Network Security and Audit Training

MODERN NETWORK SECURITY AND AUDIT TRAINING

The network is no longer inside the building; Security does not remain where it was before.

Bulut, uzaktan çalışma, SaaS uygulamaları ve mobil cihazlarla birlikte ağ kavramı tamamen değişti. Klasik security duvarı eğitimleri 2010’ların ihtiyacına cevap veriyordu. Bu eğitim ise; sıfır güven mimarisi, bulut yerel ağ kontrolü, şifreli trafik analizi, mikro segmentasyon ve modern denetim metodolojisini birlikte ele alır. Hem mimar hem denetçi gzüyle, hem teori hem uygulama.

Check out the Training Flow Request a Training Plan
Zero Trust Architecture Cloud Network Security SASE & SD-WAN Micro Segmentation Modern Audit Method
Network Security Maturity Dashboard
ARCHITECTURE + AUDIT
zero trust
kimlik
micro segment
east-west
Traffic analysis
şifreli
%95+web traffic is encrypted (HTTPS)
D-Brisk of horizontal movement in the internal network
Hibritcloud + office + remote network
SıfırZero trust approach: no connection is trusted by default, even within the network.
East-WestHorizontal movement from server to server within the internal network; The area that the classic firewall cannot see.
SASECloud-based secure network access model; The new standard for office-cloud-remote worker traffic.
NDRNetwork detection and intervention; Modern attack detection based on behavior analysis.
PURPOSE OF EDUCATION

Network security is now a much broader discipline than writing firewall rules.

2010’larda ağ güvenliği eğitimleri çoğunlukla security duvarı kuralları, saldırı tespit sistemleri ve VLAN yapılandırması üzerine kuruluyordu. Bu temeller hâlâ nemli ama bugünün kurumlarında employeeların nemli bir kısmı uzaktan çalışıyor, uygulamalar bulutta, müşteri verisi SaaS sağlayıcılarında ve trafik büyük oranda şifreli. Klasik perimeter savunması tek başına yetmiyor.

This course builds modern network security on two pillars: first, design principles such as zero trust architecture, micro-segmentation, and cloud network controls; The second is the methods and checklists required to control this new architecture. Both the network architect, auditor and information security manager speak the same language.

Purpose: Participants understand the current network architecture, can design the zero trust approach at an enterprise scale, establish security control in cloud and hybrid environments, and carry out network security auditing in accordance with standards.
In a place where there is no border, border defense is not enough.Employees in the office, at home, in the cafe; applications in the data center, in the cloud, at the SaaS provider. The network model of hiding behind a single firewall is now only valid in very small organizations. This training describes the new model in which identity replaces the border.
The internal network can no longer be considered secure.The vast majority of attackers move horizontally after entering the network. Server to server, user to database. Not only the firewall captures these movements, but also micro-segmentation and behavioral analysis.
If traffic is encrypted, classical control becomes blind.Almost all web traffic is encrypted today. This means that classic content moderators do not see the traffic. Encrypted traffic analysis, certificate inspection and behavior-based detection are a modern necessity.
Cloud networking and traditional networking do not speak the same language.AWS security groups, Azure network security groups, Google cloud firewalls; It works with a different logic than the classic enterprise firewall. The person auditing in a hybrid environment must know both worlds.
CLASSICAL APPROACH AND MODERN APPROACH

This training adds modern architecture to classical network security knowledge.

Pek çok ağ güvenliği eğitimi 2010’ların kavramları üzerine kurulu kalmış durumda. Bu programın farkı, klasik temelleri inkar etmek değil; bugünün ağ topolojisinin gerektirdiği yeni katmanları aynı sürede aktarabilmesidir.

Klasik Ağ Güvenliği Trainingsi 2010’ların müfredatı, hâlâ pek çok yerde aynı

  • Configuration focused on a single enterprise firewall
  • Internal network protection based on VLAN and port security
  • Signature-based intrusion detection systems
  • Wireless standard details such as WPA, 802.11i
  • Content filtering and antivirus product training
  • A focus on data center network design
  • Network equipment certification focused approach

Modern Dimensions Added in This Tutorial Requires 2026 network topology

  • Zero trust architecture and identity-based access
  • Micro segmentation and east-west traffic control
  • Behavior-based network detection and intervention approach
  • Encrypted traffic analysis and certificate auditing
  • Cloud native network controls (AWS, Azure, GCP)
  • Unified network security with SASE and SD-WAN
  • Container and Kubernetes network policies
  • DNS security, DoH/DoT auditing, network telemetry
EDUCATIONAL ACHIEVEMENTS

Participants learn to evaluate network security together on the axis of architecture, control and audit.

The training avoids being product training. Instead of a single brand's firewall interface, it describes the same control logic regardless of the brand. Each topic is discussed through the institution's real network, hybrid structures and audit reports.

ZERO TRUST

It establishes a model that eliminates in-network trust.

Zero trust approach; the principle that every connection is verified every time based on identity, device state, and context. The training addresses the design, implementation and control aspects of this model.

  • Identity-based access logic
  • Device compatibility checks
  • Policy engine and enforcement point
MICRO SEGMENTATION

It prevents horizontal movement.

How to design application or workload-based segmentation and with what tools is it applied in order to prevent the attacker from moving from server to server after entering the network.

  • East-west traffic control
  • Application-based policy design
  • Agent-based and network-based approaches
CLOUD NETWORK SECURITY

Teaches the control logic of the three major cloud providers.

AWS security groups, Azure network security groups, and GCP firewall rules; Virtual private network design, peering, and gateway services are studied with practical examples.

  • Virtual private network design
  • Cloud security group rules
  • Multi-cloud and hybrid connectivity
SASE AND SD-WAN

Addresses cloud-based unified network security.

Modern architecture for remote workers, passing office and cloud traffic through a single layer of cloud-based security. How this model works, its limitations and checkpoints are covered.

  • Secure web gateway logic
  • Cloud access security agent
  • SD-WAN and traffic routing
ENCRYPTED TRAFFIC

Methods of making invisible traffic visible.

How has classical content control changed in the HTTPS world, how is certificate control performed, in which case traffic is opened, how to balance privacy and security.

  • Certificate verification and stabilization
  • Traffic generation strategies
  • Balance of privacy and harmony
NETWORK DETECTION AND INTERVENTION

Establishes behavior-based intrusion detection.

It discusses the limits of signature-based intrusion detection systems, how behavioral analysis and network telemetry are combined, and modern threat hunting practices.

  • Network telemetry and flow logs
  • Behavior anomaly detection
  • Network-based threat hunting
TRAINING FLOW

Two-day intensive program; Covers modern network security from design to control.

Program; It can be adapted as 1 day summary, 2 days standard or 5 days auditor competency depending on the maturity of the institution and the participant profile. The entire flow is supported by practical laboratory studies.

01Modern network topologyTransition from the classic perimeter model to the hybrid and cloud-based model; employee, application and data location change.
02Zero trust basicsIdentity, device, network and application context; policy engine and application point design; zero trust maturity model.
03Classic controls, new perspectiveFirewall, intrusion detection system, wireless network controls; their place and boundaries in modern architecture.
04micro segmentationRisk of horizontal movement in the internal network; application and workload based segmentation; agent-based and network-based approaches.
05Cloud network controlsVirtual private network design, security groups, cloud native firewalls and hybrid connectivity on AWS, Azure, GCP.
06SASE, SD-WAN and remote accessPost-VPN world; cloud based secure web gateway, cloud access security broker, remote worker traffic.
07Traffic analysis and detectionEncrypted traffic inspection, network telemetry, behavior-based detection, network-based threat hunting practices.
08Network security audit methodologyScoping, checklist design, automated tool selection, findings classification and reporting discipline.
TRAINING MODULES

Classical foundation, modern architecture and control methodology come together in a single program.

M1
Modern network topology and zero trustChange of the network concept after hybrid working, cloud migration and SaaS deployment; zero trust architecture fundamentals and maturity model.
M2
Classic controls and modern contextFirewall types and rule logic, intrusion detection systems, content controllers, router and switch security; their place in the new architecture.
M3
Internal mesh and micro segmentationEast-west traffic analysis, horizontal movement scenarios, application-based segmentation, difference between agent-based and network-based applications.
M4
Cloud and container network securityAWS, Azure, GCP security groups and virtual private network design; Kubernetes network policies; service network concept; multi-cloud view.
M5
SASE, SD-WAN and encrypted trafficCloud-based secure access model, secure web gateway, cloud access security broker, encrypted traffic control and certificate management.
M6
Detection, intervention and controlNetwork telemetry, behavior-based detection, network threat hunting, audit scope, checklist, automated tooling and reporting.
DOMALI ATÖLYELER

Training makes learning permanent through real network scenarios and audit reports.

Participants don't just listen; It creates a network topology, designs a segmentation plan, writes a cloud security rule, determines the audit scope, produces a findings report and creates a road map for its own institutions.

TOPOLOGY WORKSHOPHybrid network mapA sample organization's office, data center, cloud and remote worker traffic is extracted into a single logical schema; risk points are marked.
ZERO TRUST DESIGNPolicy engine scenarioAn identity, device compliance, and context-based access policy is designed for a critical application; The application point is determined.
SEGMENTATIONHorizontal motion preventionThe traffic policy matrix is extracted for the database, application server, and end-user segments; Exceptions are discussed.
CLOUD SECURITY GROUPSame control across three cloudsHow to configure the same application with the same security logic on AWS, Azure and GCP; The differences of the three clouds are compared.
ENCRYPTED TRAFFICOpening decision debateFor e-mail, finance and health traffic, it is evaluated whether the traffic should be opened or not, and if so, to what extent it should be opened.
AUDIT REPORTControl listesi ve bulguA 50-item audit checklist is designed for the modern network environment; A sample findings report is written.
WHO SHOULD JOIN

Adaptive training for all critical roles that design, operate or monitor the modern network.

Network and Security Engineers
Cloud and DevOps Teams
Information Security Managers
System Administrators
Internal Audit Experts
SOC and Monitoring Teams
Penetration Testing Teams
IT Architects and Strategy
ÇIKTILAR

At the end of the training, the institution's network security maturity becomes measurable in terms of both architecture and control.

Participant gains

  • Ability to accurately map hybrid network topology
  • Ability to design and implement zero trust architecture
  • Making a micro segmentation plan
  • Ability to compare AWS, Azure and GCP network controls
  • Ability to understand SASE, SD-WAN and cloud access security brokering
  • Ability to set up encrypted traffic control with the right justification
  • Ability to produce network security audit reports

Institutional outputs

  • Modern network topology map template
  • Zero trust maturity rubric
  • Micro segmentation policy matrix
  • Three cloud comparative control checklist
  • Encrypted traffic control decision matrix
  • Modern network security audit checklist
  • 90-day network security roadmap specific to the organization
EDUCATION IDENTIFICATION

Everything you want to know about education at a glance.

Duration, format, number of participants, certificate, content scope and delivered materials have been clarified. In institution-specific programs, parameters are adapted according to need.

2 GÜN
Training Duration 14 Hours / 2 Full Days 1-day summary or 5-day auditor competency option depending on the maturity of the institution.
FORMAT
Training Format Face to Face or Online Classroom training at the institution location, online live session or hybrid structure.
CERTIFICATE
Certification Certificate of Participation OKlayan tüm katılımcılara Secure Fors imzalı dijital sertifika.
DİL
Language of Education Türkçe English training and material presentation upon request.
Training NameNetwork Security and Audit Training
Süre2 days (14 hours). It can be adapted as a 1-day summary or 5-day auditor competency program depending on the maturity of the institution.
Training Format Face to Face (Institution Location) Online Live (Zoom / Teams) Hibrit
Training TopicsModern network topology · Zero trust architecture · Classical controls and boundaries · Micro segmentation and east-west traffic control · Cloud network security (AWS, Azure, GCP) · SASE and SD-WAN · Encrypted traffic analysis · Container and Kubernetes network policies · Network detection and response · Modern network security audit methodology.
Target AudienceNetwork and security engineers, cloud and DevOps teams, information security managers, system administrators, internal audit specialists, SOC teams, penetration testing teams, IT architects.
PrerequisiteKnowledge of TCP/IP fundamentals, basic networking concepts (router, switch, firewall), and general information security is recommended. Specific brand product experience is not required.
Number of ParticipantsOptimum verim için 8 – 20 kişi. Kuruma zel programlarda en fazla 25 kişiye kadar grup açılabilir.
Sertifika Certificate of Participation When the training is completed, a signed digital participation certificate is issued by Secure Fors. Contains verifiable QR code.
Educational MaterialPresentation file (PDF) · Workshop workbook · Hybrid network topology map template · Zero trust maturity rubric · Micro segmentation policy matrix · Three cloud benchmark checklist · Encrypted traffic audit decision matrix · Modern network security audit checklist · 90-day roadmap template.
UygulamaIt includes workshops on hybrid network mapping, zero trust policy engine design, segmentation matrix creation, implementation of the same control in three clouds, encrypted traffic opening decision discussion and audit report writing.
EğitmenISO 27001 Lead Auditor, senior consultant with experience in CEH and cloud security. Architectural and audit-oriented approach with field application experience, avoiding product training.
PricingSpecial offer for the institution. The price is determined according to the number of participants, format (face-to-face / online), program duration and customization need.
FREQUENTLY ASKED QUESTIONS

Answers to questions you may have before the training.

How much technical infrastructure is required for training?

Knowing basic network concepts such as TCP/IP, routing and switching is sufficient. Specific brand product experience (Cisco, Fortinet, Palo Alto) is not required; The training is not product training, but architecture and methodology training.

Does the online format provide the same efficiency as face-to-face?

Yes. The online format is conducted live via Zoom or Teams; It has the same structure as the face-to-face format, with screen sharing, breakout rooms, virtual whiteboards and live workshops. The only difference is the coffee break intimacy.

Is there a certification exam?

No, eğitim sonunda sınav yoktur. OKlayan tüm katılımcılara Secure Fors imzalı, QR kod ile doğrulanabilir dijital katılım sertifikası verilir. ISO 27001 Lead Auditor gibi uluslararası sertifikalar bu eğitimin kapsamı dışındadır.

Can training content be customized according to the institution?

Yes. Content weights are redistributed based on the organization's cloud provider (AWS only or Azure only), industry (finance, healthcare, government), and current maturity. In case of demand, the actual topology of the institution is studied as a case.

Is there support after training?

Participants who complete the training can ask questions to the instructor via e-mail for 30 days. Additionally, all shared templates (segmentation matrix, audit checklist, roadmap) are provided with editing rights.

Is it sufficient for teams that will perform network security audits?

Yes, the M6 module is entirely dedicated to audit methodology: scoping, checklist design, automatic tool selection, findings classification and reporting. The 5-day auditor version is recommended for teams that want more in-depth audit training.

Transform network security from the firewall rule level into a modern architecture discipline.

Plan a network security training program specific to your organization's needs, covering zero trust, micro-segmentation, cloud network controls and audit methodology.

Request a Training Plan

Reference frames: NIST SP 800-207 Zero Trust Architecture, NIST SP 800-41 Güvenlik Duvarı Rehberi, CIS Controlleri Ağ Güvenliği Blümü, ISO 27001:2022 Annex A 8.20-8.23 Ağ Güvenliği Controlleri, Cloud Security Alliance Bulut Control Matrisi.