Qualifications

Working towards: Cyber security technical professional (integrated degree)

ST0409 · Level 6 · BSc (Hons) · Typically 48 months · Barton Peveril / B&FC

What I'm doing on programme

I'm building the knowledge, skills, and behaviours (KSBs) for the standard through college sessions, off-the-job learning, and daily work—logged and reflected on in my Learning Journal. Below is a snapshot of the areas I'm actively working on.

Cyber Security Foundations

  • Human factor: How psychological triggers (urgency, fear, trust) enable social engineering; cognitive bias and "optimism bias"; vishing case studies; mitigation as policy and culture, not just technical fix.
  • UK GDPR & data protection: UK GDPR, DPA 2018, and the Data Use and Access Act (DUAA); shift from DPO to Senior Responsible Individual (SRI); Privacy by Design; legal and ethical responsibilities (K24–K26).
  • Practical assignment: Vulnerability reconnaissance on a Synology NAS in a sandbox; Nmap service versioning, Wireshark packet analysis; CVE identification (e.g. Samba); hardening and remediation; technical report writing linked to KSBs.
  • Formative work: Collaborative presentations on network foundations and reliable sources (RFCs, academic texts); applying command verbs (analyse vs describe) in assessments.

Network Foundations

  • IP addressing & subnetting: IPv4/IPv6, VLSM, network/broadcast addresses, host ranges; efficient subnet design (e.g. /26, /30).
  • Routing & switching: Layer 2 (MAC) vs Layer 3 (IP); OSPF, EIGRP, BGP; binary and CIDR; VLANs on Cisco Packet Tracer.
  • ICMP & diagnostics: Ping, Traceroute, NetStat; echo requests/replies; hops at Layer 3; listening ports and TCP/UDP connections; troubleshooting methodology.
  • Secure design & access: Static vs dynamic routing; symmetric and asymmetric encryption (HTTPS/VPNs); Port Security (Sticky MAC) against MAC flooding; switch security in Packet Tracer.
  • Consolidation: Full Packet Tracer walkthrough—device identity, interfaces, VLANs (802.1Q), Standard ACLs, SSH, enable secret; show ip interface brief, show running-config; preparation for mock practical assessment.

Personal & professional development (PPD)

  • PPD 1–3 (VLE): Careers and next steps; structure for work (PPD 2) and for learning (PPD 3)—Emotional Intelligence (Goleman), soft skills, Chunk Learning, Cornell Method, Active Recall, academic integrity and referencing.
  • Study and application: Balancing technical work with communication (S01, S02); identifying skills gaps (e.g. public speaking, complex network config); aligning daily tasks with apprenticeship targets and PDP.

Progress and reflections are recorded in my Learning Journal (e.g. session summaries, your learning, impact and application, next steps), with timesheets and criteria linked to the KSBs. This keeps my development aligned with the ST0409 standard and with my role at Barton Peveril.

Overview of the role

A cyber security technical professional operates in business or technology/engineering functions across sectors including critical national infrastructure. They normally work with considerable autonomy and lead teams that research, analyse, model, assess and manage cyber security risks; design, develop, justify, manage and operate secure solutions; and detect and respond to incidents. They work in accordance with applicable laws, regulations, standards and ethics.

Typical job roles: Cyber Risk Manager; Cyber Risk Analyst; Cyber Research Analyst; Cyber Incident Manager; Cyber Security Engineer; Cyber Security Design Engineer.

Technical competencies (summary)

The standard defines competencies across these areas:

  • Foundations: Cyber security concepts, threats, vulnerabilities, assurance
  • Networks: Design, build, configure, optimise and troubleshoot networks; protocols, virtualisation
  • Data & systems: Statistical techniques, big data, OS configuration and security, digital logic
  • Programming & software: High- and low-level languages, algorithms, secure design patterns, software development methodologies
  • Security engineering: Malware analysis, secure programming, threat and vulnerability discovery and mitigation
  • Human & organisational: Culture, individual responsibilities, ethical reconnaissance, risk modelling and assessment
  • Governance & compliance: Management systems, information security plans, legal and regulatory environment, policy
  • Operations: Security technology and crypto, security cases, assurance, SIEM, intrusion detection and response

Underpinning skills

Fluent written communication; concise verbal presentations and arguments; negotiation; understanding others' motivations and strengths; working effectively in teams; active listening, leading and influencing; constructive feedback; analytical and critical thinking; structured problem-solving; demonstrating value of technology solutions; effective research; logical and creative problem-solving; and a security mindset (how to break as well as make).

Behaviours

Business discipline, ethics and courtesies; timeliness and focus; completing tasks to deadline with high quality; flexible attitude; performing under pressure; thorough approach to the cyber security role.

Qualification & recognition

Qualification: BSc (Hons) Cyber Security Technical Professional Degree. Apprentices without Level 2 English and maths must achieve these before end-point assessment.

Professional recognition: Entry to Institute of Information Security Professionals (IISP) membership at Associate level.

In practice

Security operations & tools

Day-to-day work at Barton Peveril aligns with this standard: identity and access management (Zoho Directory), Google Workspace security, ServiceDesk Plus for incident governance, Khipu SOC coordination, filtering, and vulnerability management. See the security operations in practice and enterprise stack sections on the home page for more.

← Back to home