SWEEPS Educational Initiative Offers Application Security Training

A coalition of universities, community colleges and cybersecurity organizations launched a new educational initiative to teach software developers how to code securely without sacrificing efficiency.

The Strengthen Workforce Education for Excellence in Programming Securely (SWEEPS) program offers one-day workshops, self-paced online courses, week-long intensive bootcamps and full certificate programs to help bridge the skills gap in software security by providing developers with the necessary application security knowledge and tools. Training will be available for students and professionals at all stages of their career, from entry-level developers and career changers to experienced IT professionals. 

SWEEPS is funded by a $2.5 million grant from the National Centers for Academic Excellence in Cybersecurity (NCAE-C), a program administered by the National Security Agency's National Cryptologic School.

The curriculum highlights concepts, principles and examples of secure programming, including common misconceptions and proactive practices for improving security. The course material will cover data security standards and how to reduce security vulnerabilities in software. There will also be information about compliance and legal requirements in secure programming. Students will have access to in-depth tutorials on analysis of vulnerabilities and exploits as well as advanced defense mechanisms. 

"The software that runs our country's infrastructure and computer systems is vulnerable to attack," said Matt Bishop, the SWEEPS program's principal investigator and a computer science professor at the University of California, Davis, in a statement. "We're trying to change that. By providing intensive, hands-on training in secure software development, SWEEPS helps programmers defend against cyber criminals and 'bad actors' who exploit vulnerabilities in our computer systems."

SWEEPS offers trainings in a variety of formats and lengths. The one-day virtual workshops are offered by the University of California, Davis; University of Maryland, Baltimore County; and Worcester Polytechnic Institute. Early-career software engineers can work through a self-paced 45-hour online course. Software engineers, graduate students, college educators, and IT and cybersecurity professionals can opt for a one-week intensive virtual bootcamp to gain an in-depth understanding of secure programming. And a one-year virtual advanced certification program is open for mid-to-senior level software engineers, cybersecurity and IT professionals, and graduate students.

"The increasing frequency of large-scale cyberattacks reinforces the need for more experts in secure programming," said Xiaoyan Sun, a computer science professor at WPI and administrator of the program. "After developers go through the SWEEPS program, they will be more capable of implementing security best practices in every aspect of their coding practice."

Enrollment is open to students who are U.S. citizens or permanent residents, with priority given to those with military or first responder backgrounds. Application requirements and deadlines for each program differ, and some require specific prerequisite courses and programming abilities. About 700 students are projected to take part in the program.