I am an Employer

looking to upskill or develop ambitious learners


I want to learn a new skill

and become an apprentice for a fantastic company

Get Hired

Cyber Security Risk Analyst


Level 4


18 months

One-to-one support:

Every 4 weeks

You will achieve:

BCS Level 4 Cyber Security Analyst

Programme delivery

Phase 1



Before your induction, a member of Estio’s Apprenticeship Onboarding team will contact you and your employer representative to discuss your job role and the apprenticeship standard. During this initial consultation, you will also begin your personalised Vocational Scorecard, which assesses your current skill levels against the apprenticeship standard.

The scorecard ensures we fully understand your starting point, so that we can work with your employer to develop an individual learning plan that is tailored to your needs, and gives you the best opportunity to achieve at the highest level.



Your induction will take place within the first two weeks of starting your employment and will be facilitated by the Onboarding team at your nearest Estio training centre. You will go through an overview of your chosen apprenticeship programme and be given details of what dedicated support is in place for you throughout your learning journey. In addition, you will receive login details for our Virtual Learning Environment, which you will use to complete both mandatory and optional training modules as part of your programme. Any outstanding diagnostic assessments and enrolment documents will be completed, and you can ask any last questions you may have before you formally begin your training.

Functional skills

Functional skills

We use BKSB tests to determine your current level of knowledge, to assess if you need further support with English and/or Maths.

If you do, our Functional Skills Training team will work with you to supply these skills. You will be supported through remote training sessions and workshops, which run for 3 days (for each).

Once you feel comfortable, you can sit the Level 2 Maths and/or English exams. These qualifications are equivalent to an A* – C (4-9) grade at GCSE, they are fully certified by City & Guilds and can be used to further enhance your CV and skillset.

Phase 2


Cisco Cyber Security Essentials

What you will learn

  • Security controls for networks, servers and applications
  • Security principals
  • Implementing proper procedures for data confidentiality and availability
  • Develop critical thinking and problem solving skills using real equipment and packet tracer
Network & Digital Communication Theory

What you will learn

  • Explain what is meant by data and protocol and how they relate to each other
  • Describe an example data format and a simple protocol in current use (using protocol diagrams)
  • Describe example failure modes in protocols
  • Describe at least one approach to error control in a network
  • Describe the main features of network protocols in widespread use on the Internet, their purpose and relationship to each other in a layered model
  • Describe the main routing protocols in current use in computer networks and explain the differences between static and dynamic routing protocols and the pros and cons of each in different circumstances
  • Explain some of the main factors that affect network performance and propose ways to improve perf
Cyber Security Introduction

What you will learn

  • Explain why information and cyber security is important to business and society
  • Explain basic concepts: security, identity, confidentiality, integrity, availability, threat, vulnerability, risk & hazard
  • Explain how the concepts of threat, hazard and vulnerability relate to each other and lead to risk
  • Explain what penetration testing (‘ethical hacking’) is and how it contributes to assurance
  • Apply basic security concepts to develop security requirements
  • Describe some common vulnerabilities in computer networks and systems (for example, non-secure coding and unprotected networks)
  • Describe the main types of common attack techniques (for example: phishing, social engineering, malware, network interception, blended techniques e.g. ‘advanced persistent threat’, denial of service, theft)
  • Describe legal standards, regulations and ethical standards relevant to cyber security
Risk Assessment

What you will learn

  • Risk assessment theory including principles and terminology associated with risk, key steps in risk management, qualitative and quantitative approaches to risk assessment and presenting the results of risk assessment
  • Risk assessment threats and vulnerabilities
  • Risk assessment standards including methodologies and frameworks, as well as their differences and similarities and how to apply risk methodologies and frameworks
  • Risk assessment practice including the application of methodologies and frameworks in organisations, comparing approaches to treating risk and the role of the risk owner by comparison with other stakeholders
Governance, Organisation, Law, Regulation & Standards

What you will learn

  • Governance and the need, purpose and implementation of it. This includes why it’s necessary to manage information security, information management security structures, how structures operate together to deliver security outcomes and how legislation and regulation can be implemented to meet information security risks
  • Access control support for governance, including how effective management of identity supports an organisation’s security policies, standards and governance
  • Policies and procedures in different organisational environments, including the factors that shape the environment, types of organisations and sectors and how this has an impact on security management, regulations, and GDPR
  • Security expert roles and information providers including key characteristics of roles, main professional qualifications, external specialists, security teams and the purpose of security intelligence
  • Legal framework including how legislation interacts to support security, privacy and data protection. Another factor is the consideration of the key security standards that impact information security
  • Applying ISO 27001:2013 including ISMS, the standard key concepts, achieving certification and the benefits of certification.
  • Security breach notification including reporting to the Information Commissioner’s Office, and it’s relation to UK Data Protection Act and GDPR
One-to-one support

One-to-one support

You will have a Technical Specialist and a Progress Management Co-ordinator (PMC) assigned to support you throughout your apprenticeship.

Your PMC will contact you every 4 weeks to discuss your progress made to date, check you’re understanding your training modules, and support you with gathering evidence for your portfolio. Every 12 weeks a review meeting will take place between you, your employer representative and your PMC to assess how your new learning and skills development is being applied in your job role and its impact on your wider industry skills.

The Technical Specialist will work with you to develop your portfolio of evidence for End Point Assessment, and with your employer representative to agree the various workplace projects you will be required to undertake. They will also support your employer representative to complete your Employer Reference, a document which highlights key behaviours you have demonstrated for the final assessment as part of the End Point Assessment.

In every one-to-one session, we will agree actions and SMART targets for you to complete, so that you can progress confidently and with the right support.

Your portfolio

Your portfolio

Throughout the apprenticeship, you will contribute evidence towards your online e-portfolio. We use e-portfolios as they are accessible from anywhere, and enable you to track your progress throughout your apprenticeship.

You’ll have access to your personal dashboard, which shows you a number of key milestones and deadlines coming up, such as the training you have completed, work that is due, and any gaps in your portfolio of evidence.

Your Technical Specialist and Progress Management Co-ordinator will be available to contact at any point throughout the apprenticeship and will advise you how to provide the best evidence.

Off-the-job training

Off-the-job training

Off-the-job (OTJ) training is comprised of, but not limited to activities such as: training with Estio, shadowing, journal entries and projects for e-portfolio. Completed within working hours as agreed with the employer but average at 6 hours per week (20% of your time on your apprenticeship).

You can track your OTJ progress on your e-portfolio.

Phase 3

Assessment Gateway, preparation & administration week

Assessment Gateway, preparation & administration week

Dedicated one-to-one sessions to support the learner as they head towards assessment, putting them in the best possible position for achievement.

Phase 4

End Point Assessment

End Point Assessment

You will be assessed by an End Point Assessment Organisation chosen by your employer. EPA can take up to 3-4 months to complete. This involves a knowledge test, professional discussion underpinned by a portfolio, a project report, and a scenario demonstration with Q&A.

The Independent Assessor will feedback the results (Pass, Merit or Distinction) and the ESFA will provide your certificate.

Where can this apprenticeship take me?

More information about this apprenticeship can be found on the institute for apprenticeships website.

University study

Level 4 apprenticeships are the equivalent to a foundation degree. If you wish to study further whilst staying in work, some universities will offer the ability to learn remotely. If you wish to take a break from work, you may need to apply for a student loan whilst you study.