Shows
Software Engineering Institute (SEI) Podcast SeriesThe Best and Brightest: 6 Years of Supporting the President’s Cup Cybersecurity Competition A strong cyber defense is vital to public- and private-sector activities in the United States. In 2019, in response to an executive order to strengthen America’s cybersecurity workforce, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) partnered with the SEI to develop and run the President’s Cup Cybersecurity Competition, a national cyber competition that identifies and rewards the best cybersecurity talent in the federal workforce. In six years, more than 8,000 people have taken part in the President’s Cup. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Jarrett Booz, technical lead for...2025-05-1221 minSoftware Engineering Institute (SEI) Podcast SeriesDelivering Next Generation Cyber Capabilities to the DoD WarfighterIn this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Gregory Touhill, director of the SEI CERT Division, sits down with Matthew Butkovic, technical director of Cyber Risk and Resilience at CERT, to discuss ways in which CERT researchers and technologists are working to deliver rapid capability to warfighters in the Department of Defense. 2025-04-1527 min
Software Engineering Institute (SEI) Webcast SeriesCyber Maturity Model Certification (CMMC): Protecting the Nation’s Defense Industrial BaseThe Defense Industrial Base (DIB) is a core element of the national security ecosystem. This point of intersection between private industry and the Department of Defense is a perpetual target for the Nation’s adversaries. In this Intersect, Matthew Butkovic and John Haller explore the development, and implementation, of the Cyber Maturity Model Certification (CMMC) as a means to better protect the DIB.2025-04-1128 minSoftware Engineering Institute (SEI) Podcast SeriesDOD Software Modernization: SEI Impact and Innovation As software size, complexity, and interconnectedness has grown, software modernization within the Department of Defense (DoD) has become more important than ever. In this discussion moderated by Matthew Butkovic, technical director of risk and resilience in the SEI CERT Division, SEI director Paul Nielsen outlines the SEI’s work with the DoD on software modernization, including controlling the attack surface, incorporating industry practices such as DevSecOps, and the interplay between software, cybersecurity, and AI. 2025-02-2527 minSoftware Engineering Institute (SEI) Webcast SeriesCybersecurity Priorities in 2025Chief Information Security Officers (CISOs) perpetually navigate a dynamic set of challenges. Applying focus and aligning resources is imperative for success. In this Intersect, Matthew Butkovic and Gregory Touhill, reflect on 2024 and explore the topics that should be front of mind for CISOs in 2025. They provide insights and advice for those contemplating cybersecurity priorities.2025-02-0732 minSoftware Engineering Institute (SEI) Webcast SeriesExploring the Fundamentals of Counter AIAs the strategic importance of AI increases, so too does the importance of defending those AI systems. To understand AI defense, it is necessary to understand AI offense—that is, counter AI. In this session, Matthew Butkovic, CISA, CISSP, technical director for risk and resilience, and Nathan VanHoudnos, senior machine learning researcher explore the fundamentals of counter AI.2025-01-0327 minSoftware Engineering Institute (SEI) Webcast SeriesCyber Challenges in Health Care: Managing for Operational ResilienceHealth-care organizations are seemingly besieged by a complex set of cyber threats. The consequences of disruptive cyber events in health care are in many ways uniquely troubling. Health-care organizations often face these challenges with modest resources. In this webcast, Matthew Butkovic and Darrell Keeling will explore approaches to maximize return on cybersecurity investment in the health-care context. This will include applying fundamental measures of operational resilience. What Attendees Will Learn: How to yield maximum return on cybersecurity investment in health care How to shift thinking from cybersecurity to operational resilience How to employ free or low-cost cyber...2024-10-3153 minSoftware Engineering Institute (SEI) Webcast SeriesAsk Us Anything: Supply Chain Risk ManagementAccording to the Verizon Data Breach Report, Log4j-related exploits have occurred less frequently over the past year. However, this Common Vulnerabilities and Exposures (CVE) flaw was originally documented in 2021. The threat still exists despite increased awareness. Over the past few years, the Software Engineering Institute (SEI) has developed guidance and practices to help organizations reduce threats to U.S. supply chains. In this webcast, Brett Tucker and Matthew Butkovic, answer your enterprise risk management questions to help your organization achieve operational resilience in the cyber supply chain. What attendees will learn: Enterprise risk governance and h...2024-02-0141 min
Flyover Future PresentsNew Flight Plans: Cyber Risk and Resilience with Matthew ButkovicHow do you build cyber resilience? How serious is the threat of cyber warfare? What’s new in cybersecurity training? These are things all business owners – large or small – need to know to keep their data safe.
We recently asked about these issues and more with Matthew Butkovic, technical director – cyber risk and resilience at the CERT Division of the Software Engineering Institute at Carnegie Mellon University in Pittsburgh.2022-07-1538 minSoftware Engineering Institute (SEI) Webcast SeriesSolarWinds Hack: Fallout, Recovery, and PreventionThe recent SolarWinds incident demonstrated the challenges of securing systems when they are the product of complex supply chains. Responding effectively to breaches and hacks requires a cross-section of technical skills and process insights. In this webcast, we explored the lifecycle of the SolarWinds activity and discussed both technical and risk assessment to prepare organizations to defend against this type of incident. What attendees will learn: *Technical details regarding the SolarWinds vulnerabilities and exploits *Supply chain risk management principles required to reduce the risk of future incidents *Advice on the core...2021-02-111h 01Software Engineering Institute (SEI) Webcast SeriesDepartment of Homeland Security Cyber Resilience Review (Case Study) Watch Matthew Butkovic discuss the "Department of Homeland Security Cyber Resilience Review (Case Study)" from the SEI Virtual Event, CERT® Operational Resilience: Manage, Protect and Sustain. 2018-09-2428 min
Software Engineering Institute (SEI) Webcast SeriesLessons in External Dependency and Supply Chain Risk ManagementIn this webinar, John Haller and Matthew Butkovic of the CERT Division of the Software Engineering Institute will discuss real-world incidents, including recent industrial control system attacks and incidents affecting Department of Defense capabilities, and the lessons that organizations should take away. The session will focus on the lifecycle of supply chain relationships and introduce concepts to help organizations manage them more effectively. Managing the risks of depending on external entities and supply chains to support critical services has increasingly become an area of concern for both the federal government and private critical infrastructure organizations. External dependencies may consist of...2015-01-051h 27Software Engineering Institute (SEI) Podcast SeriesUsing the Cyber Resilience Review to Help Critical Infrastructures Better Manage Operational ResilienceThe U.S. Department of Homeland Security (DHS) conducts a no-cost, voluntary Cyber Resilience Review (CRR) to evaluate and enhance cybersecurity capacities and capabilities within all 18 Critical Infrastructure and Key Resources (CIKR) Sectors, as well as State, Local, Tribal, and Territorial (SLTT) governments. The goal of the CRR is to develop an understanding of an organization’s operational resilience and ability to manage cyber risk to its critical services and assets during normal operations and during times of operational stress and crises. In this podcast, Kevin Dillon, Branch Chief for Stakeholder Risk Assessment and Mitigation with DHS and Matthew Butkovic, th...2013-11-2627 min