Cyber Intrusion Analyst

Overview

Cyber Intrusion Analyst Overview

Cyber Intrusion Analyst apprentices are taught how to detect breaches in network security for escalation to incident response or other determined function. They'll understand and interpret the alerts that are automatically generated by those tools, including integrating and correlating information from a variety of sources and in different forms and where necessary seek additional information to inform the Analyst's judgement on whether or not the alert represents a security breach.

To achieve their Cyber Intrusion Analyst apprenticeship, apprentices must:

  • Demonstrate competence against five knowledge modules: Networks, Operating Systems, Information and Cyber Security Foundations, Business Processes and Law, Regulation and Ethics. These are assessed by examinations set by the British Computer Society and regulated by Ofqual. Apprentices must pass all five modules.
  • Submit a portfolio of evidence showing how they have applied the knowledge from these modules to projects and activities in their workplace.
  • Complete their formal End Point Assessment, which comprises: a synoptic project to showcase knowledge and skills from across the apprenticeship; a review of their portfolio of evidence; and a final interview with an independent EPA assessor.

Successful Cyber Intrusion Analyst apprentices go on into roles such as a Secure Operations Centre (SOC) Analyst, Intrusion Analyst, Network Intrusion Analyst, Incident Response Centre (IRC) Analyst, Network Operations Centre (NOC) Security Analyst.

Technical Competencies

Upon completion of their Cyber Intrusion Analyst apprenticeship, individuals will be able to:

  • integrate and correlate information from various sources (including log files from different sources, network monitoring tools, Secure Information and Event Management (SIEM) tools, access control systems, physical security systems) and compare to known threat and vulnerability data to form a judgement based on evidence with reasoning that the anomaly represents a network security breach
  • recognise anomalies in observed network data structures (including. by inspection of network packet data structures) and network behaviours (including by inspection of protocol behaviours) and by inspection of log files and by investigation of alerts raised by automated tools including SIEM tools
  • accurately, impartially and concisely record and report the appropriate information, including the ability to write reports (within a structure or template provided)
  • recognise and identify all the main normal features of log files generated by typical network appliances, including servers and virtual servers, firewalls, routers
  • recognise and identify all the main features of a normally operating network layer (including TCP/IP, transport and session control or ISO OSI layers 2-5), including data structures and protocol behaviour, as presented by network analysis and visualisation tools
  • use and effect basic configuration of the required automated tools, including network monitoring and analysis tools, SIEM tools, correlation tools, threat and vulnerability databases
  • undertake root cause analysis of events and make recommendations to reduce false positives and false negatives
  • interpret and follow alerts and advisories supplied by sources of threat and vulnerability (including OWASP, CISP, open source) and relate these to normal and observed network behaviour
  • undertake own research to find information on threat and vulnerability (including using the internet)
  • manage local response to non-major incidents in accordance with a defined procedure
  • interact and communicate effectively with the incident response team/process and/or customer incident response team/process for incidents
  • operate according to service level agreements or employer defined performance targets

Technical Knowledge and Understanding

Upon completion of their Cyber Intrusion Analyst apprenticeship, individuals will understand:

  • IT network features and functions, including virtual networking, principles and common practice in network security and the OSI and TCP/IP models, and the function and features of the main network appliances
  • and utilise at least three Operating System (OS) security functions and associated features
  • and can propose appropriate responses to current and new attack techniques, hazards and vulnerabilities relevant to the network and business environment
  • and can propose how to deal with emerging attack techniques, hazards and vulnerabilities relevant to the network and business environment
  • the lifecycle and service management practices to Information Technology Infrastructure Library (ITIL) foundation level
  • and can adhere to and can advise on the ethical responsibilities of a cyber security professional
  • the lifecycle
  • the main features and applicability of law, regulations and standards (including Data Protection Act/Directive, Computer Misuse Act, ISO 27001) relevant to cyber network defence and follows these appropriately
  • and can advise others on cyber incident response processes, incident management processes and evidence collection/preservation requirements to support incident investigation
  • and can apply the foundations of information and cyber security including: explaining the importance of cyber security and basic concepts including harm, identity, confidentiality, integrity, availability, threat, risk and hazard, trust and assurance and the insider threat as well as explaining how the concepts relate to each other and the significance of risk to a business

Underpinning Skills, Attitudes and Behaviours

  • logical and creative thinking skills
  • analytical and problem solving skills
  • ability to work independently and to take responsibility
  • can use own initiative
  • a thorough and organised approach
  • ability to work with a range of internal and external people
  • ability to communicate effectively in a variety of situations
  • maintain productive, professional and secure working environment
  • ability to interpret written requirements and technical specification documents
  • effective telephone and e mail skills, including ability to communicate effectively with strangers under pressure, including reporting a security breach

Qualifications

Apprentices will achieve five BCS qualifications.

Funding

£18,000

Level

This is a level 4 apprenticeship.

Professional Recognition

This apprenticeship is recognised for entry onto the register of IT technicians confirming SFIA level 3 professional competence and those completing the apprenticeship are eligible to apply for registration.

Duration

The duration of this Firebrand apprenticeship is 16 months. Because this period involves both training and the final End Point Assessment (some of which must be carried out in the workplace), employers need to ensure the apprentice’s contract covers the full programme duration.

Registration to the Register of IT Technicians (RITTech)

Once apprentices have completed their apprenticeship they are officially recognised by the British Computer Society (BCS) for entry onto the Register of IT Technicians, confirming SFIA level 3 professional competence.

Contact us about Firebrand Training Apprenticeships

 Find out more

Curriculum

Cyber Intrusion Analyst curriculum

Firebrand’s apprenticeship programme covers all mandatory knowledge and skills outlined in the apprenticeship standard. Every Firebrand apprentice attends a suite of market-leading training programmes, to cover knowledge required from the apprenticeship standard. This training is then fleshed out through a package of selected online learning, which also allows apprentices to explore any topics of particular interest/importance to them in greater depth.

How are apprentices taught?

Apprentices receive a range of market-leading training as part of their qualification – typically between three and five courses per apprenticeship - giving them fundamental skills at speed.

We'll deliver all the knowledge apprentices need to learn for each knowledge module in the Standard through our Lecture | Lab | Review delivery. Apprentices then attend a Syllabus Review Session to cover the knowledge content covered in the apprenticeship standard.

Knowledge Module 1: Networks

Upon completion of this Knowledge Module, Cyber Intrusion Analyst apprentices will:

  • Understand IT network features and functions, including virtual networking, principles and common practice in network security and the OSI and TCP/IP models, and the function and features of the main network appliances in use

Read through the full curriculum for Firebrand's classroom-based training and supporting online learning modules below.

Networking Concepts

  • Explain the purposes and uses of ports and protocols.
  • Explain devices, applications, protocols and services at their appropriate OSI layers
  • Explain the concepts and characteristics of routing and switching.
  • Given a scenario, configure the appropriate IP addressing components.
  • Compare and contrast the characteristics of network topologies, types and technologies.
  • Given a scenario, implement the appropriate wireless technologies and configurations.
  • Summarize cloud concepts and their purposes
  • Explain the functions of network services.

Infrastructure

  • Given a scenario, deploy the appropriate cabling solution.
  • Given a scenario, determine the appropriate placement of networking devices on a network and install/configure them.
  • Explain the purposes and use cases for advanced networking devices.
  • Explain the purposes of virtualization and network storage technologies.
  • Compare and contrast WAN technologies.

Network Operations

  • Given a scenario, use appropriate documentation and diagrams to manage the network.
  • Compare and contrast business continuity and disaster recovery concepts.
  • Explain common scanning, monitoring and patching processes and summarize their expected outputs.
  • Given a scenario, use remote access methods.
  • Identify policies and best practices.

Network Security

  • Summarize the purposes of physical security devices.
  • Explain authentication and access controls.
  • Given a scenario, secure a basic wireless network.
  • Summarize common networking attacks.
  • Given a scenario, implement network device hardening
  • Explain common mitigation techniques and their purposes.

Network Troubleshooting and Tools

  • Explain the network troubleshooting methodology.
  • Given a scenario, use the appropriate tool.
  • Given a scenario, troubleshoot common wired connectivity and performance issues.
  • Given a scenario, troubleshoot common wireless connectivity and performance issues.
  • Given a scenario, troubleshoot common network service issues.
  • Networking Fundamentals Part 1 (4h 18 minutes)*
  • Networking Fundamentals Part 2 (3h 47 minutes)*
  • Network Architecture (7h 25 minutes)*
  • Networking Operations (4h 33minutes)*
  • Networking Security (5h 6 minutes)*
  • Troubleshooting (4h 5 minutes)*
  • Industrial Standards, Practices and Network Theory (4h 9 minutes)*

Total time: 26hours 14minutes

Knowledge Modules 2 & 3: Operating Systems & Information and Cyber Security Foundations

Upon completion of Knowledge Module 2, Cyber Intrusion Analyst apprentices will:

  • Understand and utilise at least three Operating System (OS) security functions and associated features

Upon completion of Knowledge Module 3, Cyber Intrusion Analyst apprentices will:

  • Understand and apply the foundations of information and cyber security including: explaining the importance of cyber security and basic concepts including harm, identity, confidentiality, integrity, availability, threat, risk and hazard, trust and assurance and the ‘insider threat’ as well as explaining how the concepts relate to each other and the significance of risk to a business
  • Understand and propose appropriate responses to current and new attack techniques, hazards and vulnerabilities relevant to the network and business environment
  • Understand and propose how to deal with emerging attack techniques, hazards and vulnerabilities relevant to the network and business environment

Read through the full curriculum for Firebrand's classroom-based training and supporting online learning modules below.

1.0 Threats, Attacks and Vulnerabilities

  • 1.1 Given a scenario, analyse indicators of compromise and determine the type of malware.
  • 1.2 Compare and contrast types of attacks.
  • 1.3 Explain threat actor types and attributes.
  • 1.4 Explain penetration testing concepts.
  • 1.5 Explain vulnerability scanning concepts.
  • 1.6 Explain the impact associated with types of vulnerabilities.

2.0 Technologies and Tools

  • 2.1 Install and configure network components, both hardwareand software-based, to support organisational security.
  • 2.2 Given a scenario, use appropriate software tools to assess the security posture of an organisation.
  • 2.3 Given a scenario, troubleshoot common security issues.
  • 2.4 Given a scenario, analyse and interpret output from security technologies.
  • 2.5 Given a scenario, deploy mobile devices securely.
  • 2.6 Given a scenario, implement secure protocols.

3.0 Architecture and Design

  • 3.1 Explain use cases and purpose for frameworks, best practices and secure configuration guides.
  • 3.2 Given a scenario, implement secure network architecture concepts.
  • 3.3 Given a scenario, implement secure systems design.
  • 3.4 Explain the importance of secure staging deployment concepts.
  • 3.5 Explain the security implications of embedded systems.
  • 3.6 Summarise secure application development and deployment concepts.
  • 3.7 Summarise cloud and virtualisation concepts.
  • 3.8 Explain how resiliency and automation strategies reduce risk.
  • 3.9 Explain the importance of physical security controls.

4.0 Identity and Access Management

  • 4.1 Compare and contrast identity and access management concepts.
  • 4.2 Given a scenario, install and configure identity and access services.
  • 4.3 Given a scenario, implement identity and access management controls.
  • 4.4 Given a scenario, differentiate common account management practices.

5.0 Risk Management

  • 5.1 Explain the importance of policies, plans and procedures related to organisational security.
  • 5.2 Summarise business impact analysis concepts.
  • 5.3 Explain risk management processes and concepts.
  • 5.4 Given a scenario, follow incident response procedures.
  • 5.5 Summarise basic concepts of forensics.
  • 5.6 Explain disaster recovery and continuity of operation concepts.
  • 5.7 Compare and contrast various types of controls.
  • 5.8 Given a scenario, carry out data security and privacy practices.

6.0 Cryptography and PKI

  • 6.1 Compare and contrast basic concepts of cryptography.
  • 6.2 Explain cryptography algorithms and their basic characteristics.
  • 6.3 Given a scenario, install and configure wireless security settings.
  • 6.4 Given a scenario, implement public key infrastructure.
  • Compliance and Operational Security (5h 48 minutes)*
  • Threats and Vulnerabilities (3h 44 minutes)*
  • Application, Data and Host Security (2h 16 minutes)*
  • Identity and Access Management (1h 37 minutes)*
  • Cryptography (1h 32 minutes)*
  • Understanding Ethical Hacking (7h)*
  • Penetration Testing (1h 38 minutes)*
  • Malware Analysis fundamentals (3h 20minutes)*

Total time: 30hours 43minutes

No content

Knowledge Modules 4 & 5: Business Processes & Law, Regulation and Ethics

Upon completion of Knowledge Module 4, Cyber Intrusion Analyst apprentices will:

  • Understand the lifecycle and service management practices to Information Technology Infrastructure Library (ITIL) foundation level
  • Understand and advise others on cyber incident response processes, incident management processes and evidence collection/preservation requirements to support incident investigation

Upon completion of Knowledge Module 5, Cyber Intrusion Analyst apprentices will:

  • Understand the main features and applicability of law, regulations and standards (including Data Protection Act/Directive, Computer Misuse Act, ISO 27001) relevant to cyber network defence and follows these appropriately.
  • Understand, adhere to and advises on the ethical responsibilities of a cyber security professional.

Read through the full curriculum for Firebrand's classroom-based training and supporting online learning modules below.

1. Information Security Management Principles

  • Concepts and Definitions
  • The Need for, and the Benefits of Information Security

2. Information Risk

  • Threats to, and Vulnerabilities of Information Systems
  • Risk Management

3. Information Security Framework

  • Organisation and Responsibilities
  • The Organisation’s Management of Security
  • Organisational Policy, Standards and Procedures
  • Information Security Governance
  • Information Security Implementation
  • Security Information Management
  • Legal Framework
  • Security Standards and Procedures

4. Procedural / People Security Controls

  • People
  • User Access Controls
  • Communication, Training and Awareness

5. Technical Security Controls

  • Protection from Malicious Software
  • Networks and Communications
  • External Services
  • Cloud Computing
  • IT Infrastructure

6. Software Development and Lifecycle

  • Testing, Audit and Review
  • Systems Development and Support

7. Physical and Environmental Security Controls

8. Disaster Recovery and Business Continuity Management

9. Other Technical Aspects

  • Investigations and Forensics
  • Role of Cryptography
  • Core Concepts (1h 18 minutes)*
  • Lifecycle Phases and Processes (3h 42 minutes)*
  • Enterprise Security: Policies, Practices and Procedures (2h 38minutes)*
  • The Issues of Identity and Access Management (2h 55minutes)*
  • Secure Software Development (3h 15minutes)*
  • Performing and Analysing Network Reconnaissance (7h 24minutes)*
  • Implementing and Performing Vulnerability Management (3h 19minutes)*
  • Performance Incident Response and Handling (5h 19minutes)*

Total time: 29 hours 50 minutes

  • The Information Security Big Picture (2h 17minutes)*
  • Cyber Security Awareness: Digital Data Protection (49minutes)*
  • Laws and standards (13 minutes)*
  • ISO Standards (2h 20 minutes)*
  • Security and Risk Management (4h 3minutes)*
  • CAPS*

Total time: 9hours 42minutes

Prerequisites

Who can enroll on a Cyber Intrusion Analyst apprenticeship?

End Point Assessment

How are Cyber Intrusion Analyst apprentices assessed?

Progression Plan

How do Cyber Intrusion Analyst apprentices progress?

Exams

Exams

While apprentices benefit from new digital skills they can use in their job, almost all digital apprenticeships that Firebrand offer provide the chance to gain industry recognised qualifications.

Apprentices gain qualifications through either BCS or Vendor specific exams where applicable. These qualifications add to a professional career and can be used to help move seamlessly between roles in the IT industry.

All relevant exams that will be achieved during this apprenticeship are listed below:

  1. BCS Level 4 Award in Network
  2. BCS Level 4 Award in Operating Systems
  3. BCS Level 4 Certificate in Information and Cyber Security Foundations
  4. BCS Level 4 Award in Business Processes
  5. BCS Level 4 Award in Law, Regulation and Ethics

Latest Reviews from our students

Trustpilot