Shows
All About DataVA looking at ‘smart home’ tech to keep aging, disabled vets living independentlyThe VA is looking at how to keep aging, disabled vets living independently. That’s a key takeaway from a panel I moderated at ATARC’s DevSecOps Summit. On this panel, you’ll hear from Hasan Yasar. He’s the Technical Director of the Continuous Deployment of Capability group at Carnegie Mellon University’s Software Engineering Institute. But first, you’ll hear from VA’s Deputy Chief Health Technology Officer Dr. Joe Ronzio. 2024-06-2623 min
The Application Security PodcastHasan Yasar -- Actionable SBOM via DevSecOpsHasan Yasar believes that everyone shares the responsibility of creating a secure environment, and this can only be achieved by working collaboratively. He underscores the idea that security is not an isolated endeavor but a collective effort, urging everyone to come together and build a world where safety and security are paramount.Yasar also shares his thoughts about education and security. He highlights the need for integrating security concepts right from the foundational levels of teaching programming languages. By introducing concepts like input validation and sanitization early on, students can be better equipped to handle security challenges...2023-10-1648 min
TestGuild Devops Toolchain PodcastHow to Build DevSecOps Pipeline as Code with Hasan YasarLast week, I shared a session from a previous Automation Guild, but this week, I'd like to share a session from our previous SecureGuild. So here is a presentation by Hasan Yasar on How to build a DevSecOps Pipeline as Code! You've heard the hype and read dozens of blog posts on DevSecOps. Finally, your organization has decided to make this cultural shift to take advantage of automation and the benefits of DevOps. However, making this shift as an engineering team can often be cumbersome because many tech professionals still need to familiarize themselves with...2023-09-2033 min
daBOMHasan Yasar on The Multiverse of SBOM PhasesThere's no better way to get to know someone than staying awake for 24 hours straight while moderating sessions of the world's biggest virtual DevOps conference - All Day DevOps. It's One of the many times I've gotten to spend with Hasan Yasar over the years. We were hunkered down in an office in Tyson's Corner, just outside of Washington, DC, broadcasting throughout the day to an audience spanning the world, introducing some of the world's most talented minds before they shared their stories.Hassan and I met back in 2017 when we were both speaking at D...2023-08-0228 min
Software Engineering Institute (SEI) Webcast SeriesTop 5 Challenges to Overcome on Your DevSecOps JourneyHistorically, a lot of discussion in software security focused on the project level, emphasizing code scanning, penetration testing, reactive approaches for incident response, and so on. Today, the discussion has shifted to the program level to align with business objectives. In the ideal outcome of such a shift, software teams would act in alignment with business goals, organizational risk, and solution architecture and would understand that security practices are integral to business success. However, the shift from project- to program-level thinking brings lots of challenges. In this webcast, Hasan Yasar and Joe Yankel discuss the top 5 challenges and barriers...2023-05-031h 00
Software Engineering Institute (SEI) Podcast SeriesDevSecOps for AI EngineeringIn this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Hasan Yasar, technical director, Continuous Deployment of Capability at the SEI, and Jay Palat, interim director of AI for Mission in the SEI’s AI Division, discuss how to engineer AI systems with DevSecOps and explore the relationship between MLOps and DevSecOps.2022-06-2143 minSoftware Engineering Institute (SEI) Podcast SeriesMeasuring DevSecOps: The Way Forward In this SEI Podcast, Bill Nichols and Hasan Yasar, both with the Carnegie Mellon University Software Engineering Institute, discuss DevSecOps metrics with Suzanne Miller. DevSecOps practices, made possible by improvements in underlying technology that automate the development-to-production pipeline, can generate more information about development and operational performance than has ever been readily available before. Nichols and Yasar discuss the ways in which DevSecOps practices yield valuable information about software performance that is likely to lead to innovations in software engineering metrics. 2021-10-1539 minSoftware Engineering Institute (SEI) Webcast SeriesSoftware Development Open Forum: Ask Hasan Anything!The software development lifecycle has changed a lot and continues to evolve. Almost every company now is a software company. Meeting business needs and adapting to the speed of the market for new features requires an agility mindset and continuous-delivery techniques throughout application-development lifecycles. You have software development and deployment questions, such as: Where do I start? How do I establish good continuous integration/deployment practices? What about security? Hasan has the answers! SEI’s Hasan Yasar hosts a software development question and answer session. What attendees will learn: • how DevSecOps and Agile a...2021-07-011h 03Software Engineering Institute (SEI) Podcast SeriesCan DevSecOps Make Developers Happier?Author Daniel H. Pink recently examined the factors that lead to job satisfaction among knowledge workers and summarized them in three components: autonomy, skill mastery, and purpose. In this SEI Podcast, Hasan Yasar, technical director of Continuous Deployment of Capability at Carnegie Mellon University’s Software Engineering Institute, relates these components to DevSecOps and summarizes a recent survey affirming that DevSecOps practices do indeed make developers and other stakeholders in their organizations happier.2021-06-2441 minSoftware Engineering Institute (SEI) Podcast SeriesMoving from DevOps to DevSecOpsDevSecOps is a set of principles and practices that provide faster delivery of secure software capabilities by improving the collaboration and communication between software development teams, IT operations, and security staff within an organization, as well as with acquirers, suppliers, and other stakeholders in the life of a software system. In this SEI podcast, Hasan Yasar, technical director of the Continuous Deployment of Capability group in the Software Solutions Division of the SEI, discusses the transition from DevOps to DevSecOps.2021-05-1340 minSoftware Engineering Institute (SEI) Webcast SeriesDevOps Enables Digital EngineeringThere is some confusion about how the paradigms of DevOps and Digital Engineering fit together. In the case of software-intensive systems, we believe DevOps practices are an enabler for Digital Engineering, in many forms. During this webcast, we introduced the relatively new concept of Digital Engineering and how we believe DevOps actually complements/enables many of the goals of Digital Engineering. What attendees will learn: What Digital Engineering is Who is using Digital Engineering How implementing DevOps can enable expansion into Digital Engineering Speakers: Hasan Yasar and David Shepard2021-03-191h 00Software Engineering Institute (SEI) Podcast SeriesAchieving Continuous Authority to Operate (ATO)Authority to Operate (ATO) is a process that certifies a system to operate for a certain period of time by evaluating the risk of the system's security controls. ATO is based on the National Institute of Standards and Technology’s Risk Management Framework (NIST 800-37). In this podcast, Shane Ficorilli and Hasan Yasar, both with the Carnegie Mellon University Software Engineering Institute, discuss continuous ATO, including challenges, the role of DevSecOps, and cultural issues that organizations must address.2020-11-2533 min
The Balancing Act by Security CompassHasan Yasar - Achieve Continuous ATO Through DevSecOpsToday we are joined by Hasan Yasar, Technical Director of Continuous Deployment at the Software Engineering Institute, CMU, to talk about Continuous ATO. We will start with the need to automate architectural assurance across the application build and deployment pipeline. Further, we will discuss how risk management is embedded into the process through security controls. Finally, we will conclude with how DevOps unlocks the ability to achieve continuous ATO.
2020-10-0512 minThe Balancing Act by Security CompassHasan Yasar & Altaz Valani - Proactively Managing Security in DevSecOpsToday we are joined by Altaz Valani from Security Compass and Hasan Yasar, Technical Director of Continuous Deployment at the Software Engineering Institute, CMU. We will discuss shifting security to the left and being more proactive. Using Top 10 lists is a good starting point. In the long term, however, value is achieved when we use security scenarios to drive out important value propositions.
2020-08-3113 minThe Balancing Act by Security CompassHasan Yasar & Altaz Valani - Smart Software Delivery PipelinesToday we are joined by Altaz Valani, Director of Insights Research at Security Compass, and Hasan Yasar, Technical Director at the Software Engineering Institute, Carnegie Mellon University, to talk about adding intelligence to our DevOps pipelines. In this podcast, we will go into the details of how we can make smarter use of the data being collected through DevOps pipelines.
2020-07-0816 minSoftware Engineering Institute (SEI) Podcast SeriesChallenges to Implementing DevOps in Highly Regulated EnvironmentsIn this SEI podcast, Hasan Yasar and Jose Morales discuss challenges to implementing DevOps in highly regulated environments (HREs), exploring issues such as environment parity, the approval process, and compliance. This podcast is the second to explore DevOps in HREs.2020-05-2838 min
TestGuild Security Testing PodcastChallenges Implementing & Sustaining DevSecOps with Hasan YasarHow do you define DevSecOps? Despite what some will lead you to believe, DevOps is not just a set of tools. In this episode Hasan Yasar Technical Director of Continuous Deployment of Capability group in Software Engineering Institute, CMU shares his thought on DevSecOps. Listen in to discover the common misconceptions and roadblocks, and how you can use DevSecOps to help your organization reach new heights of efficiency and productivity without getting frustrated.2020-05-0730 min
Perspektif TasawufImam HASAN AL BASHRI | Season 17, Episode 3Season 17, Episode 3.
Ngaji Filsafat - Dr. Fahruddin Faiz
Al-Hasan Al-Bashri (bahasa Arab:الحسن بن أبي الحسن البصري ; Abu Sa'id al-Hasan ibn Abil-Hasan Yasar al-Bashri) (Madinah, 642 - 10 Oktober 728) adalah ulama dan cendekiawan muslim yang hidup pada masa awal kekhalifahan Umayyah.
Al-Hasan adalah Maula Al-Anshari. Ibunya bernama Khairah, budak Ummu Salamah yang dimerdekakan, dikatakan Ibnu Sa’ad dalam kitab tabaqat Hasan adalah seorang alim yang luas dan tinggi ilmunya, terpercaya, seorang hamba yang ahli ibadah dan fasih bicaranya. Bapaknya bernama Pirouz (kemudian dikenal sebagai Abul Hasan), yang menjadi budak pada zaman pemerintahan Khalifah Umar bin Al-Khattab. Dari kampungnya Pirouz kemudian dibawa ke Madinah sebagai...2020-04-301h 40Software Engineering Institute (SEI) Webcast SeriesTrust, Verify & Authorize with DevSecOps You may have a secure application today, but you cannot guarantee that it will still be secure tomorrow. Application security is a living process that must be constantly addressed throughout the application lifecycle. This requires continuous security assessments at every phase of the software development lifecycle (SDLC). The SEI has researched a continuous authorization concept—DevSecOps—that allows for constant interaction between developers and information security teams throughout the entire SDLC. This allows any authorizing officials, such as personnel on information security teams, to be in constant contact with developers as changes are made to existing code and as new...2020-04-291h 02
Yaşar Üniversitesi Özel ProgramlarHakk'ın Sesi Mehmet AkifYaşar Üniversitesi'nin tüm podcastlerine erişmek için tıklayın.
1873 – 1936 yılları arasında yaşayan Mehmet Âkif Ersoy, 63 yıla; Şair, Veterinerlik, Milletvekilliği, Edebiyat ve Türkçe Öğretmenliği gibi birçok farklı uzmanlığı sığdırdı. Dile yatkınlığı daha küçük yaşlarda fark edilen Mehmet Akif, Arapça, Farsça ve Fransızca biliyordu. Eğitim alanında birçok çalışma yapan, gençlerin mutlaka iyi bir eğitim alması gerektiğini, öğretmenlere büyük işler düştüğünü, ilim ve fen için yurtdışına öğreciler gönderilmesi gerektiği üzerinde durmuş ve bu alandaki girişim...2020-03-1258 min
Yaşar ÜniversitesiHakk'ın Sesi Mehmet Akif (12 Mart 2020)1873 – 1936 yılları arasında yaşayan Mehmet Âkif Ersoy, 63 yıla; Şair, Veterinerlik, Milletvekilliği, Edebiyat ve Türkçe Öğretmenliği gibi birçok farklı uzmanlığı sığdırdı. Dile yatkınlığı daha küçük yaşlarda fark edilen Mehmet Akif, Arapça, Farsça ve Fransızca biliyordu. Eğitim alanında birçok çalışma yapan, gençlerin mutlaka iyi bir eğitim alması gerektiğini, öğretmenlere büyük işler düştüğünü, ilim ve fen için yurtdışına öğreciler gönderilmesi gerektiği üzerinde durmuş ve bu alandaki girişimleri desteklemişti. Millî Mücadele döneminde verdiği en büyük hizmetlerinden birisi “İstiklâl M...2020-03-1258 minSoftware Engineering Institute (SEI) Podcast SeriesHuman Factors in Software EngineeringSolving the technical aspects isn’t enough to build reliable, enduring, resilient software and systems. Human decision making, behavioral factors, and cultural factors influence software engineering, acquisition, and cybersecurity. In this podcast roundtable, Andrew Mellinger, Suzanne Miller, and Hasan Yasar discuss the human factors that impact software engineering, from communication tools they use to the environment that they work in.2019-11-1247 minSoftware Engineering Institute (SEI) Podcast SeriesDevOps in Highly Regulated EnvironmentsHighly regulated environments (HREs), such as finance and healthcare, are mandated by policies for various reasons, most often general security and protection of intellectual property. These policies make the sharing and open access principles of DevOps that much harder to apply. In this podcast, SEI researchers Hasan Yasar and Jose Morales discuss the process, challenges, approaches, and lessons learned in implementing DevOps in the software development lifecycle in HREs.2019-06-2740 min
SEI ShortsBuild Secure Applications with DevSecOpsWatch Hasan Yasar discuss how to "Build Secure Applications with DevSecOps." DevSecOps is a model on integrating the software development and operational process that considers security activities throughout DevOps pipeline with practicing collaboration and communication between software development teams , IT operations staff along with acquirers, suppliers, security teams, and other stakeholders in the lifecycle of a software system.2018-11-0601 minSoftware Engineering Institute (SEI) Podcast SeriesAgile DevOpsDevOps breaks down software development silos to encourage free communication and constant collaboration. Agile, an iterative approach to development, emphasizes frequent deliveries of software. In this podcast, Eileen Wrubel, technical lead for the SEI’s Agile-in-Government program, and Hasan Yasar, technical manager of the Secure Lifecycle Solutions Group in the SEI’s CERT Division, discuss how Agile and DevOps can be deployed together to meet organizational needs. Listen on Apple Podcasts.2018-04-1933 minSoftware Engineering Institute (SEI) Podcast SeriesHow Risk Management Fits into Agile & DevOps in GovernmentDevOps, which breaks down software development silos to encourage free communication and constant collaboration, reinforces many Agile methodologies. Equally important, the Risk Management Framework, provides a clearly defined framework that helps program managers incorporate security and risk management activities into the software and systems development life cycle. In this podcast, Eileen Wrubel, technical lead for the SEI’s Agile-in-Government program leads a roundtable discussion into how Agile, DevOps, and the Risk Management Framework can work together. The panelists include Tim Chick, Will Hayes, and Hasan Yasar. Listen on Apple Podcasts.2018-02-0134 minSoftware Engineering Institute (SEI) Podcast SeriesIntegrating Security in DevOpsThe term "software security" often evokes negative feelings among software developers because it is associated with additional programming effort, uncertainty, and road blocks to fast development and release. To secure software, developers must follow numerous guidelines that, while intended to satisfy some regulation or other, can be very restrictive and hard to understand. As a result, a lot of fear, uncertainty, and doubt can surround software security. In this podcast, Hasan Yasar discusses how the Secure DevOps movement attempts to combat the toxic environment surrounding software security by shifting the paradigm from following rules and guidelines to creatively determining solutions...2017-06-2928 min
SEI ShortsDevOps for Better Software BuildWatch Hasan Yasar in this SEI Cyber Minute as he discusses "DevOps for Better Software Build".2017-01-0401 min