Since graduating from Illinois Central College in December 2017 with associate degrees in secure software development, Khabran Peters and Branson Moreno have been working full time as software developers at ISHPI Information Technologies. This is the cyber-services company where they began working as apprentices in 2016.
“They were productive from day one,” Barti Perini, director of software process improvement at ISHPI in Peoria, Illinois, said of Peters and Moreno as employees. “Their technical skills are almost equal to four-year degree people,” she said, describing the secure software apprenticeship program as “very valuable to the company.”
Seamless continuity between what the students learn in the classroom and the skills that companies expect of employees was built into the apprenticeship program developed by the Community Initiative Center of Excellence for Secure Software in Greater Peoria (CICESS GP). The high level of collaboration between the employers and the college is another hallmark of the Greater Peoria program, particularly the employers’ development of “core” course. Perini, who mentored Peters and Moreno, also served as an instructor of the course that teaches students professional skills, self-management and other soft skills.
First of its kind
Casey O’Brien, executive director and principal investigator of the National CyberWatch Center, said CICESS GP is distinct from other cybersecurity apprenticeship programs because it bakes security into programming, uses curriculum at the associate-degree level that Carnegie Mellon University developed for its master’s degree program, and aligns with U.S. Department of Labor (DOL) registered apprenticeship program criteria.
These unique qualities led to the program’s selection for the 2018 Innovations in Cybersecurity Education Award (curriculum category) by the National CyberWatch Center, a National Science Foundation-funded Advanced Technological Education Center at Prince George’s Community College (Largo, Maryland).
Both Peters and Moreno, the first graduates of the program to enter the workforce as full-time employees, embraced its goal of shaping students into developers of “defect-free software.”
In their college classes and while accumulating 2,000 hours of paid, on-the-job experience, they and the five other students in the inaugural cohort learned not just the logic and process of coding but how to write code that anticipates users’ mistakes and potential malfeasance.
“Everything needs to fail safely, if the user is trying to do something malicious or just doesn’t know what they’re doing, the application should still work correctly. Because in the real world, not everyone is going to use the application correctly, or you have to think of everyone as a malicious user and you have to protect against that malicious use,” Peters said.
Championing the program
Girish Seshagiri, executive vice president and chief technology officer at ISHPI, has been a driving force behind the CICESS GP since employers and the college began planning the program in 2013. He considers it a national model that could help employers prevent cybersecurity breaches as it helps individuals gain the knowledge and skills that are in demand in many industries.
By emphasizing secure software development rather than just software development or coding, the program addresses cybersecurity vulnerabilities the plague many employers, Seshagiri said. He attributed many of these problems to industry practices of deploying software without thoroughly checking it because of time and cost. Many places opt to fix any bugs in the software after they are discovered through use, which is not good practice, Seshagiri said.
Instead, he and other CICESS GP leaders say they have broken new ground not only by emphasizing error-free software development, but by using U.S. Department of Labor registered apprenticeship standards to educate technicians for careers in fields other than traditional trades.
The other unusual aspect of the program is the way it blends the rigorous software assurance curriculum developed by Carnegie Mellon University for the courses at Illinois Central College with job-site instruction of a core course of professional and self-management skills that the participating Peoria employers want.
A challenge and opportunity
“It is an enormous problem as well as one of the most significant economic development opportunities that we’ve had in a very long time,” Seshagiri said. “Maybe not since the GI Bill have we had a situation that presented itself where, if we could come together and create the kinds of programs like these apprenticeship programs and get a lot of people into those things, we could fill a lot of jobs. And then, suddenly we would have people in middle-class, well-paying jobs that start off at $60,000 a year with benefits.”
With the “internet of things” bringing billions of devices online, Seshagiri said there is a critical need for properly educated people to create high-quality software. His efforts to encourage an “ecosystem” among employers and educators include serving as co-chair of the apprenticeship sub-working group for the National Institute of Cybersecurity Education (NICE).
Two other colleges — Lincoln Land Community College in Illinois and San Antonio College in Texas — offer an associate of applied science degree in secure software development. They use curriculum that both meets Carnegie Mellon University Software Engineering Institute guidelines for software assurance education and aligns with the NICE Workforce Framework. San Antonio College recently added an apprenticeship component to its degree program. Lincoln Land Community College offers the degree with an internship option. Illinois Central College (ICC) offers cybersecurity internships as well as the apprenticeship opportunity.
This fall, ICC administrators will recruit a new cohort of apprentices from those beginning computer science and secure software courses. The plan is to place them with companies beginning in January. For this new cohort, the partner companies will pay students’ tuition and wages during the two-and-a-half-year program.
Julie Howar, dean of business, legal and information systems, said she hopes that the employer partner group will grow as new students are recruited this fall. In addition to ISHPI, Citizens Equity First Credit Union (CEFCU) and ONEFIRE Inc. are the companies currently participating.
“It’s just a great opportunity,” Howar said. “It’s a win-win for everyone: for the college, for the student, for the company.”
Peters and Moreno, the first two graduates of the program, agree. Both had earned bachelor’s degrees and worked several years — Peters in commercial real estate management and Moreno at a call center help desk — before enrolling in the secure software development program because of the apprenticeship and opportunity to earn industry credentials.
(Of the five other students in the first cohort, Perini said that two continue to work as apprentices while completing their degrees; one transferred to a four-year degree program after completing his degree; one switched careers; and one was laid off at the company where he was an apprentice.)
Moreno said the apprenticeship appealed to him because it would be “actual work” for which he would earn enough to cover most of his tuition and living expenses. Industry certifications were also important to him.
“You can only learn so much in school, then you need to earn certifications,” Moreno said.
Since completing their degrees at ICC, Moreno and Peters have turned their attention to earning the Certified Secure Software Lifecycle Professional certificate.
Peters calls it “the pinnacle certification” in secure software development. Earning a passing grade on the certification exam in August will wrap up the requirements of the DOL registered apprenticeship.
“I believe it sets us apart,” he said.