Overview
Type of Apprenticeship:
Competency-basedJob Title/s:
- Cyber security analyst
- Cyber security monitor
- Vulnerability analyst
- Information systems security analyst
- Network security analyst
Pathways
Security analyst
Network security engineer
Information systems security managers
Information assurance security officer
Context
Cyber security support technicians and analysts can be employees of small to large companies, non-profits and government agencies, can be outside contractors that provide services to other organizations, and can be self-employed or start their own service company.
General Info
Workforce Information
- ONET Code: 15-1122.00
- Size of Current Workforce:
- No. of jobs predicted (2014-2024):
- Median Salary (2014): $55,000 to $74,999.
Purpose:
Cyber security professionals work to maintain the security and integrity of information technology systems, networks and devices. According to the National Cybersecurity Workforce Framework, cyber security professionals perform one or more of the following functions: securely provision, operate and maintain, protect and defend, investigate, collect and operate, analyze and provide oversight and development.
Attitudes & Behaviors:
- be detail-oriented
- like working with technology
- apply logic to solve complex problems
- work with a wide range of people, including other technical staff as well as non-technical users of information technology equipment and systems
- have patience
- review large amounts of data to identify and mitigate against potential vulnerabilities or threats
Cross-Cutting Competencies:
(Importance on a scale of 1-8)- Demonstrates general knowledge within predetermined fields of study or work
- Demonstrates and uses basic knowledge within a field of study or work that includes relevant principles and practices
- Demonstrates and applies extended knowledge within a field of study or field of occupational activity
- Demonstrates a comprehensive theoretical and technical knowledge within a field of study
- Demonstrates integrated and specialized professional knowledge within a field of study or occupational activity
- Demonstrates broad integrated knowledge concerning scientific principles
- Demonstrates comprehensive, detailed, specialized and state-of-the-art knowledge in a scientific subject
- Demonstrates comprehensive, specialized, systematic state-of-the-art knowledge in a discipline or profession
Personal Effectiveness:
Interpersonal Skills | Integrity | Professionalism | Initiative | Dependability & Reliability | Adaptability & Flexibility | Lifelong Learning |
---|---|---|---|---|---|---|
1 | 4 | 4 | 2 | 4 | 2 | 4 |
Academic:
Reading | Writing | Math | Science | Communication | Thinking | Computer |
---|---|---|---|---|---|---|
2 | 2 | 4 | 4 | 2 | 4 | 4 |
Workplace:
Team Work | Customer Focus | Planning & Organization | Creative Thinking | Problem Solving & Decision Making | Working w/ Tools & Tech |
---|---|---|---|---|---|
4 | 4 | 2 | 3 | 4 | 4 |
Scheduling & Coordinating | Checking, Examining & Recording | Business Fundamentals | Sustainable Practices | Health & Safety |
---|---|---|---|---|
4 | 1 | N/A | 1 |
Additional Info
Certifications or Licensures:
-
CompTia Security+ (Certification)
-
Certified Information Systems Security Professional (CISSP) (Certification)
Accrediting Organizations:
- CompTIA
- Cisco
- Microsoft
- (ISC)2
Competencies and Related Instruction
Full Framework (PDF)
Work Process Schedule (Word Doc)
Work Process Schedule (PDF)
Job Functions
- Assists in developing security policies and protocols: assists in enforcing company compliance with network security policies and protocols.
Level: Basic
View CompetenciesCompetencies:
-
Locates (in intranet, employee handbook or within software) organizational policies intended to maintain security and minimize risk and explains their use. (T0461) - Core
-
Provides guidance to employees on how to access networks, set passwords, reduce security threats and provide defensive measures associated with searches, software downloads, email, Internet, add-ons, software coding and transferred files. (T0192) - Optional
-
Ensures that password characteristics are explained and enforced and that updates are required and enforced based on appropriate time intervals. - Core
-
Explains company or organization's policies regarding the storage, use and transfer of sensitive data, including intellectual property and personally identifiable information. Identifies data life cycle, data storage facilities, technologies and describes business continuity risks. (T0458/T0871) - Core
-
Assigns individuals to the appropriate permission or access level to control access to certain web IP addresses, information and the ability to download programs and transfer data to various locations. (T0461/T0054) - Optional
-
Assists employees in the use of technologies that restrict or allow for remote access to the organization's information technology network. (T0144) - Core
-
Develops security compliance policies and protocols for external services (i.e. Cloud service providers, software services, external data centers). (T0136) - Optional
-
Complies with incident response and handling methodologies. (T0331) - Optional
-
Articulates the business need or mission of the organization as it pertains to the use of IT systems and the storage of sensitive data. (K0416) - Core
Skills:
- Conducting research to identify new threats and threat mitigation strategies (T0503)
- Following trade publications to stay current on threats and threat mitigation techniques (T0503)
- Gauging learner understanding levels (S0066/S0070)
- Interfacing with customers (S0011)
- Applying confidentiality, integrity and availability principles (S0006)
Knowledge:
- Computer networking concepts and protocols and network security methodology (K0001)
- Methods for assessing and mitigating risk (K0002)
- National and international laws, regulations, policies and ethics as they relate to cybersecurity (K0003)
- Cybersecurity principles (K0004)
- Cyber threats and vulnerabilities (K0005)
- Specific operational impacts of cybersecurity lapses (K0006)
- Authentication, authorization and access control methods (K0007)
- Known vulnerabilities from alerts, advisories, errata, and bulletins (K0040)
- Cybersecurity principles and organizational requirements relevant to confidentiality, integrity, availability, authentication and non-repudiation (K0044)
- Enterprise's IT goals and objectives (K0101)
- Organization's core business/mission processes (K0146)
- Organizational IT use security policies (e.g. account creation, password rules, access control) (K0158)
- Personally identifiable information data security standards (K0260)
- Payment card industry data security standards (K0261)
- Personal health information data security standards (K0262)
- Operations and processes for incident, problem, and event management (K0292)
- Risk Management Framework Requirements (K0048)
- Cloud-based knowledge management technologies and concepts related to security, governance, procurement and administration (K0194)
- Organizational training policies (K0215)
Tools & Technology:
- Intranet
- Electronic mail
- Word processing software
- Electronic search and reference platforms
- Remote access technologies
- Desktop computers, laptop computers, tablets, smartphones and other personal IT devices
-
Locates (in intranet, employee handbook or within software) organizational policies intended to maintain security and minimize risk and explains their use. (T0461) - Core
- Provides technical support to users or customers.
Level: Basic
View CompetenciesCompetencies:
-
Manages inventory of IT resources. (T0496) - Core
-
Diagnoses and resolves customer-reported system incidents. (T0482) - Core
-
Installs and configures hardware, software and peripheral equipment for system users. (T0491) - Core
-
Monitors client-level computer system performance. (T0468) - Core
-
Tests computer system performance. (T0502) - Core
-
Troubleshoots system hardware and software. (T0237) - Core
-
Administers accounts, network rights, and access to systems and equipment. (T0494/TO144) - Core
-
Implements security measures for uses in system and ensures that system designs incorporate security configuration guidelines. (T0136/T0485) - Optional
Skills:
- Conducting research for client-level problems (S0142)
- Identifying possible causes of degradation of system performance or availability and initiating actions needed to mitigate this degredation (S0039)
- Using appropriate tools for repairing software hardware and peripheral equipment of a system (S0058)
- Operating system administration (S0158)
- Installing system and component upgrades (S0154)
- Configuring and validating network workstations and peripherals in accordance with approved standards and/or specifications (S0159)
Knowledge:
- Computer networking concepts and protocols and network security methodology (K0001)
- Methods for assessing and mitigating risk (K0002)
- National and international laws, regulations, policies and ethics as they relate to cybersecurity (K0003)
- Cybersecurity principles (K0004)
- Cyber threats and vulnerabilities (K0005)
- Specific operational impacts of cybersecurity lapses (K0006)
- Measures or indicators of system performance (K0053)
- System administration concepts (K0088)
- Industry best practices for service desk (K0237)
- Organizational security policies (K0242)
- Remote access processes, tools, and capabilities related to customer support (K0247)
- Personal and sensitive data security standards (K0260-K0262)
- Information technology risk management policies, requirements and procedures (K0263)
- The organization's information classification program and procedures for information compromise (K0287)
- Operations and processes for incident, problem and event management (K0292)
- IT system operation, maintenance and security needed to keep equipment functioning properly (K0294)
- Basic operation of computers (K0302)
- Procedures for document and querying reported incidents, problems and events (K0317)
- Organizations evaluation and validation criteria (K0330)
Tools & Technology:
- Electronic devices e.g. (computer systems/components, access control devices, digital cameras, electronic organizers, hard drives, memory cards, modems, network components, printers, removable storage devices, scanners, telephones, copiers, credit card skimmers, facsimile machines, global positioning systems (K0114)
- Common network tools (e.g. ping, traceroute, nslookup) (K0306)
-
Manages inventory of IT resources. (T0496) - Core
- Installs, configures, tests, operates, maintains and manages networks and their firewalls including hardware and software that permit sharing and transmission of information.
Level: Basic
View CompetenciesCompetencies:
-
Collaborates with system developers and users to assist in the selection of appropriate design solutions to ensure the compatibility of system components. (T0200/T0201) - Optional
-
Installs, replaces, configures and optimizes network hubs, routers and switches. (T0035/T0126) - Optional
-
Assists in network backup and recovery procedures. (T0065) - Optional
-
Diagnoses network connectivity problems. (T0081) - Optional
-
Modifies network infrastructure to serve new purposes or improve workflow. - Optional
-
Integrates new systems into existing network architecture. (T0121/T0129) - Optional
-
Patches network vulnerabilities to ensure information is safeguarded against outside parties. (T0125/T0160) - Optional
-
Repairs network connectivity problems. (T0081) - Optional
-
Tests and maintains network infrastructure including software and hardware devices. (T0153/T0232) - Core
-
Establishes adequate access controls based on principles of least privilege and need-to-know. (T0475) - Optional
-
Implements security measures for users in system and ensures that system designs incorporate security configuration guidelines. (T0461) - Core
Skills:
- Analyzing network traffic capacity and performance characteristics (S0004)
- Establishing a routing scheme (S0035)
- Implementing, maintaining and improving established network security practices (S0040)
- Installing, configuring and troubleshooting LAN and WAN components such as routers, hubs and switches
- Using network management tools to analyze network traffic patterns (e.g. simple network management protocol) (S0056)
- Securing network communications (S0077)
- Protecting a network against malware (S0079)
- Configuring and utilizing network protection components (e.g. firewalls, VPNs, network intrusion detection systems) (S0084)
- Implementing and testing network infrastructure contingency and recovery plans (S0150)
- Applying cybersecurity methods, such as firewalls, demilitarized zones and encryption (S0168)
- Digital rights management
- Operating network equipment including hubs, routers, switches, bridges, servers, transmission media and related hardware (A0052)
- Executing OS command line (e.g. ipconfig, netwtat, dir, nbstat) (A058)
Knowledge:
- Computer networking concepts and protocols and network security methodology (K0001)
- Methods for assessing and mitigating risk (K0002)
- National and international laws, regulations, policies and ethics as they relate to cybersecurity (K0003)
- Cybersecurity principles (K0004)
- Cyber threats and vulnerabilities (K0005)
- Specific operational impacts of cybersecurity lapses (K0006)
- Communication methods, principles and concepts (e.g. crypto, dual hubs, time multiplexers) that support the network infrastructure (K0010)
- Capabilities and applications of network equipment including hubs, routers, switches, bridges, servers, transmission media and related hardware (K0011)
- Organization's LAN/WAN pathways (K0029)
- Cybersecurity principles used to manage risks related to the use, process, storage and transmission of information or data (K0038)
- IT security principles and methods including firewalls, encryption, etc. (K0049)
- Local area and wide area networking principles and concepts including bandwidth management (K0050)
- Measures or indicators of system performance and availability (K0053)
- Traffic flow across the network (e.g. transmission control protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]) (K0061)
- Remote access technology concepts (K0071)
- IT supply chain security and risk management policies, requirements and procedures (K0169)
- Network security architecture concepts including topology, protocols, components and principles (K0179)
- Windows/Unix ports and services (K0192)
- Telecommunication concepts (e.g. routing algorithms, fiber optics systems link budgeting, add/drop multiplexers) (K0093)
- Virtual private network security principles (K0104)
- Concepts, terminology and operations of a wide range of communications media (computer and telephone networks, satellite, fiber, wireless) (K0108)
- Different types of network communication (LAN/WAN/WAN/WLAN/WWAN) (K0113)
- Web filtering technologies (K0135)
- Capabilities of different electronic communication systems and methods (email, VOIP, IM, web forums, Direct Video Broadcasts, etc.) (K0136/K0159)
- Range of existing networks (PBX, LANs, WANs, WIFI, SCADA) (K0137)
- Principles and operation of Wi-Fi (K0138)
- Network systems management principles, models, methods (e.g. end-to-end systems performance monitoring) and tools (K0181)
- Transmission records (e.g. Bluetooth, Radio Frequency Identification, Infrared Networking, Wireless Fidelity, paging, cellular, satellite dishes) and jamming techniques that enable transmission of undesirable information, or prevent installed systems from operating correctly (K0181)
- Service management concepts for networks and related standards (e.g. ITIL) (K0200)
- Common networking protocols, services and how they interact to provide network communications (K0099)
- Common network tools (e.g. ping, traceroute, nslookup) (K0307)
- Local area network, wide area network and enterprise principles and concepts, including bandwidth management (K0327)
- Network protocols (TCP, IP, DHCP and directory services (e.g. DNS) (K0331)
- Network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System and directory services (K0332)
- Principles and methods for integrating system components (K0346)
Tools & Technology:
- Network tools
- Hubs, switches, routers, bridges, servers, transmission media
- Electronic communication systems
- Bluetooth, RFID, IR, Wi-Fi, paging, cellular and satellite dishes
-
Collaborates with system developers and users to assist in the selection of appropriate design solutions to ensure the compatibility of system components. (T0200/T0201) - Optional
- Installs, configures, troubleshoots and maintains server configurations to ensure their confidentiality, integrity and availability; also manages accounts, firewalls, configuration, patch and vulnerability management. Is responsible for access control, security configuration and administration.
Level: Basic
View CompetenciesCompetencies:
-
Checks system hardware availability, functionality, integrity and efficiency. (T0431) - Core
-
Conducts functional and connectivity testing to ensure continuing operability. (T0029) - Core
-
Conducts periodic server maintenance including cleaning (physically and electronically), disk checks, system configuration and monitoring, data downloads, backups and testing. (T0435) - Core
-
Assists in the development of group policies and access control lists to ensure compatibility with organizational standards, business rules and needs. (T0054) - Optional
-
Documents compliance with or changes to system administration standard operating procedures. (T0063) - Core
-
Installs server fixes, updates and enhancements. (T0418) - Core
-
Maintains baseline system security according to organizational policies. (T0136) - Core
-
Manages accounts, network rights and access to systems and equipment. (T0144) - Core
-
Monitors and maintains server configuration. (T0498/T0501) - Core
-
Supports network components. - Core
-
Diagnoses faulty system/server hardware; seeks appropriate support or assistance to perform server repairs. (T0514/T0515) - Core
-
Verifies data redundancy and system recovery procedures. (T0186) - Core
-
Assists in the coordination or installation of new or modified hardware, operating systems and other baseline software. (T0507) - Core
-
Provides ongoing optimization and problem-solving support. (T0207) - Core
-
Resolves hardware/software interface and interoperability problems. (T0531) - Core
-
Establishes adequate access controls based on principles of least privilege, role based access controls (RBAC) and need-to-know. (T0475) - Optional
Skills:
- Configuring and optimizing software (S0016)
- Diagnosing connectivity problems (S0033)
- Maintaining directory services (S0043)
- Using virtual machines (S0073)
- Configuring and utilizing software-based computer protection tools (e.g. software firewalls, anti-virus software, anti-spyware) (S0076)
- Interfacing with customers (S0111)
- Conducting system and server planning, management and maintenance (S0143)
- Correcting physical and technical problems that impact system/server performance (S0144)
- Troubleshooting failed system components (i.e. servers) (S0151)
- Identifying and anticipating system/server performance, availability, capacity or configuration problems (S0153)
- Installing system and component upgrades (S0154)
- Monitoring/optimizing system/server performance (S0155)
- Recovering failed systems (S0157)
- Operating system administration (S0158)
Knowledge:
- Computer networking concepts and protocols and network security methodology (K0001)
Leave a Reply to Cheryl Donahue Cancel reply
20 Comments
-
Checks system hardware availability, functionality, integrity and efficiency. (T0431) - Core
I am a Unix/Linux system administrator with an Oracle solaris 10 certification and l am much more interested in Cyber Security analyst or monitor. I leave in Takoma Park MD just a block away from DC. Where do l get a Cyber Security apprentice program around me to sign up for.
- February 26, 2018 at 9:06 pmIs there a program like this in Raleig, NC?
- February 14, 2018 at 8:45 pmCyber security New York City
- January 21, 2018 at 4:20 pmIm in nyc i need a program down here in n.y.c
- January 21, 2018 at 4:18 pmI do not see anything on physical security and social engineering two very key subjects to IT Security.
- January 12, 2018 at 3:14 amCyber Security Interest
- January 10, 2018 at 9:57 pmI have had some Satellite Ground Station training on IP based communications and government systems. I have held clearances from an SSBI and with Polygraph investigating and interim-TS and DoD-Secret and others clearance and other special accesses. I am a hard worker eager to learn and have a great work ethic. I have a bachelors in Electrical Engineering and many years of experience with top companies like Lockheed Martin and Boeing. Looking for stable long term work Sable being the key.
When, where… Fort Worth, TX?
- December 28, 2017 at 5:05 pmDo you know where this apprenticeship is in Illinois?.
- December 16, 2017 at 5:27 amWhere do I sign up for cyber security support technician training?
- December 8, 2017 at 4:00 pmHow do I sign up for Cyber Security Support Technician?
- December 8, 2017 at 3:59 pmPlease i need to know where i can get this training.
I really want to be trained as a Cyber Security Support Technician.
Please guide me on where i can get this training.
Iam living in Phoenix Arizona.
Thank you,
- November 28, 2017 at 12:29 pmI would like to Job to this program please . I need help to enroll
- November 27, 2017 at 6:19 pmHello — if you let me know where you’re located, I might be able to help you find a cyber security apprenticeship near you. You can respond via our Contact Us page to keep your details private. Regards, Cheryl (AIIA Website Administrator and Content Manager)
- December 12, 2017 at 11:11 amI am looking for to learn about this career . Please help me know more . I have a technician career of programming and I know I can learn easy . My Phone number is 619 392 0710
- November 27, 2017 at 5:40 pmI am located in the Atlanta Metro Area and I am looking for any Cyber Security Analyst Apprenticeship that are available in my area. I have taking many Cyber Security courses Security +, CSA+, CASP, E-CH Ehtical Hacking and CISSP training. I have course completion certificate in all of the above.
Thanks
- November 16, 2017 at 3:52 pmHi Steven,
- December 12, 2017 at 4:58 pmCan you give me a bit more information on what you need? Are you trying to find out which courses to take to be fully certified? Or are you trying to get work experience? Georgia created the Cyber Security Workforce Academy at the beginning of this year, so cyber security is definitely something the state is focusing on. Apprenticeships in Georgia are handled by Georgia Work Smart, in the Department of Economic Development. There is contact info on their website so you can get more specific information on Georgia apprenticeships. I also noticed that SANS is holding a Cyber Security Training session in Atlanta next spring, though that would not include a workplace component. I hope this information is useful to you. Regards, Cheryl (AIIA Website Administrator and Content Manager)
where to sign up?
- September 15, 2017 at 4:25 amHello — if you let me know where you’re located, I might be able to help you find a cyber security apprenticeship near you. You can respond via our Contact Us page to keep your details private. Regards, Cheryl (AIIA Website Administrator and Content Manager)
- December 12, 2017 at 11:11 amWhere do I sign up?
- June 12, 2017 at 5:42 pmHello — if you let me know where you’re located, I might be able to help you find a cyber security apprenticeship near you. You can respond via our Contact Us page to keep your details private. Regards, Cheryl (AIIA Website Administrator and Content Manager)
- December 12, 2017 at 11:08 am