STM is a solution provider for integrated cyber security and defence and a trusted partner for cyber domain R&D and solution development and fully capable of designing R&D projects, product development and operational support and it aims to be a globally recognized Centre of Excellence in cyber domain.

Based on Turkey’s Cyber Action Plan, STM is responsible from precautions and respond to the incident, analysis and risk assessment.


  • has actively involved in cyber security activities with both NATO and the European Union,
  • has strategic cooperation with organizations such as NATO CCDCoE (Cooperative Cyber Defence Centre of Excellence), USA CERT, MITRE, EOS and universities,
  • has been organizing Capture the Flag (CTF) competitions since 2015. These competitions, where the entire organization organized by the STM, are among the most comprehensive national competitions in the cyber security domain. The aim of the competition is to identify qualified people in different areas of cyber security and to raise awareness about this domain. To follow the latest news:
  • publishes Cyber Threat Status Reports on current cyber incidents quarterly. You can access the contents of the reports at
  • is attending cyber security related activities such as journals, books, conference papers, competitions,
  • has the capable of Common Criteria Evaluation Laboratory with TSE license and Common Criteria Testing and Evaluation,
  • As a result of its research and development activities, STM has shown success in the domestic product of CyDecSys, which is a Cyber Security Decision Support System.

STM Cyber Security Capabilities

System Specific Cyber Security Analysis & Risk Assessment

  • System Characterization
  • Threat Identification
  • Vulnerability Identification
  • Attack Vector Analysis
  • Impact Analysis
  • Static and Dynamic Risk Assement
  • Situational Assessment and Recommendations

Integrated and Interoperable Cyber Defense Systems

  • Situational Awareness (Common Operational Picture, Interactive
  • Maps, Alerts)
  • Service Oriented Architecture (SOA) Approach
  • Open Standards (WSDL, CEF, STIX, IODEF, etc.)
  • Interoperability
  • National Vulnerability Database
  • Topology & Vulnerability Scanning Automation
  • User Defined Threat Scenarios
  • Simulation Based Attack Tree Generation
  • Assessment of What-if Scenarios
  • Dynamic Risk Assessment Based on Security Events

Security Information & Event Management

  • Log Collection From Sensors (Firewall, IDS/IPS, Antivirus, DLP, etc.)
  • Ability to Expand with New Sensors
  • Data Fusion
  • Correlation Rule Editor & Rule Processor Engine
  • Near Real Time Alert Generation
  • Statistical Views
  • Information Dissemination


Integrated Solution Development

  • Customized Solutions for Complex Operational Environment
    • User Defined Threat Scenarios
    • Topology & Vulnerability Scanning Automation
    • Simulation Based Attack Tree Generation
  • Software Development
    • Service Oriented Architecture (SOA) Approach
  • System Integration and Modelling
  • Open Standards (WSDL, CEF, STIX, IODEF, etc.)

Industrial Control Systems (ICS) Security

  • Industrial Control Systems Environmental Analysis Improvement Recommendations
  • Determination of Cyber Maturity Level in Industrial Control Systems
  • Feasibility of Planning Security Investments in the Operational Technologies Domain
  • Strategic Structuring Consultancy

Consultancy Services

  • ISO 27001 Consultancy
  • Computer Emergency Response Team (CERT)
  • Feasibility Studies and Capability Roadmap
  • Strategic Structuring Consultancy
  • Secure Software Development Consultancy
  • Cyber Maturity Level Assessment
  • Feasibility of Planning Security Investments

Risk Assessment and Analysis

  • Feasibility Studies and Capability Roadmap
  • Consultancy for Strategical Structuring
  • Consultancy for Secure Software Development

Project Design, Facility and Operating Services

  • Cyber Environment Defense
  • CERT
  • Cyber Fusion Center

Cyber Threat Intelligence Center Services

  • Cyber Threat Analysis
  • Sectoral Cyber Threat Event Tracking
  • Social Media Cyber Threat Case Study
  • Potential Phishing Domain Address Tracking
  • Current Vulnerability Analysis
  • Attack Surface Analysis - Reconnaissance study in open sources through cyber attacker eyes
    • IP address review
      • Mainframe server detection
      • Detection of other domain addresses on the same IP
      • Mail server detection and configuration analysis
      • Name server detection and configuration analysis
    • Web site analysis
      • 3rd party service integration detection
      • Potentially hazardous content detection
      • Server configuration problem detection
      • Detection of ports and services by passive scanning methods
    • SSL Certificate Analysis
    • Compromised e-mail address and password detection

Cyber Operations Center Services

  • SIEM Consulting
  • Cyber Incident Response Team (CIRT)
  • Security Information and Event Management
    • Network Traffic Monitoring / Detection
    • Log Collection from Sensors (Firewall, IDS / IPS, Antivirus, DLP, etc.)
    • Extendability with additional sensors
    • Data Fusion
    • Correlation Rule Editor & Rule Processing Engine
    • Near Real Time Alert Generation
    • Statistical Views
    • Sharing Information

Cyber Security Trainings 

For more information about the trainings in the Cyber Security Training list provided by STM Academy.

Training list:

  • Cyber Security for Managers
  • ISO 27001:2013 Implementation
  • Cyber Security Risk Assessment
  • Business Continuity and Disaster Recovery
  • Secure Code Development in Java
  • Basic Cryptology and its Applications
  • Web Application Penetration Testing
  • Network and Application Penetration Testing
  • Mobile Penetration Testing
  • Malware Analysis
  • Mobil Malware Analysis
  • Windows Digital Forensic Investigation
  • Social Engineering Attacks and Prevention Methods
  • Basic Open Source and Cyber Threat Intelligence
  • CSIRT Installation and Management
  • Attack Detection and Log Management
  • Central Security Monitoring and Incident Management
  • Security Configuration Audit
  • Virtualization Configuration and Security