We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
My cyber security journey
NHS Digital's Peter Robinson takes us through his journey from apprentice to professional within the Cyber Security team.
6 February 2020
Choosing an apprenticeship route over university and other options post A-Levels can be a very daunting prospect, especially in a technical field like cyber security. I'd like to tell you a bit about my experience of being a cyber apprentice at NHS Digital, and how it has helped me get to where I am now.
I joined NHS Digital at the end of 2017 through a cross-government scheme after completing an IT networking diploma at college. The scheme required me to take numerous tests and interviews, just like those found on a graduate scheme. But for me, 18 at the time, this was all very new.
It's exciting to work in the CSOC, knowing that I am helping to monitor networks that are vital to protecting the NHS against a real cyber threat
Settling in quickly
My first few weeks were quite nerve-racking, being the youngest person in the office and being new to the workplace. However the support from my new colleagues helped me settle in quickly, and they were able to answer any of my questions, no matter what that subject was.
It could be a technical question about cyber operations, or on a simple process that’s common in the workplace. My department always had the time for me when I reached out, helping to build my confidence at work.
I had three main rotations within the Data Security Centre at NHS Digital, to experience all elements of its cyber capability, and to discover what work would suit me. These rotations were in the Specialist Security Services (S3), Innovation & Delivery, and the Cyber Security Operations Centre (CSOC). S3 and Innovation & Delivery were extremely valuable rotations for my growth as an apprentice and young cyber professional but working in the CSOC was the most enjoyable aspect, and I realised that this area was where I want to pursue my career.
Tackling cyber threats to the NHS
In the CSOC, I am part of the team responsible for monitoring the national NHS networks against cyber security threats. When an incident occurs, we liaise with the local NHS organisation to help the IT security professionals on the ground in tackling these incidents. One of the tools we use is Microsoft Advanced Threat Protection (ATP), which improves security of endpoint devices and networks across a large proportion of the NHS estate.
There are over a million endpoint devices enrolled onto ATP in the NHS across England. When alerts are fired, we investigate and, if necessary, raise them to the organisation and provide support. We also provide an Information Sharing Portal (ISP), which has accurate, up to date cyber security information on threats, vulnerabilities and remedial action that is sent out to staff in the NHS via a weekly bulletin.
It was exciting for me to work in the CSOC, knowing that I was helping to monitor networks that are vital to protecting the NHS against a real cyber threat. I was very proud to become a trusted and reliable member of the CSOC, so being offered a full-time position in this role made the last two years of hard work feel extremely worthwhile.
My apprenticeship also included 12 weeks of cyber security training courses, covering topics such as malware analysis, cyber operations and penetration testing. These courses broadened my knowledge of cyber security and helped me with my day-to-day responsibilities, especially with my time in the Cyber Security Operations Centre (CSOC).
I've also had the opportunity to speak at events and run awaydays for other apprentices across similar government schemes. Two years ago, I could not have imagined anything I would rather do less than putting myself in front of a room full of people to deliver a talk .The apprenticeship has pushed me out of my comfort zone, and as a result I've been able to develop many new skills.
In my new role as a cyber security advisor I’ll continue to build my knowledge of our monitoring solutions and I want to push myself to learn Python as this is a big part of processing my team’s threat intelligence feeds. I will also be playing a key part in monitoring the network traffic for NHS Secure Boundary, a perimeter security solution which protects against the most sophisticated security threats for NHS organisations, once it is all onboarded.
The best advice I could give to someone starting out as an apprentice, or to anyone who is considering it, would be to come into it with enthusiasm and willingness to learn. Being proactive about work and fearless when asking for help is key - there really is no such thing as a stupid question. I was initially a bit nervous to ask questions, worrying that I might sound stupid or that colleagues would not have any time for me. However, the reality is just the opposite and once I realised this, it helped me become the cyber security professional I wanted to be.
With the right mindset and an eagerness to learn you have the potential to make a real impact in the workplace.
Cyber security still has an out-dated image of being a masculine profession. Charlotte Roe, Cyber Security Apprentice at NHS Digital, talks about her job and why women are needed in the world of cyber.
Hackers and cyber attacks feature in many films and television programmes, but are these portrayals accurate? Hecham Mrabet, cyber security specialist at NHS Digital, gives us a behind-the-scenes look at how a cyber security centre runs in real life.
As we kick off Cyber Security Awareness Month, NHS Digital’s Interim Chief Information Security Officer Dan Pearce explains how NHS cyber security has been strengthened over the past two years.