I joined NHS Digital at the end of 2017 through a cross-government scheme after completing an IT networking diploma at college. The scheme required me to take numerous tests and interviews, just like those found on a graduate scheme. But for me, 18 at the time, this was all very new.  
 

My first few weeks were quite nerve-racking, being the youngest person in the office and being new to the workplace. However the support from my new colleagues helped me settle in quickly, and they were able to answer any of my questions, no matter what that subject was.

It could be a technical question about cyber operations, or on a simple process that’s common in the workplace. My department always had the time for me when I reached out, helping to build my confidence at work. 

I had three main rotations within the Data Security Centre at NHS Digital, to experience all elements of its cyber capability, and to discover what work would suit me. These rotations were in the Specialist Security Services (S3), Innovation & Delivery, and the Cyber Security Operations Centre (CSOC). S3 and Innovation & Delivery were extremely valuable rotations for my growth as an apprentice and young cyber professional but working in the CSOC was the most enjoyable aspect, and I realised that this area was where I want to pursue my career.  
 

In the CSOC, I am part of the team responsible for monitoring the national NHS networks against cyber security threats. When an incident occurs, we liaise with the local NHS organisation to help the IT security professionals on the ground in tackling these incidents. One of the tools we use is Microsoft Advanced Threat Protection (ATP), which improves security of endpoint devices and networks across a large proportion of the NHS estate. 

There are over a million endpoint devices enrolled onto ATP in the NHS across England. When alerts are fired, we investigate and, if necessary, raise them to the organisation and provide support. We also provide an Information Sharing Portal (ISP), which has accurate, up to date cyber security information on threats, vulnerabilities and remedial action that is sent out to staff in the NHS via a weekly bulletin.

It was exciting for me to work in the CSOC, knowing that I was helping to monitor networks that are vital to protecting the NHS against a real cyber threat. I was very proud to become a trusted and reliable member of the CSOC, so being offered a full-time position in this role made the last two years of hard work feel extremely worthwhile.

My apprenticeship also included 12 weeks of cyber security training courses, covering topics such as malware analysis, cyber operations and penetration testing. These courses broadened my knowledge of cyber security and helped me with my day-to-day responsibilities, especially with my time in the Cyber Security Operations Centre (CSOC).

I've also had the opportunity to speak at events and run away days for other apprentices across similar government schemes. Two years ago, I could not have imagined anything I would rather do less than putting myself in front of a room full of people to deliver a talk. The apprenticeship has pushed me out of my comfort zone, and as a result I've been able to develop many new skills.  

In my new role as a cyber security advisor I’ll continue to build my knowledge of our monitoring solutions and I want to push myself to learn Python as this is a big part of processing my team’s threat intelligence feeds. I will also be playing a key part in monitoring the network traffic for NHS Secure Boundary, a perimeter security solution which protects against the most sophisticated security threats for NHS organisations, once it is all onboarded.
  
The best advice I could give to someone starting out as an apprentice, or to anyone who is considering it, would be to come into it with enthusiasm and willingness to learn. Being proactive about work and fearless when asking for help is key - there really is no such thing as a stupid question.  I was initially a bit nervous to ask questions, worrying that I might sound stupid or that colleagues would not have any time for me. However, the reality is just the opposite and once I realised this, it helped me become the cyber security professional I wanted to be. 
 
With the right mindset and an eagerness to learn you have the potential to make a real impact in the workplace.