Reference Quantity: ST0124

Particulars of ordinary

Role Profile

The first position of a Cyber Safety Technologist is to use an understanding of cyber threats, hazards, dangers, controls, measures and mitigations to guard organisations programs and folks.

These targeted on the technical facet work on areas akin to safety design & structure, safety testing, investigations & response.

These focussed on the danger evaluation facet give attention to areas akin to operations, danger, governance & compliance.

Whether or not focussed on the technical or danger evaluation facet, all folks on this occupation work to attain required safety outcomes in a authorized and regulatory context in all elements of the economic system. They develop and apply sensible information of knowledge safety to ship options that fulfil an organisation’s necessities.

Typical job roles

Cyber Operations Supervisor, Safety Architect, Penetration Tester, Safety Analyst, Threat Analyst, Intelligence Researcher, Safety Gross sales Engineer, Cyber Safety Specialist, Info Safety Analyst, Governance & Compliance Analyst, Info Safety Assurance & Menace Analyst, Forensics & Incident Response Analyst, Safety Engineer, Info Safety Auditor, Safety Administrator, Info Safety Officer.

Entry Necessities

Particular person employers will set the choice standards, however that is more likely to embrace A’ Ranges, a related Stage 3 apprenticeship, or different related {qualifications}, related expertise and/or a flair take a look at with a give attention to useful maths.

Technical Competencies and Technical Data and Understanding


ALL apprentices will cowl the next:

Technical Competencies

Technical Data and Understanding

Threats, hazards, dangers and intelligence

  • Uncover (by means of a mixture of analysis and sensible exploration) vulnerabilities in a system
  • Analyse and consider safety threats and hazards to a system or service or processes. Concentrate on and exhibit use of related exterior sources of menace intelligence or recommendation (e.g. CERT UK). Mix completely different sources to create an enriched view.
  • Analysis and examine some widespread assault methods and advocate the way to defend in opposition to them. Concentrate on and exhibit use of  related exterior sources of vulnerabilities (e.g. OWASP)
  • Undertake a safety danger evaluation for a easy system with out direct supervision and suggest fundamental remediation recommendation within the context of the employer.

Creating and utilizing a safety case

  • Supply and analyse a safety case (e.g. a Widespread Standards Safety Profile for a safety element) and describe what threats, vulnerability or dangers are mitigated and establish any residual areas of concern.
  • Develop a easy safety case with out supervision. (A safety case ought to describe the safety goals, threats, and for each recognized assault method establish mitigation or safety controls that would embrace technical, implementation, coverage or course of).

Organisational context

  • Determine and comply with organisational insurance policies and requirements for info and cyber safety.
  • Function in accordance with service stage agreements or employer outlined efficiency targets. Future Developments
  • Examine completely different views of the longer term (utilizing a couple of exterior supply) and traits in a related know-how space and describe what this would possibly imply for your small business, with supporting reasoning.

Understands the fundamentals of cyber safety together with:

  • Why cyber safety issues – the significance to enterprise and society
  • -Primary concept – ideas akin to safety, identification, confidentiality, integrity, availability, menace, vulnerability, danger and hazard. Additionally how these relate to one another and result in danger and hurt
  • Safety assurance – ideas (can clarify what assurance is for in safety, and ‘reliable’ versus ‘trusted’) and the way assurance could also be achieved in observe (can clarify what penetration testing is and the way it contributes to assurance; and extrinsic assurance strategies)
  • Easy methods to construct a safety case – deriving safety goals with reasoned justification in a consultant enterprise state of affairs
  • Cyber safety ideas utilized to ICT infrastructure – can describe the elemental constructing blocks and typical architectures and establish some widespread vulnerabilities in networks and programs.
  • Assault methods and sources of menace – can describe the primary kinds of widespread assault methods; additionally the position of human behaviour. Clarify how assault methods mix with motive and alternative to change into a menace.
  • Cyber defence – describe methods to defend in opposition to assault methods
  • Related legal guidelines and ethics – describe safety requirements, laws and their penalties throughout at the very least two sectors; the position of legal and different legislation; key related options of UK and worldwide legislation
  • The present menace panorama – can describe and know the way to apply related methods for horizon scanning together with use of recognised sources of menace intelligence
  • Menace traits – can describe the importance of recognized traits  in cyber safety and perceive the worth and danger of this analyss



Along with the core, all apprentices will do ONE of the next specialisms:

Choice 1: Technologist

Technical Competencies

Technical Data and Understanding

Design construct & take a look at a community (“Construct a community”)

  • Design, construct, take a look at and troubleshoot a community incorporating a couple of subnet with static and dynamic routes, that features servers, hubs, switches, routers and consumer units to a given design requirement with out supervision. Present proof that the system meets the design requirement.

Analysing a safety case (“Make the safety case”)

  • Analyse safety necessities (useful and non-functional safety necessities that could be introduced in a safety case) in opposition to different design necessities (e.g. usability, value, measurement, weight, energy, warmth, supportability and many others.), given for a given system or product. Determine conflicting necessities and suggest, with reasoning, decision by means of acceptable trade-offs.

Structured and reasoned implementation of safety in a community (“Construct a safe community”)

  • Design and construct a easy system in accordance with a easy safety case. Present proof that the system has correctly carried out the safety controls required by the safety case.The system could possibly be both on the enterprise, community or utility layer.
  • Choose and configure related kinds of widespread safety {hardware} and software program parts to implement a given safety coverage.
  • Design a system using a crypto to fulfill outlined safety goals. Develop and implement a key administration plan for the given state of affairs/system.

  • Understands the fundamentals of networks: information, protocols and the way they relate to one another; the primary routing protocols; the primary elements affecting community efficiency together with typical failure modes in protocols and approaches to error management.
  • Understands, at a deeper stage than from Data Module 1, the way to construct a safety case: describe what good observe in design is; describe widespread safety architectures; concentrate on respected safety architectures that includes {hardware} and software program parts, and sources of structure patterns and steering. Perceive the way to construct a safety case together with context, threats, justifying the chosen mitigations and safety controls with reasoning and recognising the dynamic and adaptable nature of threats.
  • Understands how cyber safety know-how parts are usually deployed in networks and programs to supply safety performance together with: {hardware} and software program
  • Understands the fundamentals of cryptography – can describe the primary methods, the importance of key administration, admire the authorized points

Choice 2: Threat Analyst

Technical Competencies

Technical Data and Understanding

Cyber safety danger evaluation

  • Conduct a cyber-risk evaluation in opposition to an externally (market) recognised cyber safety normal utilizing a recognised danger evaluation methodology.
  • Determine threats related to a particular organisation and/or sector. Info safety coverage and course of
  • Develop an info safety coverage or course of to handle an recognized danger.
  • Develop an info safety coverage inside an outlined scope to take account of a minimal of 1 legislation or regulation related to cyber safety.

Audit and assurance

  • Take an energetic half in a safety audit in opposition to a recognised cyber safety normal, undertake a niche evaluation and make suggestions for remediation.

Incident response and enterprise continuity

  • Develop an incident response plan for approval (inside an organisations governance preparations for incident response).
  • Develop a enterprise continuity plan for approval (inside an organisations governance preparations for enterprise continuity).

Cyber safety tradition in an organisation

  • Assess safety tradition utilizing a recognised method.
  • Design and implement a easy ‘safety consciousness’ marketing campaign to handle a particular facet of a safety tradition.

Understands related kinds of danger evaluation methodologies and approaches to danger remedy; can establish the vulnerabilities in organisations and safety administration programs; perceive the menace intelligence lifecycle; describe completely different approaches to danger remedy. Perceive the position of the danger proprietor and distinction that position with different stakeholders.

Understands, at a deeper stage than from Data Module 1, the authorized, requirements, laws and moral requirements related to cyber safety: governance, organisational construction, roles, insurance policies, normal, pointers and the way these all work collectively to ship recognized safety outcomes. Additionally consciousness of the authorized framework, key ideas making use of to ISO27001 (a specification for info safety administration), and consciousness of authorized and regulatory obligations for breach notificatio

Underpinning Expertise, Attitudes & Behaviours

  • Logical and inventive pondering expertise
  • Analytical and drawback fixing expertise
  • Skill to work independently and to take duty
  • Can use personal initiative
  • An intensive and organised method
  • Skill to work with a variety of inside and exterior folks
  • Skill to speak successfully in a wide range of conditions
  • Preserve productive, skilled and safe working atmosphere


The Data Modules are summarised under and additional particulars can be found within the occupational temporary obtainable from

No vendor or skilled {qualifications} have been recognized that might exempt these Data Modules. Core (all of the apprentices take this Data Module)

Data Module 1: Cyber Safety Introduction


Choice 1 (Technologist): along with the core

Data Module 2: Community and Digital Communications Concept Data Module 3: Safety Case Growth and Design Good Follow Data Module 4: Safety Expertise Constructing Blocks

Data Module 5: Employment of Cryptography


Choice 2 (Threat Analyst): along with the core

Data Module 6: Threat Evaluation

Data Module 7: Governance, Organisation, Regulation, Regulation & Requirements

English and Maths

Stage 2 English and maths will have to be achieved, if not already, previous to taking the top level evaluation.

Skilled Recognition

This apprenticeship is recognised for entry to each IISP and BCS Affiliate Membership and for entry onto the Register of IT Technicians confirming SFIA stage 3 skilled competence. These finishing the apprenticeship are eligible to use for registration.


The period of this apprenticeship is usually 24 months.


This can be a stage 4 apprenticeship

Review Date

This normal will likely be reviewed in April 2017.

Crown copyright © 2022. It’s possible you’ll re-use this info (not together with logos) freed from cost in any format or medium, underneath the phrases of the Open Authorities Licence. Go to


Leave a Reply

Your email address will not be published. Required fields are marked *