Barton Peveril Sixth Form College

Cyber Security Degree Apprentice

Operating in a live security environment—identity governance, incident response, and infrastructure hardening.

The story

From service desk to cyber security

I'm Joseph Addleton. Before my apprenticeship I was at Trusted Technology Partnership, providing first-line IT support for NHS GP practices: troubleshooting PCs and Microsoft environments, Active Directory and MECM, NHSmail account management, clinical software support, and secure handling of confidential data. I handled site downs—no internet, organising engineers—and moved into Deputy Service Manager: leading site-down response, tasking engineers, keeping procedure and communication tight, and assisting first line with escalations. I was also a Halo Champion, working on the Halo ticket system and process improvements.

A-Levels in Computer Science, Mathematics, and Photography; self-taught development and photography. I did part-time retail at Fairweather's Garden Centre alongside. Now I'm a Cyber Security Degree Apprentice at Barton Peveril Sixth Form College, working toward the Level 6 integrated degree (BSc (Hons) Cyber Security Technical Professional). I'm building hands-on experience in vulnerability management, MDM, service desk setup, filtering, and network security—plus homelab work (Proxmox, Ceph, Jellyfin, network hardening) and academic focus on governance, threat analysis, and the human factor. This site tells that story—and the creative side: Bird Song Logix (C#, BirdNET AI, offline analysis) and photography.

Experience

Sep 2025 – Present

Building a career in cyber security: vulnerability management, MDM and device management, service desk setup, and filtering—learning the foundations that keep systems and users safe.

Jul – Sep 2025

Led on site-down response, tasking engineers, and ensuring procedure was followed. Communication was central. Assisted first line with escalations. Also a Halo Champion, working on the Halo ticket system and process improvements.

Oct 2024 – Jul 2025

First-line IT support for NHS GP practices: inbound support, ticket logging and escalation, Active Directory, MECM (Microsoft Endpoint Configuration Manager), NHSmail account management, and secure handling of confidential GP data. Incident triage and prioritisation.

Feb 2022 – Dec 2025

Customer service, sales, product knowledge, cash handling. Southampton, on-site. Ran alongside studies and later full-time IT work.

Background

Self-taught development and photography. Earlier experience in retail, wholesale, and sports coaching. Drive to combine creativity with technical problem-solving.

Operational security environment

Operating in a live educational environment with external SOC oversight—identity governance, incident response, and infrastructure hardening.

Zoho Directory Administration

User provisioning & deprovisioning, group-based access control, MFA enforcement, conditional access, SSO, and auditing.

Working with Zoho Directory as part of identity lifecycle management: user provisioning and deprovisioning, group-based access control, MFA enforcement and policy tuning, conditional access policies, device trust enforcement, SSO configuration across services, and auditing login activity and anomaly detection. Role-based access mapping, periodic access reviews, and handling privileged accounts separately.

Identity is the new perimeter. My focus is ensuring least-privilege access and tight joiner/mover/leaver processes to reduce insider and credential-based risk.

Google Workspace Administration & Security

OU structure, device management, DLP, context-aware access, and email security (SPF, DKIM, DMARC).

Hands-on with Google Admin Console: OU structure design, device management (Chromebooks and endpoints), context-aware access, app access control, API controls, Data Loss Prevention (DLP) policies, audit log investigation, Gmail routing rules and anti-spoof protection, SPF/DKIM/DMARC alignment, and Vault retention policies. Monitoring suspicious login activity, reviewing OAuth app permissions, handling compromised accounts, and implementing 2FA enforcement.

Managing Google Workspace from a security-first perspective—aligning user access, device trust, and policy enforcement with safeguarding requirements in an educational environment.

ServiceDesk Plus (SDP) – ITIL & Security Operations

Workflow creation, SLA configuration, incident categorisation, escalation rules, and security incident classification.

ServiceDesk Plus administration: workflow creation and automation, SLA configuration, incident categorisation, priority matrices, escalation rules, custom forms and templates, change management logging, and security incident classification. Identifying patterns in incidents, flagging potential security incidents, aligning incident categories with security taxonomy, and coordinating response between IT and SOC with maintained audit trails.

Using ServiceDesk Plus not just as a ticketing tool, but as an operational security workflow system—ensuring traceability, escalation control, and incident governance alignment.

Khipu SOC Interaction

Responding to security alerts, investigating suspicious logins, validating phishing alerts, and providing context for SOC analysis.

SOC coordination: responding to security alerts, investigating suspicious login events, correlating user reports with SOC notifications, validating phishing alerts, endpoint alert triage, providing contextual information for SOC analysis, and following up on remediation actions. Acting as the operational bridge between internal IT and external SOC monitoring.

Acting as the operational bridge between internal IT and external SOC monitoring, ensuring alerts are investigated promptly and containment actions are executed efficiently.

Network Security & Filtering

DNS filtering, category-based web controls, safeguarding compliance, and threat blocking.

DNS filtering, category-based web controls, safeguarding compliance, false positive review and whitelisting process, threat blocking (malware/phishing domains), TLS inspection considerations, and policy exceptions with audit trail. Balancing safeguarding, compliance, and user productivity while reducing exposure to malicious or inappropriate content.

Balancing safeguarding, compliance, and user productivity while reducing exposure to malicious or inappropriate content.

Vulnerability Management

Running scans, interpreting CVSS, risk prioritisation, patch validation, and remediation tracking.

Running vulnerability scans, interpreting CVSS scores, risk prioritisation, patch validation, coordinating remediation with stakeholders, documenting risk acceptance decisions, and tracking remediation timelines. Participating in the risk reduction lifecycle.

Participating in the risk reduction lifecycle—from scan to prioritisation to remediation and audit.

Enterprise stack

ServiceDesk Plus (SDP)Zoho DirectoryGoogle Workspace AdminKhipu SOC monitoringCisco CLINmap / WiresharkProxmox / CephDocker / Python / PowerShell

Security operations in practice

Operating within a live educational environment with external SOC oversight, I contribute to:

Security in practice is rarely theoretical—it involves coordination, communication, and controlled response under time pressure.

Homelab & infrastructure

Technical competency

Building, securing, and managing environments: high-availability storage, hardware-accelerated transcoding, and perimeter hardening.

Mini-PC Proxmox & Ceph

Designing a mini PC rack build and Proxmox/Ceph cluster for high-availability storage. Documenting hardware selection, networking logic, and how Ceph delivers resilient storage in a homelab.

Media server & transcoding

Configuring Intel QSV and GPU passthrough for Jellyfin in unprivileged LXC containers. Efficient transcoding using integrated GPUs (e.g. 12600K) to reduce CPU overhead.

Network security & hardening

Cisco router/switch CLI, Synology NAS firewall rules, and Nginx version obfuscation. Segmenting IoT/printers and hiding server signatures to reduce attack surface.

Tooling & automation

Cyber tools & development

Bridging sysadmin and security engineering: dashboards, scripting, and API-driven automation.

Cyber Tools web app (v2.0) Dashboard built with Docker Compose: auth fixes, SOC Dashboard refactor. Tech stack: Docker, Python/JS. Visualises network activity for security operations. Scripting & API integration PowerShell for Chrome URL retrieval, Python for AD status checks, Zoho and Google Workspace APIs. Automation for repetitive IT and security tasks.

Analytical depth

Academic & research

Understanding the why behind the technology: governance, threat analysis, and the human dimension of security.

Policy & privacy

UK GDPR 2018, the transition from DPO to SRI (Data Act), and aligning patching strategies with organisational goals. Translating complex regulation into actionable security measures.

Security fundamentals

Threat actor analysis and the CIA Triad (Confidentiality, Integrity, Availability) applied to real-world scenarios. How core pillars apply in the modern threat landscape.

The human firewall

How human factors contribute to breaches; phishing and vishing (e.g. HMRC/education scams). Social engineering defence and user education as mitigation.

Qualifications

Working towards: Cyber security technical professional (integrated degree)

Level 6 · BSc (Hons) · Typically 48 months · ST0409

Building competencies in risk analysis, secure design, incident response, and governance—leading to roles such as Cyber Risk Analyst, Cyber Security Engineer, or Cyber Incident Manager.

Apprenticeship standard, competencies & what I'm doing

Beyond the day job

Creative projects

Photography and Bird Song Logix are where I combine creativity with tech—bird song analysis and visual storytelling alongside the cyber security path.

Bird Song Logix Software for bird song analysis and documentation. Releases, docs, and updates. Photography Wildlife and landscape photography—Spring Motion and more. Self-taught through YouTube and A-Level Photography.

Bird Song Logix

Latest releases

Bird Song Logix software releases and updates.

View all releases