Cyber Security Technologist (Risk Analyst) apprentices will gain an understanding of current cyber threats, hazards and risks and how to apply the necessary controls, measures and mitigation to protect an organisation’s systems and people. They will learn about cyber security risk, governance and compliance, including frameworks and relevant laws and regulations.  Apprentices will develop and apply practical knowledge of information security to deliver solutions that fulfil an organisation’s requirements.

Apprentices must:

Successfully complete three knowledge modules:

  • Cyber Security Introduction,
  • Risk Assessment and Governance,
  • Organisation, Law, Regulation and Standards.

Submit a portfolio of evidence showing how they have applied the knowledge from these modules to projects and activities in their workplace.

Complete their formal End Point Assessment, which comprises:

  • a synoptic project to showcase knowledge and skills from across the apprenticeship
  • a review of their portfolio of evidence
  • a final interview with an independent EPA assessor.

Upon completion of their Cyber Security Technologist (Risk Analyst) apprenticeship, individuals will be able to:

  • discover (through a mix of research and practical exploration) vulnerabilities in a system
  • analyse and evaluate security threats and hazards to a system or service or processes
  • demonstrate use of relevant external sources of threat intelligence or advice (e.g. CERT UK)
  • research and investigate some common attack techniques and recommend how to defend against them
  • demonstrate use of relevant external sources of vulnerabilities (e.g. OWASP)
  • undertake a security risk assessment for a simple system without direct supervision and propose basic remediation advice in the context of the employer
  • source and analyse a security case (e.g. a Common Criteria Protection Profile for a security component) and describe what threats, vulnerability or risks are mitigated and identify any residual areas of concern
  • develop a simple security case without supervision
  • identify and follow organisational policies and standards for information and cyber security
  • operate according to service level agreements or employer defined performance targets
  • investigate different views of the future (using more than one external source) and trends in a relevant technology area and describe what this might mean for your business

Upon completion of their Cyber Security Technologist (Risk Analyst) apprenticeship, individuals will:

  • understand why cyber security matters and the importance to business and society
  • understand concepts such as security, identity, confidentiality, integrity, availability, threat, vulnerability, risk and hazard
  • understand security assurance (can explain what assurance is for in security, and ‘trustworthy’ versus ‘trusted’) and how assurance may be achieved in practice (can explain what penetration testing is and how it contributes to assurance; and extrinsic assurance methods)
  • understand how to build a security case
  • describe the fundamental building blocks and typical architectures and identify some common vulnerabilities in networks and systems
  • describe the main types of common attack techniques; also the role of human behaviour
  • explain how attack techniques combine with motive and opportunity to become a threat
  • describe ways to defend against attack techniques
  • describe security standards, regulations and their consequences across at least two sectors; the role of criminal and other law; key relevant features of UK and international law
  • describe and know how to apply relevant techniques for horizon scanning including use of recognised sources of threat intelligence
  • describe the significance of identified trends in cyber security and understand the value and risk of this analysis

Upon completion of their Cyber Security Technologist (Risk Analyst) apprenticeship, individuals focusing on the risk analysis side will also be able to:

  • conduct a cyber-risk assessment against an externally (market) recognised cyber security standard using a recognised risk assessment methodology
  • identify threats relevant to a specific organisation and/or sector
  • develop an information security policy or process to address an identified risk
  • develop an information security policy within a defined scope to take account of a minimum of 1 law or regulation relevant to cyber security
  • take an active part in a security audit against a recognised cyber security standard, undertake a gap analysis and make recommendations for remediation
  • develop an incident response plan for approval (within an organisations governance arrangements for incident response)
  • develop a business continuity plan for approval (within an organisations governance arrangements for business continuity)
  • assess security culture using a recognised approach
  • design and implement a simple ‘security awareness’ campaign to address a specific aspect of a security culture
  • logical and creative thinking skills
  • analytical and problem solving skills
  • ability to work independently and to take responsibility
  • can use own initiative
  • a thorough and organised approach
  • ability to work with a range of internal and external people
  • ability to communicate effectively in a variety of situations
  • maintain productive, professional and secure working environment

Apprentices will achieve 3 BCS qualifications.

This is a level 4 apprenticeship

16 months including assessment

Register your interest for a cyber security apprenticeship

How it works

Off the job training
Online learning
Skills Coach
Virtual labs