technologies.

This week, the Buzz presents another session from one of our recent in-person events. The 2022 Emerging Technology and Innovation Conference took place from May  22-24, and explored how new technologies are introducing new opportunities and impacting government services and the citizen experience. Quantum computing is a nascent technology that proposes to harness the quantum properties of subatomic particles to solve computational problems.  Sounds complicated, right? Well this panel of experts from industry, government and academia will help break down what quantum computing is, what it isn't, and the implications for this technology on the field of cybersecurity and cryptography. Panelists:Tim Gilday (moderator) - Emerging Technology Senior Director, General Dynamics ITDr. Celia Merzbacher - Executive Director, Quantum Economic Development ConsortiumBill Newhouse - Cybersecurity Engineer, National Institute of Standards and TechnologyMark Sherman - Director, Software Engineering Institute, Carnegie Mellon UniversityNeal Ziring - Technical Director, National Security AgencySubscribe on your favorite podcast platform to never miss an episode! For more from ACT-IAC, follow us on Twitter @ACTIAC or visit http://www.actiac.org.

On today's episode of The Daily Scoop Podcast, Priority Area Leads for each of the three pillars of the BIden-Harris President Management Agenda Vision are announced. The Cybersecurity and Infrastructure Security Agency will revise its Zero Trust Maturity Model it's creating in intersection with the Continuing Diagnostics and Mitigation Program. Brig. Gen. Gregory Touhill (USAF, ret.), director of CERT Division at Carnegie Mellon University's Software Engineering Institute and former federal chief information security officer, discusses how a zero trust model can help lead to less complexity for cybersecurity solutions. The FY2022 defense budget is in place now and it's setting a marker for 2023. Roman Schweizer, managing director of the Washington Research Group for Cowen, breaks down the biggest increases in the FY22 budget and what to watch for in the FY23 defense budget. At ITModTalks, Office of Personnel Management Chief Information Officer Guy Cavallo joins FedScoop's Dave Nyczepir to discuss how OPM is using the Technology Modernization Fund to transform the agency's zero trust posture. The Daily Scoop Podcast is available every weekday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on Apple Podcasts, Google Podcasts, Spotify and Stitcher. And if you like what you hear, please let us know in the comments.

Michael T. Marquardt is an experienced CEO, corporate director, and business advisor with broad experience serving companies throughout Asia, Europe and the United States. The National Association of Corporate Directors (NACD) has awarded him its highest credential of Board Leadership Fellow® for eight years in a row and has invited him as a speaker and author on emerging corporate governance, multicultural management, and global compliance issues at many of its conferences. From 2007 to 2016, Michael served as non-executive chairman of the board of healthcare services and logistics company AA International, the parent company of Asia Assistance, based in Kuala Lumpur, with operations in eight other countries throughout the Asia-Pacific region. After the sale of five of the operating entities to French insurance giant AXA in 2016, Michael was appointed as chairman of the board of the remaining independent companies, including AA International Indonesia, a healthcare and insurance services provider based in Jakarta. In 2016 Michael was elected chairman of the supervisory board of the Paris-based International Assistance Group S.A.S. (IAG). IAG is a global consortium of 150+ independent companies with a combined staff of more than 7,500 that provide medical and security services on five continents. The IAG board has nine members from nine different countries. After his two-year term concluded in October of 2018, Michael was asked to continue to serve on the board's executive committee. He stepped down in October of 2019 after 10 years of service on IAG's supervisory board. Since January of 2011, Michael has served as one of four independent directors on the board of Commonwealth Trust Company, Delaware's largest non-deposit trust company with more than $15 billion in assets under administration. In addition to his board service, over the past eleven years as CEO of Global Kompass Strategies, Michael has served as an advisor to corporations and government clients in the United States, Europe, and Asia. He works closely with CEOs and senior leadership teams on business development, cybersecurity oversight and strategic planning. He also advises boards of directors and audit committees on effective risk management measures, corporate governance, global expansion efforts, and emerging digital technology issues. Michael gained extensive expertise in the areas of risk management, corporate governance, and the Foreign Corrupt Practices Act when former FBI Director Louis Freeh asked him to serve as President of his global risk management firm, Freeh Group International Solutions, in early 2008. Applying his entrepreneurial and international business experience, Michael was integral in developing the firm's early business relationships and engagements with several Fortune 500© and Global 500© corporations. He also assisted with the group's strategy and business development efforts in Europe. Michael grew up in Berlin and emigrated to the United States soon after witnessing the fall of the Berlin Wall in 1989. He had the opportunity to lead a fast-growing technology company before being recruited to lead a new start-up venture in late 1999. Michael served for seven years as co-founder and chief executive of the health services company MediGuide and led its business development initiatives in the United States, Europe and the Asia-Pacific region. Michael holds a Master's degree from the University of Virginia and a Bachelor's degree from the University of New England. He is a member of the Young Presidents' Organization and the Aircraft Owners and Pilots Association. He earned the CERT Cybersecurity Oversight certificate from the Software Engineering Institute at Carnegie Mellon University and NACD in 2017. Following his personal passions, Michael currently serves as Chair of the Board of the American Cancer Society and, in 2020 and 2021 co-chaired the national search that led to the first woman becoming CEO of this 107-year-old organization. From 2005 to 2014 he served on the board of the Delaware Theatre Company, including four years as chairman. To mark our show's 10th anniversary this month, on this episode, Michael shares 10 things we should know about cancer. Michael is just one of the engaging personalities featured on The One Way Ticket Show, where Host Steven Shalowitz explores with his guests where they would go if given a one way ticket, no coming back. Their destinations may be in the past, present, future, real, imaginary or a state of mind. Steven's guests have included: Nobel Peace Prize Winner, President Jose Ramos-Horta; Legendary Talk Show Host, Dick Cavett; Law Professor, Alan Dershowitz; Fashion Expert, Tim Gunn; Broadcast Legend, Charles Osgood; International Rescue Committee President & CEO, David Miliband; Former Senator, Joe Lieberman; Playwright, David Henry Hwang; Journalist-Humorist-Actor, Mo Rocca; SkyBridge Capital Founder & Co-Managing Partner, Anthony Scaramucci; Abercrombie & Kent Founder, Geoffrey Kent; Travel Expert, Pauline Frommer, as well as leading photographers, artists, chefs, writers, intellectuals, etc.

In today's podcast, Linda Parker Gates from the Software Engineering Institute at Carnegie Mellon University talks about organizational agility. Linda shares the importance of an execution-first mentality, setting a vision while being nimble enough to make course corrections, and the importance of data-driven decision making.   Contact the Software Engineering Institute via email: info(at)sei.cmu.edu LinkedIn Show Me Agility: Agile Strategy Execution

On today's episode of The Daily Scoop Podcast, the Army's Combat Capabilities Development Command has its first permanent chief technology officer. Comments are open now for the draft of the first ever learning agenda from the Office of Management and Budget. Chris Mihm, adjunct professor of public administration at the Maxwell School at Syracuse University and former managing director for strategic issues at the Government Accountability Office, explains what's important about the learning agenda and the process of taking in comments on it. The Department of Homeland Security says it will bring in hundreds of cyber professionals through its new Cybersecurity Talent Management System, but DHS and other agencies have thousands of cyber openings. Brig. Gen. Gregory Touhill (USAF, ret.), director of the CERT Division at the Software Engineering Institute and former federal chief information security officer, explains the two challenges he sees the government facing while filling these cyber vacancies. The Daily Scoop Podcast is available every weekday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on Apple Podcasts, Google Podcasts, Spotify and Stitcher. And if you like what you hear, please let us know in the comments.

Impact of climate change on US defense interests Erin Sikorsky, director of the Center for Climate and Security, discusses how China is taking advantage of climate change and how the U.S. can work with allies and partners to respond Confronting security risks from climate change Rolf Mowatt-Larssen, senior fellow at the Belfer Center and former director of Intelligence and Counterintelligence at the Department of Energy, describes actions the intelligence community should take to confront and mitigate national security threats from climate change Responding to the growing cyber threat landscape Brig. Gen. Gregory Touhill, director at the CERT Division at the Software Engineering Institute, discusses changes in the cyber threat landscape and a new directive from CISA for federal agencies to address security vulnerabilities

The global supply chain touches every aspect of our lives, from fuel prices to the availability of computer chips and supermarket products. In out latest podcast, Matt Butkovic, technical director of risk and resilience at Carnegie Mellon University's Software Engineering Institute, discusses with Suzanne Miller the supply chain's silver thread of cyber, specifically how cyber both underpins the cyber supply chain and the broader supply chain. Butkovic's team recently engaged with the World Economic Forum to create an online transformation map, a set of connected topics defining a specific domain of interest. In this episode, Butkovic also discusses work on this map, the importance of cyber resilience, and how to determine the resilience your organization needs and the resilience it currently possesses.

"Business as usual" is no longer enough to successfully grow and innovate. OEMs now need to approach venture growth with a creative combination of "build, buy and partner," while making efforts to not stifle innovation by holding acquisitions, incubators, and the like too close. We're diving into growth venture strategy in the latest episode of Future Perfect Tech with the founder and managing director of Spinnaker Venture Partners, Mark Roth, and president and founder of Harbor Research, Glen Allmendinger. Mark Roth is founder and Managing Director of Spinnaker Venture Partners. Spinnaker, as a Venture Development firm, has been involved in the identification, funding, launch, and development of innovative early stage entrepreneurial ventures for the past 15 years. Mark has over 20 years experience as leading and developing venture based start-ups and as a management consultant providing leadership on new product development, innovation management, and business origination. Mark has held leadership R&D positions in Rockwell International, Honeywell, and Engelhard Minerals and Chemicals and has provided management consulting on corporate and business development issues to emerging technology businesses. Internationally, he has led the origination of energy related businesses in the EU, Eastern Europe and Russia. Mark has served as a board member and director of numerous manufacturing industry and technology consortia including the National Center for Manufacturing Sciences, the Microelectronics Computer Consortium, the Software Engineering Institute and the Software Productivity Consortium. He has a degree in Chemical Engineering from the Stevens Institute of Technology and has affiliations with the Tuck School of Business and the Czech Technical University. Glen Allmendinger has been responsible for managing all of Harbor Research's consulting and research activities since its inception. Glen has worked with a very broad range of leading technology innovators, product OEMs, and service providers assisting them with strategy and market development for new smart product, systems, and services opportunities. He has participated in pioneering research and consulting work in the Smart Buildings, Healthcare, Retail, Transportation, Energy and Industrial arenas helping clients to determine the scale and structure of emerging opportunities, competitive positioning, and design of new business models. In 2005, Glen co-authored the pioneering article “Four Strategies for The Age Of Smart Services,” published in the Harvard Business Review. Glen has also authored thought leading articles for a wide range of publications including, The Economist and The Wall Street Journal, as well as being a frequent speaker in industry forums. Learn more at https://harborresearch.com/future-perfect-tech/

16#climatecrisis #CodeRedForHumanity #globalwarming Dr Jai Asundi is the Executive Director of C-STEP. He joined the organization in 2009 and has been involved in research and development (R&D) projects in various areas. His initial work was in the field of emergency and disaster management. He mentored teams across areas spanning climate, energy, and urban development. He spearheaded the establishment of AI for Social Impact as a sector of work and the creation of the Centre for Air Pollution Studies (CAPS) at C-STEP. His broader research interests lie in decision-making and the development of decision-support systems for diverse public-policy problems. Dr Asundi started his career as a software engineer/analyst at Infosys Technologies. He spent a year as a post-doc at the Software Engineering Institute, Pittsburgh, prior to becoming an Assistant Professor of Information Systems in the School of Management, at the University of Texas at Dallas. He holds a BTech from IIT Bombay and MS and PhD degrees from Carnegie Mellon University. He is a senior member of the IEEE and an Adjunct Associate Professor in the Department of Engineering and Public Policy at Carnegie Mellon University. https://www.cstep.in https://in.linkedin.com/in/jaiasundi https://twitter.com/jaiasundi

Implementing cyber defense action at federal agencies Brig. Gen. Gregory Touhill, director of the CERT Division at the Software Engineering Institute, discusses how the new Joint Cyber Defense Collaborative will allow the government and private sector to proactively address cyber threats The importance of the Space Portfolio to DIU operations Steve Butow, director of the Space Portfolio at the Defense Innovation Unit, discusses space as a service and deployment of commercial technology into military services to improve readiness Streamlining and reforming political appointment system Max Stier, president and chief executive officer of the Partnership for Public Service, discusses shortcomings in the system for nominating and confirming major positions in government

Zero trust adoption is a security initiative that an enterprise must understand, interpret, and implement. Enterprise security initiatives are never simple, and their goal to improve cybersecurity posture requires the alignment of multiple stakeholders, systems, acquisitions, and exponentially changing technology. This alignment is always a complex undertaking and requires cybersecurity strategy and engineering to succeed. In this SEI Podcast, Geoff Sanders, a senior network defense analyst in the CERT Division at Carnegie Mellon University's Software Engineering Institute, discusses zero trust adoption and its benefits, applications, and available resources.

In this SEI Podcast, Aaron Greenhouse, a senior architecture researcher with Carnegie Mellon University's Software Engineering Institute, talks with principal researcher Suzanne Miller about use of the Bell–LaPadula mathematical security model in concert with the Architecture Analysis and Design Language (AADL) to model and validate confidentiality. Greenhouse and Miller also discuss 11 analysis rules that must be enforced over an AADL instance to ensure the consistency of a security model. Mapping Bell–LaPadula to AADL allows the expression of key concepts within the AADL model so that they can be analyzed automatically.   

Oxide and Friends Twitter Space: July 26, 2021Agile + 20We've been holding a Twitter Space weekly on Mondays at 5p for about an hour. Even though it's not (yet?) a feature of Twitter Spaces, we have been recording them all; here is the recording for our Twitter Space for July 26, 2021.In addition to Bryan Cantrill and Adam Leventhal, speakers on July 26 included Tom Lyon, Tom Killalea, Dan Cross, Aaron Goldman, and others. (Did we miss your name and/or get it wrong? Drop a PR!)Some of the topics we hit on, in the order that we hit them: Al Tenhundfeld's Agile at 20: The Failed Rebellion The Agile Manifesto [@0:55](https://youtu.be/3tp5EtPdPwY?t=55) Adam's experiences From the Agile Manifesto history > The only concern with the term agile came from Martin Fowler > (a Brit for those who don't know him) who allowed that > most Americans didn't know how to pronounce the word ‘agile'. [@6:25](https://youtu.be/3tp5EtPdPwY?t=385) > The problem with agile is when it became so prescriptive that it > lost a lot of its agility. [@8:06](https://youtu.be/3tp5EtPdPwY?t=486) > There's so much that is unstructured in the way we develop software, > that we are constantly seeking people to tell us how to do it. > The answer is it's complicated. Steve Yegge's Good Agile, Bad Agile > So the consultants, now having lost their primary customer, were at > a bar one day, and one of them (named L. Ron Hubbard) said: > “This nickel-a-line-of-code gig is lame. You know where > the real money is at? You start your own religion.” > And that's how both Extreme Programming and Scientology were born. [@9:15](https://youtu.be/3tp5EtPdPwY?t=555) Edward Yourdon“Decline and Fall of the American Programmer” book [@10:26](https://youtu.be/3tp5EtPdPwY?t=626) “The principles are not all wrong. Some today even feel obvious.” > There's also a lack of specificity, which gives one lots of opportunity > for faith healers to come in. [@14:43](https://youtu.be/3tp5EtPdPwY?t=883) “Something I found surprising about Agile was how rigid it became.”  Dan's perils of personal tracking methodology Sun's engineers connecting directly with customers The Agile Ceremonies. (an ultimate guide) Sprint Planning, Daily Stand-Up, Sprint Review, Sprint Retrospective [@20:48](https://youtu.be/3tp5EtPdPwY?t=1248) “I think we overly enshrine schedule estimation. If there are any unknowns it becomes really hard.” > I think there's a Heisenberg principle at work with software: > you can tell what's in a release or when it ships, but not both. [@23:25](https://youtu.be/3tp5EtPdPwY?t=1405) Tom Killalea talks to success stories he's seen with Agile Building S3 at AWS [@28:31](https://youtu.be/3tp5EtPdPwY?t=1711) Sprint planning and backlogs Big work chunks, responding to changing priorities [@33:39](https://youtu.be/3tp5EtPdPwY?t=2019) Success or failure of an Agile team?  “Do demos and retrospectives” Unknowns in software development make estimation hard [@39:11](https://youtu.be/3tp5EtPdPwY?t=2351) Dan's experiences  Personal Software Process, Team software process, Software Engineering Institute > Some people really benefit from the level of rigidity that is set out > by these processes. Prior to that, they just weren't having > these conversations with their sales team, product owners, etc. Construction analogies, repeatability. Self-anchored suspension bridge [@46:40](https://youtu.be/3tp5EtPdPwY?t=2800) Software as both information and machine.  Consultancies, repeatability, incremental results. “For each success story, there are many failures.” Manifesto as a compromise between different methodologies Silver Bullet solutions, cure-alls. See Fred Brooks' (1987) “No Silver Bullet” paper [@51:18](https://youtu.be/3tp5EtPdPwY?t=3078) Demos: “Working software is the primary measure of progress.”  Experimentation and iteration No true Scotsman fallacy What does Agile even mean anymore? “Letting people pretend to agree while actually disagreeing, but then going off and building working software anyway.” [@59:45](https://youtu.be/3tp5EtPdPwY?t=3585) Ed Yourdon and the Y2K problem Maybe there are too many Agile books already. Tom Killalea conversation with Werner Vogels AWS development Agile is more like a guideline than a target to hit. Consistent team composition over time “Soul of a New Machine”: trust is risk The answer can't be “you're doing it wrong.” How do you know if it's working for your team? (Did we miss anything? PRs always welcome!)If we got something wrong or missed something, please file a PR! Our next Twitter space will likely be on Monday at 5p Pacific Time; stay tuned to our Twitter feeds for details. We'd love to have you join us, as we always love to hear from new speakers!

Nataliya (Natasha) Shevchenko and Mary Popeck, both senior researchers in the CERT Division at Carnegie Mellon University's Software Engineering Institute, discuss the use of model-based systems engineering (MBSE), which, in contrast to document-centric engineering, puts models at the center of system design. MBSE is used to support the requirements, design, analysis, verification, and validation associated with the development of complex systems.

Author Daniel H. Pink recently examined the factors that lead to job satisfaction among knowledge workers and summarized them in three components: autonomy, skill mastery, and purpose. In this SEI Podcast, Hasan Yasar, technical director of Continuous Deployment of Capability at Carnegie Mellon University's Software Engineering Institute, relates these components to DevSecOps and summarizes a recent survey affirming that DevSecOps practices do indeed make developers and other stakeholders in their organizations happier.

Understanding IT security policies at the VA Gary Stevens, executive director for information security policy and strategy at the Department of Veterans Affairs, discusses the cybersecurity executive order and tools and methods his department uses to get in front of cyber threats The impacts of the climate crisis on national security Jim Mitre, former principal director at the Office of the Secretary of Defense and now chief strategy officer at Govini, discusses his team's analysis of the effects of climate change on national security and recent defense investments in this space Investigating ransomware attacks across federal agencies Brig. Gen. Gregory Touhill, former federal chief information security officer and now director of the CERT Division at the Software Engineering Institute, discusses the federal government's strong protections against ransomware and the concept of banning ransomware payments

The Software Engineering Institute, operated by Carnegie Mellon University as a federally funded research and development center, has a new name at its CERT Division. The Division's new director is Greg Touhill, a retired Air Force Brigadier General former federal chief information security officer joined the Federal Drive to discuss his new role.

Dr. Bart Barthelemy is the Founding Director of the Wright Brothers Institute and the President of the Collaborative Innovation Institute. He was the National Director of the National Aerospace Plane Program, where he reported to the White House and was responsible for the development of the nation's hypersonic aerospace plane. While a member of the Federal Senior Executive Service, he served as the Technical Director of the Air Force Wright Aeronautical Laboratories at Wright-Patterson Air Force Base in Dayton, Ohio, the Air Force's largest research and development complex. He has been a consultant to a variety of aerospace industry companies and federal government organizations, including Lockheed-Martin, Boeing, the Department of Defense and the Air Force Research Laboratory. Bart was also a Visiting Scientist at the Software Engineering Institute and Carnegie Mellon University and Adjunct Professor at the University of Dayton. Bart's educational background includes a Bachelor of Science in Chemical Engineering from MIT, Master of Science in Nuclear Engineering and Physics from MIT, and a Doctor of Philosophy in Nuclear Physics/Mechanical Engineering from The Ohio State University. Bart published High Performance, a book on high performance technology leadership in 1985, and The Sky Is Not The Limit: Breakthrough Leadership, St. Lucie Press, a book on breakthrough leadership in 1993 and Collaborative Innovation, a book on the future of innovation, Balboa Press in 2020.

Artificial Intelligence is often given a bad rap. It has an ever-increasing role as the supervillain in everything from science fiction to the nightly news. But is Artificial Intelligence to blame for the unintended mishaps or misuse of the technology? Behind every algorithm and every line of code, there is a human being. These people wield an ever-increasing amount of power over our lives. Our future will inevitably be impacted by code; it will keep us safe, it will take us to where we need to go, it will manage our finances, and myriad other situations. In this episode, we'll talk with Carol Smith, Senior Research Scientist in Human-Machine Interaction at Carnegie Mellon University’s Software Engineering Institute and former UX researcher Uber ATG and UX Design Manager at IBM Watson. We'll discuss the role of ethics in technology and more specifically, what it means to create Ethical Artificial Intelligence. Learn more about your ad choices. Visit megaphone.fm/adchoices

It’s not just science fiction: As AI becomes more complex and prevalent, so do the ethical implications of this new technology.But don’t just take it from me – take it from Carol Smith, a leading voice in the field of UX and AI. Carol is a senior research scientist in human-machine interaction at Carnegie Mellon University’s Emerging Tech Center, a division of the school’s Software Engineering Institute. Formerly a senior researcher for Uber’s self-driving vehicle experience, Carol-who also works as an adjunct professor at the university’s Human-Computer Interaction Institute-does research on Ethical AI in her work with the US Department of Defense. Throughout her 20 years in the UX field, Carol has studied how focusing on ethics can improve user experience with AI. On today’s episode, Carol and I talked about exactly that: the intersection of user experience and artificial intelligence, what Carol’s work with the DoD has taught her, and why design matters when using machine learning and automation. Better yet, Carol gives us some specific, actionable guidance and her four principles for designing ethical AI systems. In total, we covered: “Human-machine teaming”: what Carol learned while researching how passengers would interact with autonomous cars at Uber (2:17)Why Carol focuses on the ethical implications of the user experience research she is doing (4:20)Why designing for AI is both a new endeavor and an extension of existing human-centered design principles (6:24)How knowing a user’s information needs can drive immense value in AI products (9:14)Carol explains how teams can improve their AI product by considering ethics (11:45)“Thinking through the worst-case scenarios”: Why ethics matters in AI development (14:35) and methods to include ethics early in the process (17:11)The intersection between soldiers and artificial intelligence (19:34)Making AI flexible to human oddities and complexities (25:11)How exactly diverse teams help us design better AI solutions (29:00)Carol’s four principles of designing ethical AI systems and “abusability testing” (32:01) Quotes from Today’s Episode “The craft of design-particularly for #analytics and #AI solutions-is figuring out who this customer is-your user-and exactly what amount of evidence do they need, and at what time do they need it, and the format they need it in.” – Brian “From a user experience, or human-centered design aspect, just trying to learn as much as you can about the individuals who are going to use the system is really helpful … And then beyond that, as you start to think about ethics, there are a lot of activities you can do, just speculation activities that you can do on the couch, so to speak, and think through – what is the worst thing that could happen with the system?” – Carol “[For AI, I recommend] ‘abusability testing,’ or ‘black mirror episode testing,’ where you’re really thinking through the absolute worst-case scenario because it really helps you to think about the people who could be the most impacted. And particularly people who are marginalized in society, we really want to be careful that we’re not adding to the already bad situations that they’re already facing.” – Carol, on ways to think about the ethical implications of an AI system “I think people need to be more open to doing slightly slower work […] the move fast and break things time is over. It just, it doesn’t work. Too many people do get hurt, and it’s not a good way to make things. We can make them better, slightly slower.” – Carol “The four principl

The Cybersecurity Maturity Model Certification (CMMC) for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB entities and the Department of Defense. CMMC requires that DIB organizations complete an assessment of all CMMC practices at a particular level and become certified by a CMMC third-party assessment organization. When fully implemented, CMMC will require all DIB companies to achieve certification at one of the five CMMC levels, which includes both technical security practices and maturity processes. In this SEI podcast, Andrew Hoover and Katie Stewart, architects of the CMMC model and researchers at Carnegie Mellon University's Software Engineering Institute, discuss the Level 3 Assessment Guide for the CMMC and how it differs from the Level 1 Assessment Guide.

Dr. Rand Waltzman is one of the founding members of the Information Professionals Association. During this conversation, we discuss how he coined the term, "cognitive security." Dr Waltzman considers the information threat to be like a chronic disease which has no cure; however, it may be managed. Towards the end of the conversation, Dr. Waltzman suggests that those who are interested to learn more about the origins of modern propaganda should check out the video documentary "Century of the Self." Some other excellent resources include: Computational Propaganda: Political Parties, Politicians, and Political Manipulation on Social Media by Woolley and Howard, as well as Propaganda by Bernays. Click here for full show notes & resources Dr. Rand Waltzman is Deputy Chief Technology Officer at RAND Corporation. Previous positions include acting CTO and Associate Director of Research of the Software Engineering Institute at Carnegie Mellon University, Program Manager at the Defense Advanced Research Projects Agency, Chief Scientist in the Distributed Systems Lab at Lockheed Martin, and Associate Professor of Computer Science at the Royal Institute of Technology in Stockholm, Sweden. He started his career at the Teknowledge Corporation, the world’s first commercial Artificial Intelligence company. He is also co-founder of the Information Professionals Association. IPA is a non-profit organization dedicated to exploring the role of information activities, such as influence and cognitive security, within the national security sector and helping to bridge the divide between operations and research. Its goal is to increase interdisciplinary collaboration between scholars and practitioners and policymakers with an interest in this domain. For more information, please contact us at communications@information-professionals.org. Or, you can connect directly with The Cognitive Crucible podcast host, John Bicknell on LinkedIn. Disclosure: 1) As an Amazon Associate IPA earns from qualifying purchases, 2) IPA gets commissions for purchases made through links in this post.

Global Product Management Talk is pleased to bring you the next episode of... The Everyday Innovator with host Chad McAllister, PhD. The podcast is all about helping people involved in innovation and managing products become more successful, grow their careers, and STANDOUT from their peers. About the Episode:  I hosted a virtual summit in April this year (www.theeverydayinnovator.com/summit) and I met many wonderful people. One introduced me to her Slinky Dog metaphor for product management and a methodology called FAST goals. She calls FAST goals a winning methodology as it enables you to win, solving problems and creating value for customers. It connects what you need to accomplish with how you will accomplish it along with the why for taking specific actions. In the discussion, we role-play using FAST to solve problems I have had as a frequent traveler — something most of us are doing far less of now but will return to eventually. Her name is Jeannine Siviy. She has been a software and systems engineer, contributing to and leading product development for several organizations, including Kodak and the Software Engineering Institute. She is currently the Director of Healthcare Solutions at SDLC Partners.

The leadership team at OODA have had the pleasure of working with and learning from Bobbie Stempfley since her leadership of the Department of Defense Computer Emergency Response Team (DoD CERT) after she established it in the late 1990's. This OODAcast captures insights from Bobbie that can inform the action of leadership of corporate and government leaders alike. She has had a broad influence on the cybersecurity community, including rising to senior executive position in the DoD and then later helping DHS as they established themselves as a new Department. She also lead Cybersecurity activities at MITRE.  Through it all she has been a mentor to 1,000's and a thought leader known for anticipating and mitigating risks. Now as director of the Carnegie Mellon University Software Engineering Institute's CERT Division (since 2017) she leads a highly respected team of researchers examining some of the nation's biggest challenges in cybersecurity, including insider threats, the security of Artificial Intelligence, and ways to measure the impact of cybersecurity solutions. Topics we discuss with Bobbie included: Her foundational story Views on the current situation including actions we should take to reduce cyber risks right now The situation regarding the security of artificial intelligence solutions Advice for cybersecurity professionals seeking to stay current. Research we should be aware of at CMU Advice for the youth of today Related Resources: SEI CERT Bobbie Stempfley on LinkedIn An Executive’s Guide to Cognitive Bias in Decision Making: How we think is critically important. A Decision-Makers’s Guide to Artificial Intelligence: A plain english overview with the insights you need to drive corporate decisions The Executive’s Guide to Quantum Computing: What business decision-makers need to know now about quantum superiority The Executive’s Guide to the Revolution in Biology: An overview of key thrusts of the transformation underway in biology and offers seven topics business leaders should consider when updating business strategy to optimize opportunity because of these changes. OODA COVID-19 Sense-making: A dynamic resource for OODA Network members looking for Coronavirus/COVID-19 information to drive their decision-making process. We’ll update it with new links as we encounter them. This is not meant to be a comprehensive list, but rather a compilation of the most useful resources. The 2020 OODA Cybersecurity Watch List: list can serve multiple stakeholders. Investors can find firms that have demonstrated good product-market fit and are good candidates for follow-on funding. CISOs can find companies that have demonstrated real disruptive technology potential and at least enough traction to prove they are worth considering. OODAcast on YouTube: OODA's YouTube Channel

How do you define DevSecOps?  Despite what some will lead you to believe, DevOps is not just a set of tools. In this episode Hasan Yasar Technical Director of Continuous Deployment of Capability group in Software Engineering Institute, CMU shares his thought on DevSecOps. Listen in to discover the common misconceptions and roadblocks, and how you can use DevSecOps to help your organization reach new heights of efficiency and productivity without getting frustrated.

In this episode, we're talking about how to hack legally with Karen Miller, associate cyber security engineer at the Software Engineering Institute. Karen talks about getting into cyber security through forensic and security competitions, reliable and safe resources to learn how to hack, and how to do it legally. Show Links Digital Ocean (sponsor) MongoDB (sponsor) Heroku (sponsor) TwilioQuest (sponsor) Software Engineering Institute Neopets HTML CSS GitHub Southern Utah University Steganography For loop Wireshark Kali Linux Penetration testing Python Ruby Perl C C# Visual Basic White Hat Hacker Black Hat Hacker HackHub Offensive Security Certified Professional (OSCP) Malware analysis CTFtime picoCTF VulnHub virtual private network (VPN) Hack The Box

In late 2019, Bill Nichols, a senior member of the technical staff at Carnegie Mellon University with the Software Engineering Institute published his study on “the 10x developer myth.” On this show we talk with Bill about all the details of his research. Is the 10x developer a myth? Let’s find out.

In late 2019, Bill Nichols, a senior member of the technical staff at Carnegie Mellon University with the Software Engineering Institute published his study on “the 10x developer myth.” On this show we talk with Bill about all the details of his research. Is the 10x developer a myth? Let’s find out.

Join us as Tom Longstaff and Rotem Guttman walk through the Software Engineering Institute’s plans for how to advance the science of artificial intelligence engineering. Topics addressed will include both the opportunities expected and challenges foreseen in integrating the promise of AI technology with the needs of the Department of Defense.

Sam Procter a researcher at the Software Engineering Institute of Carnegie Mellon University discusses Security in Software design. Justin Beyer spoke with Procter about Architecture Design Languages, specifically Architecture Analysis and Design Language (AADL) about what it is, how it can be used for security and privacy. Specifically, he discussed AADL, the tooling that is […]

In this SEI Podcast, Kristi Roth, a summer 2019 intern in the Software Solutions Division at the Software Engineering Institute, discusses the path that led from a childhood spent calculating math problems in her head to a high school Introduction to Programming class to Penn State University where she is a senior computer science major.

My guest today is Carol Smith. Carol is a user experience researcher at the Software Engineering Institute at Carnegie Mellon University. Her focus is artificial intelligence, and prior to joining Carnegie Mellon, she worked for Uber's Advanced Technology Group and IBM Watson. In this conversation, we discuss the benefits and limitations of artificial intelligence — and machine learning, more specifically – for our day-to-day information management. Listen to the full conversation https://theinformeddotlife.files.wordpress.com/2019/11/the-informed-life-episode-23-carol-smith-2.mp3   Show notes Carol Smith on Twitter Carol Smith on LinkedIn Carnegie Mellon University Software Engineering Institute AlphaGo Gmail Multi-factor authentication Read the full transcript Jorge: So Carol, welcome to the show. Carol: Thank you. I'm happy to be here. Jorge: Well, I'm happy to have you on the show. For folks who don't know you, can you please tell us about yourself? Carol: Certainly. I am a user experience researcher, and I'm currently working at Carnegie Mellon University in the Software Engineering Institute, where we do work as well as general research on artificial intelligence and emerging technologies. And I've been working in user experience research generally for the past 18 years across a lot of different industries, working on different types of problems in healthcare and in finance and manufacturing and now, in… Specifically in software for a couple of government applications. I really enjoy working on more difficult problems and especially with artificial intelligence, so just so many ways these technologies can help and unfortunately hurt. So it's really an interesting time to be in this field. Jorge: Artificial intelligence is a subject that I think a lot of folks have probably heard about or read about in the news. And I'm wondering if you can, just for the purposes of our conversation, tell us what you mean by “artificial intelligence.” Carol: Great question. Yeah. And it can mean a lot of different things to a lot of different people, but generally what I mean is a system that has been given a set of data, usually very narrow set of data it's using that information. And looking for patterns in it and trying to understand, and in a very computer-like way the connections are between the data and then it's using that information to decisions and to be successful in making the proper decisions. It's really trying to look for patterns, generally, and then use that information that's previously understood to be correct to new situations and to solve those situations with that older information that it has. So it's much like many of systems we've seen, like the chess games and things like that, where a computer has been trying to play the game. Those patterns and applying and potentially finding new patterns that we haven't thought of yet. So, for example, fairly recently, there was a game of Go, a computer system able to come up with new ways of playing that had never been seen before. And so that's a very exciting and new way that these systems can to apply their knowledge to problems. Jorge: So let me read that back to you to see if I'm getting it straight. So there's a set of data, and AI is perhaps a set of algorithms that looks for patterns in that data. Carol: Correct. Jorge: To then make decisions. Is it making decisions on its own or is it helping the human make decisions? Carol: Ideally, it's helping the human make decisions, but in some cases, we want the system to make decisions. So, for example, in that game of go, we would want the system to make its decisions on its own. In an example such as self-driving vehicles, we would want it to always stop at a red light, for example. We would not want to have to remind it to do that or to approve it. It's doing that. But there may be other situations, particularly ones where a person's life is at stake, their quality of life, their health, their reputation… All sorts of much more significant situations where we would definitely want the human to be responsible for that final decision, whatever it is. And so, it depends. But in a lot of cases, we do want these systems to be able to make some decisions for us. For example, I'm doing research across a set of documents. It would be very nice if the system could go ahead and pull papers that seem relevant to the research that I'm doing, and then suggest them to me for the works that I'm to do, versus me needing to say, “Yes, that one, that one, that one.” And if articles it pulls aren't of interest to me, I could provide that feedback potentially to the system, and it would adjust what it's bringing to me. Jorge: So to focus on that example. In that case, the data would be the text of the documents that you're trying to sit through. Is that correct? Carol: Yeah, yeah. Or an abstract or, or just a title, depending on what you needed. Yeah. Jorge: I think we've all heard the term “artificial intelligence,” and we've also heard the term “machine learning.” And I'm wondering if there's a technical distinction that's worth digging into. Carol: For most people, there's not. Lately, people have been saying that the term artificial intelligence itself is kind of meaningless at this point because it means almost nothing specific. But machine learning is a specific [type] of artificial intelligence. And for the most part, it is artificial intelligence for most situations. And what that is, is a situation where you take data, and you train a system… There are a couple of different ways to have the system learn about the data, by creating models and then having it learn the information that's there and learn using those models. And then again, applying it to a situation. So that is the most common, and generally what you see in technology today. Jorge: When you were introducing the subject, you talked about these algorithms being pointed to — I think the phrase you used was “a narrow set of data.” Does the breadth of the data base or the set of data that you're polling through, does the breadth of it matter to the quality of the results? Carol: It definitely does. It's really, I think, surprising to people who are new to these systems, how narrow the data needs to be to it to get high levels of accuracy. So, for example, if you could imagine, I'm looking at a set of data about car repair, let's say. If you provide it with everything about every model of vehicle and every type of engine and all of that breadth, it's so much so that the system may begin to see connections that don't exist. And so by keeping it very narrow, so for example inaudible Honda Civic, and maybe even a particular model year, the system will learn a lot more about that set of data and be a lot more accurate. If it's too broad, it just can't see the patterns that are necessary for it to be confident and to provide the competence that we want. So, for example, most systems in artificial intelligence to get to 80 to 90% accuracy requires a huge amount of time and training work for that system to get to that level. And so to get, you know, into the nineties requires even more time and energy. And most of the systems are only going to get as good as a typical human in a lot of cases, and it may get better and better if you keep it more narrow. And that's one of the reasons why we don't have general knowledge with AI systems, and none of the existing AI systems, for example, have a third grader's understanding of the world. That just doesn't exist right now because there's not enough computing power, and the systems just need to be so narrow that that is just a huge leap or will be a huge leap in artificial intelligence in general for it to get to that point. So right now, we see systems that are more like narrow task systems, as you mentioned earlier, supporting humans in making decisions and helping us to understand a specific but not a more general set of information. Jorge: You talked about accuracy and measuring the accuracy of the system. How is that done? How do you determine whether a system is accurate or not? Carol: Yeah, that, that's a great question. And that's a pretty new area, and I'm not an expert in that at all. But generally what people do is they literally observe the system and see what kind of results are getting and determine… Have a more technical way of measuring it if it's a more technical area that can be measured in that way. It's one of the reasons why qualitative work is really difficult for an AI system to do. So, for example, while an AI system can do transcription. It can't necessarily understand that's happening within that transcript because there's a lot of additional language that's used by humans that not be applicable, and that may not be able to understand that wording. Jorge: So I can imagine that in some problem spaces, the end result is easier for the human trainer to predict. So in a game like Go, that game can have a “winning state,” right? Like where one of the players wins. And you can determine whether the machine has won. And I would imagine that that determines that the algorithm has somehow improved. Carol: Exactly Jorge: But I'm wondering for a problem like the one that you talked about earlier, where imagining an algorithm that is trying to help me sort through a large data base of academic papers… I'm imagining that it would be harder for me to determine what the right answers are, to measure that Carol: Right right exactly. And that's why it gets. More difficult to be able to say how accurate it is until you have enough of a result batch if you will. So once you see a lot of results, you can start to say, “Oh, you know, most of the time it gave me the right content. Most of the time it's bringing any of the articles that I'm asking it for.” So I would say it's gained a higher level of accuracy. Even the term accuracy may not be the right term to use in that instance. It may be more about relevancy or something along those lines. But regardless, thinking about, is the system performing at the level I expect? And is it providing me with the information most of the time or all the time ideally that I expect it to? And in the situation of the chess games and things like that, yeah, the more it is winning, the more it's making the right decisions in that situation, the better the system understanding and responding to the information in the environment. And that's part of it. It's just the response it has. It's not always a decision, but it is a response to the information in the environment. Jorge: I'm guessing that there are also different degrees of — I don't know if to call it like criticality — towards getting the right outcome. It's very different to win a game of Go than it is to drive a car safely. Right? Carol: Exactly, yeah. Jorge: The downsides to losing at Go are not the same as the downsides to crashing the car and potentially killing someone. Carol: Yeah, exactly. And that's why specifically the self-driving, that's such a complex system and will continue to be a really complex problem to solve whereas a game with rules is a relatively easy space for a system like this to work in. And so as you go into more critical areas — so for example, healthcare would be near the top, along with self-driving — those types of decisions are the ones where you really to be extremely confident before you allow a system to make those decisions outside of the testing environment. So in both of those much more critical situations you want to do a huge amount of testing to ensure that you really have the system that you think you have. Whereas with, for example, a shopping situation where the algorithms may be just determining what advertisements to show, or in a situation where the system is suggesting the articles that we were talking about, you've got more leeway. And as you said, it's not as… The risk is lower, and the humans are not going to necessarily be in any danger due to those decisions. So you can allow the system to be more independent and to make mistakes and to learn from that a… You can release it a little bit earlier and allow it to be making mistakes even when it's being in use versus having a much higher bar for testing and confirmation and validation. Jorge: That makes me think that ongoing training might be an important part of the systems, no? You have to be able to tell it, “No, you're not doing it right now.” Carol: Right. Yeah. And especially as you add more information. So for example, in healthcare there are image systems that are quite good for example, recognizing eye disease is a relatively successful implementation of artificial intelligence where the system can compare eyes and scans of eyes and understand that this one doesn't look normal. You know, it can tell the difference between a healthy eye and an unhealthy eye. And if you were to introduce a different animal eye, for example, to that system, that would require the system to basically start all over again. Because even though it is an eye, it would be a completely different shape. Potentially, there'd be different features in that eye. And so that new information would require the system to learn potentially on thousands and thousands of images of that type of eye so that it could relearn how to do that same task in a different situation. And if you, for example, added a new set of papers to an existing database and they had new terms, you would need to teach the system those new terms so that it understood that those were part of this body of knowledge was looking at. So there's definitely a lot of situations where you need to be doing upkeep and maintenance on these systems so that they up to date in their understanding and then also retraining them potentially to understand this new information and incorporate it into its knowledge set.  Jorge: I'm hearing you describe that, and thinking, oh boy, I think that in the future all of us are going to have to develop this kind of AI literacy, where we become cognizant of the fact that we are training algorithms all around us to do things for us. Carol: For sure. Yeah. I would love for more people to really understand not only the potentials but also the limitations of these systems so that they're not so scary and so that people aren't intimidated by them, but rather how they can use them to their benefit and also what the risks are with using them. I think that AI literacy is really important because, as you just said, we're in a constant state of training these systems, whether we want to or not, they're all around us in many of the systems that we use every day. And the more we understand about that, the better informed we can be, and the better we can protect ourselves and protect other people. Jorge: Many of the examples that you've been alluding to, healthcare, this idea of examining the person's eyes, self-driving vehicles, the one about the academic papers, these are all… I don't want to call them edge cases because they certainly have mainstream applications, but I don't see most folks who are listening to our conversation going out and training an AI to recognize eye disease on a day to day basis. Right? It's not something that we do all the time. But we are starting to run into these algorithms out in the wild doing stuff for us that does impact our day to day experience. Carol: Right. Yeah, certainly there are of situations where we're seeing, smart calendars, for example, that recognize certain words and email and maybe add an item to your calendar. For better or worse we've seen some people using that for, negative situations for advertising and that sort of thing as well. We're seeing that certainly within social media and a variety of different ways of showing advertisements and things like that. And we see it within some of the work tools that we use on a regular basis. And sometimes it's hard to know, is it artificial intelligence? Is it creative writing, you know, programming? And there's a lot of gray there because as we progress in our Use of these systems, some things cease to be considered artificial intelligence anymore and they just become a tool. so it's an interesting, progression of these tools and, and these different technologies as they become more and more integrated into our lives, at some point, they become just a tool and not even seen necessarily as artificial intelligence. Many of the things that we're using every day are somewhere on that spectrum. Jorge: When you say “just a tool,” that's as far as our perception goes, right? What I'm hearing you say is that like it would lose the mystique of being “an AI.” Carol: Exactly, yeah. So, for example, many years ago there were tools that you could use to scan text into a computer system, and then that text would be recognized and would be editable in an editing system, in a tech system. And that was considered artificial intelligence for many years. And now, people just as tools and it's not as specific or as mysterious. And that's a big part of it is, as people understand these tools more and more, it's all just programming, it's not magic for the most part, and they can be understandable. And I think that's really an important key is that they do not have to be a black box. And that if they appear to be a black box, it's probably a bad sign. It should be understandable. It may be complex. It may be difficult for everyone to understand it, but clearly someone needs to know exactly how it's working and why is making the decisions or the changes or how it's responding to the environment and why it's doing that. And that type of understanding and control over that is really important for these systems and for humans. Jorge: What I'm hearing there is a call for some degree of transparency in the interfaces that allow people to interact with the system Is that fair Carol: Yes, definitely. Yeah, transparency is a huge piece of being able to trust for humans in these systems. And whenever we're met with a system that's not understandable, we tend to be less trusting of it — with good reason, as we should be. And so a big piece is just helping people understand the purpose of the system, the limitations of the system, the data that it's using how it's using that data, how decisions are made, and being able to really see the rationale for that. It will help everyone to be able to not only trust but also just understand and more powerfully use these systems to their benefit. Jorge: I feel compelled to share with you my tale of woe. Carol: Oh no. Jorge: Because I see it kind of as a harbinger of what could be a bleak future for users of these systems. And this has to do with my Gmail account. I think of my Gmail account as kind of a corpus of… A set of data that can have these algorithms pointed to it to do things like make recommendations. And I have the fortune/misfortune of having a pretty good Gmail address because I was an early user. So my Gmail address is my first initial last name at gmail.com. And I have a surname that is fairly common in parts of Latin America. I get a lot of people who must have my same first initial and same surname, signing up for services using my email address. Carol: Oh no! Jorge: They think that it's their own. And I've had Gmail give me recommendations for my upcoming trip to the Azores, or whatever. And it's like, well, I'm not going to the Azores, someone has reserved a hotel using my email address. Carol: Right. Jorge: And I can't opt out of it, you know? Carol: Right. Jorge: What I've learned about this is that — I think — back to your point about transparency, I think that if I delete those emails as opposed to archive them, it'll take them out of the training data set. But I don't know. I wish that there was a button in Gmail that said, “Ignore this one for the purposes of the AI.” Carol: Right. No, that'd be lovely. To your point, I don't know if it's coming through, so to speak, their system as it comes to you, and then it's always in, or if you can edit the body of knowledge that has. Yeah, that would be lovely if you could. And that's something that's really important, is to be able to take things out. So, for example, thinking about judicial decisions, about prison sentences and things like that, there's been a lot of problems with these types of systems not being fair and being very biased and racist and learning all of the horrible things that humans, at least in the United States, have been using for incarceration for generations. And if you can't remove that, if you can't take those previous bad decisions out of the system, that means that that system is always going to be broken. So there need to be ways, in the simple situations such as not having annoying things on your calendar, to much more significant decision-making where we need to be able to edit and to remove information that is erroneous or unwanted or biased or whatever is wrong with that information. We need to be able to remove it from these systems to keep us minimally less frustrated, and on the other end, safe and not subject to bad decision-making. Jorge: On that note, I'm wondering, because you're immersed in this world — it's your training and your job and everything — leads you to understand information through this lens. And I'm wondering how this has affected the way that you manage your own information. Carol: Yeah, I keep thinking that I will be more cautious and do things differently. But I also am just so busy. So I tend to not be as careful probably with things as I should be. But at the same time, I use, for example, dual-factor authentication on everything I can. So I do take many precautions with making sure that my information as protected as possible, but at the same time, I love using a lot of the tools out there. So I love using chatbot that I have in my home. I really love being able to just ask it to play NPR, or asking it to turn on some lights, or whatever it is. I really enjoy these types of tools, and I really like the idea that my email can add something to my calendar. That's really helpful. It doesn't always add it the way I want it to, and I'd like more control in that sense. But I find these tools to be so helpful in my day to day life. I've got kids, and I teach a class, and I work and got soccer games and a million things going on on any given day. I can't imagine having this busy of a life without these tools helping me day-to-day. That being said, I'm very cognizant of all of the danger that is potential with these systems and how much of my personal information is out there. I'm very protective of my kids' information and trying to keep them off of these systems for as long as possible. So it's a balance. It's a constant balance where I'm constantly trying to determine, is this still the system I want to be using? Should I be perhaps moving to a different system? Should I be not using the system that I believe to be more harmful? Trying to determine how to manage all that is a constant decision-making and evaluation process, and for people who are less familiar with these tools, I'm sure it's much more frightening and difficult. Jorge: And what I'm hearing there, in the way that you've been describing it, is that it can be scary, and it can be something of a chore, but earlier you talked about the fact that these systems can help make decisions for you and there's an aspect to it where it would somehow alleviate some of your day-to-day chores. Carol: Yeah. So mostly with regard to reminding me to do them. I don't know that it makes less work for me, but it does help me to remember to do things. So a reminder on my phone that I should leave soon to get to my next appointment, or automatically adding travel to my calendar means that I am going to see that on my calendar later, even if I didn't manually add it to myself. It'll be there, and it will be a nice reminder for myself as well as my husband, that “Oh, look, there's something on the calendar. I can't do that at that time because I'm going to be heading to the airport.” And so those types of things, I'm not sure that they necessarily are doing huge amount of time-saving for me yet, but they are helping me stay more organized, which is really nice. Jorge: I wish that we could keep talking about this. There's so much to cover, but we're nearing the end of our time together here. So Carol, where can folks find you? Carol: Yeah, yeah. I'm on Twitter @carologic, and on LinkedIn and many other tools, and I'm always happy to talk about these types of things. Jorge: I appreciate so much that you were able to talk with us about it today. Carol: Yeah, my pleasure. Thank you for having me.

Humans have been playing games since pre-historic times. Games has been used throughout history not only for enjoyment, but to build skills in a fun and engaging way. Today’s games are no different. Join us as Tom Longstaff, CTO of the Software Engineering Institute speaks with Rotem Guttman, a cybersecurity and educational gamification researcher on how to design experiences that motivate while they teach.

It's difficult to have good cybersecurity without good cyber intelligence. So are federal agencies any good at cyber intelligence? To find out, the director of national intelligence called on the Software Engineering Institute at Carnegie Mellon University. For highlights of what the researchers found, cyber intelligence researcher Jared Ettinger joined Federal Drive with Tom Temin.

After earning a degree in architecture, Dr. Ipek Ozkaya studied computational design at Carnegie Mellon University. Now at the Software Engineering Institute, Ozkaya researches better ways for designing software and helping organizations manage technical debt in large-scale, complex software-intensive systems. In this podcast, the latest in our Women in Software and Cybersecurity podcast series, Ozkaya talks about the educational choices and career path that led to her current work.

Sponsored by: Looking Glass Cyber Hosts: Polishchuk and Haas-The Workforce Edition-Cyber Terry Roberts has established the first CyberSecurity Online Exchange - enabling all businesses (especially midsized and small companies) to have continuous online access to automated cyber risk profiles, scorecards, action plans and affordable products, services, insights and trends industry wide. Previously Terry was the TASC VP for Cyber Engineering and Analytics, running all Cyber/IT, Financial and Business Analytics cross cutting, innovative technical services. Prior to TASC, Terry was an Executive Director of the Carnegie Mellon, Software Engineering Institute, leading the technical body of work for the entire US Interagency, with a special focus on leveraging and transitioning commercial innovation and acquisition excellence to government programs and capabilities and establishing the Emerging Technologies Center and Cyber Intelligence Consortium. Before transitioning to industry in 2009, Terry Roberts was the Deputy Director of Naval Intelligence (DDNI), where she led, together with the Director of Naval Intelligence, more than 20,000 intelligence and information-warfare military and civilian professionals and managed more than $5 billion in resources, technologies, and programs globally, leading the initial approach for the merging of Naval Communications and Intelligence under the OPNAV N2/N6 and the creation of the Information Dominance Corps. Prior to being the Navy DDNI, Terry Roberts served as the Director of Requirements and Resources for the Office of the Under Secretary of Defense for Intelligence (USDI), spearheading the creation and implementation of the Military Intelligence Program (MIP), in partnership with the Director of National Intelligence, the Services, the Combat Support Agencies, and the Office of the Secretary of Defense (OSD). An intelligence professional for over 30 years, Terry has held many senior intelligence positions, including Director of Intelligence, Commander Naval Forces Europe and Commander-in-Chief NATO AFSOUTH; Director, Defense Intelligence Resource Management Office (manager of the General Defense Intelligence Program); Director, Naval Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance (C4ISR) Scientific and Technical Intelligence (S&TI) analysis at the Office of Naval Intelligence; special assistant to the Associate Director of Central Intelligence for Military Support and the Chief of Staff for the Director Military Intelligence Staff. In addition, Terry has directed, conducted, and enabled intelligence operations globally, with much of this work being focused on the requirements, planning, and implementation of intelligence and communications technologies, software, and architectures. Terry Roberts is Chair Emeritus of the Intelligence and National Security Alliance (INSA) Cyber Council, was a Member of the AFCEA Intelligence Committee from 2008-2017, former President, Naval Intelligence Professionals (NIP), a 2017/18 Cyber Fellow at New America (non-partisan think tank), and a member of the USNA Cyber Education Advisory BOD since 2010 and of the Cyber Florida Advisory BOD. Terry's personal awards include the Office of the Secretary of Defense Medal for Exceptional Civilian Service; the Navy Senior Civilian Award of Distinction, the NGA Personal Medallion for Excellence; the Coast Guard Distinguished Public Service Award; the Director of Central Intelligence National Intelligence Certificate of Distinction; the National Intelligence Reform Medal; and the National Intelligence Meritorious Unit Citation

Bill Valdez, president of the Senior Executives Association, and Terry Gerton, president & CEO of the National Academy of Public Administration, discuss what the shutdown means for morale and other workforce issues across the federal government Chris Cummiskey, former acting Homeland Security undersecretary and CEO of Cummiskey Strategic Solutions, outlines why DHS is holding contract deadlines for the time being, and why it’s important to have “predictability.” Bobbie Stempfley, former chief information officer of the Defense Information Systems Agency and managing director of the CERT division at the Software Engineering Institute, discusses how artificial intelligence and automation can improve government cybersecurity.

Joe McManus is an expert and industry advisor in the field of information security. He currently serves as the CISO of Automox, provider of cloud-based, cross-platform patching software. He is also a senior researcher at CERT, part of the Software Engineering Institute at Carnegie Mellon University, where he specializes in large scale network monitoring, network forensics and incident response. Full Show Notes: https://wiki.securityweekly.com/ES_Episode98 Visit http://securityweekly.com/esw for all the latest episodes!

Joe McManus is an expert and industry advisor in the field of information security. He currently serves as the CISO of Automox, provider of cloud-based, cross-platform patching software. He is also a senior researcher at CERT, part of the Software Engineering Institute at Carnegie Mellon University, where he specializes in large scale network monitoring, network forensics and incident response. Full Show Notes: https://wiki.securityweekly.com/ES_Episode98 Visit http://securityweekly.com/esw for all the latest episodes!

Naomi Anderson has been working as a software developer for 19 years. Over the course of her career she has worked for the likes of Motorola, General Dynamics, and the Software Engineering Institute. Her current position is unable to be disclosed. She has worked on projects that have spanned the gamut from government funded large n-tiered systems to commercial single user applications, written in a variety of languages.

In May, at HackNYC 2018 in New York City, Dr. Bill Curtis' team of Tracie Gerardi and Lev Lesokhin will deliver a presentation on putting an end to "Technical Debt". I spoke with Dr. Curtis about his work in the creation of various maturity models, the current state of security in software development and "what keeps him up at night". You might be surprised at his answer. Listen in... About Dr. Bill Curtis Dr. Bill Curtis (1948) is an American software and organizational scientist. He is best known for leading the development of the Capability Maturity Model [1] (CMM for Software) and the People CMM [2] in the Software Engineering Institute at Carnegie Mellon University. He co-founded TeraQuest, a provider of CMM-based services, which was sold to Borland Software Corporation in 2005. He has published 5 books, over 150 articles, and in 2007 was elected a Fellow of the Institute of Electrical and Electronics Engineers for his career contributions to software process improvement and measurement.

The Software Process and Measurement Cast features my interview with Jeff Dalton.  Jeff returns to the Software Process and Measurement Cast to discuss the 12 attributes of successful Agile organizations. Jeff talks about the relatively small set of attributes that successful Agile organizations possess and exhibit. These attributes don’t occur by accident, but rather are a reflection of hard work and consistency of purpose.  We can all reflect and adopt these attributes in our pursuit of success. Jeff shows us how! Jeff’s Bio: Jeff Dalton is President of Broadsword, a Certified Lead Appraiser, CMMI Instructor, ScrumMaster and author of “agileCMMI,” Broadsword’s leading methodology for incremental and iterative process improvement, as well as many published articles and ebooks on performance innovation. Jeff has been selected Keynote Speaker at numerous conferences including the International Conference on CMMI in Lima, Peru, the PMI Great Lakes 2013 Symposium, the 2014 QUEST Conference and Expo, the CMMI SEPG Conference 2014, the CMMI Global Congress 2015, the PM Symposium Indianapolis 2015 and the PM Symposium Chicago 2015.  He has appeared multiple times at Agile Development West, Better Software, Agile Processes and Tools, AgileDC, and at Software Process Improvement Network (SPIN) and Agile Leadership Network (ALN) meetups throughout North America. Jeff served as the Chairman of the Partner Advisory Board at the Software Engineering Institute (SEI) and CMMI Institute from 2011-2014 during their transition period.  He has been president of Great Lakes Software Process Improvement Network, and is a recipient of the prestigious Software Engineering Institute’s SEI Member Award for Outstanding Representative for his work uniting the Agile and CMMI communities through his popular blog “Ask the CMMI Appraiser.” He holds degrees in Music and Computer Science and builds experimental airplanes in his spare time.  Jeff can be reached at appraiser@broadswordsolutions.com. Contact Data: Email: appraiser@broadswordsolutions.com. Twitter: @CMMIAppraiser Blog: http://askthecmmiappraiser.blogspot.com/ Web: http://www.broadswordsolutions.com/ also see: www.cmmi-tv.com Previous Appearances on the podcast: SPaMCAST 296 – Jeff Dalton, CMMI, Agile, Resiliency SPaMCAST 176 - Jeff Dalton, CMMI, Scrum and Agile Call to Action! Review the SPaMCAST on iTunes, Stitcher or your favorite podcatcher/player and then share the review! Help your friends find the Software Process and Measurement Cast. After all, friends help friends find great podcasts! Re-Read Saturday News Remember that the Re-Read Saturday of The Mythical Man-Month returns this week when we tackle the essay titled “The Other Face” Check out the new installment at Software Process and Measurement Blog.   Upcoming Events Agile Development Conference East November 8-13, 2015 Orlando, Florida http://adceast.techwell.com/ I will be speaking on November 12th on the topic of Agile Risk. Let me know if you are going and we will have a SPaMCAST Meetup. Next SPaMCAST The next Software Process and Measurement Cast returns to the topic of Agile Project Charters, tackling the concepts needed to scale a charter to an Agile project or program. When Agile projects scale up to handle larger efforts additional steps are often required. Additional steps can lead to bloat if you do not take care. We will also have a new installment of Jeremy Berriault’s QA Corner! We discussed the definition of test cases and why they are so important to delivering quality code! Shameless Ad for my book! Mastering Software Project Management: Best Practices, Tools and Techniques co-authored by Murali Chematuri and myself and published by J. Ross Publishing. We have received unsolicited reviews like the following: “This book will prove that software projects should not be a tedious process for you or your team.” Support SPaMCAST by buying the book here. Available in English and Chinese.  

This is a ''watershed year'' for cybercrime, according to a new survey on the topic. Yet many companies are falling short in their efforts to battle it. The state of corporate cybercrime protection is mixed at best. Government agencies and boards of directors are taking an increased role in the adoption of good preventive practices, according to a new survey by PwC, CSO, the U.S. Secret Service, and the CERT Division of the Software Engineering Institute at Carnegie Mellon University. On the other hand, many companies still aren't fully aware of the threat presented by hackers, terrorists and foreign governments. Shockingly, one in five of the surveyed executives said they aren't worried about the risk that cybercrime poses to their supply chains. Even some of the more forward-thinking organizations haven't progressed very far on the maturity curve. On this episode, we discuss the implications of the survey with PwC partner Quentin Orr. He outlines the various kinds of cyber threats, addresses the critical issue of third-party risks, and reports on the level and types of corporate investment in people, process and systems. Finally, he answers the key question: Given the sophistication and persistence of cyber-criminals today, is there any hope?

For several years, the Software Engineering Institute has researched the viability of Agile software development methods within Department of Defense programs and barriers to the adoption of those methods. In this podcast, SEI researcher Eileen Wrubel discusses how software sustainers leverage Agile methods and avoid barriers to using Agile methods. Listen on Apple Podcasts.

In this webinar, John Haller and Matthew Butkovic of the CERT Division of the Software Engineering Institute will discuss real-world incidents, including recent industrial control system attacks and incidents affecting Department of Defense capabilities, and the lessons that organizations should take away. The session will focus on the lifecycle of supply chain relationships and introduce concepts to help organizations manage them more effectively. Managing the risks of depending on external entities and supply chains to support critical services has increasingly become an area of concern for both the federal government and private critical infrastructure organizations. External dependencies may consist of business partners that your organization relies on, cloud services such as data processing, or storage facilities. Or these dependencies may take the form of reliance on public infrastructure such as transportation or the electrical grid. The webinar speakers, John and Matthew, will discuss the HAVEX malware attacks on industrial control system vendors, which were reported to the security community in June 2014. For supply chain risk management, a key lesson from the HAVEX case is the importance of having a process to identify and prioritize external dependencies. The speakers will also explore and discuss methods for addressing this problem in a realistic, reliable way. Also covered in the webinar are the lessons for third-party risk management that organizations should take away from recent attacks on DoD-affiliated transportation contractors. The speakers will explain how to correctly scope and build security programs around key, organizationally critical services. The speakers will discuss how your organization can learn from these incidents, including best practices around forming relationships with external entities and managing the relationship over time to support your organization's incident management and situational awareness processes. The webinar closes with a recap of key supply chain risk management capabilities and an update to CERT research into the state of these capabilities across U.S. critical infrastructure sectors.

Slides here: https://defcon.org/images/defcon-22/dc-22-presentations/White-Green/DEFCON-22-Kenneth-White-and-Matthew-Green-The-Open-Crypto-Audit-Project-Updated.pdf The Open Crypto Audit Project Kenneth White CO-FOUNDER, OPEN CRYPTO AUDIT PROJECT Matthew Green RESEARCH PROFESSOR, JOHNS HOPKINS UNIVERSITY Join us for the story of the origins and history of the Open Crypto Audit Project (OCAP). OCAP is a community-driven global initiative which grew out of the first comprehensive public audit and cryptanalysis of the widely used encryption software TrueCrypt®. Our charter is to provide technical assistance to free and open source software projects in the public interest. We serve primarily as a coordinator for volunteers and as a funding mechanism for technical experts in security, software engineering, and cryptography. We conduct analysis and research on FOSS and other widely software, and provide highly specialized technical assistance, analysis and research on free and open source software. This talk will present how we audited TrueCrypt, detailing both the Phase I security assessment, and the Phase II cryptanalysis. Looking forward, in light of GotoFail and HeartBleed, we will discuss future plans for our next audit projects of other open source critical infrastructure. Kenneth White is a co-founder of the CBX Group, and formerly principal scientist and senior security R&D engineer at Social & Scientific Systems. His work focuses on cloud security, machine learning, and distributed database architecture. At SSS, White led the Biomedical Informatics team that designed and runs the operations center for the largest clinical trial network in the world, with research centers in over 100 countries. Together with Matthew Green, White co-founded the TrueCrypt audit project, a community-driven initiative to conduct the first comprehensive cryptanalysis and public security audit of the widely used TrueCrypt encryption software. White holds a MEd from Harvard and is a PhD candidate in neuroscience and cognitive science, with research focusing on expert systems, real-time classification and machine learning. He is a technical reviewer for the Software Engineering Institute, and publishes and speaks frequently on computational neuroscience, signal processing, and security engineering. Twitter: @kennwhite Matthew D. Green, PhD is a professor of computer science at Johns Hopkins University. He teaches applied cryptography and builds secure systems. Green trained under Susan Hohenberger and Avi Rubin, and his research includes techniques for privacy-enhanced information storage, anonymous payment systems, and bilinear map-based cryptography. Green formerly served as a senior research staff member at AT&T Labs. Together with Kenneth White, he co-founded the TrueCrypt audit project, a community-driven initiative to conduct the first comprehensive cryptanalysis and public security audit of the widely used TrueCrypt encryption software. He blogs at Cryptography Engineering, and talks about cryptography and privacy. Twitter: @matthew_d_green Web: https://opencryptoaudit.org/people

Software Process and Measurement Cast number 302 features our interview with Larry Maccherone of Rally Software. We talked about Agile and metrics.  Measuring and challenging the folklore of Agile is a powerful tool for change!  Measurement and Agile in the same sentence really is not an oxymoron. Larry’s Bio: Larry is an industry recognized Agile speaker and thought leader. He is Rally Software's Director of Analytics and Research. Before coming to Rally Software, Larry worked at Carnegie Mellon with the Software Engineering Institute for seven years conducting research on software engineering metrics with a particular focus on reintroducing quantitative insight back into the agile world. He now leads a team at Rally using big data techniques to draw interesting insights and Agile performance metrics, and provide products that allow Rally customers to make better decisions. Larry is an accomplished author and speaker, presenting at major conferences for the lean and agile markets over the last several years, including the most highly rated talk at Agile 2013. He just gave two talks on the latest research at Agile 2014. Contact information: Rally Author Page Email: lmaccherone@rallydev.com Google+ Next Software Process and Measurement Cast number 303 will feature our essay on estimation.  Estimation is a hot bed of controversy. But perhaps first we should synchronize on just what we think the word means.  Once we have a common vocabulary we can commence with the fisticuffs. In SPaMCAST 303 we will not shy away from a hard discussion. Upcoming Events I will be presenting at the International Conference on Software Quality and Test Management in San Diego, CA on October 1.  I have a great discount code!!!! Contact me if you are interested! I will be presenting at the North East Quality Council 60th Conference October 21st and 22nd in Springfield, MA. More on all of these great events in the near future! I look forward to seeing all SPaMCAST readers and listeners that attend these great events! The Software Process and Measurement Cast has a sponsor. As many you know I do at least one webinar for the IT Metrics and Productivity Institute (ITMPI) every year. The ITMPI provides a great service to the IT profession. ITMPI’s mission is to pull together the expertise and educational efforts of the world’s leading IT thought leaders and to create a single online destination where IT practitioners and executives can meet all of their educational and professional development needs. The ITMPI offers a premium membership that gives members unlimited free access to 400 PDU accredited webinar recordings, and waives the PDU processing fees on all live and recorded webinars. The Software Process and Measurement Cast some support if you sign up here. All the revenue our sponsorship generates goes for bandwidth, hosting and new cool equipment to create more and better content for you. Support the SPaMCAST and learn from the ITMPI. Shameless Ad for my book! Mastering Software Project Management: Best Practices, Tools and Techniques co-authored by Murali Chematuri and myself and published by J. Ross Publishing. We have received unsolicited reviews like the following: “This book will prove that software projects should not be a tedious process, neither for you or your team.” Support SPaMCAST by buying the book here. Available in English and Chinese.

SPaMCAST 296 features our interview with Jeff Dalton we talked about Agile and resiliency. If Agile is resilient it will be able to spring back into shape after being bent or compressed by the pressures of development and support.  In the conversation, Jeff and I discussed whether Agile was resilient and how frameworks like the CMMI can be used to make Agile more resilient. Jeff is Broadsword’s President, Certified Lead Appraiser, CMMI Instructor, ScrumMaster and author of “agileCMMI,” Broadsword’s leading methodology for incremental and iterative process improvement.  He is Chairman of the CMMI Institute’s Partner Advisory Board and former President of the Great Lakes Software Process Improvement Network (GL-SPIN).  He is a recipient of the Software Engineering Institute’s SEI Member Award for Outstanding Representative for his work uniting the Agile and CMMI communities together through his popular blog “Ask the CMMI Appraiser.”  He holds degrees in Music and Computer Science and builds experimental airplanes in his spare time.  You can reach Jeff at appraiser@broadswordsolutions.com. Contact Data: Email:  appraiser@broadswordsolutions.com. Twitter:  @CMMIAppraiser Blog: http://askthecmmiappraiser.blogspot.com/ Web:  http://www.broadswordsolutions.com/ also see:  www.cmmi-tv.com Next week we will feature our essay on IFPUG Function Points.  IFPUG function points are an ISO Standard means to size projects and applications. IFPUG function points are used across a wide range of project types, industries and countries. Upcoming Events Upcoming DCG Webinars: July 24 11:30 EDT – The Impact of Cognitive Bias On Teams Check these out at www.davidconsultinggroup.com I will be attending Agile 2014 in Orlando, July 28 through August 1, 2014.  It would be great to get together with SPaMCAST listeners, let me know if you are attending. I will be presenting at the International Conference on Software Quality and Test Management in San Diego, CA on October 1 I will be presenting at the North East Quality Council 60th Conference on October 21st and 22nd in Springfield, MA. More on all of these great events in the near future! I look forward to seeing all SPaMCAST readers and listeners that attend these great events! The Software Process and Measurement Cast has a sponsor. As many you know I do at least one webinar for the IT Metrics and Productivity Institute(ITMPI) every year. The ITMPI provides a great service to the IT profession. ITMPI’s mission is to pull together the expertise and educational efforts of the world’s leading IT thought leaders and to create a single online destination where IT practitioners and executives can meet all of their educational and professional development needs. The ITMPI offers a premium membership that gives members unlimited free access to 400 PDU accredited webinar recordings, and waives the PDU processing fees on all live and recorded webinars. The Software Process and Measurement Cast some support if you sign up here. All the revenue our sponsorship generates goes for bandwidth, hosting and new cool equipment to create more and better content for you. Support the SPaMCAST and learn from the ITMPI. Shameless Ad for my book! Mastering Software Project Management: Best Practices, Tools and Techniques co-authored by Murali Chematuri and myself and published by J. Ross Publishing. We have received unsolicited reviews like the following: “This book will prove that software projects should not be a tedious process, neither for you or your team.” Support SPaMCAST by buying the book here. Available in English and Chinese.

The SPaMCAST 176 features my interview with Jeff Dalton.  We discussed Agile, Scrum and the CMMI.  A discussion that included more than just theory. Jeff is Broadsword’s President, Certified Lead Appraiser, CMMI Instructor, a Pilot, ScrumMaster, and author of “agileCMMI,” Broadsword’s leading methodology for incremental and iterative process improvement. He is the 2012 Chairman of the SEI’s Partner Advisory Board and President of the Great Lakes Software Process Improvement Network (GL-SPIN).  In 2008 he coined the term Process Debt to describe the crushing, over-bearing processes too many companies employ to achieve a CMMI rating.  In 2009 he was awarded the prestigious Software Engineering Institute’s SEI Member Award for Outstanding Representative for is work uniting the Agile and CMMI communities together through his popular blog “Ask the CMMI Appraiser.” He holds degrees in Music and Computer Science and builds experimental airplanes in his spare time.   Contact Data: Email:  appraiser@broadswordsolutions.com. Twitter:  @CMMIAppraiser Blog: http://askthecmmiappraiser.blogspot.com/ Web:  http://www.broadswordsolutions.com/   Interested in becoming a radio star? If you are interested in reviewing tools or books?  Drop me a note at spamcastinfo@gmail.com   Shameless Ad for my book!  Mastering Software Project Management: Best Practices, Tools and Techniques co-authored by Murali Chematuri and myself and published by J. Ross Publishing. We have received unsolicited reviews like the following: "This book will prove that software projects should not be a tedious process, neither for you or your team." Have you bought your copy?   Contact information for the Software Process and Measurement Cast Email:  spamcastinfo@gmail.com Voicemail:  +1-206-888-6111 Website: www.spamcast.net Twitter: www.twitter.com/tcagley Facebook:  http://bit.ly/16fBWV Next: The Software Process and Measurement Cast 177 will feature my essay on the beginners mind.  The essay wrestles with the question, why is easier for some people and organizations to embrace new ideas?

In this interview I talk with Dr. Paul Nielsen from the Software Engineering Institute. We talk about his presence in StepTalks2011 that took place in Lisbon, Portugal on 12-april and the presentation he delivered here. Length: – 12:48m You can download the show (in english) or subscribe the podcast feed (mainly in portuguese). Dr Paul […]

In this interview I talk with Dr. Paul Nielsen from the Software Engineering Institute. We talk about his presence in StepTalks2011 that took place in Lisbon, Portugal on 12-april and the presentation he delivered here. Length: – 12:48m You can download the show (in english) or subscribe the podcast feed (mainly in portuguese). Dr Paul […]

Welcome to the Software Process and Measurement Cast 87! The interview in the SPaMCAST 87 features a discussion with Hans Sassenberg.  We talked about his paper "Affordable Software Quality Assessment" and why typical process improvement programs are not enough. Dr. Hans Sassenburg received a Master of Science degree in electrical engineering from the Eindhoven University of Technology (Netherlands) in 1986 and a PhD degree in economics from the University of Groningen (Netherlands) in 2006. He worked as an independent consultant until 1996, when he co-founded a consulting and training firm. This company specialized in software process improvement and software architecture and was sold in 2000. In 2001 he moved to Switzerland, where he founded a new consulting and training firm SE-CURE AG (www.se-cure.ch). In addition, he has been a visiting scientist at the Software Engineering Institute (www.sei.cmu.edu) since January of 2005. In 2009, he co-founded the Software Benchmarking Organization (www.sw-benchmarking.org), a consortium of international accredited partners. Dr. Sassenburg is an internationally published author on software engineering and economics. Benchmarking:         www.sw-benchmarking.org Consulting/training:  www.se-cure.ch Research:                www.sei.cmu.edu Remember to check out GoTo Assist Express! The essay is the second part of Collaboration: Business's Duct Tape.  Note is this a short section as hiking in the Rockies was conductive to relaxation but not to writing. I am about to start an experiment with using kanban at a personal level.  I am interested in any advice or comments you might have.  I will share the results of the experiment as it develops.  Contact information for the Software Process and Measurement Cast Email:  spamcastinfo@gmail.com Voicemail:  +1-206-888-6111 Website: www.spamcast.net Twitter: www.twitter.com/tcagley Facebook:  http://bit.ly/16fBWV Conferences and Speaking Engagements in 2010 (To Date)   ISMA Cinco in São Paulo September 13-15.  I will be one of the featured speakers.  More on the topic the near future.  The website to get more information is http://www.ifpug.org/conferences/  I hope to see you there! Next! The interview in the Software Process and Measurement Cast 88 will feature Naomi Karten.  We discussed he book Changing How You Manage and Communicate Change. This book is another game changer!

Welcome to the Software Process and Measurement Cast 83! The interview in the SPaMCAST 83 is with Gary Gack.  We discussed his new book "Managing The Black Hole".  The book and the discussion centered on how organizations can improve their effectiveness.  Lots of great ideas for orgnaizations at all levels of maturity. Gary Gack, is the founder and President of Process-Fusion.net, a provider of e-Learning, Assessments, Strategy advice, Training, and Coaching relating to integration and deployment of software and IT industry best practices. Mr. Gack holds an MBA from the Wharton School and is a Lean Six Sigma Black Belt. In addition he is an ASQ Certified Software Quality Engineer (CSQE), a Certified Scrum Master, a Visiting Scientist with the Software Engineering Institute (2006) where he co-authored the "Measuring for Performance Driven Improvement 1" course for which he is an authorized instructor, and he holds the ITIL Foundation Certification. He has more than 40 years of diverse experience in the software and IT industry, including more than 20 years focused on process improvement. He is the author of numerous articles and a book entitled "Managing the “Black Hole”: The Executive’s Guide to Software Project Risk. Contact information:Email:      ggack@Process-Fusion.net Website:  http://www.process-fusion.net/ The essay examines the the software measure / metric:  Size.  Size really is important and the type of size measure you choose will expand or constrain what you can do with the data.  We will define physical, functional and relative measures of size and where they are useful.  Contact information for the Software Process and Measurement Cast Email:  spamcastinfo@gmail.com Voicemail:  +1-206-888-6111 Website: www.spamcast.net Twitter: www.twitter.com/tcagley Facebook:  http://bit.ly/16fBWV The SPaMCAST's production schedule is on the Software Process and Measurement Facebook page.  Yell at me if you have ideas for future interviews or essays.  Your thoughts, comments, suggestions and ideas are welcome. Conferences and Speaking Engagements in 2010 (To Date)   Quest Conference in Dallas April 21 - 23.  I will be talking on "Process Improvement in a Multi-Model World".  The conference includes two days of workshops.  The website to get more information is http://www.qaiquest.org/dallas/index.html Next! The interview in the SPaMCAST 84 is with Ricardo Valardi.  We discussed software cost estimation and behavioural economics.  THis was a great interview that anyone working in the IT field will find immeadeatly usefull and thought provoking in the long term.

Are your security & IT controls really effective? Do you know how your security & IT operations compare to high performers? In this presentation, Gene Kim will share the work he has been doing over the last six years with the IT Process Institute (ITPI), Software Engineering Institute, and Institute of Internal Auditors, codifying the observed practices of high-performing IT organizations. These high performers have a culture of change management, a culture of causality and a perpetual desire to detect variance before it causes a catastrophic event.Specifically, Gene will discuss the ITPI IT Controls Benchmarking Survey of practice, a recently completed research project which has quantified the value, effectiveness, efficiency and security of controls. This landmark research has uncovered an alternative approach to being an effective security executive, based on measuring security by its ability to maintain its existing commitments; integrate controls into daily IT operations (prevent); put automated controls in place to variance before loss events (detect); reduce the percent of security incidents that result in loss events (detect); and successfully investigate and conclude security investigations.Attendees will learn about the key research findings:* That high performers have 5-8x higher operational and securityeffectiveness and efficiency measures* The 20% of IT controls that have 80% of the measurable benefits, andhow to implement and the prescriptive steps to take in order to achievedefined security results* The certain processes and controls that have shown catalytic andsustaining properties, meaning that the value they add demonstrablyexceeds the cost to implement, and report out on them. About the speaker: Gene Kim is the CTO and founder of Tripwire, Inc. In 1992, heco-authored Tripwire while at Purdue University with Dr. Gene Spafford.Since then, Tripwire has been adopted by more than 5,000 enterprisesworldwide. In 2004, Kim co-founded the IT Process Institute, which isdedicated to research, benchmarking and developing prescriptive guidancefor IT operations and security management and auditors. He alsoco-authored the "Visible Ops Handbook: Implementing ITIL in FourPractical And Auditable Steps" and was a principal investigator on theIT Controls Performance Study project, completed in 2006 Kim currentlyserves on the Advanced Technology Committee for the Institute ofInternal Auditors, and was part of the team that defined changemanagement best practices for the recently released IIA GlobalTechnology Guide "Change and Patch Management Controls: Critical forOrganizational Success." Since 1999, Kim has been working with SANS, the Software EngineeringInstitute and the IIA to capture how "best in class" organizations haveIT operations, security, management, governance and audit workingtogether to solve common business objectives. Kim holds a M.S. incomputer science from University of Arizona and a B.S. in computersciences from Purdue University. Gene is certified on both ITmanagement and audit processes, possessing both ITIL Foundations andCISA certifications.

Are your security & IT controls really effective? Do you know how your security & IT operations compare to high performers? In this presentation, Gene Kim will share the work he has been doing over the last six years with the IT Process Institute (ITPI), Software Engineering Institute, and Institute of Internal Auditors, codifying the observed practices of high-performing IT organizations. These high performers have a culture of change management, a culture of causality and a perpetual desire to detect variance before it causes a catastrophic event. Specifically, Gene will discuss the ITPI IT Controls Benchmarking Survey of practice, a recently completed research project which has quantified the value, effectiveness, efficiency and security of controls. This landmark research has uncovered an alternative approach to being an effective security executive, based on measuring security by its ability to maintain its existing commitments; integrate controls into daily IT operations (prevent); put automated controls in place to variance before loss events (detect); reduce the percent of security incidents that result in loss events (detect); and successfully investigate and conclude security investigations. Attendees will learn about the key research findings: * That high performers have 5-8x higher operational and security effectiveness and efficiency measures * The 20% of IT controls that have 80% of the measurable benefits, and how to implement and the prescriptive steps to take in order to achieve defined security results * The certain processes and controls that have shown catalytic and sustaining properties, meaning that the value they add demonstrably exceeds the cost to implement, and report out on them.