CERT-SEI

Staff Profile

Michael Konrad

Principal Researcher

Professional Background

Mike Konrad is a Principal Researcher who has been with the Software Engineering Institute (SEI) since 1988.  Up until 2013, Konrad was involved with Software CMM and CMMI models development. Since 2013, Konrad has been the technical leader for three research efforts that investigate the early software development lifecycle (requirements and design) in challenging environments:

1) Eliciting Unstated Requirements at Scale (EURS):  Stakeholders often have requirements that they are not aware of, so they do not specify them. Uncovering these unstated requirements can be hard and is not well-supported by traditional approaches to requirements elicitation. This research project developed a way to identify unstated requirements in virtual (non-face-to-face) settings. http://www.sei.cmu.edu/measurement/research/eliciting-requirements/

2) Data-Driven Software Assurance (DDSA): This research project investigated design-related vulnerabilities in CERT vulnerability reports to examine the origins of design vulnerabilities, their mitigations, and the resulting economic implications. The project consisted of three phases: 1) conduct of a mapping study and literature review, 2) conduct of detailed vulnerability analyses, and 3) development of an initial economic model. The results indicate that a broader initial focus on secure design yields substantial benefits to both the developer and operational communities and point to ways to intervene in the software development life cycle (or operations) to mitigate vulnerabilities and their impacts.

3) Concurrent Deliberation of Requirements and Analysis of Socio-Technical Ecosystem Infrastructure Improvement (CDRASII). This research project explored different mechanisms to make software development decisions in socio-technical ecosystems (STE) more inclusive, transparent, and aligned with the broader STE mission. Results were selectively applied in the Extreme Science and Engineering Discovery Environment (XSEDE) project and contributed to the development of DesignWeb by CMU faculty and students.

In addition, Konrad co-led the SEI SPRUCE project in 2013-14 that interviewed SEI experts on various topics and published recommended practices on the CSIAC SPRUCE website. https://www.csiac.org/spruce/recommended_practices

Konrad is the Chair of the IEEE Computer Society / SEI Watts S. Humphrey Software Process Achievement Award committee. http://www.sei.cmu.edu/process/casestudies/processawards/index.cfm

Konrad also serves as SEI Liaison to the IEEE Computer Society Software and Systems Engineering Standards Committee (S2ESC) Executive Committee; and as acting secretary.

Prior to 2013, Konrad was involved with CMMI in the following capacities: Chief Architect of CMMI (2009-2012), Chair of the CMMI Configuration Control Board (2001-2006), Leader or co-leader of every team developing a version of CMMI for Development (2000-2010), and Manager of SEI's CMM/CMMI Modeling Team (1994-2012). Konrad was also a member of the International Process Research Consortium (2004-2006).

Prior to 2000, Konrad was a member of the teams that developed the original Software CMM Version 1.0 (1988-1991) and ISO 15504 (1993-1997). 

Prior to the SEI, Mike worked with several companies in computer science-related positions, including ISSI, SAIC, and Honeywell and briefly with George Mason University and the University of Maryland. He was co-author of a study and book on requirements engineering.

Publications (recent or significant)

Nancy R. Mead, Michael D. Konrad, Robert W. Stoddard. "Eliciting Unstated Requirements." Full-day tutorial presented at the 22nd IEEE International Requirements Engineering Conference (RE'14) in Karlskrona, Sweden, on August 26, 2014. http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=309174.

Michael Konrad, Art Manion, Andrew Moore, Julia Mullaney, William Nichols, Michael Orlando, & Erin Harper. Data-Driven Software Assurance: A Research Study (CMU/SEI-2014-TR-010). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2014. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=90086.  

Mary Beth Chrissis, Mike Konrad, Michele Moss. “Ensuring Your Development Processes Meet Today’s Cyber Challenges.” Crosstalk Feb/Mar 2013.

Mary Beth Chrissis, Mike Konrad, Sandy Shrum. “CMMI(R) for Development: Guidelines for Process Integration and Product Improvement." Third Edition. Pearson Education, 2011.

Education

  • BS, Mathematics, Honors Tutorial College, Ohio University
  • PhD, Mathematics, Ohio University

Contact Mike Konrad

SEI Blog