Software Engineering Institute

When systems were predominately hardware-based, components were built to specification. Systems engineers defined and verified component functions and interfaces that together provided total system capability. Today, system capability is largely supplied through software components and network connectivity. This increases the system’s flexibility and adaptability—and its cyber risk! Software components are specified loosely, if at all, and are often assembled from an opaque mix of modified legacy components, commercial off-the-shelf (COTS) applications and services, and open source libraries downloaded from the Internet. This greatly increases the cyber-attack surface. Using cybersecurity engineering knowledge, methods, and tools throughout the lifecycle of software-intensive systems will reduce their inherent cyber risk and increase their operational cyber resilience.

What attendees will learn:

• Cybersecurity engineering consolidates the tools and analyses used in various lifecycle steps to ensure effective operational results.
• Cybersecurity engineering builds upon data that is scattered across lifecycle activities and products to identify gaps and potential mission impacts.
• The Software Engineering Institute’s Cybersecurity Engineering and Software Assurance Professional Certificate Program enables participants to understand, identify, and manage cybersecurity risks in developing or acquiring software-reliant systems through activities such as threat modeling, security engineering risk analysis, and supply chain risk assessment.