The Level 4 Cyber security technologist (2021), and the 5 providers delivering it.

Roles after completion

Completers typically move into roles such as Cyber Security Analyst, SOC Analyst, Cyber Risk Analyst, Information Security Officer, or Junior Security Engineer, depending on which of the three specialisms they pursued. Those on the engineering pathway may step into network security or infrastructure roles, while risk and compliance-focused completers often enter governance, risk and compliance (GRC) or assurance functions. Defender and responder graduates frequently join security operations centres in monitoring or incident response capacity.

Progression paths

Within three to five years, practitioners commonly progress to Senior Cyber Security Analyst, Security Architect, or Threat Intelligence Analyst. Those who move into management can reach Security Operations Manager or Head of Information Security. The deep-specialist track leads toward roles such as Principal Security Engineer, Penetration Tester, or Forensics Consultant, often supported by professional certifications including CISSP, CISM, or vendor-specific qualifications. At the senior end, roles such as Chief Information Security Officer (CISO) represent the longer-term ceiling for those who combine technical depth with strategic capability.

Where these roles sit

Demand spans virtually every sector in the UK economy. Financial services, central and local government, defence contractors, NHS trusts, and critical national infrastructure operators are consistent employers, as are managed security service providers (MSSPs) that deliver security functions to multiple clients. Technology firms, retailers with large online operations, and telecoms companies also hire regularly. Roles exist in organisations of all sizes, from SMEs building their first security function to large enterprises running dedicated security operations centres.

How the apprenticeship is assessed

Throughout the apprenticeship, learning happens alongside employment, with the apprentice building knowledge and skills directly in their workplace role. Before final assessment, both the employer and training provider confirm the apprentice is ready, a checkpoint commonly called the gateway. At that point, the apprentice must demonstrate competence across the knowledge, skills and behaviours set out in the standard, including whichever specialist option they have followed: Cyber Security Engineer, Cyber Risk Analyst, or Cyber Defender and Responder. Assessment models for many standards are currently being updated as part of wider reforms, so check the standard's gov.uk page for the current specification.

What learners need to prepare

Gathering evidence as work happens is far easier than reconstructing it later. Apprentices should keep records of real tasks throughout, whether that is a risk assessment, a network build, an incident response plan, or a security audit contribution, because this evidence forms the basis of demonstrating competence at the end. Working closely with both the employer and training provider from an early stage helps identify any gaps in coverage before the gateway, giving time to address them without pressure.

What good looks like

Look for providers with an achievement rate above 65% on their FATP profile, and ideally above 75% given the technical complexity of this standard. Because apprentices complete one of three pathways (engineer, risk analyst, or defender and responder), a good provider will be clear upfront about which pathways they deliver and how they structure the split. Check that training covers current frameworks such as NCSC guidance, ISO 27001 and NIST, and that apprentices get hands-on exposure to tools used in live security environments, including SIEM platforms, vulnerability scanners and network analysis tools, not just classroom theory. Strong employer satisfaction scores and learner reviews that mention real-world application are worth weighting heavily here.

Red flags to watch for

Be cautious if a provider cannot tell you clearly which of the three pathways they specialise in, or if they teach all three with equal confidence but have thin cohort sizes across each. Outdated tool coverage is a concrete risk in this standard; if a provider's curriculum still centres on legacy platforms or avoids cloud security entirely, that is a problem. A high volume of starts combined with a declining achievement rate deserves scrutiny. Also probe any provider that cannot show where alumni have ended up, since SOC analyst, GRC analyst and security engineer roles are specific enough to verify.

Questions to ask before you commit

• Which of the three pathways do you deliver, and can I see a sample curriculum for the one relevant to my role?
• What security tools and platforms will apprentices use during training, and how recently has the curriculum been updated to reflect current threats and environments?
• What is your current achievement rate for this standard, and how does it compare to your rate two years ago?
• How do you handle the security clearance requirements some employers have, and have you worked with employers in regulated sectors before?
• Can you share examples of where your completers have gone, specifically the job titles and sectors they moved into?
• How is off-the-job training structured, and what proportion involves practical, scenario-based work rather than taught content?
• What is your typical cohort size for this standard, and how many dedicated tutors or assessors do you have for it?