Cyber Security Technologist – RISK Pathway

Description

The primary role of a Cyber Security Technologist is to apply an understanding of cyber threats, hazards, risks, controls, measures and mitigations to protect organisations systems and people.

Those focused on the technical side work on areas such as security design & architecture, security testing, investigations & response.

Those focused on the risk analysis side focus on areas such as operations, risk, governance & compliance.

All people in this occupation work to achieve required security outcomes in a legal and regulatory context in all parts of the economy. They develop and apply practical knowledge of information security to deliver solutions that fulfil an organisation’s requirements.

About

Course:  Cyber Security Technologist

Duration:  18+ months

Code:     CSTR/APP3

Dates:    Ask in Office

Fee:        Ask in Office

Contact Us

Tel:  020 8840 4496

Prerequisites

Individual employers will set the selection criteria, but this is likely to include A’ Levels, a relevant Level 3 apprenticeship, or other relevant qualifications, relevant experience and/or an aptitude test with a focus on functional maths.

Level 2 English and Maths (required)

Underpinning Skills, Attitudes and Behaviours

  • Logical and creative thinking skills
  • Analytical and problem solving skills
  • Ability to work independently and to take responsibility
  • Can use own initiative
  • A thorough and organised approach
  • Ability to work with a range of internal and external people
  • Ability to communicate effectively in a variety of situations
  • Maintain productive, professional and secure working environment

Eligibility

  • New or Existing Staff Eligible
  • Must have a contract of employment
  • Working a minimum of 30 hours per week
  • Degree holders eligible – Must not hold an equivalent qualification
  • Must be able to demonstrate learning need
  • 20% off the job training must be agreed by Employer,
  • Must be on program for a minimum of 18 months from their start date with NST.

 

Target Audience

  • Cyber Operations Manager
  • Security Architect
  • Penetration Tester
  • Security Analyst
  • Risk Analyst
  • Intelligence Researcher
  • Security Sales Engineer
  • Cyber Security Specialist
  • Information Security Analyst
  • Governance & Compliance Analyst
  • Information Security Assurance & Threat Analyst
  • Forensics & Incident Response Analyst
  • Security Engineer
  • Information Security Auditor
  • Security Administrator
  • Information Security Officer

Key Features

  • This program is designed and written to be 100% aligned to the syllabus of the End Point Assessment. As such unnecessary  extra curriculum studies are avoided.
  • Elements of Cybersecurity program can be customised by an Employer to suit their particular need
  • Recognised by the British Computer Society for entry onto the register of IT Technicians, confirming SFIA level 3 professional competence
  • Apprenticeship will be eligible to apply for Associate Membership of the IISP, which is the leading UK professional body        dedicated to Information Security Professionals

CORE

Threats, hazards, risks and intelligence

  • Discover (through a mix of research and practical exploration) vulnerabilities in a system
  • Analyse and evaluate security threats and hazards to a system or service or processes. Be aware of and demonstrate use of relevant external sources of threat intelligence or advice (e.g. CERT UK). Combine different sources to create an enriched view.
  • Research and investigate some common attack techniques and recommend how to defend against them. Be aware of and demonstrate use of relevant external sources of vulnerabilities (e.g. OWASP)
  • Undertake a security risk assessment for a simple system without direct supervision and propose basic remediation advice in the context of the employer.
  • Developing and using a security case
  • Source and analyse a security case (e.g. a Common Criteria Protection Profile for a security component) and describe what threats, vulnerability or risks are mitigated and identify any residual areas of concern.
  • Develop a simple security case without supervision. (A security case should describe the security objectives, threats, and for every identified attack technique identify mitigation or security controls that could include technical, implementation, policy or process).

Organisational context

  • Identify and follow organisational policies and standards for information and cyber security.
  • Operate according to service level agreements or employer defined performance targets.

Future Trends

  • Investigate different views of the future (using more than one external source) and trends in a relevant technology area and describe what this might mean for your business, with supporting reasoning.

Risk Analysis Pathway

Cyber security risk assessment

  • Conduct a cyber-risk assessment against an externally (market) recognised cyber security standard using a recognised risk assessment methodology.
  • Identify threats relevant to a specific organisation and/or sector.

Information security policy and process

  • Develop an information security policy or process to address an identified risk.
  • Develop an information security policy within a defined scope to take account of a minimum of 1 law or regulation relevant to cyber security.

Audit and assurance

  • Take an active part in a security audit against a recognised cyber security standard, undertake a gap analysis and make recommendations for remediation.
  • Incident response and business continuity
  • Develop an incident response plan for approval (within an organisations governance arrangements for incident response).
  • Develop a business continuity plan for approval (within an organisations governance arrangements for business continuity).

Cyber security culture in an organisation

  • Assess security culture using a recognised approach.
  • Design and implement a simple ‘security awareness’ campaign to address a specific aspect of a security culture.