Send To Friend


Cyber Security Technologist - Higher Apprenticeship (Standard)

Level 4
Course Code:
North Devon Campus
Two years

The primary role of a Cyber Security Technologist is to apply an understanding of cyber threats, hazards, risks, controls, measures and mitigations to protect organisations systems and people. As a Cyber Security Technologist apprentice, you’ll develop a broad understanding of the key knowledge areas required for working in the sector, these include system vulnerabilities and risk assessments; security cases; attack techniques; and cyber defence methods. Following this, you’ll have the chance to specialise in one of two pathways - each essential to the IT industry. You could choose to focus on the technical side of cyber security, working on areas such as security design and architecture, security testing, and investigations and response; or take the risk analysis route and expand your knowledge of operations, risk, governance, and compliance.

Once you successfully pass your apprenticeship, you’ll be eligible to apply for a place on the independent Register of IT Technicians. Being listed on the official register will provide recognition of your competence in applying your technical skills in a work environment.


By the end of your apprenticeship, you’ll be expected to display technical competency in the following key areas:

Threats, hazards, risks and intelligence:
- Discover (through a mix of research and practical exploration) vulnerabilities in a system.
- Analyse and evaluate security threats and hazards to a system or service or processes.
- Be aware of and demonstrate use of relevant external sources of threat intelligence or advice (e.g. CERT UK).
- Combine different sources to create an enriched view.
- Research and investigate some common attack techniques and recommend how to defend against them.
- Be aware of and demonstrate use of relevant external sources of vulnerabilities (e.g. OWASP)
- Undertake a security risk assessment for a simple system without direct supervision and propose basic remediation advice in the context of the employer.

Developing and using a security case:
- Source and analyse a security case (e.g. a Common Criteria Protection Profile for a security component) and describe what threats, vulnerability or risks are mitigated and identify any residual areas of concern.
- Develop a simple security case without supervision. (A security case should describe the security objectives, threats, and for every identified attack technique identify mitigation or security controls that could include technical, implementation, policy or process).

Organisational context:
- Identify and follow organisational policies and standards for information and cyber security.
- Operate according to service level agreements or employer defined performance targets.
- Future Trends
- Investigate different views of the future (using more than one external source) and trends in a relevant technology area and describe what this might mean for your business, with supporting reasoning.

You’ll acquire technical knowledge, and increase your understanding of cyber security, in areas such as:
- Why cyber security matters: the importance of cyber security to business and society
- Basic theory: concepts such as security, identity, confidentiality, integrity, availability, threat, vulnerability, risk and hazard, and how these relate to each other and lead to risk and harm
- Security assurance: explaining what assurance means for security, and exploring ‘trustworthy’ versus ‘trusted’. Also, looking at how assurance may be achieved in practice, including penetration testing and extrinsic assurance methods
- How to build a security case: deriving security objectives with reasoned justification, in a real-world business scenario
- Cyber security concepts applied to ICT infrastructure: exploring the fundamental building blocks and typical architectures, and identifying some common vulnerabilities in networks and systems
- Attack techniques and sources of threat: looking at the main types of common attack techniques and the role of human behaviour, and explaining how attack techniques combine with motive and opportunity to become a threat.
- Cyber defence: learning the ways to defend against attack techniques
- Relevant laws and ethics: focussing on security standards, regulations and their consequences across at least two sectors; the role of criminal and other law; key relevant features of UK and international law
- The existing threat landscape: learning how to apply relevant techniques for horizon scanning, including use of recognised sources of threat intelligence
- Threat trends: understanding the significance of identified trends in cyber security, and the value and risk of this analysis

In addition to studying the core elements of cyber security, you’ll also have the opportunity to tailor your study to suit your career aspirations, and increase your specialist knowledge in one of the following industry pathways:

- Option 1: Technologist
- Option 2: Risk Analyst
Your progress will be assessed during your apprenticeship via an On-Programme Assessment, and your overall performance will be assessed at the end of the programme, via an End-Point Assessment.

On-Programme Assessment:
Your technical knowledge and understanding will be assessed - while you’re undertaking your apprenticeship - through a combination of Ofqual-regulated knowledge modules, and specified vendor and professional qualifications. These modules must be passed before the end-point assessment can take place.

End-Point Assessment:
Your final end-point assessment will be completed in the last few months of your apprenticeship, and you’ll be assessed on the required competencies, as laid out in the course content.

The end-point assessment will utilise a variety of testing methods, including:
- Creating a Portfolio: Your portfolio will need to contain evidence from real work projects which have been completed during your apprenticeship. You’ll create your portfolio towards the end of your apprenticeship, and it should cover the entirety of your course.
- Project Work: You’ll be expected to undertake a business-related project - over a one-week period - away from your day-to-day workplace.
- Employer Reference: Your employer will be called upon to provide a reference relating to your aptitude, attitude, competencies, performance, and professionalism during your apprenticeship.
- Structured Interview (with an independent assessor)

Your final interview will explore what you have produced in both your portfolio and your project; as well as looking at how it has been created and presented.

An independent assessor will evaluate each individual element of your end-point assessment and - if you have successfully completed your apprenticeship assessment - will decide whether to award a Pass, Merit, or Distinction.
The entry requirements for this apprenticeship will be set by the individual employer, but it is likely that you’ll need to have achieved one (or more) of the following qualifications:
Five GCSEs at grade C/4 or above
Level 3 Apprenticeship in a related role
Equivalent vocational qualification in a relevant subject
Extensive industry experience accompanied by an aptitude test (with a focus on functional maths)
Successfully completing this course could lead directly to a career in the IT sector; or allow you to progress to higher-level qualifications, such as Petroc’s BSc Digital and Technology Solutions Professional Degree Apprenticeships, FdSc Computing, or FdSc Games Development.
You will be based at Petroc’s state-of-the-art Institute of Technology; providing industry-standard facilities and equipment, for the study of both Digital Science and Engineering.

Our newly-developed South West Institute of Technology (SWIoT) has been created as part of the Department for Education’s (DfE) £170 million investment, to establish a network of technology institutes across the country.

In addition to our purpose-built facilities, our industrial partners have given us the benefit of their expertise, so that the specialist equipment we have installed is of the highest professional quality, and is at the cutting edge of current industry-standard specifications.
The Engineering facility will house clean room fabrication capabilities; electronics design, manufacture and testing laboratories; additive technologies (3D); and production robotics.

The Digital Science suite contains a bespoke area for developing virtual environments; a large space for drone experimentation; and the latest specification networking, software, and data engineering facilities.

Petroc’s dedicated SWIoT building also has a large, welcoming social space, in which you can work and relax, while enjoying excellent connectivity.
Please contact the HE Team on 01271 852335 for more information.