Recent years have seen a dramatic and rapid paradigm shift in computing from static control systems (often implemented in hardware), to dynamic, easily-reconfigurable, software-defined systems. The researchers and practitioners have just begun to scratch the surface of how the ever-increasing software-defined everything (SD-X) changes the landscape of cybersecurity. On one hand, a software-defined world adds potentially new attack surfaces that deserve new research investigation. On the other hand, considering the fact that everything can be defined by the software, now we can have a new playground to redesign the security mechanisms and services. With programmable security, we can also better embrace the new advances in big data and AI to provide more intelligent and adaptive security for the software-defined world. We believe the opportunity is ripe for academics to make foundational contributions, collaboratively with industry, to shape the next 5 years of research in this new space, SPS (Software-defined Programmable Security). Emerging data centers, cloud networks, IoT and edge computing also provide a fertile playground to consider disruptive software-defined programmable security designs.