Gazete ETÜ had an interview with Prof. Ali Aydın Selçuk from the Department of Computer Engineering, about the Information Security Master's Program, one of the most ambitious graduate programs of TOBB ETÜ. Read the interview to get detailed information about Information Security in general, and Information Security at TOBB ETÜ in particular.

  • Professor Selçuk, I want to start by thanking you for your valuable time. Let’s begin with information security, if you will. What does it mean? Why is it needed today?

In order to understand information security, we need to talk about internet first. Today everything is connected, and internet is now a natural part of the indispensable infrastructure. The history of internet extends back to 1960s. In its earliest days it started off as a network between the universities. Even though it received funding from the US Department of Defense, for a long while, it was essentially an amateur network used to facilitate communication between researchers. 1990s, however, saw it expand throughout the globe. The development of the World Wide Web brought about the internet as we know it, and the corporations began to gain prominence on the net.

During that decade, the internet was mostly a window for the corporations to present themselves. Later on, operations over the internet began, led by Amazon. Banking and e-government services became common. Today, internet lies at the core of everything. Just like electricity and water grids, the internet network is now a must. Internet connection is presumed to exist for any ordinary function of daily life, and almost all operations can be carried out over the internet. In a nutshell, the net started on an experimental footing providing academic communications, followed by eventual adaptation to commercial purposes, leading to exponential expansion. At the moment, it is a part of a crucial infrastructure system.

This, of course, has a number of substantial advantages. For instance, in the olden days you would have to pay a visit to the relevant entity’s offices to have some procedure or transaction executed. Nowadays, you can get it done over the internet, very easily. Furthermore, you no longer need separate grids when you need connection, such as the ones which connected ATM machines back in the day. On the other hand, the network is now prone to attacks. The banks’ vulnerability to cyber-attacks is among the most widely discussed issues. E-government services create exposure to attack. Internet of things is all the rage right now, with smart homes, smart devices, even smart pacemakers becoming popular. Nowadays, there are smart implants allowing your doctor to connect and run tests, helping her to make a diagnosis. It is possible to connect to these via bluetooth, and make the data they gathered available to the doctor. With information systems, people with a comprehensive knowledge about the operation of the system can use that knowledge to run exploits, steal data, or stop the system. That is why information security is considered a must given such widespread and crucial use of the internet.

  • We talked about the commercialization of the internet. What about the process of development of security? Did it run on a similar track? Where were we at the beginning, and where are we now? What should we expect in the near future?

Since the earliest days of the internet, security had always been an afterthought. First you experience some attacks; and only then you think about how to make the system secure against such attacks. Today, the increasing complexity of the systems also made it difficult to ensure security.

Internet and its security is mostly based on civilian initiative. There are no substantial government regulations, for it is virtually impossible to ensure security through government regulations, without disrupting the operations of the internet. Firms acting on commercial interests play a role in ensuring information security. Security is of utmost importance here, as the internet is practically a system entities connect to in order to sustain their operations.

People develop new software almost every day. Naturally, they come with their own set of vulnerabilities. The software gets exploited, which leaves us with a security vulnerability. We are faced with ever growing needs for security. Every new device connected to the internet increases the level of vulnerability. It is evident that this security sector has substantial potential in the near future. Even if we train thousands and thousands on this issue, it will still be short of the required number of specialists.

  • Was that what motivated TOBB ETÜ Information Security Master's Program in the first place? What can you tell us about the program?

One of the priority items of the National Cyber Security Strategy and Action Plan is to train qualified personnel on this matter. At this junction, the universities should play a major role. We have 3 professors working on security at our department. We have another one in the Mathematics Department as well. At TOBB ETÜ, we already had the groundwork done for us. We were able to offer courses and engage in research. The students in our undergraduate and graduate programs took courses and wrote dissertations. In 2013, in consideration of the needs prevalent in the sector and the country, we took off with the cyber security program.

What we intended to do is to contribute to covering the shortages Turkey suffers on this front. The most important asset a country can have is qualified labor force. If you do not have competent manpower to make use of the resources you have, those resources would only be wasted. In a nutshell, what we intend to do is not to increase the number of people who have cyber security degrees in Turkey, but instead to make those diplomas truly mean something, by training a really qualified labor force.

The students can enroll in Information Security Master's Program with or without a dissertation. I want to note one more matter: Our program is a cyber security master's program in terms of the contents of the courses and the outcomes we want to achieve. However, hence TOBB ETÜ’s sensitivity about the use of Turkish language, we chose to use the name Information Security Master's Program.

  • What are the acceptance requirements of the program?

The candidates seeking acceptance are expected to exhibit a certain level of technical knowledge. I want to underline that this is not a program we offer with some concern about generating tuition. That is why we want our students to be graduates of Computer Engineering or related fields. If we deem the candidate to have some shortcomings in terms of her computer engineering credentials, we require scientific preparation courses as a prerequisite. Those are courses on operating systems and computer networks. In order to achieve a certain standard in terms of cyber security, everyone at the class should share some common foundations. Otherwise, the efficiency of the courses we offer will naturally fall. The prospective students of the program should have basic computer skills, or should at least be in a position to remedy any shortages through scientific preparation courses.

  • Can you name a few of the courses the students can take within the framework of the Information Security Program?

Internet and Data Security course establishes the foundations of the program, in terms of data transmission and storage. Penetration Testing course provides some insight into the operation of a hacker, combined with efforts to train white-hat hackers. Forensic Computer Analysis course focuses on the use and analysis of computers and similar systems in court cases. Reverse Engineering and Malicious Software course provides information on the working and development of viruses. The Information Security Management course contributes to the management of the cyber security units of various entities. These are just a few of the courses. Candidate students can check our department page to see the complete list of the courses.

  • Today there is substantial demand for cyber security. What makes TOBB ETÜ’s Information Security Master's Program stand out among other programs?

In recent years, many universities began offering master’s programs on cyber security or information security. But not all can achieve the same level of success in providing actual essence. It is difficult to find competent professors from the academic domain. So is finding interested professionals from the industry.

I can confidently say that the applied part of the program is as good as the professors involved. For instance, we offer a Penetration Testing course. It is dedicated to the methods used to check the level of security of a given network. White-hat hackers seek and scan for vulnerabilities on your network, using methods other hackers would usually use. Such a course can be offered only by someone really involved in the practice. For, someone with a grasp of the current vulnerabilities and tools that can be used at the time will be much more effective in that course. The best of the sector, who earn substantial sums in this business, serve as lecturers on a part-time basis in our program, as a public service. Both the qualities of our professors, and our strengths in terms of practice puts our school one step ahead of similar cyber-security offerings in Turkey.

  • Can you specify some competences the students have at the time of graduation?

Our students graduate with substantial competences in both practice and theory. From a theoretical perspective, they are provided robust foundations, while on the practical front they receive the most current set of skills. It is definitely not about a theoretical education or a superficial venture into practice. We are working hard to train the high-quality labor force Turkey needs on this crucial matter.

  • What kind of a career should the graduates expect?

In Ankara, the demand for high-quality cyber security experts is substantial. Government agencies such as BTK, TUBITAK, and the Police, as well as defense industries such as Aselsan, Havelsan, and STM are always on the lookout for qualified experts. That is why our graduates are really sought after. Many of our students are also enrolled in our program while working at such agencies.

  • I want to thank you for providing us the details of the program sincerely.

I too want to thank you, for your visit. I hope this talk will help answer some of the questions interested students may have.

Interview: Haydar İleli - TOBB ETÜ Mechanical Engineering Undergraduate Program

Photos: Şule Demir - TOBB ETÜ Psychology Undergraduate Program

Click here to get detailed information about the program.