Secure Systems By Design

May, 2024

Abstract

The SEI has been in the forefront of secure software development, promoting a “shift left” approach, whereby security weaknesses are addressed, prevented, or eliminated earlier in the software development cycle, saving time and money. 

In this presentation, we will discuss security being an integral aspect of the entire software lifecycle as a result of following deliberate, intentional engineering processes, rather than security being addressed in individual stages as one-off activities.

About the Presenter 

Tim Chick is the CERT Applied Systems Group Technical Manager at Carnegie Mellon University’s (CMU) Software Engineering Institute (SEI). He currently leads a team of software and system engineers as they build and operate technical solutions for both internally-funded research and customer-facing prototypes, and delivers trusted, valued, and relevant software engineering and cybersecurity approaches for software intensive systems through engineering and consulting support to DoD and DHS programs. In collaboration with technical experts across the SEI, the team assists organizations with the application of Agile and DevSecOps practices and the adoption of emerging technologies needed to keep pace with evolving opportunities, risks, and threats.

He is also an adjunct faculty member at CMU’s Software and Societal Systems Department (S3D), where he teaches courses on Agile and Software Project Management.

Prior to joining CMU, Chick worked for Naval Air Systems Command (NAVAIR) as a project manager, leading software development projects and software process improvement efforts for the E-2C Hawkeye Program, and as a software acquisition lead for the Vertical Take-Off and Landing Tactical Unmanned Aerial Vehicle (VTUAV) Program.

He holds an MS in Computer Science from Johns Hopkins University and a BS in Computer Engineering from Clemson University.

Past Presentations

Take Control: Exceptional Methods for Making Commitments You Keep

The April 2024 tech talk was presented by David TumaAbstractWe've all been there: working long hours, late nights and weekends, under immense pressure to finish a release after missed deadlines and project overruns. Fortunately, there is a better way!  This...

Artificial Intelligence (AI) For Defense and Military Uses

The March 2024 Tech Talk was presented by Capers JonesAbstractArtificial intelligence (AI) is a new technology that is changing many fields. One of these is the way military equipment will be operated. Instead of human pilots, future aircraft will be controlled by...

Failure. Pragmatic Lessons Learned the Hard Way

The December 2023 Tech Talk was presented by Rick KellyAbstractRick Kelly will talk about lessons learned in systems engineering in weapons development. His lesson were informed by his life on the farm. "I grew up on a small farm. On that farm, our deadlines were very...

Quality in Front – From a Mainframe Mentality to Agile

The November 2023 tech talk was presented by Dave McKennaAbstractWhat do you think of when I say "mainframe"? Most think of a giant, lumbering dinosaur. If I ask you what animal you think of when I say "agile," most folks respond with "cheetah." My challenge at CA...

From Sprints to Marathons – Sustaining Speed to Value

The October 2023 tech talk was presented by David VanEppsAbstractTechnology leaders know the pressure to deliver high-value projects with speed. When projects turn to portfolios, the game changes. The rules of speed-to-value still apply, but now there are different...

SEA 2023 Summit

Our Passion for Excellence - Keeping the Torch AliveThe SEA 2023 Summit was held September 21st in Pittsburgh PA.Summit OverviewThe Software Excellence Alliance is an international network of professionals who share a passion for software development. The pandemic...

The Real Cost of Bad Software Quality in the U.S. in 2022

The July 2023 tech talk was presented by Herb KrasnerAbstractThis presentation will introduce The Cost of Poor Software Quality in the US: A 2022 Report, published in December 2022 by CISQ. We highlight the rapidly growing costs of cybersecurity failures and software...

10 Key Things to be a Rocking Product Manager in an Agile World

The June 2023 tech talk was presented by César DuarteAbstractAre you ready to know more about the challenge of being a product manager? This talk will cover challenges you will need to master to excel and become a product management superstar in an Agile world. From...

Personal Reviews: How Fencing Helped Me Write Better Software

The May 2023 tech talk was presented by Dr. Bradley HodginsAbstractNAVAIR has hundreds of engineers/professionals using Team Software Process (TSP) and Team Process Integration (TPI) methodologies to plan and track their projects. One especially valuable activity in...

Implementing a Strategy for Excellence

The January 2023 tech talk was presented by Seemin SuleriAbstractIn our pursuit of excellence, we built a strategy that matched the ambition of a competitive e-commerce business. The problem was, where do we start the work: A struggling software department with high...

NAVAIR Process Dashboard Introduction Workshop

Abstract: NAVAIR has hundreds of engineers/professionals using Team Software Process (TSP) or Team Integration Process (TPI) methodologies to plan and track their projects. NAVAIR teams following TSP/TPI use the Process Dashboard tool to implement the methodologies....

Why Can’t Johnny Program Securely?

The October 2022 tech talk was presented by Robert SeacordAbstractSecure coding (unsurprisingly) is hard. Our educational systems have failed to properly prepare students, and our assessments have overestimated their abilities. Analysis and testing is useful but...

Team Process Integration: Half-Day Course

Abstract: This half-day course covers all aspects of the Team Process Integration (TPI) framework. The TPI methodology integrates disciplined project practices that can be applied by many product teams (e.g., software, systems, and test). It is a framework that...

Share This