Nothing Special   »   [go: up one dir, main page]

SGE Home   /   Trainings  /   SGE Trainings

TRAININGS

Cyber Security Institute Trainings

Entry Level Trainings

User Security

Duration of Education

• 3 hours

Prerequisites

• Having knowledge of using information systems as a normal user.

Who Can Participate?

• Users using information systems.

Education Goals

• Awareness about the importance of information security,
• Gaining knowledge of responsibilities and duties as part of the information security management system,
• Acquisition of basic information on information security.

Subject Headings

• The Role of the User in Information Security
• User's Place in the Institution's Information Security Management System
• Access to Computers
• Password Security
• E-Mail Security
• Internet Access Security
• Virus Protection
• Creation, Modification and Destruction of Information Environments
• File Access and Sharing
• Data Backup
• Social Engineering
• Principles to be Followed by the User in Emergency Situations

General Security Focused on Administrators

Duration of Education

• 2 days

Prerequisites

• Having general knowledge about information systems.

Who Can Participate?

• Managers who want to get information about information security,
• People who have general knowledge about information systems and want to learn about information security.

Education Goals

• Gaining knowledge about the general concepts of information security and the general structure of the information security management system,
• Acquisition of basic technical knowledge about system security.

Subject Headings

• Basic Concepts of Information Security
• Security Policy
• Information Security Organization
• Personnel Security
• Risk Analysis and Risk Management
• Business Continuity
• Security Incident Response
• Operating System Security
• Network Security
• Web Security
• Digital Certificates and Certificate Distribution Systems
• Password Management
• Virus Protection Systems

Social Engineering: Attack and Protection Methods

Duration of Education

• 2 days

Prerequisites

• Since the training will be done practically, there should be as many computers as the number of participants in the training class.

Who Can Participate?

• All computer users, primarily system administrators.

Education Goals

• Immunity to social engineering attacks,
• Acquisition of knowledge to provide similar training in own institution.

Subject Headings

• Social Engineering Concept
• Attack Techniques
• Social Engineering Attack Examples
• Social Engineering Tests
• Protection Methods
• Various Social Engineering Applications

Standard Level Trainings

Introduction to Information Security

Duration of Education

• 10 days

Prerequisites

• There are no specific prerequisites.

Who Can Participate?

• People who want to get basic information about all areas of information security.

Education Goals

• Gaining knowledge on the basic issues of information security,
• Gaining a holistic perspective on information security by gaining knowledge in different areas such as windows security, linux security and cyber threats.

Subject Headings

• Introduction to Information Security, Basic Concepts
• TCP/IP
• Safety Devices and Methods
• Introduction to Cryptography
• Unix/Linux Security
• Windows Security
• Web Security
• Wireless Network Security
• Social Engineering
• Records Management
• Incident Response
• Malware, Infection Techniques and Analysis
• Types of Cyber Attacks
• Advanced Cyber Threats

ISO 27001 Information Security Management System Implementation

Duration of Education

• 3 days

Prerequisites

• There are no specific prerequisites. Familiarity with quality systems provides an advantage.

Who Can Participate?

• Persons responsible for establishing and operating an ISO 27001-based Information Security Management System (ISMS),
• Persons who will be subject to or participate in an ISO 27001 audit.

Education Goals

• Gaining the ability to establish ISMS,
• Gaining knowledge about the concepts related to auditing.

Subject Headings

• What is Information Security Management System? Why is it Necessary?
• “Plan-Do-Check-Act” Cycle in ISO 27001
• Information System Risk Analysis and Treatment
• ISO 27001 Basic Control Areas:
– Güvenlik Politikaları
– Bilgi Güvenliği Organizasyonu
– İnsan Kaynakları Güvenliği
– Varlık Yönetimi
– Erişim Kontrolü
– Kriptografi
– Fiziksel ve Çevresel Güvenlik
– İşletim Güvenliği
– Haberleşme Güvenliği
– Sistem Temini, Geliştirme ve Bakımı
– Tedarikçi İlişkileri
– Bilgi Güvenliği İhlal Olayı Yönetimi
– İş Sürekliliği Yönetiminin Bilgi Güvenliği Hususları
– Uyum
• Compliance Audit to ISO 27001
– Denetim Planlama
– Denetim Kontrol Listeleri
– Uygunsuzluklar ve Raporlama
• Various Applications

ISO 27001 Information Focused on Managers

Duration of Education

• 3 hours

Prerequisites

• There are no specific prerequisites. Familiarity with quality systems provides an advantage.

Who Can Participate?

• Managers who want to learn about ISO 27001-based Information Security Management System (ISMS)

Education Goals

• Participants in the training will have general information about ISO 27001 and ISMS.

Subject Headings

• What is Information Security Management System? Why is it Necessary?
• Standard History
• Annex SL Structure
• PDCA (Plan-Do-Check-Act) Approach
• Mandatory Items in the Standard
• Appendix A: Reference Control Objectives and Controls
• Matters to be Considered in the Process of Compliance with the Standard

Cyber Incident Response Team

Duration of Education

• 2 days

Prerequisites

• Moderate experience in both administrative processes and information systems infrastructure.

Who Can Participate?

• Personnel who will take part in the establishment/management of the SOME (Cyber Incidents Response Team) unit in their institutions,
• Personnel working in the information security units of the institution.

Education Goals

• Acquisition of capabilities that will form the response process to cyber incidents in their institutions.

Subject Headings

• Introduction (History, Case Studies, National Cyber Incident Response Organization)
• SOME Basic Topics (What is SOME, Who are its Internal Stakeholders?)
• SOME Installation Steps
• Roles and Responsibilities of SOMEs
– Siber Olay Öncesinde
– Siber Olay Esnasında Müdahale Süreci
– Siber Olay Sonrası
• SOME Operational Elements (Software, Hardware, Policy and Procedures)

Protection of Critical Infrastructure

Duration of Education

• 2 days

Prerequisites

• Proximity to the business processes of their own institution, having basic knowledge about information systems and information security.

Who Can Participate?

• Managers of institutions operating critical infrastructure,
• Corporate SOME and IT unit supervisors and employees.

Education Goals

• Gaining information about the unique importance of critical infrastructures and Industrial Control Systems and the precautions to be taken,
• Institutions gaining competence in implementing both the administrative process and technical measures regarding the security of critical infrastructures.

Subject Headings

• Critical Infrastructures and Information Systems
• Critical Infrastructures and Information Security Incidents
• Managing Information Security in Institutions (Threats and Precautions)
• National Operators and Regulators
• National Cyber Security Organization
• Situation in the World and Suggestions for Turkey

Windows Security

Duration of Education

• 3 days

Prerequisites

• Basic knowledge of Windows and networking.

Who Can Participate?

• Windows network administrators,
• Microsoft Active Directory administrators,
• Those who plan to make a secure transition to Microsoft systems,
• Those interested in security on Microsoft systems.

Education Goals

• Basic knowledge of Windows security,
• Acquisition of the capabilities to make applications in the field of windows security in their institutions.

Subject Headings

• Windows Operating System Security
• IPSec, PKI (“Public Key Infrastructure” – Public Key Infrastructure) and EFS (“Encrypting File System” – Encrypted File System)
• “Powershell” Development in Windows Environment

Microsoft Systems Security

Duration of Education

• 4 days

Prerequisites

• Basic knowledge of Windows, Exchange, active directory and networking.

Who Can Participate?

• Windows network administrators,
• Microsoft Active Directory administrators,
• Those who plan to make a secure transition to Microsoft systems,
• IIS and Exchange administrators,
• Those interested in security on Microsoft systems.

Education Goals

• Advanced knowledge of Microsoft systems security,
• Acquisition of the capabilities to make applications in the field of microsoft systems security in their institutions.

Subject Headings

• Microsoft Web Services Security
• Microsoft “PowerShell”
• Active Directory and Network Services Security (Group policy, DNS, DHCP)
• Patch Management on Microsoft Systems

Linux Security

Duration of Education

• 3 days

Prerequisites

• Having experience at system administrator level in Linux systems.

Who Can Participate?

• Security professionals who want to secure Linux-based systems,
• System administrators responsible for the security of Linux-based internet applications,
• System administrators who are keen on security testing and hardening tools.

Education Goals

• Gaining the ability to do security hardening of Linux-based operating systems,
• Gaining the ability to use Linux-based open source security tools,
• Acquisition of the ability to use tools that detect security breaches on Linux systems.

Subject Headings

• Secure Installation
• Boot Services Configuration
• Safely Configuring the Kernel
• File System Access Control
• User Access Control
• Keeping System Logs
• Security Audit Tools
• Security Tightening Tools
• Script Programming for Security Purposes

TCP/IP Network Security

Duration of Education

• 2 days

Prerequisites

• Having basic networking knowledge.

Who Can Participate?

• System and network administrators,
• Security and penetration testing experts,
• Information systems security department employees,
• Employees of the information systems audit unit.

Education Goals

• Gaining knowledge and competence through laboratory studies on TCP/IP network security.

Subject Headings

• Protocols in the TCP/IP Protocol Stack
• How the Different Layers of the TCP/IP Stack Work and the Security Threats Targeting Them
• Security Vulnerabilities and Solutions for TCP/IP Protocols
• Techniques, Protocols and Devices Used to Ensure Network Security
• Wireshark etc. Packet Capture Programs, Protocol and Packet Structure Analysis
• Concepts such as SSL, IPSec, VPN, Digital Certificate
• Network Components such as Firewall, IDS/IPS, Proxy

Active Device Security

Duration of Education

• 2 days

Prerequisites

• Having basic networking knowledge.

Who Can Participate?

• System and network administrators,
• Security and penetration testing experts,
• Information systems security department employees,
• Employees of the information systems audit unit.

Education Goals

• Gaining knowledge and competence through laboratory studies within the scope of active device safety.

Subject Headings

• Within the scope of the active device concept and network design, tightening of active devices and ensuring the security of the network infrastructure, the following topics will be explained in an explanatory and practical manner:
• Steps for the tightening of active devices, which are widely used today, form the internal network infrastructure and connect the network with the outside world, such as:
– Ağ Anahtarı,
– Yönlendirme Cihazları,
– Güvenlik Duvarı,
– İçerik Kontrolcüsü gibi aktif cihazların sıkılaştırmalarına yönelik adımlar.
• Security measures that can be taken on active devices such as:
– Fiziksel Güvenlik,
– Çalışma Koşulları,
– Kimlik Doğrulama,
– Yetkilendirme, İzleme, Servis Kontrolü,
– Yama Kontrolü,
– Erişim Listesi Kontrolü,
– Uzaktan Yönetim Kontrolü vb. güvenlik önlemleri.

System Security Audit

Duration of Education

• 4 days

Prerequisites

Basic networking, operating systems (Windows and Unix), knowledge of border security structures.

Who Can Participate?

• Information technology auditors,
• Information security experts who want to increase their system security audit knowledge,
• System and network administrators who want to understand the security audit logic and prepare their systems for such audits.

Education Goals

• Gaining the ability to use security vulnerability scanners,
• Acquiring the ability of Linux and Windows Operating systems to perform security audits of border security components.

Subject Headings

• Openness, Threat Definitions
• Open Source Vulnerability Scanners and Using These Tools
• Extracting the Topology of a Network
• Border Systems Inspection
• Windows Control
• Audit of Unix/Linux Systems

Basic Security Audit

Duration of Education

• 1 day

Prerequisites

• Basic networking, basic operating system knowledge (Windows).

Who Can Participate?

• Information technology auditors,
• Information security experts who want to increase their system security audit knowledge,
• System and network administrators who want to understand the security audit logic and prepare their systems for such audits.

Education Goals

• Gaining the ability to use vulnerability scanners,
• Gain the ability to control Windows operating systems.

Subject Headings

• Openness, Threat Definitions
• Open Source Vulnerability Scanners and Using These Tools
– Nessus, Nmap, MBSA
• Windows Control
– Güvenlik Şablonları
– “Security Configuration and Analysis”-“Güvenlik Analizi ve Yapılandırma” Aracı

Wireless Network Security

Duration of Education

• 2 days

Prerequisites

• Having basic networking knowledge.

Who Can Participate?

• System and network administrators who manage wireless network systems or want to install such systems,
• Information technology professionals who want to learn about wireless network security.

Education Goals

• Gaining knowledge about wireless access risks and how to eliminate these risks,
• Acquisition of the ability to use wireless network inspection tools.

Subject Headings

• Security Risks in Local Area Networks Providing Wireless Access
• Secure Wireless Communication Architecture
• Software Used in Wireless Networks for Security or Attack Purposes

Records Management

Duration of Education

• 2 days

Prerequisites

• Having basic operating and information systems knowledge.

Who Can Participate?

• System, security and network administrators,
• Information and information systems experts,
• Information security managers and experts.

Education Goals

• Acquiring the knowledge and skills of establishing a records management system that will enable the collection of record (log) information from information technologies and the effective and efficient management of these records in order to make these records meaningful in line with the needs of the institution, both in accordance with legal responsibility and corporate policy.

Subject Headings

• Basic Concepts of Records Management
• Configuration Settings That Must Be Fulfilled to Collect Records
• Analysis Techniques Related to Collected Records
• Considerations in Establishing a Records Management System
• Analysis of Large Records
• Instant Tracking of Collected Records
• Registration Information Required for Any Security Breach
• Records Required for Compliance with Legal or Corporate Policies
• Most Common Mistakes and Problems Encountered While Collecting Records
• Standards to Follow in Record Collection

Advanced Level Trainings

Oracle Database Security

Duration of Education

• 3 days

Prerequisites

• Having general information about databases and basic database management.

Who Can Participate?

• Database administrators,
• Database security controllers.

Education Goals

• Acquisition of the ability to perform database security audits,
• Acquisition of the ability to manage the database securely.

Subject Headings

• Database Fundamentals
• Authentication
• Access Control Lists
• Database Security Audit
• Network Security
• Database Backup
• Controlling Access Tools
• Advanced Security Measures

MS SQL Server Database Security

Duration of Education

• 3 days

Prerequisites

• Having general information about databases and basic database management.

Who Can Participate?

• Database administrators,
• Database security controllers.

Education Goals

• Gaining knowledge about SQL Server database security mechanisms and concepts affecting security,
• Acquisition of SQL Server security audit capability,
• Gaining the ability to manage database securely.

Subject Headings

• SQL Server, General Topics
• Operating System Configuration
• Network Configuration
• SQL Server Installation and Updates
• Making SQL Server Settings
• Access Control and Authorizations
• Auditing and Recording Procedures
• Backup and Disaster Recovery Procedures
• Replication
• Software Development Issues
• “Surface Area Configuration” Tool
• SQL Server Testing and Monitoring Tools

Web Applications Security

Duration of Education

• 2 days

Prerequisites

• Having basic knowledge of web technologies (HTTP, HTML, web servers, internet browsers) and knowledge of at least one of the languages used in applications (PHP, Java, ASP.NET, Perl etc.)

Who Can Participate?

• HTTP-based application developers and controllers.

Education Goals

• Gaining knowledge about the important security components of HTTP-based applications, the most common security mistakes, how to fix these mistakes and ensure sustainable application security.

Subject Headings

• Information Gathering
• Settings Management
• Authentication
• Input/Output Control
• Session Management
• Authorization
• Application Logic
• Record Keeping
• Error Management
• Secure Application Management

Central Security Records Management Systems

Duration of Education

• 4 days

Prerequisites

• Being aware of information system components, having general knowledge about security components used in IT systems.

Who Can Participate?

• Information system managers,
• Information system security managers,
• IT auditors.

Education Goals

• Gaining knowledge on central attack association systems,
• Gaining the ability to centrally collect records from different security components in IT systems,
• Gaining the ability to centrally monitor and take precautions against internal or external attacks on IT systems.

Subject Headings

• Central Records Management Systems
• The Need for Event Association Systems
• Event Association Steps
• Benefits of Event Association Systems
• OSSIM Attack Association System
• OSSIM Promotion
• OSSIM Core Components
• Tools Used in OSSIM
• OSSIM Installation
• OSSIM Component Configuration
• Policies
• Gathering Information from Different Components
• Attack Attribution
• System Maintenance and Update

Penetration Testing Expertise

Duration of Education

• 5 days

Prerequisites

• Having security awareness and experience in the field of security, having moderate knowledge of Linux, Windows and TCP/IP, having moderate experience in information systems infrastructure.

Who Can Participate?

• Personnel to take part in penetration testing and security audits,
• Personnel working in information security units.

Education Goals

• Acquisition of penetration testing capability.

Subject Headings

• Introduction (What is penetration testing? Considerations before, during and after penetration testing, penetration testing methodologies)
• Discovery (Discovery types, applied nmap usage, discovery, port scanning, service detection, operating system detection, etc.)
• Vulnerability detection (Vulnerability concept, Nessus usage, policy making, scanning and examining vulnerabilities)
• Exploit (Exploit and payload concepts, Metasploit usage, msfconsole, meterpreter, post-exploit and auxiliary modules etc.)
• External Network Tests and Gathering Information (Active and passive information gathering, “Google hacking” etc.)
• Sosyal Mühendislik (Telefon ve e-posta yolu ile sosyal mühendislik teknikleri, SET kullanımı, Özelleştirilmiş payload ve zararlı kod oluşturma – makro, pdf, exe.
“Relay” vulnerability, “Post-exploitation”)
• Web Applications Tests (Input-output fields detection, XSS and SQL-i attacks)

Record Analysis

Duration of Education

• 5 days

Prerequisites

• Basic operating systems, database systems and networking knowledge.

Who Can Participate?

• System, security and network administrators,
• Information and information systems experts,
• Information security managers and experts.

Education Goals

• Obtaining basic information about log and record keeping,
• Acquisition of record management and analysis capability in incident response,
• Gaining the experience of which recording type will be used in which situations and at which stage of the incident response,
• Acquisition of basic analysis capabilities for record analysis,
• Acquiring general knowledge and skills about record collection tools and gaining competence in using different record analysis tools.

Subject Headings

• Record Analysis Overview
• Records Analysis Standards, Rules and Regulations
• Record Keeping, Record Collection, Imaging Tools
• Common Errors in Record Analysis
• Incident Response Studies
• Use of Recording at Different Stages of Incident Response
• Contribution of Records Obtained from Different Sources to Incident Response and Analysis

Combating DDoS Attacks

Duration of Education

• 2 days

Prerequisites

• Having basic TCP/IP knowledge, basic networking and active device management knowledge.

Who Can Participate?

• System and network administrators.

Education Goals

• Gaining the ability to record and analyze network traffic at a basic level,
• Obtaining information about DoS/DDoS attacks and their types,
• Gaining knowledge about methods of protection from DoS/DDoS attacks.

Subject Headings

• Information security
• DoS/DDoS Attacks and Types
• Methods of Protection from DoS/DDoS Attacks

Mobile Security

Duration of Education

• 5 days

Prerequisites

• Having basic knowledge of network protocols such as IP, HTTP, TCP, UDP and network listening tools such as Wireshark. Being able to use *NIX derivative operating systems at a basic level, having knowledge of basic security concepts and penetration testing, having basic knowledge of mobile application development, being able to understand the piece of code read.

Who Can Participate?

• Information technology workers who want to perform mobile application security penetration testing and mobile malware analysis.

Education Goals

• Participants in the training will learn about the security features offered by iOS and Android operating system platforms, and gain the ability to perform mobile application penetration testing. In addition, they will have the ability to analyze mobile malware.
Note: Participants must have a jailbroken iOS device (iPhone, iPad, iPod) in order to carry out practical applications for iOS applications. Participants will not be provided with any equipment by the trainer.

Subject Headings

• Basic Concepts in Mobile Security
• Android Operating System Fundamentals
• Android OS Security Features
• Android Application Penetration Test
• iOS Operating System Fundamentals
• iOS Operating System Security Features
• iOS Application Penetration Test
• Mobile Malware and Analysis

High Level Trainings

Basic Computer Analysis

Duration of Education

• 3 days

Prerequisites

• Having basic Linux and Windows operating system knowledge.

Who Can Participate?

• Information system personnel who want to do computer analysis.

Education Goals

• Acquisition of the ability to do computer analysis.

Subject Headings

• Intervention to Computer Incidents
• Information About File Systems (NTFS, FAT32, ext2, ext3) in Operating Systems (How files are created, stored,
deleted etc.)
• Data Persistence and Data Extraction Patterns for Various Partitions of Computers (RAM, “Stack” Space, hard disks, etc.)
• Computer Incident Analysis on Linux and Introduction of Related Tools
• Establishing the Analysis Workspace in the Practical Part and Examining Suspicious Files with Tools
• Performing Computer Event Analysis on Windows and Introduction of Related Tools

Network Traffic Analysis

Duration of Education

• 4 days

Prerequisites

• Basic TCP/IP and networking, Basic Linux and Windows operating system knowledge.

Who Can Participate?

• Network, system and security administrators,
• Information system personnel who want to analyze computer networks.

Education Goals

• Gaining the ability to perform incident analysis and evidence collection processes in cybercrimes without accessing memory units,
• Gaining the ability to detect errors and malicious network traffic originating from network components.

Subject Headings

• Network Packet Capture Technologies: Hardware, Software and Tools
• Basic Network Protocols and Components
• Analysis of Network Security Components Log File: Firewall, Intrusion Detection and Prevention System etc. Registry Files of Systems
• Analysis of Network Protocols. (For protocols like HTTP, SMTP, DNS etc.)
• In-Depth Network Packet Analysis
• Detection of Malicious Network Traffic: “Intrusion Attack”, “DNS Cache Poisoning” etc. attacks
• Detection of Network Traffic Tunneling Techniques: DNS, ICMP, SSH Tunneling etc. techniques
• Analysis of Encrypted Network Traffic: The “SSL Traffic Listening” Technique
• Obtaining Original Data by Reconstructing Network Traffic
• Network Flow Analysis

Windows Malware Analysis

Duration of Education

• 5 days

Prerequisites

• Being familiar with high-level programming concepts such as variables, loops, and functions. Having knowledge about the basic concepts of Windows operating system (“process”, “thread”, “memory management”, “registry”, “handle” etc.). IP, HTTP, TCP.
Having basic knowledge of network protocols such as IP, HTTP, TCP, UDP and network listening tools such as Wireshark. Having introductory knowledge of assembly and x86 architecture.

Who Can Participate?

• Information technology workers who want to investigate malware.

Education Goals

• Gaining practical knowledge about reverse engineering,
• Gaining the ability to analyze harmful documents with Windows and web-based malware.

Subject Headings

• Windows Operating System, Basic Concepts
• Simple Static Analysis
• Behavior Analysis
• Code Analysis
• Confidential Working Methods
• Static Analysis Prevention Methods
• Dynamic Analysis Blocking Methods
• Unpacking Bundled Software
• Memory Dump Analysis
• Web (Browser) Based Malware Analysis
• Analysis of Harmful Documents

Secure Software Development

Duration of Education

• 3 days

Prerequisites

• Intermediate command of any of the programming languages.

Who Can Participate?

• Software developers/engineers,
• Software project managers,
• Software quality control team,
• System architects.

Education Goals

• Gaining knowledge of basic secure coding principles, secure software design, threat modeling, secure software development and security priority testing principles.

Subject Headings

• Security Problems of Software and Technology Components That Software Runs
• Key Elements of the Secure Software Development Process and How to Integrate the Secure Software Development Lifecycle into the Software Development Process
• The Most Encountered Vulnerabilities with Source Code Samples in addition to the Process and How to Avoid These Vulnerabilities
• Technologies That Can Be Used for Safe Operation of Components such as Application, Server, Database, on which the Software Runs on the Assumption that the Software Is Not Just Code

Advanced Penetration Testing Expertise

Duration of Education

• 5 days

Prerequisites

• Having received penetration testing expertise, having intermediate knowledge of Linux, Windows and TCP/IP, having basic programming experience (Scripting languages).

Who Can Participate?

• Personnel to take part in penetration testing and security audits.

Education Goals

• Gaining the competence to use advanced attack techniques in penetration tests.

Subject Headings

• Network Packet Generation (Scapy)
• Domain Tests (mimikatz, metasploit modules, meterpreter modules, incognito, remote registry, golden ticket, pivoting)
• Intrusion Attacks (ARP spoof, SSL Strip, SMB redirect, fake SMB Auth, LLMNR poisoning, DHCP starvation, rogue DHCP server, DNS spoofing, Mimf, scapy snipets)
• Parola Kırma Saldırıları (şifre – özet türleri, çevrimdışı parola kırma, john, cain, çevrimiçi parola kırma, hydra, gökküşağı tabloları, crunch, ophcrack, python betikleri)
• Wireless Network Tests (Network listening, de-authentication, interception, handshake capture, password cracking attacks, encrypted traffic decryption, wps pin cracking, rogue ap, radius server attacks, scapy snipets)
• Heartbleed, Shellshock

sge

(SGE) Cyber Security Institute

The Cyber Security Institute, which was established to carry out studies to increase the national cyber security capacity, carries out research and development activities in the field of cyber security; carries out solutions-oriented projects for military institutions, public institutions and organizations and the private sector.

The main fields of activity of our institute, which has made a significant contribution to the creation of cyber security knowledge and tactical infrastructure in our country with many successful projects to date, are secure software development, penetration tests and vulnerability analysis.

6-yze card logo

(IZE) Artificial Intelligence Institute

Artificial Intelligence Institute is the first institute established within the scope of TUBITAK centers and institutes, which cuts the sectors and research fields horizontally and focuses directly on the emerging technology field. For this reason, it constitutes an innovative model in terms of both the open innovation and co-development approach of the institute and its focus on emerging technology.

Artificial Intelligence Institute aims to develop core technologies in the field of artificial intelligence and bring these innovations from the forefront of science to the use of the industry as soon as possible. Focusing on the transformative potential of artificial intelligence, it will continue to play its part in pioneering efforts to create and sustain artificial intelligence-based innovation, growth and productivity in Turkey. Working with industry and public institutions in Turkey, together with other organizations within the artificial intelligence ecosystem, spreading the use of artificial intelligence and increasing the workforce specialized in this field are among its primary goals.

Discover institutes laboratories technologies products projects of BİLGEM.

Discover institutes laboratories technologies products projects of BİLGEM.

Intern

TÜBİTAK BİLGEM builds its basic strategy for the future on qualified knowledge and qualified people focused on national targets in the research, technology development and innovation ecosystem.

Starting from the understanding that "the most important resource of a country is generally people, specifically scientists," TÜBİTAK encourages and supports our youth from an early age. In this context, providing young minds with early exposure to technology production is crucial for the success of our National Technology Move. Accordingly, TÜBİTAK BİLGEM offers internship opportunities to undergraduate students from universities every year.

You can follow internship announcements and submit your applications through the Career Gateway at https://kariyerkapisi.cbiko.gov.tr.

You can access frequently asked questions about internships at TÜBİTAK BİLGEM from here. 

Application Conditions
  • Students enrolled in undergraduate (2nd year and above) and associate degree programs in departments offering education in universities and conducting insurance procedures through the higher education institution to which they are affiliated can benefit from the internship opportunity.
  • For undergraduate and associate degree students, a minimum Weighted Grade Point Average (GPA) of 2.50 out of 4 is required. The GPA of candidates with a 100-point system is converted to a 4-point system based on the "Conversion Table of Grades from the 4-Point System to the 100-Point System" published by the Higher Education Council.
  • There is no requirement for a foreign language certificate during the internship application process.
  • Students enrolled in departments such as Forensic Computing Engineering, Computer Sciences, Computer Science and Engineering, Computer Engineering, Computer and Informatics, Computer and Software Engineering, Information Systems Engineering, Electrical and Electronics Engineering, Control Engineering, Control and Computer Engineering, Control and Automation Engineering, Mechanical Engineering, Mechatronics Engineering, Telecommunication Engineering, or Software Engineering in universities can apply for internships.

Internship applications are accepted between December and January, and the internship period covers June, July, and August.

intern-img-1

Scholar

Scholar assignments are made for research and development activities for undergraduate, master's, doctoral students, and post-doctoral researchers. In our center, scholars are appointed for practical purposes in externally funded, TARAL, or European Union projects.

You can contact us via the email address bilgem.yetenekkazanimi@tubitak.gov.tr to apply to be a scholar.
Application Conditions

(1) The conditions for undergraduate scholars in externally funded projects conducted by the institution are specified below:

  •  Being a student continuing undergraduate education at higher education institutions established in Turkey (excluding foreign language preparatory students).
  • Having a weighted cumulative GPA for previous years, excluding preparatory years, based on the university's grading system, which satisfies the formula score and foreign language requirements in the recruitment criteria.
  • Completing at least the first semester of the first year of undergraduate education.
  • Having a GPA of "+3.00" and a University Placement Exam Ranking of "10,000 ≥" for undergraduate general average.
  • For foreign students placed in Turkish universities without taking the ÖSYM exam or for those who completed undergraduate education through exams such as Vertical Transfer Exam, the lowest university placement ranking of the department from the year the candidate started the undergraduate program is considered in the ranking formula.

(2) The conditions for master's degree scholars in externally funded projects conducted by the institution are specified below:

  • Being a student continuing master's degree education at higher education institutions established in Turkey (excluding special students and foreign language preparatory students).
  • Currently pursuing a master's degree in the project's field of responsibility.

(3) The conditions for doctoral students in externally funded projects conducted by the institution are specified below:

  • Being a student continuing doctoral education at higher education institutions established in Turkey (excluding special students and foreign language preparatory students).
  • Currently pursuing a doctorate in the project's field of responsibility or conducting a doctorate in areas determined within the framework of the YÖK-TÜBİTAK Doctoral Program Project Collaboration Protocol. (Students in medical specialization and artistic proficiency are accepted as doctoral students.)
scholarship-img-1

Candidate Researcher

Students in the 3rd and 4th years of relevant engineering departments at universities can apply to our Part-Time Candidate Researcher positions through our Job Application System at kariyer.tubitak.gov.tr. By doing so, they can gain work experience at TÜBİTAK BİLGEM during their university years.

This program does not have an end date. Candidate Researcher personnel working part-time during their university period can seamlessly transition to full-time employment as Researcher personnel at TÜBİTAK BİLGEM without interrupting their career journey after graduating from the undergraduate program.

Application Conditions

Conditions for the Candidate Researcher Program:

  • Being a 3rd or 4th-year student in the relevant departments specified in the announcements at universities.
  • Foreign language proficiency: Achieving appropriate scores in the exam types specified in the announcement or studying in a program that is 100% in English for undergraduate education.
  • Satisfying the formula score:

Weighted Graduation Average + (10,000/University Placement Exam Ranking) + Additional Score* >= 3.20

*Candidates who have achieved rankings and awards in national and international competitions will receive an additional score of 0.3.

candidate-researcher-img-1

Researcher

By joining TÜBİTAK BİLGEM as a Researcher, you can contribute to developments in the fields of information technology, information security, and advanced electronics. You'll have the opportunity to make your mark on innovations, closely follow advancements, enhance your skills, and shape your future by advancing in your career.

You can apply to our currently open positions through the TÜBİTAK Job Application System .

Application Conditions

Conditions for Job Application:

  • Foreign language proficiency: Attaining appropriate scores in the exam types specified in the announcement or studying in a program that is 100% in English for undergraduate education.
  • Fulfilling specific requirements stated in the announcement (such as undergraduate department, years of experience, expertise, etc.).
  • Satisfying the formula score:

For Candidates with Less than 3 Years of Experience:

Weighted Graduation Average + (10,000 / University Placement Exam Ranking) + Additional Score* >= 3.20

 

For Candidates with 3 Years and More of Experience:

Weighted Graduation Average + (10,000 / University Placement Exam Ranking) + 5*[1 / (1 + e^(5 - years of experience) ) ] + Additional Score* >= 3.20


*Candidates who have achieved rankings and awards in national and international competitions will receive an additional score of 0.3.

researcher-img-1

MILSEC 4 - Secure IP Terminal

SAFE IP TERMINAL

While the MİLSEC-4 terminal offers an up-to-date solution for next-generation secure communication (voice, data and video) in IP networks, it provides an uninterrupted communication service by maintaining the compatibility of secure voice communication in PSTN networks with PSTN secure phones in use.
provides.

Configuration, surveillance and software update processes of MILSEC-4 terminals are carried out securely remotely using the Security Management Center (GYM). MİLSEC-4 terminal is capable of IP Network Key Loading (IPAAY) through secure communication with GYM without the need for an additional device.

MİLSEC-4 terminals are interoperable with MİLSEC-1A and MİLSEC-2 phones and offer the opportunity to replace MİLSEC-1A and MİLSEC-2 phones without interruption in the gradual transformation of PSTN networks to next generation IP networks.

FEATURES

  • End-to-end secure voice communication in PSTN networks
  • End-to-end secure voice, image and data transmission in IP networks
  • NATO SCIP compliance on IP networks
  • Compatibility with commercial SIP products
  • Interoperability with MILSEC1A and MILSEC2 secure phones
  • National and AES crypto algorithms
  • Remote software update
  • Easy operation with touch screen

It is subject to the sales license to be given by the Ministry of National Defense.