L6Apprenticeship3551 approved provider

The Level 6 Cyber Security Technical Professional (Integrated Degree), and the 1 provider delivering it.

Leading teams which manage cyber security risks.

About this apprenticeship

What this apprenticeship covers

At Level 6, the focus is on technical leadership within cyber security. Apprentices learn to assess and manage cyber risks across an organisation, design security architectures, respond to incidents, and ensure systems meet regulatory and compliance requirements. The programme covers threat intelligence, vulnerability management, security operations, and governance frameworks. Apprentices also develop the skills to lead technical teams and communicate risk clearly to non-technical stakeholders, bridging the gap between engineering detail and business decision-making.

Day-to-day responsibilities

Week to week, apprentices work alongside security engineers, analysts, and IT leadership. Typical tasks include reviewing threat assessments, contributing to incident response plans, auditing systems against security standards such as ISO 27001 or Cyber Essentials, and producing risk reports for senior management. Apprentices may run or support security operations centre (SOC) functions, test controls, and help shape policies. As the apprenticeship progresses, they take on more responsibility for leading team activity and owning specific security workstreams.

Career outlook

Completing this degree-level apprenticeship typically leads to roles such as Cyber Security Analyst, Security Architect, SOC Team Lead, or Information Security Manager. From there, progression commonly runs toward senior or principal positions, and eventually into roles like Head of Cyber Security or Chief Information Security Officer (CISO). Employers who hire for these roles span financial services, central and local government, defence, healthcare, critical national infrastructure, and large technology businesses. Candidates who hold professional certifications alongside the degree, such as CISSP or CISM, tend to move quickly into senior positions.

1 approved provider

Sorted by achievement rate.

Blackpool and The Fylde College

Employer: 4.0

Blackpool and The Fylde College (B&FC) offers a wide range of technical and professional education o...

View profile →

Career outcomes

Roles after completion

Graduates from this programme typically move into roles such as Cyber Security Analyst, Security Operations Centre (SOC) Analyst, Penetration Tester, Information Security Engineer, or Cyber Risk Analyst. Some enter as Junior Security Architects or Threat Intelligence Analysts, depending on the employer's structure and the specialism pursued during the degree. The integrated degree element means completers are generally competitive for roles that a standalone apprenticeship or non-graduate route would not reach.

Progression paths

Within three to five years, many move into mid-level positions such as Senior Security Analyst, Security Operations Team Lead, or Vulnerability Management Specialist. Beyond that, two tracks tend to open up. The leadership track leads toward roles like Head of Cyber Security, Security Operations Manager, or Chief Information Security Officer (CISO). The specialist track leads toward senior technical positions such as Principal Security Architect, Red Team Lead, or Cyber Threat Intelligence Manager, often with professional certifications such as CISSP or CREST alongside continued development.

Where these roles sit

Demand comes from across the public and private sectors. Central government departments, the Ministry of Defence, NHS bodies, and local authorities all hire for these roles, as do large financial services firms, managed security service providers (MSSPs), consultancies, and telecommunications companies. Regulated industries with significant data obligations, including insurance, legal services, and critical national infrastructure operators, are consistent hirers. Smaller specialist cyber security firms also recruit at this level, particularly for technical specialist roles.

How it's assessed

How the apprenticeship is assessed

Assessment runs throughout the apprenticeship rather than as a single event at the end. Working in a real cyber security role from day one, the apprentice builds practical competence in areas such as risk management, technical security operations, and team leadership. Before completing, the apprentice must pass a readiness check, commonly called a gateway, where the employer and training provider confirm that the required knowledge, skills and behaviours are in place. Because this is an integrated degree apprenticeship, academic assessment through the degree is woven into the overall programme. Assessment models for many standards are currently being updated; check the standard's gov.uk page for the current specification.

What learners need to prepare

Keeping records of real work throughout the programme makes the final stages significantly easier. Apprentices should document technical tasks, security incidents handled, risk assessments contributed to, and any leadership or team responsibilities taken on, building a body of evidence that reflects genuine workplace performance. Regular reviews with both the employer and training provider help identify any gaps early. Leaving evidence gathering until late in the programme creates unnecessary pressure, so treating it as an ongoing habit from the start is the practical approach.

Choosing a provider

What good looks like

Look for providers with achievement rates above 65% on their FATP profile, and read apprentice satisfaction scores carefully as degree-level technical programmes often mask disengagement in later years. Strong providers will have clear employer involvement in curriculum design, not just a logo on a webpage. For this standard, the detail that matters is whether teaching covers current threat intelligence frameworks (MITRE ATT&CK, for example), defensive tooling in active use, and whether apprentices handle realistic incident scenarios rather than textbook exercises. Alumni working in security analyst, penetration testing, or security architecture roles is a useful signal of genuine outcomes.

Red flags to watch for

Be cautious of providers running very large cohorts with a declining or opaque achievement rate. At degree level over four years, dropout often happens quietly. If a provider cannot explain how their curriculum has changed in the last 12 to 18 months to reflect the current threat landscape, the content may be dated. Vague answers about how apprentices access security labs, virtualised environments, or supervised incident simulations are worth probing. Providers who count general IT modules toward the cyber content without differentiation should be questioned.

Questions to ask before you commit

What percentage of your current apprentices are on track to complete, and how does that compare to your published achievement rate?
Which threat frameworks and security tools are explicitly taught, and when were those elements last reviewed?
How do apprentices practise incident response, and what environments or simulations do you use?
Can you show us examples of end-point assessment results or projects completed by previous cohorts?
How do your tutors maintain current practitioner knowledge alongside their teaching responsibilities?
What employer input goes into the programme design, and how is that documented?
Which regions do you deliver in, and how is off-the-job training structured for employers outside those areas?

Common questions

What are the entry requirements for this apprenticeship?

Employers set their own entry criteria, but most will expect strong A-level results or equivalent qualifications, particularly in STEM subjects. Some employers accept relevant work experience in place of formal qualifications. Because this is a degree-level programme, applicants typically need to meet the entry requirements of the university delivering the degree component. Check with individual providers, as requirements vary.

How long does the apprenticeship take and what does the time commitment look like?

The typical duration is 48 months. Throughout that time the apprentice remains employed and studies alongside their job. A portion of working time is dedicated to off-the-job learning, though the exact percentage is subject to current reforms under Skills England. Check the current specification on gov.uk for up-to-date requirements before planning workloads and study schedules.

How is the apprenticeship assessed?

Before sitting the end-point assessment, the apprentice must pass through gateway, where the employer, training provider, and apprentice confirm that the required knowledge, skills, and behaviours have been demonstrated. Assessment models for many degree apprenticeships are being updated, so the specific methods, such as project submissions or professional discussions, may have changed. The current assessment plan is published on the gov.uk apprenticeship standard page.

How does the funding work for employers?

Larger employers who pay the apprenticeship levy draw down costs from their digital levy account. Smaller employers co-invest with the government, currently contributing a percentage of the training cost while the government funds the rest. Employers with fewer than 50 staff taking on an apprentice aged 16 to 18 pay nothing. The funding band for this standard is £24,000, which is the maximum that can be spent on training and assessment costs.

What does someone in this role actually do day to day?

An apprentice in this role works on identifying and managing cyber security risks across an organisation. Typical tasks include analysing threats, developing security policies, advising on risk mitigation, and contributing to incident response. They are likely to work with technical teams and senior stakeholders, translating technical risks into business terms. As the apprenticeship progresses, they take on greater responsibility for leading security workstreams and team coordination.

What can an apprentice do after completing this apprenticeship?

Graduates of this programme hold a degree-level qualification and are well placed to move into senior cyber security roles such as security architect, penetration testing lead, or head of information security. Some go on to chartered status through professional bodies such as BCS or NCSC-recognised schemes. Others progress to postgraduate study. Employers in finance, government, defence, and critical national infrastructure are typical hirers at this level.

Not sure which provider fits?

Tell us a bit about your team and we'll send a shortlist.

Need help choosing a provider?

Tell us your requirements and we'll match you with the right training providers.

Curated by Alex Lockey, FATP founder and editor. Last reviewed: 20 May 2026.

Sources include the apprenticeship's official specification on apprenticeships.gov.uk, Skills England guidance, IfATE archive records, DWP funding bands, and provider data sourced directly from the public Apprenticeship Provider and Assessment Register (APAR). Standard reference: 355.

Some sections on this page were drafted with AI assistance from published source data and reviewed by a human editor before publication. See our editorial methodology for how we maintain this content. Spotted something out of date? Tell us.

Related standards

Software Developer L4 Artificial intelligence (AI) and automation practitioner L4 Hardware, network and infrastructure foundation apprenticeship L2 Infrastructure technician L3 Digital product manager L4 Software and data foundation apprenticeship L2 Information communications technician L3 Network Cable Installer L3