Often, Agile implementations are a struggle. Dedicated agile teams focus hard and deliver value on a regular cadence. But when results are tallied, the value teams produce may not fit neatly into the expectations of senior stakeholders. Why? In this webcast, Peter Capell addresses the importance of a practical vision to express outcomes, so that the program's “target picture” is clear to all parties involved. Peter highlights the v...

Finding and growing AI and Data talent is essential for mission success, but many skilled workers remain unseen because they lack traditional credentials. This session introduces practical strategies and prototype tools that help individuals demonstrate what they know while helping managers identify and evaluate emerging talent in these fields. Attendees will explore micro-assessments reflecting real data science and AI workflows, see how skil...

Threat modeling is intended to help defend a system from attack. It tops the list of techniques recommended by the National Institute of Standards and Technology (NIST) to secure critical systems. In a world where people with malicious intent have deadlier tools at their disposal, defenders need to take advantage of Model-Based Systems Engineering (MBSE) to form mitigation strategies effective from early in the systems engineering lifecycle. T...

Quantum accelerated supercomputing allows domain scientists to address complex problems in machine learning (ML) and across various disciplines. These hybrid systems will require not only an understanding of quantum computing (QC) but also of High Performance Computing (HPC) skills to manage and optimize quantum-classical workflows. Modern university-level QC curriculums will address QC, ML, and hybrid algorithms; but they overlook the practic...

DevSecOps practices foster collaboration among software development, security, and operations teams to build, test, and release software quickly and reliably. A high-stakes, high-security environment has challenged the implementation of these practices within the Department of Defense (DoD). The DoD Chief Information Officer (CIO) organization partnered with the Software Engineering Institute (SEI) to conduct the first study to baseline the st...

Today, we have seen our national security and defense organizations working to adopt modern software practices, particularly Agile methods and DevSecOps practices, efforts challenged by a mismatch of tempos between operational needs and development processes. The newly mandated Software Acquisition Pathway helps to align those tempos. However, to sustain a competitive advantage through software, we need to see our national security and defense...

Why aren't malware analysis practitioners making more use academic research results? In this webcast, we suggest that one reason is the general difficulty of replicating and reproducing research results in this field. We randomly selected 100 papers on "malware classification" from Google Scholar results and attempted to replicate each one. We were only able to find released code for 6 of these 100 papers, and what's worse, only 6 of the 88 re...

The CERT Insider Risk Team has developed a new standard for storing and exchanging insider threat case data. The Insider Incident Data Exchange Standard (IIDES) includes structures for collecting and analyzing a variety of technical, non-technical, organizational, and incident response information to meet the varied needs of researchers and practitioners. IIDES is designed to allow practitioners to build, maintain, deidentify, and share inside...

When it comes to recognizing threats, cybersecurity professionals may become distracted by big promises or ignore some obvious inspections. New claims made by the latest and greatest new apps draw attention away from network situational awareness best practices—like a dog distracted when it spots a squirrel. We also may deviate from making routine inspections that point toward further investigation—overlooking obvious needs right u...