loader from loading.io

The Importance of Diversity in Cybersecurity: Carol Ware

SEI Podcasts

Release Date: 03/21/2024

Cybersecurity Metrics: Protecting Data and Understanding Threats show art Cybersecurity Metrics: Protecting Data and Understanding Threats

SEI Podcasts

One of the biggest challenges in collecting cybersecurity metrics is scoping down objectives and determining what kinds of data to gather. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Bill Nichols, who leads the SEI’s Software Engineering Measurements and Analysis Group, discusses the importance of cybersecurity measurement, what kinds of measurements are used in cybersecurity, and what those metrics can tell us about cyber systems.

info_outline
3 Key Elements for Designing Secure Systems show art 3 Key Elements for Designing Secure Systems

SEI Podcasts

To make secure software by design a reality, engineers must intentionally build security throughout the software development lifecycle. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Timothy A. Chick, technical manager of the Applied Systems Group in the SEI’s CERT Division, discusses building, designing, and operating secure systems.

info_outline
Using Role-Playing Scenarios to Identify Bias in LLMs show art Using Role-Playing Scenarios to Identify Bias in LLMs

SEI Podcasts

Harmful biases in large language models (LLMs) make AI less trustworthy and secure. Auditing for biases can help identify potential solutions and develop better guardrails to make AI safer. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Katie Robinson and Violet Turri, researchers in the SEI’s AI Division, discuss their recent work using role-playing game scenarios to identify biases in LLMs.

info_outline
Best Practices and Lessons Learned in Standing Up an AISIRT show art Best Practices and Lessons Learned in Standing Up an AISIRT

SEI Podcasts

In the wake of widespread adoption of artificial intelligence (AI) in critical infrastructure, education, government, and national security entities, adversaries are working to disrupt these systems and attack AI-enabled assets. With nearly four decades in vulnerability management, the Carnegie Mellon University Software Engineering Institute (SEI) recognized a need to create an entity that would identify, research, and identify mitigation strategies for AI vulnerabilities to protect national assets against traditional cybersecurity, adversarial machine learning, and joint cyber-AI...

info_outline
3 API Security Risks (and How to Protect Against Them) show art 3 API Security Risks (and How to Protect Against Them)

SEI Podcasts

The exposed and public nature of application programming interfaces (APIs) come with risks including the increased network attack surface. Zero trust principles are helpful for mitigating these risks and making APIs more secure. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), McKinley Sconiers-Hasan, a solutions engineer in the SEI CERT Division, discusses three API risks and how to address them through the lens of zero trust.    

info_outline
Evaluating Large Language Models for Cybersecurity Tasks: Challenges and Best Practices show art Evaluating Large Language Models for Cybersecurity Tasks: Challenges and Best Practices

SEI Podcasts

How can we effectively use large language models (LLMs) for cybersecurity tasks? In this Carnegie Mellon University Software Engineering Institute podcast, Jeff Gennari and Sam Perl discuss applications for LLMs in cybersecurity, potential challenges, and recommendations for evaluating LLMs.

info_outline
Capability-based Planning for Early-Stage Software Development show art Capability-based Planning for Early-Stage Software Development

SEI Podcasts

Capability-Based Planning (CBP) defines a framework that has an all-encompassing view of existing abilities and future needs for strategically deciding what is needed and how to effectively achieve it. Both business and government acquisition domains use CBP for financial success or to design a well-balanced defense system. The definitions understandably vary across these domains. In this SEI podcast, Anandi Hira, a data scientist, and William R. Nichols, an initiative lead for Software Engineering Measurement and Analysis, introduce CBP and its use and application in software acquisition.

info_outline
Safeguarding Against Recent Vulnerabilities Related to Rust show art Safeguarding Against Recent Vulnerabilities Related to Rust

SEI Podcasts

What can the recently discovered vulnerabilities related to Rust tell us about the security of the language? In this podcast from the Carnegie Mellon University Software Engineering Institute, David Svoboda discusses two vulnerabilities, their sources, and how to mitigate them.

info_outline
Developing a Global Network of Computer Security Incident Response Teams (CSIRTs) show art Developing a Global Network of Computer Security Incident Response Teams (CSIRTs)

SEI Podcasts

Cybersecurity risks aren’t just a national concern. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), the CERT division’s Tracy Bills, senior cybersecurity operations researcher and team lead, and James Lord, security operations technical manager, discuss the SEI’s work developing Computer Security Incident Response Teams (CSIRTs) across the globe.

info_outline
Automated Repair of Static Analysis Alerts  show art Automated Repair of Static Analysis Alerts

SEI Podcasts

Developers know that static analysis helps make code more secure. However, static analysis tools often produce a large number of false positives, hindering their usefulness. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), David Svoboda, a software security engineer in the SEI’s CERT Division, discusses Redemption, a new open source tool from the SEI that automatically repairs common errors in C/C++ code generated from static analysis alerts, making code safer and static analysis less overwhelming.

info_outline
 
More Episodes

In this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Ware, a senior cybersecurity engineer in the SEI’s CERT Division, discusses her career path, the value of mentorship, and the importance of diversity in cybersecurity.