New website: RiskCommentary.ca We see a contradiction: increased need for Enterprise Risk Management, while risk managers report low perceived value of their processes. High Quality Risk Assessment addresses uncertainty and helps solve chronic business problems. Join Edward Robertson, successful ERM practitioner, to discover a simple process that delivers clear value.
…
continue reading
Presentations given at Oxford's International Conference on Water Security, Risk and Society, April 16-18th 2012. The event convened many of the world's leading thinkers from science, policy and enterprise to understand the status of and pathways to water security at multiple scales.
…
continue reading
1
Software Engineering Institute (SEI) Podcast Series
Members of Technical Staff at the Software Engineering Institute
The SEI Podcast Series presents conversations in software engineering, cybersecurity, and future technologies.
…
continue reading
The CYBER5 is hosted by Landon Winkelvoss, Co-Founder at Nisos, and features cybersecurity and investigations industry leaders' thoughts and answers to five questions on one topic on actionable intelligence to enterprise revolving around third-party risk management, adversary research and attribution, digital executive protection, merger and acquisition diligence, brand protection, disinformation, and cyber threat intelligence.
…
continue reading
Come on an insightful journey across business, sustainability, technology, strategy and architecture - listen to the people who are influencing the architecture of tomorrow. Hear from the global community for Enterprise, Business, Technology Architects and related roles who want to collaborate and learn from each other. Connect with Oliver Cronk on LinkedIn if you have thoughts on topics or would like to appear on the series. Find the YouTube channel at https://YouTube.com/ArchitectTomorrow/
…
continue reading
1
3 Key Elements for Designing Secure Systems
36:28
36:28
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
36:28
To make secure software by design a reality, engineers must intentionally build security throughout the software development lifecycle. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Timothy A. Chick, technical manager of the Applied Systems Group in the SEI’s CERT Division, discusses building, designing, …
…
continue reading
1
Green IO Conference London 2024 Highlights
30:38
30:38
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
30:38
A special edition of Architect Tomorrow covering the Green IO London conference in September 2024. It was an exciting day, and whilst we couldn't capture everything, this episode gives you a taster of what was shared on the day - with some clips from the talks, the panel on AI, and interviews with some of the speakers and of course Gael Duez!Do che…
…
continue reading
1
Using Role-Playing Scenarios to Identify Bias in LLMs
45:07
45:07
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
45:07
Harmful biases in large language models (LLMs) make AI less trustworthy and secure. Auditing for biases can help identify potential solutions and develop better guardrails to make AI safer. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Katie Robinson and Violet Turri, researchers in the SEI’s AI Division,…
…
continue reading
1
Best Practices and Lessons Learned in Standing Up an AISIRT
38:29
38:29
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
38:29
In the wake of widespread adoption of artificial intelligence (AI) in critical infrastructure, education, government, and national security entities, adversaries are working to disrupt these systems and attack AI-enabled assets. With nearly four decades in vulnerability management, the Carnegie Mellon University Software Engineering Institute (SEI)…
…
continue reading
1
3 API Security Risks (and How to Protect Against Them)
19:28
19:28
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
19:28
The exposed and public nature of application programming interfaces (APIs) come with risks including the increased network attack surface. Zero trust principles are helpful for mitigating these risks and making APIs more secure. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), McKinley Sconiers-Hasan, a solu…
…
continue reading
1
Evaluating Large Language Models for Cybersecurity Tasks: Challenges and Best Practices
43:05
43:05
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
43:05
How can we effectively use large language models (LLMs) for cybersecurity tasks? In this Carnegie Mellon University Software Engineering Institute podcast, Jeff Gennari and Sam Perl discuss applications for LLMs in cybersecurity, potential challenges, and recommendations for evaluating LLMs.
…
continue reading
1
Capability-based Planning for Early-Stage Software Development
33:55
33:55
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
33:55
Capability-Based Planning (CBP) defines a framework that has an all-encompassing view of existing abilities and future needs for strategically deciding what is needed and how to effectively achieve it. Both business and government acquisition domains use CBP for financial success or to design a well-balanced defense system. The definitions understa…
…
continue reading
1
Sustainable IT Advice from Gael Duez of Green IO
1:00:12
1:00:12
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
1:00:12
In this episode of Architect Tomorrow, Oliver talks to Gael about the conversations he's had on his Green IO podcast and they discuss advice for Architects trying to make trade offs on digital sustainability. They discuss:- Gael's background and journey into technology sustainability- The importance of data management in sustainable architecture- D…
…
continue reading
1
Safeguarding Against Recent Vulnerabilities Related to Rust
26:25
26:25
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
26:25
What can the recently discovered vulnerabilities related to Rust tell us about the security of the language? In this podcast from the Carnegie Mellon University Software Engineering Institute, David Svoboda discusses two vulnerabilities, their sources, and how to mitigate them.
…
continue reading
1
Developing a Global Network of Computer Security Incident Response Teams (CSIRTs)
30:51
30:51
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
30:51
Cybersecurity risks aren’t just a national concern. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), the CERT division’s Tracy Bills, senior cybersecurity operations researcher and team lead, and James Lord, security operations technical manager, discuss the SEI’s work developing Computer Security Incident R…
…
continue reading
1
Automated Repair of Static Analysis Alerts
27:05
27:05
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
27:05
Developers know that static analysis helps make code more secure. However, static analysis tools often produce a large number of false positives, hindering their usefulness. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), David Svoboda, a software security engineer in the SEI’s CERT Division, discusses Rede…
…
continue reading
1
Cyber Career Pathways and Opportunities
31:23
31:23
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
31:23
Not all paths to cybersecurity careers look the same. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Randy Trzeciak, deputy director of cyber risk and resilience in the SEI’s CERT division, discusses his career journey, resources for pursuing a career in cybersecurity, and the importance of building a dive…
…
continue reading
1
Getting Started with Enterprise Architecture by Eric Jager - Unboxing with Whynde and David
45:16
45:16
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
45:16
Oliver and Whynde are joined by David Rees (new to Enterprise Architecture) and Eric Jager author of Getting Started with Enterprise Architecture - for a discussion of the book.You can get the book from Amazon https://www.amazon.com/Getting-Started-Enterprise-Architecture-Practical/dp/1484298578/ or directly from Springer https://link.springer.com/…
…
continue reading
1
My Story in Computing with Sam Procter
37:15
37:15
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
37:15
Sam Procter started out studying computer science at the University of Nebraska, but he didn’t love it. It wasn’t until he took his first software engineering course that he knew he’d found his career path. In this podcast from the Carnegie Mellon University Software Engineering Institute, Sam Procter discusses the early influences that shaped his …
…
continue reading
1
Developing and Using a Software Bill of Materials Framework
37:37
37:37
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
37:37
With the increasing complexity of software systems, the use of third-party components has become a widespread practice. Cyber disruptions, such as SolarWinds and Log4j, demonstrate the harm that can occur when organizations fail to manage third-party components in their software systems. In this podcast from the Carnegie Mellon University Software …
…
continue reading
1
The Importance of Diversity in Cybersecurity: Carol Ware
26:37
26:37
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
26:37
In this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Ware, a senior cybersecurity engineer in the SEI’s CERT Division, discusses her career path, the value of mentorship, and the importance of diversity in cybersecurity.Par Carol Ware
…
continue reading
1
The Importance of Diversity in Software Engineering: Suzanne Miller
29:02
29:02
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
29:02
In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Suzanne Miller, a principal researcher in the SEI’s Software Solutions Division, discusses her career path, the value of mentorship, and the importance of diversity in software engineering.Par Suzanne Miller
…
continue reading
1
The Importance of Diversity in Artificial Intelligence: Violet Turri
16:57
16:57
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
16:57
Across the globe, women account for less than 30 percent of professionals in technical fields. That number drops to 22 percent in the field of Artificial Intelligence (AI). In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Violet Turri, a software developer in the SEI’s AI Division, discusses the evolution of…
…
continue reading
1
Geospatial Innovation for Mapping Sustainability and the Built Environment
47:18
47:18
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
47:18
In this episode of Architect Tomorrow, host Oliver Cronk is joined by Isabelle Chatel de Brancion, Business and Innovation Lead at Geovation, Ordnance Survey's innovation hub. Isabelle shares her unique perspective as a former building architect turned geospatial innovator, drawing parallels and contrasts between the worlds of building architecture…
…
continue reading
1
Using Large Language Models in the National Security Realm
34:45
34:45
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
34:45
At the request of the White House, the Office of the Director of National Intelligence (ODNI) began exploring use cases for large language models (LLMs) within the Intelligence Community (IC). As part of this effort, ODNI sponsored the Mayflower Project at Carnegie Mellon University’s Software Engineering Institute (SEI) from May 2023 through Septe…
…
continue reading
1
Atypical Applications of Agile and DevSecOps Principles
33:41
33:41
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
33:41
Modern software engineering practices of Agile and DevSecOps have provided a foundation for producing working software products faster and more reliably than ever before. Far too often, however, these practices do not address the non-software concerns of business mission and capability delivery even though these concerns are critical to the success…
…
continue reading
1
AI in 2024 with Peter Gostev, Chris and Charles. Discussing the latest models and frameworks.
1:09:50
1:09:50
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
1:09:50
Oliver got Chris Booth and Charles Phiri back along with Peter Gostev who has recently moved to a Head of AI role at Moonpig to discuss recent developments in the AI space. They discuss recent developments in AI, with a focus on new models like AlphaGeometry, GraphCast, and Mixtral. The participants also discuss benchmarking of models, prompting fr…
…
continue reading
1
When Agile and Earned Value Management Collide: 7 Considerations for Successful Interaction
35:21
35:21
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
35:21
Increasingly in government acquisition of software-intensive systems, we are seeing programs using Agile development methodology and earned value management. While there are many benefits to using both Agile and EVM, there are important considerations that software program managers must first address. In this podcast, Patrick Place, a senior engine…
…
continue reading
1
The Impact of Architecture on Cyber-Physical Systems Safety
34:05
34:05
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
34:05
As developers continue to build greater autonomy into cyber-physical systems (CPSs), such as unmanned aerial vehicles (UAVs) and automobiles, these systems aggregate data from an increasing number of sensors. However, more sensors not only create more data and more precise data, but they require a complex architecture to correctly transfer and proc…
…
continue reading
1
Reflections on 2023 that tell us about 2024
20:19
20:19
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
20:19
Penny Townsend and Oliver recap 2023 in 20 minutes, covering a range of topics (naturally including AI which is one prediction we definitely got right last time around!), but also data, working patterns, sustainability and more.We look at what we got right and wrong (also using some assistance from Claude.ai) from our previous predictions for 2023 …
…
continue reading
1
ChatGPT and the Evolution of Large Language Models: A Deep Dive into 4 Transformative Case Studies
46:22
46:22
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
46:22
To better understand the potential uses of large language models (LLMs) and their impact, a team of researchers at the Carnegie Mellon University Software Engineering Institute CERT Division conducted four in-depth case studies. The case studies span multiple domains and call for vastly different capabilities. In this podcast, Matthew Walsh, a seni…
…
continue reading
1
The Cybersecurity of Quantum Computing: 6 Areas of Research
23:01
23:01
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
23:01
Research and development of quantum computers continues to grow at a rapid pace. The U.S. government alone spent more than $800 million on quantum information science research in 2022. Thomas Scanlon, who leads the data science group in the SEI CERT Division, was recently invited to be a participant in the Workshop on Cybersecurity of Quantum Compu…
…
continue reading
1
User-Centric Metrics for Agile
31:41
31:41
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
31:41
Far too often software programs continue to collect metrics for no other reason than that is how it has always been done. This leads to situations where, for any given environment, a metrics program is defined by a list of metrics that must be collected. A top-down, deterministic specification of graphs or other depictions of data required by the m…
…
continue reading
1
The Product Manager’s Evolving Role in Software and Systems Development
24:19
24:19
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
24:19
In working with software and systems teams developing technical products, Judy Hwang, a senior software engineer in the SEI CERT Division, observed that teams were not investing the time, resources and effort required to manage the product lifecycle of a successful product. These activities include thoroughly exploring the problem space by talking …
…
continue reading
1
Measuring the Trustworthiness of AI Systems
19:27
19:27
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
19:27
The ability of artificial intelligence (AI) to partner with the software engineer, doctor, or warfighter depends on whether these end users trust the AI system to partner effectively with them and deliver the outcome promised. To build appropriate levels of trust, expectations must be managed for what AI can realistically deliver. In this podcast f…
…
continue reading
1
Knowledge Graphs are key to unlocking the power of AI
47:34
47:34
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
47:34
Tony Seale KG Engineer at UBS joins Chris Booth (from Natwest) and Oliver Cronk (Leader of #ArchitectTomorrow and Tech Director at Scott Logic) to discuss the importance of Knowledge Graph technology as an enabler for more effective AI deployments.The important role Knowledge Graphs can play in your AI Architecture particularly when working with La…
…
continue reading
1
Actionable Data in the DevSecOps Pipeline
31:58
31:58
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
31:58
In this podcast from the Carnegie Mellon University Software Engineering Institute, Bill Nichols and Julie Cohen talk with Suzanne Miller about how automation within DevSecOps product-development pipelines provides new opportunities for program managers (PMs) to confidently make decisions with the help of readily available data. As in commercial co…
…
continue reading
1
Insider Risk Management in the Post-Pandemic Workplace
47:34
47:34
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
47:34
In the wake of the COVID pandemic, the workforce decentralized and shifted toward remote and hybrid environments. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Dan Costa, technical manager of enterprise threat and vulnerability management, and Randy Trzeciak, deputy director of Cyber Risk and Resilience, …
…
continue reading
1
An Agile Approach to Independent Verification and Validation
31:57
31:57
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
31:57
Independent verification and validation (IV&V) is a significant step in the process of deploying systems for mission-critical applications in the Department of Defense (DoD). In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Justin Smith, senior Agile transformation leader in the SEI Software Solutions Divisi…
…
continue reading
1
Zero Trust Architecture: Best Practices Observed in Industry
27:53
27:53
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
27:53
Zero trust architecture has the potential to improve an enterprise’s security posture. There is still considerable uncertainty about the zero trust transformation process, however, as well as how zero trust architecture will ultimately appear in practice. Recent executive orders have accelerated the timeline for zero trust adoption in the federal s…
…
continue reading
1
Automating Infrastructure as Code with Ansible and Molecule
39:38
39:38
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
39:38
In Ansible, roles allow system administrators to automate the loading of certain variables, tasks, files, templates, and handlers based on a known file structure. Grouping content by roles allows for easy sharing and reuse. When developing roles, users must deal with various concerns, including what operating system(s) and version(s) will be suppor…
…
continue reading
1
Exploring Corporate Innovation and Design with Faiz Hussain
46:30
46:30
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
46:30
Join Oliver Cronk in this captivating episode of Architect Tomorrow as he engages in a thought-provoking conversation with Faiz Hussain, an expert in design and innovation for both corporates and start-ups. Faiz takes us on a journey through his career in technology and design, sharing valuable insights on corporate innovation and highlighting its …
…
continue reading
1
Identifying and Preventing the Next SolarWinds
46:04
46:04
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
46:04
In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Gregory J. Touhill, director of the SEI CERT Division, talks with principal researcher Suzanne Miller about the 2020 attack on Solar Winds software and how to prevent a recurrence of another major attack on key systems that are in widespread use. Solar Winds i…
…
continue reading
1
A Penetration Testing Findings Repository
25:47
25:47
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
25:47
In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI) Marisa Midler and Samantha Chaves, penetration testers with the SEI’s CERT Division, talk with Suzanne Miller about a penetration-testing repository that they helped to build. The repository is a source of information for active directory, phishing, mobile tech…
…
continue reading
1
Understanding Vulnerabilities in the Rust Programming Language
36:45
36:45
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
36:45
While the memory safety and security features of the Rust programming language can be effective in many situations, Rust’s compiler is very particular on what constitutes good software design practices. Whenever design assumptions disagree with real-world data and assumptions, there is the possibility of security vulnerabilities–and malicious softw…
…
continue reading
1
Strategy to Reality with Whynde Kuehn, Lisa Woodall and Catherine Pratt
41:57
41:57
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
41:57
The latest episode of Architect Tomorrow, featuring an incredible all-female panel! Get ready to dive into the Whynde Kuehn's remarkable book, "Strategy to Reality." Join us as Lisa Woodall, Catherine Pratt, and Oliver talk with Whynde to share their personal experiences in enterprise, business architecture, and technology transformation initiative…
…
continue reading
1
We Live in Software: Engineering Societal-Scale Systems
39:31
39:31
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
39:31
Societal-scale software systems, such as today’s commercial social media platforms, are among the most widely used software systems in the world, with some platforms reporting billions of daily active users. These systems have created new mechanisms for global communication and connect people with unprecedented speed. Despite the numerous benefits …
…
continue reading
1
Secure by Design, Secure by Default
54:05
54:05
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
54:05
In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI) Gregory J. Touhill, director of the SEI CERT Division, talks with Suzanne Miller about secure by design, secure by default, a longstanding tenet of the work of the SEI and CERT in particular. The SEI has been in the forefront of secure software development, pro…
…
continue reading
1
Key Steps to Integrate Secure by Design into Acquisition and Development
48:50
48:50
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
48:50
Secure by design means performing more security and assurance activities earlier in the product and system lifecycles. A secure-by-design mindset addresses the security of systems during the requirements, design, and development phases of lifecycles rather than waiting until the system is ready for implementation. The need for a secure-by-design mi…
…
continue reading
1
Generative AI - managing its shortfalls and risks with architecture
59:34
59:34
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
59:34
What components or attributes are needed in Enterprise Architecture for ML? Beyond MLOps - how do we risk manage the deployment and integration of AI/ML into our organisations. In particular the latest generation of LLM type models? What are the architectural and risk challenges of deploying Generative AI into enterprises? In this episode we get in…
…
continue reading
1
An Exploration of Enterprise Technical Debt
25:56
25:56
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
25:56
Like all technical debt, enterprise technical debt consists of choices expedient in the short term, but often problematic over the long term. In enterprise technical debt, the impact reaches beyond the scope of a single system or project. Because ignoring enterprise technical debt can have significant consequences, software and systems architects s…
…
continue reading
1
The Messy Middle of Large Language Models
33:46
33:46
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
33:46
The recent growth of applications that leverage large language models, including ChatGPT and Copilot, has spurred reactions ranging from fear and uncertainty to adoration and lofty expectations. In this podcast from the Carnegie Mellon University Software Engineering Institute, Jay Palat, senior engineer and technical director of AI for mission, an…
…
continue reading
1
An Infrastructure-Focused Framework for Adopting DevSecOps
43:35
43:35
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
43:35
DevSecOps practices, including continuous-integration/continuous-delivery (CI/CD) pipelines, enable organizations to respond to security and reliability events quickly and efficiently and to produce resilient and secure software on a predictable schedule and budget. Despite growing evidence and recognition of the efficacy and value of these practic…
…
continue reading
Rust is growing in popularity. Its unique security model promises memory safety and concurrency safety, while providing the performance of C/C++. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), David Svoboda and Joe Sible, both engineers in the SEI’s CERT Division, talk with principal researcher Suzanne Mil…
…
continue reading
1
Cybersecurity leadership and architecture priorities with Chris Hodson
38:58
38:58
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
38:58
We welcome Chris Hodson back to the channel after 2 years! We catch up with what he has been up to and what is top of mind for him in his CISO role. We covered topics including: - What are the key things CISOs and Security Architects need to be focussing on right now (particularly in a time of cost constraints - How technical does a CISO need to be…
…
continue reading