In line with the needs of the defense industry, the Cyber Security School concept was developed in order to create a strong defense capability against constantly evolving and diversifying cyber threats. Applied and theoretical trainings are designed for industry professionals in basic domains such as protection of critical infrastructures, network security, cyber threat analysis, malware analysis, data security and secure software development. Thus, enabling them to give a strategic contribution to country's cyber defense capability and become leading professionals in their fields.
Applied and scenario-based trainings are being conducted. Cyber security laboratories create simulation environments for network security, malware analysis and penetration tests. Industry standard tools such as firewalls, network monitoring systems (IDS/IPS), virtual private network (VPN) devices and endpoint security software are used. Training content is enriched with professional software tools such as Wireshark, Kali Linux, Metasploit etc. With this method and infrastructure, it is aimed for participants to transform theoretical knowledge into practical skills and to be more prepared against cyber security threats in defense industry.
The training is primarily designed for defense sector professionals. In this context, potential participants include employees of the project executing institutions and organizations, personnel from SSB (Defense Industry Agency) as the procurement authority, and employees from public institutions and organizations as the needs authority. Additionally, it is open to professionals working in cybersecurity and IT fields who aim to pursue a career in the Defense Industry sector.
The training programs are designed and implemented with the support of industry professionals. Within this framework, the Expert Advisory Board defines the vision for the Cyber Security School and regularly provides insights on the training content.
Expert Advisory Board (EAB) within the Cyber Security School provides feedback and gives recommendations on the following topics:
Coordinators” within the Cyber Security School perform the following activities based on the needs of the Defense Industry:
You can create a preliminary request for an existing course by selecting it from the "Courses" list and filling in the relevant sections under the "Request" tab.
You can create a preliminary request for an existing course by selecting it from the "Courses" list and filling in the relevant sections under the "Request" tab.
If the course you need is not in the existing list or requires customization, you can submit the course content, location, and preferred instructor (if any) here.
If the course you need is not in the existing list or requires customization, you can submit the course content, location, and preferred instructor (if any) here.
Tuncay Doğantuna
Cüneyt Akdeniz
M. Alparslan Akyıldız
Dr. Çağatay Korkuç
Abdurrahman Emre Özkök
Muhammed Zahid Erkaya
This training aims to ensure that defense industry employees learn the basic principles of cyber security, identify digital threats and effectively protect their personal and corporate data.
This training aims to equip defense industry employees with the foundational principles of cybersecurity, help them identify digital threats, and effectively protect both personal and corporate data. The goal is to raise awareness of cyber threats, minimize the risks posed by cyber attacks, and provide the necessary knowledge and skills to implement basic security measures for those working in critical infrastructure sectors, such as the defense industry.
Throughout the training, participants will learn essential cybersecurity concepts and strengthen their defense reflexes by recognizing threat types, such as social engineering attacks, malware, and phishing. The objective is for individuals working in the defense industry to adopt a cybersecurity culture within their specific roles and ensure the highest level of security for critical information.
Participant Requirements:
• Basic knowledge of computer and internet usage
• Motivation to gain cybersecurity awareness
• Awareness of the importance of critical information security
This training is suitable for in-class or hybrid participation.
Theoretical Explanations: Basic concepts and threats are explained through lectures.
Practical Studies: Security measures and technical demonstrations will be performed.
Interactive Studies: Group work, discussions, and Q&A sessions will encourage participant engagement.
Scenario-Based Training: Analysis and practical applications will be carried out using sample scenarios tailored to the defense industry.
Assessment: Short tests and feedback sessions will reinforce learning outcomes.
Online documentation from organizations such as ISC2 and CompTIA.
This training aims to increase technical awareness against cyber threats, develop competence in the correct use of security technologies and prepare for real-world scenarios through practical workshops.
This training aims to familiarize participants with fundamental cyber security technologies and enable them to use these technologies effectively through practical exercises. During the training, participants will gain the skills to secure digital systems, detect threats, and implement basic security measures by learning about cyber security tools and techniques. This program, designed for individuals working in critical sectors such as the defense industry, aims to enhance technical awareness of cyber threats, develop competence in using security technologies, and prepare participants for real-world scenarios through hands-on practice.
• Basic knowledge of operating systems (Windows and/or Linux).
• Ability to use web browsers and basic computer software.
• Familiarity with basic network concepts such as IP addressing, network protocols (TCP/IP), DNS, and HTTP.
• Basic knowledge of cyber security threats and protection methods (e.g., phishing, malware).
• Willingness to learn more about cyber security and open to learning how to use basic security tools.
• Successful completion of the SG-TS1 training at SSA.
Suitable for in-class or hybrid participation.
Theoretical Training: Basic cyber security concepts will be explained through presentations and concept clarifications.
Practical Training: Hands-on practices with security tools, penetration testing, and vulnerability scanning.
Interactive Participation: Participants will actively engage in group studies, Q&A sessions, and discussions.
Scenario-Based Training: Hands-on practice with real-world scenarios.
Assessment and Feedback: Learning will be reinforced through short tests and post-training evaluations.
Online documentation from organizations such as ISC2 and CompTIA.
In this training, participants will learn how to secure network infrastructure, identify vulnerabilities, strengthen system security and protect against various attacks.
This training aims to equip participants with fundamental knowledge and skills in network and system security. During the training, participants will learn how to secure network infrastructures, detect vulnerabilities, strengthen system security, and protect against various attacks. Additionally, through hands-on practice, they will gain experience in effectively applying security measures using network security tools and system configurations.
Designed specifically for individuals working in the defense industry, this training will provide the essential knowledge needed to protect critical infrastructures and develop effective defense strategies against cyber threats.
• Ability to perform basic tasks on Windows and/or Linux operating systems
• Ability to use internet browsers and basic computer software
• Familiarity with basic network concepts like IP addressing, network protocols (TCP/IP), DNS, and HTTP
• Basic knowledge of cybersecurity threats and protection methods (e.g., phishing, malware, etc.)
• Willingness to acquire more knowledge in cybersecurity and learn how to use basic security tools
• Successful completion of SG-TS2 training at SSA
Suitable for in-class or hybrid participation.
Theoretical Training: Basic cybersecurity concepts will be taught through presentations and concept explanations
Practical Training: Hands-on exercises with security tools and vulnerability scanning
Interactive Participation: Participants will actively engage in group work, Q&A sessions, and discussions
Scenario-Based Training: Participants will practice responding to real-world scenarios
Evaluation and Feedback: Learning will be reinforced through short tests and post-training evaluations
Online documentation from organizations such as ISC2, Cisco, Microsoft, and Comptia
In this training, participants will recognize common vulnerabilities in web applications and learn effective defenses to prevent these vulnerabilities. They will also practice database security best practices, security configurations and data protection methods.
This training aims to provide participants with fundamental knowledge of web applications and database security and to develop their skills in detecting and preventing security vulnerabilities. Participants will learn to recognize common security vulnerabilities in web applications (such as SQL Injection, Cross-Site Scripting - XSS, Cross-Site Request Forgery - CSRF, etc.) and effective defense techniques to prevent these vulnerabilities. Additionally, participants will practice the best practices for database security, security configurations, and data protection methods.
This training, aimed at critical applications and database security in the defense industry, will enhance participants’ ability to securely configure and manage web applications and databases. The course will be supported by real-world scenarios and practical examples, providing participants the opportunity to gain hands-on experience.
• A general understanding of network security and basic cybersecurity concepts (firewalls, VPN, IP addressing, etc.) is required.
• Basic knowledge of web programming languages such as HTML, JavaScript, and basic PHP will be helpful for understanding web application security.
• Basic knowledge of SQL and familiarity with database management systems (such as MySQL or PostgreSQL) is recommended.
• Must have successfully completed SG-TS2 training at SSA.
• Must have participated in SG-TS1 or TS2 at SSA.
Suitable for classroom or hybrid participation.
Theoretical Training: Basic cybersecurity concepts will be explained through presentations and conceptual explanations.
Practical Training: Hands-on applications of security tools and vulnerability scanning will be conducted.
Interactive Participation: Group work, Q&A sessions, and discussions will involve participants actively.
Scenario-Based Training: Participants will practice responding to real-world scenarios.
Online documentation from organizations such as OWASP, SANS, and EC-Council.
In this training participants will gain in-depth knowledge of how to identify security vulnerabilities in network infrastructures, anticipate attacks, and develop effective defense strategies to ensure network security.
This training aims to develop mid-to-advanced level network security specialists. Participants will gain in-depth knowledge in identifying security vulnerabilities in network infrastructures, anticipating attacks, and designing effective defense strategies to ensure network security. The program covers a wide range of technical skills, from configuring network security protocols to penetration testing and incident response.
Participants will receive comprehensive training on advanced topics such as network attacks, threat analysis, traffic monitoring, and firewalls. They will practice real-world scenarios to develop effective solutions against cyber threats. The training also aims to optimize network security monitoring and incident management processes, enabling participants to establish a strong network security infrastructure within their organizations.
• Knowledge of Networking Basics: Basic knowledge of TCP/IP, network protocols (IP, DNS, HTTP, etc.), and network devices.
• Experience in Network Configuration and Management: Familiarity with basic network management, routers, switches, and network topologies.
• Basic Security Knowledge: Familiarity with fundamental network security concepts like firewalls, VPNs, and basic security protocols (SSL/TLS, IPsec).
• Participation in SG-TS3 at SSA is required.
The training is suitable for classroom-based or hybrid participation.
Theoretical Training: Basic cybersecurity concepts will be explained through presentations and concept clarifications.
Hands-on Training: Practical applications like using security tools and vulnerability scanning.
Interactive Participation: Group work, Q&A sessions, and discussions will actively involve participants.
Scenario-Based Training: Participants will practice incident response through real-world scenarios.
In this training participants will learn advanced protection methods, threat detection techniques and pre/post-attack security strategies to secure enterprise systems.
This training aims to provide participants with in-depth knowledge and skills in the field of system and endpoint security. Participants will learn advanced protection methods, threat detection techniques, and pre/post-attack security strategies necessary to ensure the security of corporate systems. The training covers critical topics such as endpoint security, system security, vulnerability management, and security monitoring.
Participants will gain proficiency in identifying security vulnerabilities in modern operating systems, network configurations, and endpoint devices, as well as developing defense methods against these vulnerabilities. Additionally, they will utilize the latest security tools and technologies to develop effective defense strategies against cyberattacks and practice through real-world scenarios.
• Network and System Basics: Knowledge of TCP/IP, network protocols, and basic network structures.
• Operating System Management: Basic knowledge and experience with Linux and Windows operating systems.
• Basic Security Knowledge: Familiarity with concepts such as firewalls, VPN, encryption, and access control.
• Participation in SG-TS3 under SSA.
Suitable for in-person or hybrid participation.
Theoretical Training: Fundamental cybersecurity concepts explained through presentations and concept clarifications.
Practical Training: Hands-on applications such as using security tools and vulnerability scanning.
Interactive Participation: Active involvement through group activities, Q&A sessions, and discussions.
Scenario-Based Training: Practicing incident response through real-world scenarios.
In this training participants will gain advanced technical knowledge and practical skills in web and application security, specializing in securing modern web applications.
This training aims to equip participants with the skills to identify, analyze, and fix security vulnerabilities in web applications and software. Participants will gain advanced technical knowledge and practical skills in web and application security, specializing in securing modern web applications. The training will focus on the most common security vulnerabilities (OWASP Top 10) and how these vulnerabilities can be exploited, as well as secure software development and security testing techniques to eliminate these vulnerabilities.
Participants will use effective testing techniques, penetration testing, and security protocols to create defense strategies against potential threats and ensure the security of web applications and services. In addition, through various case studies and hands-on testing, participants will learn to implement security measures against cyberattacks encountered in the real world. This training will provide essential competencies in web and application security, helping participants take a significant step forward in their careers.
• Basic Network and System Knowledge: Familiarity with basic network and system concepts such as TCP/IP, network protocols, DNS, HTTP/HTTPS.
• Operating System Management: Knowledge of basic management and command-line usage for Linux and Windows operating systems.
• Basic Security Knowledge: Understanding of basic security concepts such as firewalls, VPN, and encryption methods.
• Web Development Basics: General understanding of HTML, CSS, JavaScript, and basic server-side technologies (PHP, Node.js, etc.).
• Participation in SG-TS4 under SSA.
Suitable for in-person or hybrid participation.
Theoretical Training: Basic cybersecurity concepts will be explained through presentations and concept clarifications.
Practical Training: Hands-on applications such as using security tools and vulnerability scanning.
Interactive Participation: Active involvement through group activities, Q&A sessions, and discussions.
Scenario-Based Training: Practicing incident response through real-world scenarios.
In this training participants will gain advanced technical knowledge in security monitoring, threat detection, incident response and developing defense strategies against cyber attacks.
This training aims to equip participants with the necessary knowledge and skills for specialists who will work in Security Operations Center (SOC) environments. Participants will gain advanced technical knowledge in security monitoring, threat detection, incident response, and developing defense strategies against cyberattacks. The training will focus on the operation of SOCs, the effective management of security incidents, threat analysis, and the rapid detection and response to attacks.
Participants will learn how to practically apply the tools and processes used in SOCs through real-world scenarios and case studies. They will also gain the ability to effectively use critical tools and techniques for SOC operations, including Security Information and Event Management (SIEM), intrusion detection systems, network traffic analysis, and reporting. This training aims to train professionals specializing in SOC operations.
• Basic Cybersecurity Knowledge: Familiarity with general cybersecurity concepts, threats, and defense mechanisms.
• Network and System Security Basics: Understanding of TCP/IP, network configurations, firewalls, IDS/IPS, VPN, and basic network security concepts.
• Experience or Education: Previous experience or training in cybersecurity, network management, or system administration.
• Basic SIEM and Security Tool Knowledge: A general understanding of SIEM solutions and general security monitoring tools.
• Incident Response and Log Management: Basic knowledge of incident response processes and log analysis, especially focusing on reporting and resolving security incidents.
• Completion of SG-TS2 in SSA.
Suitable for in-class or hybrid participation.
Theoretical Training: Basic cybersecurity concepts will be explained through presentations and concept explanations.
Practical Training: Practical applications like security tool usage and vulnerability scanning will be conducted.
Interactive Participation: Participants will actively engage through group work, Q&A sessions, and discussions.
Scenario-Based Training: Participants will practice incident response through real-world scenarios.
In this training participants will gain an in-depth knowledge of the various tools and techniques used to find vulnerabilities and learn practical applications of pentesting in different areas such as system, network, web applications, mobile applications and social engineering.
This training aims to guide participants toward becoming specialists in penetration testing (pentesting) techniques and methods. The course is designed to develop skills in detecting, evaluating, and reporting cybersecurity vulnerabilities. Participants will gain in-depth knowledge about various tools and techniques used to identify security flaws across systems, networks, web applications, mobile applications, and social engineering. The training will enable participants to develop defense strategies against real-world cyber threats and enhance organizational security.
• Basic Cybersecurity Knowledge: Familiarity with general cybersecurity concepts, threats, and defense mechanisms.
• Understanding of penetration testing methodologies and processes for professional-level application.
• Skills to detect, analyze, and exploit security vulnerabilities in networks, systems, and web applications.
• Proficiency in using security tools (Nmap, Metasploit, Burp Suite, etc.) to gain practical experience.
• Ability to report findings and risk assessment professionally.
• Ability to conduct security testing in real-world scenarios and provide solutions.
• Participation in SSA SG-TS2, TS3, and TS4 courses.
• Classroom or Hybrid participation is suitable.
Theoretical Training: Concepts and presentations explaining basic cybersecurity principles.
Practical Training: Using security tools and vulnerability scanning for hands-on experience.
Interactive Participation: Active participation through group work, Q&A sessions, and discussions.
Scenario-Based Training: Practicing incident response through real-world scenarios.
EC-Council, OWASP, ISC2, and SANS online documentation.
The training aims to provide in-depth knowledge and competence in the areas of threat detection, incident response, and system security needed in security operations centers (SOC).
This training aims to develop participants' defensive (blue team) skills in cybersecurity. The course is designed to provide in-depth knowledge and competence in threat detection, incident response, and system security, which are essential for security operations centers (SOC). Participants will learn how to develop proactive security strategies against modern cyber threats, analyze attacks quickly, and apply effective response techniques, thereby playing a critical role in ensuring the security of organizations.
• Basic Cybersecurity Knowledge: Basic familiarity with cybersecurity concepts and terminology.
• Network and System Knowledge: Basic knowledge of TCP/IP, network topologies, and operating systems (Windows/Linux).
• Log and Command Line Usage: Ability to use Windows CMD, PowerShell, or Linux terminal commands.
• Completion of SG-IS4 at SSA.
Suitable for classroom or hybrid participation.
Theoretical Training: Basic cybersecurity concepts will be explained through presentations and concept explanations.
Practical Training: Hands-on exercises with security tools and vulnerability scanning.
Interactive Participation: Group work, Q&A sessions, and discussions.
Scenario-Based Training: Hands-on practice in responding to real-world scenarios.
The aim of this training is to develop participants' competencies in identifying and assessing the vulnerabilities of organizations using red team (offensive security) techniques and testing their defense mechanisms through penetration tests.
The purpose of this training is to develop participants' skills in identifying, assessing, and testing security mechanisms of organizations through penetration testing by using red team (offensive security) techniques. Participants will gain the ability to think from an attacker's perspective, exploit vulnerabilities in real-world scenarios, and create reports to strengthen an organization's security measures.
• Basic Cybersecurity Knowledge: Basic knowledge of network security, system security, and general penetration testing techniques.
• Network and System Knowledge: Knowledge of TCP/IP, network topologies, and operating systems (Windows/Linux).
• Penetration Testing Basics: Basic knowledge of penetration testing (Pentest) and vulnerability scanning tools.
• Command Line and Scripting Language Usage: Ability to use Linux terminal, PowerShell, and scripting languages like Python.
• Web Security Knowledge: Basic knowledge of web application security and OWASP Top 10 vulnerabilities.
• Participation in SSA’s SG-IS5.
Suitable for in-class or hybrid participation.
Theoretical Training: Basic cybersecurity concepts will be explained through presentations and concept clarifications.
Practical Training: Using security tools and vulnerability scanning for hands-on experience.
Interactive Participation: Participants will actively engage in group work, Q&A sessions, and discussions.
Scenario-Based Training: Intervention practice will be done through real-world scenarios.
Online documentation from organizations such as EC-Council, SANS, ISC2, and Comptia
Savunma Sanayi Akademi
Üniversiteler Mahallesi ODTÜ TEKNOKENT, 06800, Çankaya/Ankara/Türkiye
+90 312 424 19 62
akademi@ssb.gov.tr
