Cybersecurity Technologist Risk Analyst
The main objective of this role is to manage and deal with cybersecurity threats, hazards and risks, protecting your organisation’s IT systems and staff from harm.
A Cybersecurity Technologist’s main role is to apply their knowledge of cyber threats, hazards, risks, controls, measures and mitigations to protect organisations systems and people.
If the focus is on the risk analysis side the work will concentrate on areas such as operations, risk, governance and compliance.
Whether the focus is technical or risk analysis, all individuals will work to achieve required security outcomes in a legal and regulatory context. All will develop and apply practical knowledge of information security to deliver solutions that fulfil an organisation’s requirements.
Typical job roles
Cyber Operations Manager, Security Architect, Penetration Tester, Security Analyst, Risk Analyst, Intelligence Researcher, Security Sales Engineer, Cybersecurity Specialist, Information Security Analyst, Governance & Compliance Analyst, Information Security Assurance & Threat Analyst, Forensics & Incident Response Analyst, Security Engineer, Information Security Auditor, Security Administrator, Information Security Officer.
Individual employers will set the selection criteria, but this is likely to include A’ Levels, a relevant Level 3 apprenticeship, or other relevant qualifications, relevant experience and/or an aptitude test with a focus on functional maths.
Technical Competencies and Technical Knowledge and Understanding
Apprentices will cover the following:
Threats, hazards, risks and intelligence
- Discover (through a mix of research and practical exploration) vulnerabilities in a system
- Analyse and evaluate security threats and hazards to a system or service or processes. Be aware of and demonstrate use of relevant external sources of threat intelligence or advice (e.g. CERT UK). Combine different sources to create an enriched view.
- Research and investigate some common attack techniques and recommend how to defend against them. Be aware of and demonstrate use of relevant external sources of vulnerabilities (e.g. OWASP)
- Undertake a security risk assessment for a simple system without direct supervision and propose basic remediation advice in the context of the employer.
Developing and using a security case
- Source and analyse a security case (e.g. a Common Criteria Protection Profile for a security component) and describe what threats, vulnerability or risks are mitigated and identify any residual areas of concern.
- Develop a simple security case without supervision. (A security case should describe the security objectives, threats, and for every identified attack technique identify mitigation or security controls that could include technical, implementation, policy or process).
- Identify and follow organisational policies and standards for information and cybersecurity.
- Operate according to service level agreements or employer defined performance targets. Future Trends.
- Investigate different views of the future (using more than one external source) and trends in a relevant technology area and describe what this might mean for your business, with supporting reasoning.
Technical Knowledge and Understanding:
Understands the basics of cybersecurity including:
- Why cybersecurity matters – the importance to business and society
- Basic theory – concepts such as security, identity, confidentiality, integrity, availability, threat, vulnerability, risk and hazard. Also how these relate to each other and lead to risk and harm
- Security assurance – concepts (can explain what assurance is for in security, and ‘trustworthy’ versus ‘trusted’) and how assurance may be achieved in practice (can explain what penetration testing is and how it contributes to assurance; and extrinsic assurance methods)
- How to build a security case – deriving security objectives with reasoned justification in a representative business scenario
- Cybersecurity concepts applied to ICT infrastructure – can describe the fundamental building blocks and typical architectures and identify some common vulnerabilities in networks and systems.
- Attack techniques and sources of threat – can describe the main types of common attack techniques; also the role of human behaviour. Explain how attack techniques combine with motive and opportunity to become a threat.
- Cyber defence – describe ways to defend against attack techniques
- Relevant laws and ethics – describe security standards, regulations and their consequences across at least two sectors; the role of criminal and other law; key relevant features of UK and international law
- The existing threat landscape – can describe and know how to apply relevant techniques for horizon scanning including use of recognised sources of threat intelligence
- Threat trends – can describe the significance of identified trends in cybersecurity and understand the value and risk of this analysis
Specialism - Risk Analyst
In addition to the above technical competencies and technical knowledge and understanding, apprentices will do the following specialism:
Cyber security risk assessment
- Conduct a cyber-risk assessment against an externally (market) recognised cybersecurity standard using a recognised risk assessment methodology.
- Identify threats relevant to a specific organisation and/or sector. Information security policy and process
- Develop an information security policy or process to address an identified risk.
- Develop an information security policy within a defined scope to take account of a minimum of 1 law or regulation relevant to cybersecurity.
Audit and assurance
- Take an active part in a security audit against a recognised cybersecurity standard, undertake a gap analysis and make recommendations for remediation.
Incident response and business continuity
- Develop an incident response plan for approval (within an organisations governance arrangements for incident response).
- Develop a business continuity plan for approval (within an organisations governance arrangements for business continuity).
Cybersecurity culture in an organisation
- Assess security culture using a recognised approach.
- Design and implement a simple ‘security awareness’ campaign to address a specific aspect of a security culture.
Technical Knowledge and Understanding
- Understands relevant types of risk assessment methodologies and approaches to risk treatment; can identify the vulnerabilities in organisations and security management systems; understand the threat intelligence lifecycle; describe different approaches to risk treatment. Understand the role of the risk owner and contrast that role with other stakeholders.
- Understands, at a deeper level than from Knowledge Module 1, the legal, standards, regulations and ethical standards relevant to cybersecurity: governance, organisational structure, roles, policies, standard, guidelines and how these all work together to deliver identified security outcomes. Also awareness of the legal framework, key concepts applying to ISO27001 (a specification for information security management), and awareness of legal and regulatory obligations for breach notification
Underpinning Skills, Attitudes & Behaviours
- Logical and creative thinking skills
- Analytical and problem solving skills
- Ability to work independently and to take responsibility
- Can use own initiative
- Athorough and organised approach
- Ability to work with a range of internal and external people
- Ability to communicate effectively in a variety of situations
- Maintain productive, professional and secure working environment
The Knowledge Modules are summarised below for both Cybersecurity apprenticeships. No vendor or professional qualifications have been identified that would exempt these Knowledge Modules.
English and Maths
Level 2 English and maths will need to be achieved, if not already, prior to taking the end point assessment.
This apprenticeship is recognised for entry to both IISP and BCS Associate Membership and for entry onto the Register of IT Technicians confirming SFIA level 3 professional competence. Those completing the apprenticeship are eligible to apply for registration.
The duration of this apprenticeship is typically 24 months.
This is a level 4 apprenticeship.