Words: Rosanna Norman, GÉANT
On the occasion of the 10th anniversary of the Secure Code Training (SCT) and the School of Software Engineering (SSE), CONNECT met with the masterminds of these successful training initiatives, Gerard Frankowski and Maciej Łabędzki from PSNC in Poland, to look at how these evolved through the years and at the benefits they have brought to the European NREN community.
Tell us about these initiatives, and their objectives. How did it all start?
The first SCT and SSE took place at PSNC in Poznan in 2010. Their content was defined by the survey we launched to better understand and address the professional requirements of the software development teams in the GÉANT community.
Did the objectives change from day one to the present day?
For the SCT, our aim from day one has been to raise awareness of secure coding patterns to limit the number of security vulnerabilities in the code; for the SSE, it has been to improve the wide scope of ‘software engineering’ skills across the GN4-3 Project. The programmes have evolved keeping up pace with the technological developments in the relevant fields.
SCT and SSE training courses deliver a balanced mix of theory and practice and bring closer software professionals from across the community through the social activities included in the events programmes which have always been very much valued and enjoyed by all participants.
As we firmly believe that in cyber security we need to prepare to defend by knowing how to attack, in 2014 the SCT launched “HackMe” a type of hackathon where participants were given the opportunity to test acquired skills and abilities by attacking an existing application; to make the event more memorable and enjoyable we even included fun elements such as appealing challenges and final prizes. The training sessions focus on specific topics and aspects of software development with the overarching goal of enabling access to good practice, effective tools and harmonising skills development for all.
Engagement with the community has always been a key factor and special area of focus; therefore we have been constantly working on improving the format and range of activities for both programmes. For instance, in order to open the SSE (originally called Summer School of Software Engineering) to a wider audience and encourage participation from the entire community we shortened its duration to three days and populated them with hands-on only workshops, skills acquisition and practical exercises. The formula has been successful; in addition, every year (in the pre-COVID times) training events took place in a different central European location easily reachable by all participants. In 2020, due to the COVID pandemic restrictions, we held SSE online for the first time and used a collaborative platform to enable the distributed teams to work effectively together.
Who are the people and organisations behind these initiatives?
Both initiatives are part of the Operations Support Work Package 9 in GN4-3, specifically the area related to software governance. The programmes’ success is the outcome of the fruitful collaboration between PSNC and AMRES with the valuable support of GÉANT Learning & Development (GLAD), and, of course, the dedication and commitment of the entire team involved in both initiatives.
How did these training programmes evolve through the years?
Although the content changes each year, we intend to maintain its tested and successful format consisting of two to three days (to allow for travel time) face-to-face intensive workshops, in addition the consistent use of Java enables us to focus only on language-independent issues. The target audience has evolved too, for instance no specific knowledge is now required to attend SSE training events.
Development skills remain a set requirements to attend SCT notwithstanding the school’s agnostic approach regarding the participants’ experience and background; SCT is for developers and we expect only developers to participate.
How did these schools benefit the GÉANT Project and the community?
The NREN community has benefited from the overall quality of software development and a consequent and associated increase in productivity.
Regular secure code reviews have led to a general growth in relevant skills and abilities.
By bringing together software developers from the European NRENs our training activities have contributed to creating a community of like-minded people.
The programmes longevity, popularity, consistent repeat attendance and interest are also testament to the value of this initiative for the professional community.
What does the future hold for these programmes?
As much as we look forward to meeting face-to-face again, we plan to host 2021 events online.
There may be a change in the training format, but we firmly believe in the importance of staying connected with the community and fostering these connections by listening, engaging, making improvements, bringing new topics and cutting-edge techniques that are relevant and beneficial to our audience.
For these reasons we believe that with the ongoing community support these programmes have a long and successful life ahead.
SCT and SSE web page for the GÉANT community: https://wiki.geant.org/display/GSD/Software+trainings
Gerard Frankowski joined PSNC in 2003 and is the Head of PSNC Cybersecurity Department. Gerard has participated in numerous European and national research projects involving security of networks and systems. He has been involved in various iterations of the GÉANT project since 2008 and has been leading the Secure Code Training since 2010. His areas of interest comprise: vulnerability research, secure programming and penetration tests techniques.
Maciej Łabędzki joined PSNC in 2006 as a Java software engineer. Since 2007 Maciej has been involved in multiple software projects through the various iterations of the GÉANT Project. Maciej is currently leading the Software Catalogue initiative (sc.geant.org) and the School of Software Engineering.
This article is featured on CONNECT36! Read or download the full magazine here: Interactive PDF (hosted externally) | Web PDF Web spread | Single page (hosted on this site)