KSB PlannerKSB Planner
ST0865Level 3v1.1Approved For Delivery

Cyber security technician

Digital · Digital Support and Services

Duration

18 months

OTJ Hours

418

Funding Band

£11,000

KSBs

59

Occupational Summary

A Cyber security technician Level 3 apprenticeship trains an apprentice to provide first-line cyber security support across sectors that hold digital information. Apprentices monitor and detect potential security threats, apply procedures and controls to maintain confidentiality, integrity and availability, and escalate incidents as required. They support secure and uninterrupted business operations by implementing cyber security mechanisms such as patching software, installing updates, implementing access control, configuring firewalls, and operating SIEM and protection tools (anti‑virus, anti‑malware, anti‑spam). Working under supervision, frequently within a Security Operations Centre or Network Operations Centre, they operate as part of a team, engage with colleagues, managers, customers and suppliers, follow defined procedures and determine when to escalate complex issues.

The programme comprises 59 knowledge, skills and behaviours (KSBs), typically lasts 18 months and has a maximum funding band of £11,000. End-point assessment is conducted via professional discussion, portfolio of evidence, knowledge test and observation.

View official Skills England source text

This occupation is found in all sectors where information is held digitally and where that information is an asset that needs to be protected including but not limited to finance, retail, telecoms, health, media, manufacturing and local authorities. The broad purpose of the occupation is to provide first line cyber security support. This requires individuals to monitor and detect potential security threats and escalate as necessary and to support secure and uninterrupted business operations of an organisation through the implementation of cyber security mechanisms and the application of cyber security procedures and controls. To contribute to the delivery of a security culture across an organisation, understanding vulnerabilities and threats and supporting the development of an organisation's cyber security maturity. To apply procedures and controls to maintain security and control of an organisation, and process security requests ensuring confidentiality, integrity and availability of information stored digitally. In their daily work, an employee in this occupation interacts with a wide range of stakeholders including colleagues, managers, customers and internal and external suppliers. They would typically work as a member of a team; this may be office based or virtual. The employee will interact with, and influence colleagues and will have working level contact with customers, suppliers and partners in their capacity as an individual contributor. An employee in this occupation will be responsible for supporting a cyber security function (frequently a Security Operations Centre or Network Operations Centre) working under supervision. The employee will be conducting specific cyber security tasks to defined procedures and standards. Specific cyber security mechanisms and controls that an individual would be required to implement would include: patching software, installing software updates, implementing access control, configuring firewalls, security incident and event management tools (SIEM) tools and protection tools (Anti-virus, Anti-malware, Anti-spam). They will be responsible for their own activities with other resources made available to them as required. As directed, the employee will engage with specific cyber security events. The employee will be expected to work with internal and external stakeholders under general direction. They will use discretion in identifying and responding to complex issues and assignments and will usually receive specific instructions and will have work reviewed at frequent milestones. They will be expected to determine when issues should be escalated to a higher level.

AI-Powered

What's in the Delivery Pack?

Every section is tailored specifically to the ST0865 standard, using official KSB data, the published assessment plan, and sector-specific context.

KSB Interpretations

Plain-English interpretation of every Knowledge, Skill and Behaviour

EPA Preparation

End-point assessment readiness, gateway checklist and method guidance

Delivery Risks

Occupation-specific risks, mitigations and early warning signs

Delivery Model Options

Model-selection guide comparing day release, block release and front-loaded approaches

On/Off-the-Job Mapping

Which KSBs are best taught by the provider vs developed in the workplace

Initial Assessment & RPL

Starting points, prior learning recognition and programme adaptation

English, Maths & Digital

Where functional skills embed naturally and standalone qualification guidance

Employer Engagement Guide

Employer commitments, progress reviews and workplace engagement guidance

Get the ST0865 Delivery Guide

Unlock all 8 AI-powered sections — KSB interpretations, EPA preparation, delivery risks, employer engagement, and more. Tailored to Cyber security technician.

From £14.99 · Instant PDF download · en-GB throughout

Get Delivery Guide

Qualifications & Recognition

Professional Recognition

UK Cyber Security CouncilAssociateFull
BCS, The Chartered Institute for ITAssociate BCS membership (AMBCS) and ProfessionalFull
Registration for IT Technicians (RITTech)Level 3Full
Chartered Institute for Information SecurityAccredited AffiliateFull

English & Maths

English and maths qualifications must be completed in line with the apprenticeship funding rules .

Knowledge, Skills & Behaviours

Knowledge

30
  • K1: Principles of organisational information security governance and the components of an organisation's cyber security tech...
  • K2: Cyber security policies and standards based on an Information Security Management System (ISMS)
  • K3: Types of physical, procedural and technical controls
  • K4: Awareness of how current legislation relates to or impacts upon the occupation including Data Protection Act, Regulation...
  • K5: Cyber security awareness and components of an effective security culture, different organisational structures and cultur...
  • + 25 more items

Skills

22
  • S1: Follow information security procedures
  • S2: Maintain information security controls
  • S3: Develop information security training and awareness resources
  • S4: Monitor the effectiveness of information security training and awareness
  • S5: Handle and assess the validity of security requests from a range of internal and external stakeholders
  • + 17 more items

Behaviours

7
  • B1: Manage own time to meet deadlines and manage stakeholder expectations
  • B2: Work independently and take responsibility for own actions within the occupation
  • B3: Use own initiative
  • B4: A structured approach to the prioritisation of tasks
  • B5: Treat colleagues and external stakeholders fairly and with respect without bias or discrimination
  • + 2 more items

Duties (18)

1

Apply procedures and controls to maintain security and control of an organisation.

2

Contribute to the production and development of security culture across an organisation including assisting with the promotion of cyber security awareness programmes, monitoring the effectiveness of cyber security awareness programmes, promoting an effective cyber security culture

3

Process cyber security helpdesk requests ensuring confidentiality, integrity and availability of digital information, meeting relevant legal and regulatory requirements for example access control requests.

4

Conduct the installation and maintenance of technical security controls in accordance with relevant procedures and standards.

5

Monitor, identify, report and escalate information security incidents and events in accordance with relevant procedures and standards.

6

Administer cryptographic and certificate management activities in accordance with relevant procedures and standards.

7

Conduct regular review of access rights to digital information assets in accordance with relevant procedures and standards.

8

Maintain an asset register of controlled environments in accordance with relevant policies, procedures and standards.

9

Assist with backup and recovery processes in accordance with relevant policies, procedures and standards.

10

Contribute to documenting the scope and evaluating the results of vulnerability assessments in accordance with management requirements.

11

Contribute to risk assessments and escalate where appropriate in accordance with relevant procedures and standards.

12

Contribute to routine threat intelligence gathering tasks.

13

Document incident and event information and incident, exception and management reports in accordance with relevant policies, procedures and standards.

14

Contribute towards the production and review of cyber security policies, procedures, standards and guidelines drawing on their experience of applying policies for example - acceptable use, incident management, patching, anti-virus, bring your own device (BYOD), access control, social media, password, data handling and data classification, information technology asset disposal

15

Monitor cyber security compliance and provide relevant data to auditors if required by the auditor.

16

Collaborate with people both internally and externally to support secure and uninterrupted business operations of an organisation.

17

Practice continuous self-learning to keep up to date with industry trends and developments to enhance relevant skills and take responsibility for own professional development.

18

Monitor and detect potential security threats and escalate in accordance with relevant procedures and standards.

End-Point Assessment

Assessment Plan

Type: PDF

View assessment plan

Version & Source

Version
1.1
Occupational standard and end-point assessment plan revised
Last changed
28 Sept 2025
Earliest start
28 Sept 2025
Approved for delivery
13 May 2020
EQA Provider
Ofqual
Sector Subject Area
6.1 Digital technology (practitioners)
Trailblazer
TB0532
Last checked
11 Mar 2026
View on Skills EnglandOccupational Standard

Frequently Asked Questions

What knowledge, skills and behaviours are in the ST0865 standard?

The Cyber security technician apprenticeship has 30 knowledge items, 22 skills, and 7 behaviours that apprentices must demonstrate.

How long is the Cyber security technician apprenticeship?

The typical duration is 18 months, with a maximum funding band of £11,000.

What does a delivery guide for ST0865 include?

The KSB Planner delivery guide includes plain-English KSB interpretations, EPA preparation guidance, delivery risk analysis, on/off-the-job mapping, employer engagement strategies, and more — all tailored to ST0865.

Data sourced from Skills England. KSB Planner delivery guides are an interpretation and planning aid based on official published source material — not an official regulator-issued document.