apprenticeship

Cyber Security Technologist Programme

Level 4 apprenticeship | Learner guide

Cyber threats don't wait. This programme builds security professionals who can assess risk, defend systems and respond to incidents, with the technical and analytical skills to stay ahead of a threat landscape that never stops evolving.

Level

4

Duration

24 months + EPA

Standard

Cyber Security Technologist Apprenticeship

Min. OTJ hours

418

What this programme is for

Cyber security is one of the fastest-growing and most critical disciplines in technology. Every organisation, regardless of size or sector, faces cyber risk. The professionals who can identify, assess and respond to that risk are in relentless demand.

This programme is for professionals working in or moving into cyber security roles, whether that’s security operations, vulnerability management, incident response, penetration testing, governance and risk, or security engineering. You may be a technical specialist deepening your expertise or a professional from a related field building security capability for the first time.

At 24 months, this programme delivers real depth. You’ll graduate with hands-on experience of the tools, frameworks and techniques that define professional cyber security practice.

What you'll cover

The programme covers all the knowledge, skills and behaviours required for the End-Point Assessment, built around real challenges in your organisation.

Technical security foundations

  • Cyber security principles, threat landscape and attack vectors
  • Network security: protocols, firewalls, IDS/IPS and secure architecture
  • Operating systems security: Linux and Windows hardening
  • Cryptography, PKI and secure communications
  • Vulnerability assessment, scanning and penetration testing fundamentals

Operations, governance and response

  • Incident response: detection, containment, eradication and recovery
  • Digital forensics and evidence handling
  • Cloud security: securing AWS, Azure and GCP environments
  • Identity and access management (IAM and Zero Trust principles)
  • Governance, risk and compliance: ISO 27001, NIST, Cyber Essentials

Offensive and testing

  • Kali Linux and penetration testing tools
  • Metasploit and exploitation frameworks
  • Burp Suite for web application testing
  • Nmap and Nessus for vulnerability scanning
  • Wireshark and network analysis

Defensive and cloud

  • Splunk, Microsoft Sentinel or IBM QRadar
  • CrowdStrike, Defender or similar EDR
  • AWS Security Hub, Azure Defender, GCP Security Command Centre
  • Autopsy and digital forensics toolkits
  • HashiCorp Vault and secrets management

AI-enhanced tools

  • AI-driven threat detection and anomaly identification
  • Automated vulnerability scanning and triage
  • AI-assisted log analysis and incident prioritisation
  • Threat intelligence platforms with AI correlation
  • Automated security reporting and compliance monitoring

Programme specification

Mollit consequat aute nostrud dolor dolor enim. Officia consectetur laboris veniam eu excepteur consequat excepteur non est commodo anim cillum labore irure culpa. Consequat minim reprehenderit sint aute magna ut consequat quis amet. Amet adipisicing cupidatat tempor cupidatat non. Duis ipsum dolore commodo qui cupidatat velit qui elit occaecat ex.

Cyber security is a practical discipline. You’ll work with real tools, real vulnerabilities and real defensive configurations throughout, not theoretical scenarios. Every skill you build has an immediate application in your role.

Monthly workshops: live, interactive sessions. Technical content, hands-on tool practice and red team or blue team exercises built in from day one.

1:1 coaching: your Technical Coach is an experienced security professional. They’ll guide your technical development across the full 24 months and support your portfolio evidence from live security work.

Workplace security projects: vulnerability assessments, incident reports, security architecture reviews, penetration test write-ups. Real security work from your actual environment.

Independent study: CTF challenges, certification preparation, threat intelligence reading and self-directed lab work to build depth between sessions.

One dedicated coach with cyber security expertise across the full 24 months. They’ll know your security environment, your threat context and the technical challenges you’re working through. They will:

  • Conduct formal three-way progress reviews every 12 weeks
  • Mark all work and return written feedback within 10 working days
  • Guide your technical development across offensive, defensive and governance domains
  • Build and review your Smart Assessor portfolio against the Cyber Security Technologist KSBs
  • Prepare you for your End-Point Assessment with mock assessments and technical briefing practice

Penetration test reports, vulnerability assessments, incident write-ups, security architecture reviews, OTJ logs and reflective accounts, all in Smart Assessor. At 24 months, building evidence from day one matters. Your coach guides you on what to capture and how to frame it against the KSBs.

Skills England requires a minimum of off-the-job training hours for this apprenticeship. Given the 24-month duration, structured OTJ planning is essential. Your coach plans and records this with you from the start. OTJ activities include workshops, coaching, security projects, CTF practice, certification preparation and EPA readiness.

Level 2 English and maths required before your End-Point Assessment. Identified at induction and planned from the start.

The EPA is conducted by an independent EPAO. For Cyber Security Technologist it typically includes a work-based project report and presentation, and a professional discussion. Your project draws on real security work conducted during the programme. Your coach prepares you thoroughly with at least one full mock.

Where this takes you

Typical progression routes

Senior Security Analyst or Security Operations Centre (SOC) Lead

Penetration Tester or Red Team Operator

Security Engineer or Cloud Security Architect

Incident Response Manager or DFIR specialist

Information Security Manager or CISO pathway

Your onboarding journey

Here's what to expect before your learning begins.

1

Pre-enrolment

Expression of interest

Application form

2

Initial assessment

Online maths and English check

Diagnostic skills review

3

Enrolment

Sign Commitment Statement

Submit documents

4

Induction

Attend induction workshop

Set up Smart Assessor

5

Final onboarding

Compliance check

Programme begins

Ready to build a career in cyber security?

Talk to the La Fosse Academy team.
Enquire now