Call us now on 0800 999 1038

The primary role of a Cyber Security Technologist is to apply an understanding of cyber threats, hazards, risks, controls, measures and mitigations to protect organisations systems and people.

Those focused on the technical side work on areas such as security design & architecture, security testing, investigations & response.

Those focussed on the risk analysis side focus on areas such as operations, risk, governance & compliance.

Whether focussed on the technical or risk analysis side, all people in this occupation work to achieve required security outcomes in a legal and regulatory context in all parts of the economy. They develop and apply practical knowledge of information security to deliver solutions that fulfil an organisation’s requirements.

Typical job roles

Cyber Operations Manager, Security Architect, Penetration Tester, Security Analyst, Risk Analyst, Intelligence Researcher, Security Sales Engineer, Cyber Security Specialist, Information Security Analyst, Governance & Compliance Analyst, Information Security Assurance & Threat Analyst, Forensics & Incident Response Analyst, Security Engineer, Information Security Auditor, Security Administrator, Information Security Officer.

Entry Requirements

Individual employers will set the selection criteria, but this is likely to include A’ Levels, a relevant Level 3 apprenticeship, or other relevant qualifications, relevant experience and/or an aptitude test with a focus on functional maths.

Technical Competencies and Technical Knowledge

and Understanding

CORE

ALL apprentices will cover the following:

Technical Competencies

Technical Knowledge and Understanding

Threats, hazards, risks and intelligence

  • Discover (through a mix of research and practical exploration) vulnerabilities in a system
  • Analyse and evaluate security threats and hazards to a system or service or processes. Be aware of and demonstrate use of relevant external sources of threat intelligence or advice (e.g. CERT UK). Combine different sources to create an enriched view.
  • Research and investigate some common attack techniques and recommend how to defend against them. Be aware of and demonstrate use of  relevant external sources of vulnerabilities (e.g. OWASP)
  • Undertake a security risk assessment for a simple system without direct supervision and propose basic remediation advice in the context of the employer.

Developing and using a security case

  • Source and analyse a security case (e.g. a Common Criteria Protection Profile for a security component) and describe what threats, vulnerability or risks are mitigated and identify any residual areas of concern.
  • Develop a simple security case without supervision. (A security case should describe the security objectives, threats, and for every identified attack technique identify mitigation or security controls that could include technical, implementation, policy or process).

Organisational context

  • Identify and follow organisational policies and standards for information and cyber security.
  • Operate according to service level agreements or employer defined performance targets. Future Trends
  • Investigate different views of the future (using more than one external source) and trends in a relevant technology area and describe what this might mean for your business, with supporting reasoning.

Understands the basics of cyber security including:

  • Why cyber security matters – the importance to business and society
  • -Basic theory – concepts such as security, identity, confidentiality, integrity, availability, threat, vulnerability, risk and hazard. Also how these relate to each other and lead to risk and harm
  • Security assurance – concepts (can explain what assurance is for in security, and ‘trustworthy’ versus ‘trusted’) and how assurance may be achieved in practice (can explain what penetration testing is and how it contributes to assurance; and extrinsic assurance methods)
  • How to build a security case – deriving security objectives with reasoned justification in a representative business scenario
  • Cyber security concepts applied to ICT infrastructure – can describe the fundamental building blocks and typical architectures and identify some common vulnerabilities in networks and systems.
  • Attack techniques and sources of threat – can describe the main types of common attack techniques; also the role of human behaviour. Explain how attack techniques combine with motive and opportunity to become a threat.
  • Cyber defence – describe ways to defend against attack techniques
  • Relevant laws and ethics – describe security standards, regulations and their consequences across at least two sectors; the role of criminal and other law; key relevant features of UK and international law
  • The existing threat landscape – can describe and know how to apply relevant techniques for horizon scanning including use of recognised sources of threat intelligence
  • Threat trends – can describe the significance of identified trends  in cyber security and understand the value and risk of this analyss

SPECIALISMS

In addition to the core, all apprentices will do ONE of the following specialisms:

Option 1: Technologist

Technical Competencies

Technical Knowledge and Understanding

Design build & test a network (“Build a network”)

  • Design, build, test and troubleshoot a network incorporating more than one subnet with static and dynamic routes, that includes servers, hubs, switches, routers and user devices to a given design requirement without supervision. Provide evidence that the system meets the design requirement.

Analysing a security case (“Make the security case”)

  • Analyse security requirements (functional and non-functional security requirements that may be presented in a security case) against other design requirements (e.g. usability, cost, size, weight, power, heat, supportability etc.), given for a given system or product. Identify conflicting requirements and propose, with reasoning, resolution through appropriate trade-offs.

Structured and reasoned implementation of security in a network (“Build a secure network”)

  • Design and build a simple system in accordance with a simple security case. Provide evidence that the system has properly implemented the security controls required by the security case.The system could be either at the enterprise, network or application layer.
  • Select and configure relevant types of common security hardware and software components to implement a given security policy.
  • Design a system employing a crypto to meet defined security objectives. Develop and implement a key management plan for the given scenario/system.
  • Understands the basics of networks: data, protocols and how they relate to each other; the main routing protocols; the main factors affecting network performance including typical failure modes in protocols and approaches to error control.
  • Understands, at a deeper level than from Knowledge Module 1, how to build a security case: describe what good practice in design is; describe common security architectures; be aware of reputable security architectures that incorporates hardware and software components, and sources of architecture patterns and guidance. Understand how to build a security case including context, threats, justifying the selected mitigations and security controls with reasoning and recognising the dynamic and adaptable nature of threats.
  • Understands how cyber security technology components are typically deployed in networks and systems to provide security functionality including: hardware and software
  • Understands the basics of cryptography – can describe the main techniques, the significance of key management, appreciate the legal issues

Option 2: Risk Analyst

Technical Competencies

Technical Knowledge and Understanding

Cyber security risk assessment

  • Conduct a cyber-risk assessment against an externally (market) recognised cyber security standard using a recognised risk assessment methodology.
  • Identify threats relevant to a specific organisation and/or sector. Information security policy and process
  • Develop an information security policy or process to address an identified risk.
  • Develop an information security policy within a defined scope to take account of a minimum of 1 law or regulation relevant to cyber security.

Audit and assurance

  • Take an active part in a security audit against a recognised cyber security standard, undertake a gap analysis and make recommendations for remediation.

Incident response and business continuity

  • Develop an incident response plan for approval (within an organisations governance arrangements for incident response).
  • Develop a business continuity plan for approval (within an organisations governance arrangements for business continuity).

Cyber security culture in an organisation

  • Assess security culture using a recognised approach.
  • Design and implement a simple ‘security awareness’ campaign to address a specific aspect of a security culture.

Understands relevant types of risk assessment methodologies and approaches to risk treatment; can identify the vulnerabilities in organisations and security management systems; understand the threat intelligence lifecycle; describe different approaches to risk treatment. Understand the role of the risk owner and contrast that role with other stakeholders.

Understands, at a deeper level than from Knowledge Module 1, the legal, standards, regulations and ethical standards relevant to cyber security: governance, organisational structure, roles, policies, standard, guidelines and how these all work together to deliver identified security outcomes. Also awareness of the legal framework, key concepts applying to ISO27001 (a specification for information security management), and awareness of legal and regulatory obligations for breach notificatio


Underpinning Skills, Attitudes & Behaviours

  • Logical and creative thinking skills
  • Analytical and problem solving skills
  • Ability to work independently and to take responsibility
  • Can use own initiative
  • A thorough and organised approach
  • Ability to work with a range of internal and external people
  • Ability to communicate effectively in a variety of situations
  • Maintain productive, professional and secure working environment

Qualifications

The Knowledge Modules are summarised below and further details are available in the occupational brief available from  https://www.nsar.co.uk/digital-eqa/digital-apprenticeship-standards/

No vendor or professional qualifications have been identified that would exempt these Knowledge Modules. Core (all the apprentices take this Knowledge Module)

Knowledge Module 1: Cyber Security Introduction

AND

Option 1 (Technologist): in addition to the core

Knowledge Module 2: Network and Digital Communications Theory Knowledge Module 3: Security Case Development and Design Good Practice Knowledge Module 4: Security Technology Building Blocks

Knowledge Module 5: Employment of Cryptography

OR

Option 2 (Risk Analyst): in addition to the core

Knowledge Module 6: Risk Assessment

Knowledge Module 7: Governance, Organisation, Law, Regulation & Standards

English and Maths

Level 2 English and maths will need to be achieved, if not already, prior to taking the end point assessment.

Professional Recognition

This apprenticeship is recognised for entry to both IISP and BCS Associate Membership and for entry onto the Register of IT Technicians confirming SFIA level 3 professional competence. Those completing the apprenticeship are eligible to apply for registration.

Duration

The duration of this apprenticeship is typically 24 months.

Level

This is a level 4 apprenticeship

Safeguarding | Job Vacancies | Privacy Notice | About Us | Learners | End Point Assessment | Contact Us

Contact us:
 14b, Sunrise Business Park, Higher Shaftesbury Rd, Blandford, DT11 8ST - email: enquiries@tcpartnership.ac.uk - phone: 01258 457091

The Colleges' Partnership Limited is registered in England. Reg. No. 05606069

We use cookies to ensure that we give you the best experience when navigating our website.

Please click the link to read our privacy notice. Learn more

I understand
The Colleges’ Partnership Ltd Privacy

The Colleges’ Partnership Ltd is committed to protecting the privacy of visitors of The Colleges’ Partnership Ltd website. The following privacy notices explain our privacy practices related to our activities and how The Colleges’ Partnership Ltd may collect, use, and/or share personal information.

GDPR Statement: The EU General Data Protection Regulation (GDPR), enforceable as of May 25, 2018, imposes additional requirements upon companies to strengthen the security around and enhance the protection of personal data of EU residents. The Colleges’ Partnership Ltd has a dedicated, cross-functional team overseeing The Colleges’ Partnership Ltd' GDPR readiness. We discuss The Colleges’ Partnership Ltd efforts and commitment to GDPR below.

Privacy Notice: The Colleges’ Partnership Ltd is committed to protecting the privacy of those involved in its business. This Privacy Notice is meant to help you understand, among other things, what personal data we collect, why we collect it, and what we do with it.

Cookie Policy: This Cookie Policy addresses how we use cookies when you visit The Colleges’ Partnership Ltd website. We want to be clear about how we collect and use data related to you via cookies.

Our Commitment to GDPR

On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) takes effect. GDPR regulates the governance of personal data for EU citizens with an emphasis on data security and privacy. The GDPR does not only apply to companies that operate in the EU. This regulation will also impact companies operating outside of the EU if they have any EU customers or personal data of anyone in the EU.

The Colleges’ Partnership Ltd has made information security and data privacy foundational principles of everything we do, and we recognise the importance of passing regulations to advance information security and data privacy for citizens of the EU. We are firmly committed to GDPR readiness.

PRIVACY NOTICE

Last updated: May 1st, 2018

The Colleges’ Partnership Ltd. is committed to protecting the privacy of visitors of The Colleges’ Partnership Ltd website, individuals who register to use the products and services, and business partners or customers. This Privacy Notice describes our privacy practices in relation to the use of The Colleges’ Partnership Ltd website and Portal (Virtual Learning Environment) it’s services and solutions, and related applications, services, and programs, offered by The Colleges’ Partnership Ltd as well as your choices regarding use, access and correction of personal information.

This Privacy Notice describes how we collect, use, disclose and otherwise process personal data collected related to our Services and otherwise in the course of our business activities, including the information practices of the websites that link to this Privacy Notice.

This Privacy Notice does not apply to information collected about The Colleges’ Partnership Ltd employees, applicants, or other personnel.

The Colleges’ Partnership Ltd Sites may contain links to other websites; and information practices and/or the content of such other websites shall be governed by the privacy statements of such other websites.

About Us

The Colleges’ Partnership Ltd provides its Services – which include educational support and solutions such as Apprenticeship and Professional Qualifications delivery and support to business customers, directly, and through partnerships and awarding bodies.

The Colleges Partnership Ltd is registered in England. Company Number 05606069. Our Registered Office is C/O Wiltshire College, Cocklebury Road, Chippenham, Wiltshire, England, SN15 3QD.

The Colleges' Partnership is a not for profit joint venture company owned by Wiltshire College and Bridgwater and Taunton College.

Customer Owned Data

As a provider of Services, we may receive, process or store certain information, including personal information. Information may include information from the end points and other systems, tools or devices that Customers manage or monitor using our Services, and end user data related to individuals’ activities on Customer’s network and systems. It may also include event logs, end user information (such as IP address, email address and computer name), and other data where relevant to a support or service request. The Colleges’ Partnership Ltd is a data processor for customer data.

Data Relating to Our Customers and Users of Our Sites

The Colleges’ Partnership Ltd collects information as part of its normal business operations and in the administration of its relationship with Customers, which may include personal information.

Business Contact and Customer Relationship Management. We collect and maintain information about our Customers, which may include company name, business contact name and title, phone number, email and other contact details. We may also collect billing address, financial account, credit card information, order details, subscription and license information, and usage details. In addition, we collect user credential and profile data (name, contact, authorized users) of Customer’s authorized users and account administrators.

Data Submitted on Sites. In order to access or use certain portions of the Sites, to enjoy the full functionality of the Sites, or to conduct or seek to conduct business with us, you may be prompted to provide certain personal data to us, including in the following ways:

by filling in forms (for example, a “Contact Us” form) on our Sites or anywhere else we conduct business;

by downloading or accessing the The Colleges’ Partnership Ltd Services;

by downloading documentation from our Sites;

by subscribing to newsletters or other communications; or

by corresponding with us by phone, e-mail or otherwise using our contact details.

Typically, the personal data you give us may include name, business affiliation, business address, telephone number, and email address, and any personal details required to resolve any enquiries or complaints.

Customer Support and Service. When Customers contact us for support or other customer service requests, we maintain support tickets and other records related to the requests, including any information provided by Customers related to such support or service requests.

Usage Details. We collect information about Customers’ usage of our Services, including IP address, Customer ID, email address, and other usage statistics. We do not collect usage details about Customer end users, except as necessary for support or to provide the Services requested by Customers (in which case we are a data processor of such data).

When you visit our Sites, our server automatically collects certain browser or device generated information, which may in some cases constitute personal data, including but not limited to:

your domain;

your IP address;

your date, time and duration of your visit;

your browser type;

your operating system;

your page visits;

information from third parties;

other information about your computer or device; or

Internet traffic.

De-identified Data. We may de-identify and aggregate certain data we collect such that the data no longer identifies or can be linked to a particular customer or an individual data subject (“De-identified Data”), subject to the terms of any applicable customer agreements. We may use this data to improve our Services, analyse trends, publish market research, and for other marketing, research or statistical purposes, and may disclose such data to third parties for these specific purposes.

Other Data. The Colleges’ Partnership Ltd collects, uses and maintains certain data related to its business and the Services it provides to Customers, which is not personal data; this privacy notice does not restrict our use and processing of such data, including:

Cookies

This website, along with many others, uses cookies. Cookies let users navigate around sites and (where appropriate) let us tailor the content to fit the needs of our site's visitors. Without cookies enabled we can't guarantee that the website and your experience of it are as we intended it to be.

None of the cookies we use collect personal information.

Types of cookies

The length of time a cookie stays on your device depends on its type. We use two types of cookies on our websites.

Session cookies are temporary cookies which only exist during the time you use the website (or more strictly, until you close the browser after using the website). Session cookies help our websites remember what you chose on the previous page, avoiding the need to re-enter information. 

Persistent cookies stay on your device after you’ve visited our website. For example, if you tick the 'Remember me’ box when you log on to the website, a persistent cookie will be used so that the site remembers your choice the next time you use it. Persistent cookies help us identify you as a unique visitor but don’t contain information that could be used to identify you to another person.

We also use web analytics services from other companies to track how visitors reach our site and the path they take through it. These companies use cookies to help us improve our service to you.

The analytics services we use are:

Google Analytics, which uses cookies to help us analyse how our visitors use the site. Find out more about how these cookies are used on the Google privacy site
 

Your personal data:

The following is an overview of our purposes for using personal data that we process as a data controller. Additional details on how we process your personal data may be provided to you in a separate notice or contract.

For individuals in the European Union, our processing (i.e. use) of your personal data is justified on the following legal bases:

the processing is necessary to perform a contract with you or take steps to enter into a contract at your request;

the processing is necessary for us to comply with a relevant legal obligation;

the processing is in our legitimate interests, subject to your interests and fundamental rights, and notably our legitimate interest in using applicable data to conduct and develop our business activities; or

you have consented to the processing.

We use the personal data we collect to:

conduct and develop our business with you and with others;

process, evaluate and complete certain transactions involving the Sites, and more generally transactions involving The Colleges’ Partnership Ltd' Services;

operate, evaluate, maintain, improve and develop the Sites (including by monitoring and analysing trends, access to, and use of the Sites);

evaluate, improve and develop our Services generally;

customize our Sites to users' needs;

provide you with documentation or communications which you have requested;

correspond with users to resolve their queries or complaints;

provide you with any Services you request;

send you marketing communications, where it is lawful for us to do so;

protect and ensure safety of the Sites, The Colleges’ Partnership Ltd confidential and proprietary information, and The Colleges’ Partnership Ltd employees;

manage, protect against and investigate fraud, risk exposure, claims and other liabilities, including but not limited to violation of our contract terms or laws or regulations.

Disclosure of Personal Data

The Colleges’ Partnership Ltd is a not for profit joint venture company owned by Wiltshire College and Bridgwater and Taunton College and we may share personal data with our affiliated businesses as part of our business operations and administration of the Services. We may also appoint third party service providers (who will operate under our instructions) to assist us in providing information, products or services to you, in conducting and managing our business, or in managing and improving our Services or the Sites. The Colleges’ Partnership Ltd may share your personal data with these affiliates and third parties to perform services that the third parties have been engaged by The Colleges’ Partnership Ltd to perform on The Colleges’ Partnership Ltd's behalf, subject to appropriate contractual restrictions and security measures, or if we believe it is reasonably necessary to prevent harm or loss, or it believes that the disclosure will further an investigation of suspected or actual illegal activities.

The Colleges’ Partnership Ltd reserves the right to share any information that is not deemed personal data or is not otherwise subject to contractual restrictions.

If personal data is transferred outside the EU to third party service providers, we will take steps to ensure that your personal data receives the same level of protection as if it remained within the EU, including by entering into data transfer agreements, using the European Commission approved Standard Contractual Clauses, or by relying on certification schemes such as the EU - US Privacy Shield..

We contractually require agents, service providers, and affiliates who may process personal data related to the Services to provide the same level of protections for personal data as required under the Principles

Other Disclosures

Law Enforcement or National Security. In accordance with our legal obligations, we may also transfer Customer Data, subject to a lawful request, to public authorities for law enforcement or national security purposes.

Additional Disclosures. We may also disclose Customer Data (including any personal data), where otherwise required by law.

Just-in-Time Disclosures. Additional disclosures or information about processing of personal information related to specific websites, mobile applications, products, services, or programs may be provided to you. These may supplement and/or clarify The Colleges’ Partnership Ltd privacy practices in specific circumstances and provide you with additional choices as to how The Colleges’ Partnership Ltd may process your personal information.

Children

The Sites, Services and Portal are not for use by children under the age of 16 years and The Colleges’ Partnership Ltd does not knowingly collect, store, share or use the personal data of children under 16 years. If you are under the age of 16 years, please do not provide any personal data, even if prompted by the Sites to do so. If you are under the age of 16 years and you have provided personal data, please ask your parent(s) or guardian(s) to notify The Colleges’ Partnership Ltd and The Colleges’ Partnership Ltd will delete all such personal data.

Marketing

Where lawful to do so, and subject to your consent where required, we may communicate with Customers (and related business contacts) about our Services. If you wish to unsubscribe from receiving marketing communications, please follow the unsubscribe links/instruction on all such communications.

Security

The Colleges’ Partnership Ltd aims to safeguard and protect your personal data from unauthorised access, improper use or disclosure, unauthorised modification or unlawful destruction or accidental loss, and The Colleges’ Partnership Ltd utilizes and maintains certain reasonable processes, systems, and technologies to do so. However, you acknowledge that no environment is completely secure or error-free, and that these processes, systems, and technologies utilised and maintained by The Colleges’ Partnership Ltd are subject to compromise. Accordingly, we cannot be held responsible for unauthorised or unintended access that is beyond our control.

Retention of Your Personal Data

We apply a general rule of keeping personal data only for as long as required to fulfil the purposes for which it was collected. However, in some circumstances, we may retain personal data for other periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements, or if required to do so by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required.

In specific circumstances, we may also retain your personal data for longer periods of time corresponding to a statute of limitation, so that we have an accurate record of your dealings with us in the event of any complaints or challenges.

External Links

The Sites may contain links to third party sites. Since The Colleges’ Partnership Ltd does not control nor is responsible for the privacy practices of those websites, we encourage you to review the privacy policies of these third party sites. This Policy applies solely to personal data collected by our Sites or in the course of our business activities.

Your Rights

Subject to applicable law, you may have some or all of the following rights available to you in respect of your personal data

to obtain a copy of your personal data together with information about how and on what basis that personal data is processed;

to rectify inaccurate personal data (including the right to have incomplete personal data completed);

to erase your personal data (in limited circumstances, such as where it is no longer necessary in relation to the purposes for which it was collected or processed);

to restrict processing of your personal data under certain circumstances

to port your data in machine-readable format to a third party (or to you) when we justify our processing on the basis of your consent or the performance of a contract with you;

to withdraw your consent to our processing of your personal data (where that processing is based on your consent); and to obtain, or see a copy of the appropriate safeguards under which your personal data is transferred to a third country or international organisation.

In addition to the above rights, you have the right to object, on grounds relating to your particular situation, at any time to any processing of your personal data for which we have justified on the basis of a legitimate interest, including profiling (as opposed to your consent) or to perform a contract with you.

You also have the right to lodge a complaint with your local supervisory authority for data protection.

In relation to all of these rights, please contact us at privacy@tcpartnership.ac.uk Please note that we may request proof of identity, and we reserve the right to charge a fee where permitted by law, especially if your request is manifestly unfounded or excessive. We will endeavour to respond to your request within all applicable timeframes.

If you contact us regarding Customer Data for which we are a data processor, we will attempt to refer your request to the relevant Customer, and data controller for your personal data.

Contact information

If you have any questions in relation to this Notice, please contact us at:

By email - privacy@tcpartnership.ac.uk

By post – The Data Controller, 14b, Sunrise Business Park, Higher Shaftesbury Rd, Blandford, DT11 8ST

By phone – 01258 457091