Cyber Security Technologist

Overview

Cyber Security Technologist Overview

Cyber Security Technologist apprentices develop and apply practical knowledge of information security to deliver solutions that fulfil an organisation's requirements. They gain knowledge of the technical side in areas such as security design and architecture, security testing, investigations and response. Cyber Security Technologist apprentices are taught how to apply an understanding of cyber threats, hazards, risks, controls, measures and mitigations to protect organization's systems and people.

To achieve their Cyber Security Technologist apprenticeship, apprentices must:

  • Demonstrate competence against five knowledge modules: Cyber Security Introduction, Network and Digital Communications Theory, Security Case Development, Security Technology Building Blocks and Employment of Cryptography. These are assessed by examinations set by the British Computer Society and regulated by Ofqual. Apprentices must pass all five modules.
  • Submit a portfolio of evidence showing how they have applied the knowledge from these modules to projects and activities in their workplace.
  • Complete their formal End Point Assessment, which comprises: a synoptic project to showcase knowledge and skills from across the apprenticeship; a review of their portfolio of evidence; and a final interview with an independent EPA assessor.

Successful Cyber Security Technologist apprentices go on into roles such as a Cyber Operations Manager, Penetration Tester, Security Analyst, Cyber Security Specialist, Information Security Analyst, Security Administrator and Information Security Officer.

Core Technical Competencies

Upon completion of their Cyber Security Technologist apprenticeship, individuals will be able to:

  • discover (through a mix of research and practical exploration) vulnerabilities in a system
  • analyse and evaluate security threats and hazards to a system or service or processes
  • demonstrate use of relevant external sources of threat intelligence or advice (e.g. CERT UK)
  • research and investigate some common attack techniques and recommend how to defend against them
  • demonstrate use of relevant external sources of vulnerabilities (e.g. OWASP)
  • undertake a security risk assessment for a simple system without direct supervision and propose basic remediation advice in the context of the employer
  • source and analyse a security case (e.g. a Common Criteria Protection Profile for a security component) and describe what threats, vulnerability or risks are mitigated and identify any residual areas of concern
  • develop a simple security case without supervision
  • identify and follow organisational policies and standards for information and cyber security
  • operate according to service level agreements or employer defined performance targets
  • investigate different views of the future (using more than one external source) and trends in a relevant technology area and describe what this might mean for your business

Additional Technical Competencies

Upon completion of their Cyber Security Technologist apprenticeship, individuals focusing on the technical side will also be able to:

  • design, build, test and troubleshoot a network incorporating more than one subnet with static and dynamic routes, that includes servers, hubs, switches, routers and user devices to a given design requirement without supervision
  • analyse security requirements (functional and non-functional security requirements that may be presented in a security case) against other design requirements (e.g. usability, cost, size, weight, power, heat, supportability etc.), given for a given system or product
  • design and build a simple system in accordance with a simple security case
  • select and configure relevant types of common security hardware and software components to implement a given security policy
  • design a system employing a crypto to meet defined security objectives

Core Technical Knowledge and Understanding

Upon completion of their Cyber Security Technologist apprenticeship, individuals will:

  • understand why cyber security matters and the importance to business and society
  • understand concepts such as security, identity, confidentiality, integrity, availability, threat, vulnerability, risk and hazard
  • understand security assurance (can explain what assurance is for in security, and 'trustworthy' versus 'trusted') and how assurance may be achieved in practice (can explain what penetration testing is and how it contributes to assurance; and extrinsic assurance methods)
  • understand how to build a security case
  • describe the fundamental building blocks and typical architectures and identify some common vulnerabilities in networks and systems
  • describe the main types of common attack techniques; also the role of human behaviour
  • explain how attack techniques combine with motive and opportunity to become a threat
  • describe ways to defend against attack techniques
  • describe security standards, regulations and their consequences across at least two sectors; the role of criminal and other law; key relevant features of UK and international law
  • describe and know how to apply relevant techniques for horizon scanning including use of recognised sources of threat intelligence
  • describe the significance of identified trends in cyber security and understand the value and risk of this analysis

Additional Technical Knowledge and Understanding

Upon completion of their Cyber Security Technologist apprenticeship, individuals focusing on the technical side will also be able to understand:

  • networks: data, protocols and how they relate to each other; the main routing protocols; the main factors affecting network performance including typical failure modes in protocols and approaches to error control
  • how to build a security case: describe what good practice in design is; describe common security architectures; be aware of reputable security architectures that incorporates hardware and software components, and sources of architecture patterns and guidance
  • how to build a security case including context, threats, justifying the selected mitigations and security controls with reasoning and recognising the dynamic and adaptable nature of threats
  • how cyber security technology components are typically deployed in networks and systems to provide security functionality including: hardware and software
  • the basics of cryptography

Underpinning Skills, Attitudes and Behaviours

  • logical and creative thinking skills
  • analytical and problem solving skills
  • ability to work independently and to take responsibility
  • can use own initiative
  • a thorough and organised approach
  • ability to work with a range of internal and external people
  • ability to communicate effectively in a variety of situations
  • maintain productive, professional and secure working environment

Qualifications

Apprentices will achieve 5 BCS qualifications.

Funding

£18,000

Level

This is a level 4 apprenticeship

Professional Recognition

This apprenticeship is recognised for entry onto the register of IT technicians confirming SFIA level 3 professional competence and those completing the apprenticeship are eligible to apply for registration.

Duration

The duration of this Firebrand apprenticeship is 16 months. Because this period involves both training and the final End Point Assessment (some of which must be carried out in the workplace), employers need to ensure the apprentice’s contract covers the full programme duration.

Registration to the Register of IT Technicians (RITTech)

Once apprentices have completed their apprenticeship they are officially recognised by the British Computer Society (BCS) for entry onto the Register of IT Technicians, confirming SFIA level 3 professional competence.

Curriculum

Cyber Security Technologist curriculum

Firebrand’s apprenticeship programme covers all mandatory knowledge and skills outlined in the apprenticeship standard. Every Firebrand apprentice attends a suite of market-leading training programmes, to cover knowledge required from the apprenticeship standard. This training is then fleshed out through a package of selected online learning, which also allows apprentices to explore any topics of particular interest/importance to them in greater depth.

How are apprentices taught?

Apprentices receive a range of market-leading training as part of their qualification – typically between three and five courses per apprenticeship - giving them fundamental skills at speed.

We'll deliver all the knowledge apprentices need to learn for each knowledge module in the Standard through our Lecture | Lab | Review delivery. Apprentices then attend a Syllabus Review Session to cover the knowledge content covered in the apprenticeship standard.


Knowledge Modules 1, 3 & 4: Cyber Security Introduction, Security Case Development and Design Good Practice & Security Technology Building Blocks

Upon completion of Knowledge Module 1, Cyber Security apprentices will:

  • Understand different cyber security processes and how their are applied in various cyber roles

Upon completion of Knowledge Module 3, Cyber Security apprentices will:

  • Understand security case development, having built on “Applying basic security concepts to develop security requirements (to help build a security case)” in KM1

Upon completion of Knowledge Module 4, Cyber Security apprentices will:

  • Understand building blocks - the cyber security technology components typically deployed in networks & systems to provide security functionality

Read through the full curriculum for Firebrand's classroom-based training and supporting online learning modules below.

The Cyber Security Concepts course consists of three associated BCS Syllabus modules, known as Knowledge Modules (KMs):

  • KM1 Cyber Security Introduction
  • KM3 Security Case Development and Design Good Practice
  • KM4 Security Technology Building Blocks

The content of each module is summarised below. You can review the full syllabus for each module by following the link at the end of the summary.

 

KM1 - Cyber Security Introduction

Objective: Demonstrate an understanding of the foundations of cyber security.

  1. Describe and explain why information and cyber security are important to business and to society.
  2. Recall, describe and explain the terminology and basic concepts of cyber security.
  3. Demonstrate and explain the concept of information assurance and how it can be delivered.
  4. Describe and explain how security objectives can be developed and used to build a security case.
  5. Demonstrate and explain how the basic security concepts can be applied to typical information and communications technology (ICT) cyber infrastructures.
  6. Describe and explain common attack techniques and sources of threat.
  7. Illustrate and explain ways to defend against the main attack techniques.
  8. Recall, describe and explain legal, regulatory, information security and ethical standards relevant to the cyber-community.
  9. Discover and explain the concept and practice of keeping up with the threat landscape (horizon scanning).
  10. Describe and explain future trends in cyber security.

The full syllabus can be found at https://www.bcs.org/media/1705/cyber-security-cyber-security-introduction-syllabus.pdf.

 

KM3 - Security Case Development and Design Good Practice

Objective: Demonstrate an understanding of modern cyber security design practice and how to devise a security case for a given system.

  1. Describe what good practice in design is and how this may contribute to security.
  2. Compare and contrast the features of reputable security architectures, which incorporate security hardware and software components.
  3. Describe the features of the Common Criteria Protection Profile.
  4. Understand how to design and develop a ‘security case’, recognising that threats evolve and respond to a security design.

The full syllabus can be found at https://www.bcs.org/media/1720/cyber-security-security-case-development-and-design-good-practice-syllabus.pdf.

 

KM4 - Security Technology Building Blocks

Objective: Demonstrate an understanding of tools and methods required to implement security within computers and networks.

  1. The ability to demonstrate a thorough knowledge of tools and methods employed to implement host based security for a range of threats.
  2. A comprehensive knowledge of the technologies and techniques necessary for the defence and maintenance of networks and their hosts.
  3. Understand the functionality and operation of security techniques as they apply to software and data.
  4. A thorough understanding of the application, deployment and management of the security of networked systems and methods available to identify and reduce risk.

The full syllabus can be found at https://www.bcs.org/media/1723/cyber-security-technology-building-blocks-syllabus.pdf.

  • Cyber Security Overview (29minutes)
  • Building your Cyber Security Vocabulary (57 minutes)
  • Network Security (3h 48 minutes) *
  • Compliance and Operational Security (5h 48 minutes) *
  • Threats and Vulnerabilities (3h 44 minutes)
  • Application, Data and Host Security (2h 16 minutes)
  • Identity and Access Management (1h 37 minutes)
  • Cryptography (1h 32 minutes)
  • Risk Management (3h 21 minutes)*
  • Understanding Ethical Hacking (7 hours)
  • Architecture and Design (4h 13minutes)
  • Enterprise Security: Policies, Practices and Procedures (2h 38minutes)
  • Ethical Hacking; Malware Threats (4h)*
  • Security Standards; Common Criteria
  • PCI DSS; The big picture (1h 23 minutes)
  • FIPS 140-2
  • CAPS
  • COBIT (Course on FB site)
  • Computer Misuse Act
  • Data Protection Act
  • Human Rights Act
  • Digital Millennium Copyright Act
  • General Data Protection Regulation
  • Network and Information Security Directive

Total time: 42 hours 46 minutes

  • The Information Security Big Picture (2h 17minutes)*
  • Designing and Implementing Security Policies (2h 6 minutes)
  • Architecture and Design for Security (4h 13 minutes)
  • Enterprise Security (2h 55 minutes)
  • Risk Management and Incident Response (1 h 49 minutes)
  • Research and Analysis (1h 43 minutes)
  • Computing, Communication and Business Integration (1h 58 minutes)
  • Technical Integration of Enterprise Components (1h 11 minutes)
  • TOGAF Overview (4h 7 minutes)
  • SABSA Overview (10 minutes)

Total time: 22 hours 29 minutes

  • Networking Security (5h 6 minutes)
  • Network Security (3h 48 minutes)

Total time: 8 hours 54 minutes


Knowledge Module 2: Network and Digital Communications Theory

Upon completion of this Knowledge Module, Cyber Security apprentices will:

  • Understand modern computer networks

Read through the full curriculum for Firebrand's classroom-based training and supporting online learning modules below.

Networking Concepts

  • Explain the purposes and uses of ports and protocols.
  • Explain devices, applications, protocols and services at their appropriate OSI layers
  • Explain the concepts and characteristics of routing and switching.
  • Given a scenario, configure the appropriate IP addressing components.
  • Compare and contrast the characteristics of network topologies, types and technologies.
  • Given a scenario, implement the appropriate wireless technologies and configurations.
  • Summarize cloud concepts and their purposes
  • Explain the functions of network services.

Infrastructure

  • Given a scenario, deploy the appropriate cabling solution.
  • Given a scenario, determine the appropriate placement of networking devices on a network and install/configure them.
  • Explain the purposes and use cases for advanced networking devices.
  • Explain the purposes of virtualization and network storage technologies.
  • Compare and contrast WAN technologies.

Network Operations

  • Given a scenario, use appropriate documentation and diagrams to manage the network.
  • Compare and contrast business continuity and disaster recovery concepts.
  • Explain common scanning, monitoring and patching processes and summarize their expected outputs.
  • Given a scenario, use remote access methods.
  • Identify policies and best practices.

Network Security

  • Summarize the purposes of physical security devices.
  • Explain authentication and access controls.
  • Given a scenario, secure a basic wireless network.
  • Summarize common networking attacks.
  • Given a scenario, implement network device hardening
  • Explain common mitigation techniques and their purposes.

Network Troubleshooting and Tools

  • Explain the network troubleshooting methodology.
  • Given a scenario, use the appropriate tool.
  • Given a scenario, troubleshoot common wired connectivity and performance issues.
  • Given a scenario, troubleshoot common wireless connectivity and performance issues.
  • Given a scenario, troubleshoot common network service issues.
  • Networking Fundamentals Part 1 (4h 18 minutes)*
  • Networking Fundamentals Part 2 (3h 47 minutes)*
  • Network Architecture (7h 25 minutes)*
  • Networking Operations (4h 33minutes)*
  • Networking Security (5h 6 minutes)*
  • Troubleshooting (4h 5 minutes)*
  • Industrial Standards, Practices and Network Theory (4h 9 minutes)*

Total time: 33 hours 23 minutes


Knowledge Module 5: Employment of Cryptography

Upon completion of this Knowledge Module, Cyber Security apprentices will:

  • Understand applied cryptography

Read through the full curriculum for Firebrand's classroom-based training and supporting online learning modules below.

Theory of cryptographic techniques


In this key topic, the apprentice will describe the technology of cryptography and name the available techniques, limitations and problems commonly encountered. Outcomes should include an ability to:

  • Describe cryptographic techniques and state their limitations
  • Describe the main features of symmetric cryptosystems, PK cryptosystems and key exchange
  • Show where the various cryptographic techniques may be employed to secure data and systems
  • Show how poorly applied cryptography can become a threat vector
  • Explain the significance and role of entropy in cryptography and discuss security problems associated with entropy

Deployment of cryptography

In this key topic, the apprentice will explain the deployment of cryptographic systems in a range of common public technologies; in the protection of data and networked systems and discuss issues faced in their deployment and updating. Outcomes should include an ability to:

  • Explain the significance of key management as it relates to controls, lifecycle and governance
  • Describe the role of cryptography in a range of common public systems
  • Describe the role of cryptography as it applies to data on hard disks or in transit
  • List some of the practical issues encountered in implementing cryptography
  • Explain the practical issues faced when updating cryptographic techniques

Cryptography across jurisdictions


In this key topic, the apprentice will discuss legal issues relevant to cryptography (particularly when crossing national borders) and describe UK, EU and US export control of cryptography and the Wassenaar Arrangement. Outcomes should include an ability to:

  • List the regulatory frameworks in place in different jurisdictions
  • Describe some of the legal issues related to cryptography with respect to national borders
  • List a range of resources available to obtain advice concerning cryptography and security
  • Cryptography: The Big Picture (1h 24 minutes)
  • Cryptography Fundamentals for Developers and Security Professionals (4h 14minutes)
  • Enterprise Library Security and Cryptography Application Blocks (1h 8minutes)
  • Cryptography (1h 32minutes)
  • Laws and standards (13 minutes)
  • International Traffic in Arms Regulations
  • Data Protection Act
  • Cyber Security Awareness: Digital Data Protection (49minutes)
  • Regulation of Investigatory Powers Act 2000
  • Sarbanes Oxley
  • International Data Encryption Algorithm

Total time: 09 hours 20 minutes


Additional Courses

Choose from one of Firebrand's accelerated courses listed below to add to this apprenticeship programme. These courses are delivered when apprentices have submitted evidence to their End Point Assessment gateway.

These additional courses support apprentices in achieving a Distinction grade at End Point Assessment.

Prerequisites

Who can enroll on a Cyber Security Technologist apprenticeship?

End Point Assessment

How are Cyber Security Technologist apprentices assessed?

Progression Plan

How do Cyber Security Technologist apprentices progress?

Exams

Exams

While apprentices benefit from new digital skills they can use in their job, almost all digital apprenticeships that Firebrand offer provide the chance to gain industry recognised qualifications.

Apprentices gain qualifications through either BCS or Vendor specific exams where applicable. These qualifications add to a professional career and can be used to help move seamlessly between roles in the IT industry.

All relevant exams that will be achieved during this apprenticeship are listed below:

  1. BCS Level 4 Certificate in Cyber Security Introduction
  2. BCS Level 4 Certificate in Network and Digital Communication Theory
  3. BCS Level 4 Certificate in Security Case Development and Design Good Practice
  4. BCS Level 4 Certificate in Security Technology Building Blocks
  5. BCS Level 4 Certificate in Employment of Cryptography

Latest Reviews from our students