Quantum accelerated supercomputing allows domain scientists to address complex problems in machine learning (ML) and across various disciplines. These hybrid systems will require not only an understanding of quantum computing (QC) but also of High Performance Computing (HPC) skills to manage and optimize quantum-classical workflows. Modern university-level QC curriculums will address QC, ML, and hybrid algorithms; but they overlook the practic...

DevSecOps practices foster collaboration among software development, security, and operations teams to build, test, and release software quickly and reliably. A high-stakes, high-security environment has challenged the implementation of these practices within the Department of Defense (DoD). The DoD Chief Information Officer (CIO) organization partnered with the Software Engineering Institute (SEI) to conduct the first study to baseline the st...

Today, we have seen our national security and defense organizations working to adopt modern software practices, particularly Agile methods and DevSecOps practices, efforts challenged by a mismatch of tempos between operational needs and development processes. The newly mandated Software Acquisition Pathway helps to align those tempos. However, to sustain a competitive advantage through software, we need to see our national security and defense...

Why aren't malware analysis practitioners making more use academic research results? In this webcast, we suggest that one reason is the general difficulty of replicating and reproducing research results in this field. We randomly selected 100 papers on "malware classification" from Google Scholar results and attempted to replicate each one. We were only able to find released code for 6 of these 100 papers, and what's worse, only 6 of the 88 re...

The CERT Insider Risk Team has developed a new standard for storing and exchanging insider threat case data. The Insider Incident Data Exchange Standard (IIDES) includes structures for collecting and analyzing a variety of technical, non-technical, organizational, and incident response information to meet the varied needs of researchers and practitioners. IIDES is designed to allow practitioners to build, maintain, deidentify, and share inside...

When it comes to recognizing threats, cybersecurity professionals may become distracted by big promises or ignore some obvious inspections. New claims made by the latest and greatest new apps draw attention away from network situational awareness best practices—like a dog distracted when it spots a squirrel. We also may deviate from making routine inspections that point toward further investigation—overlooking obvious needs right u...

Can a cybersecurity parametric cost estimation model be developed? Every Department of Defense (DoD) program needs to account for, credibly estimate, budget/plan for, and assess the performance of its cybersecurity activities. Creating a cybersecurity parametric model would allow DoD programs to reliably estimate the effort and cost of cybersecurity activities, estimate an overall cybersecurity cost for a program, and obtain a defined and norm...

Communications, both in times of crisis and during normal operations, are essential to the overall success and sustainability of an incident response or security operations team. How you plan for and manage these communications and how they are received and actioned by your audience will influence your trustworthiness, reputation, and ultimately your ability to perform incident management services effectively. This webcast leverages the Nation...

Health-care organizations are seemingly besieged by a complex set of cyber threats. The consequences of disruptive cyber events in health care are in many ways uniquely troubling. Health-care organizations often face these challenges with modest resources. In this webcast, Matthew Butkovic and Darrell Keeling will explore approaches to maximize return on cybersecurity investment in the health-care context. This will include applying fundamenta...

Traditionally, independent verification and validation (IV&V) is performed by an independent team throughout a program’s milestones or once the software is formally delivered. This approach allows the IV&V team to provide input at the various milestone gates. As more programs move to an Agile approach, those milestones aren’t as clearly defined since requirements, design, implementation, and testing all happen iteratively,...