Cyber Associate Programme

Introduction to the Stream

Organisations across industries are engaged in an unwanted struggle against multiple and unexpected adversaries, ranging from organised crime rings to nation states and terrorist groups, as well as disgruntled employees and online vigilantes.

It only takes one successful attack to devastate a company’s financial performance, brand, and reputation. And in this current cyber climate, it’s not if an attack will happen, but when. Resilient companies recognise this new normal and stay one step ahead to protect themselves, their customers, partners and vendors against devastating attacks. This is where you come in.

Locations: London or Manchester

The Role

Aon’s Cyber Solutions Cyber Associate Program (formerly known as Stroz Friedberg’s Cyber Associate Program) is a twelve month rotational program, beginning in September. Participants will be immersed in our digital forensics, incident response, eDiscovery and proactive security businesses, learning skills in the key areas of information security: digital forensics; penetration testing; incident response (reactively working with an organisation in response to a cyber attack); eDiscovery (application of sophisticated tools and rigorous techniques to help companies interrogate data for key information and facts or make disclosures) and proactive security (identifying vulnerabilities and defending an organisation from adversaries). You will also have exposure to several other facets of the business, giving you a holistic understanding of firm functionality. Your work will support our goal to maximise the health of an organisation, ensuring its longevity, protection, and resilience.

Once you join us for the rotational program, you’re part of Aon’s Cyber Solutions. Upon completing the program, it’s expected that you will be assigned a permanent role in one of our disciplines, based on your preferences, your managers’ assessments, and the firm’s business needs.

By the end of the rotational program, you should be fully prepared for success – whether your work involves application security, pen testing, digital forensics, networking, incident response, or elsewhere.

We are looking for our future leaders. Your advancement in the business signals the success of our program! Each team member, including every associate in our program, plays an integral role in our success. It also allows each individual to gain real on-the-job experience and prepare themselves to step into leadership roles. What’s more, because risk management is our company-wide focus, not a department, all of your contributions are central to our practice.

Your work with us

Our graduate programme provides you with a rare opportunity to experience working in four specialisations before deciding where to grow your career. Associates work side-by-side with our existing employees, across our global offices, gaining exposure on client-facing assignments in each discipline:

Digital Forensics, eDiscovery and Incident Response

  • Recover, preserve, and analyse digital evidence in one of our 12 cutting-edge forensic laboratories
  • Uncover computer-enabled theft, leaks of confidential business information, mass or targeted deletions and work on other interesting client cases.
  • Apply forensic analysis techniques to reconstruct events on computers and phones and surface evidence in civil and criminal investigations.
  • Respond to data breaches, APT attacks, cyber extortion, malicious code, botnets, economic espionage, ransomware and other cyber incidents.
  • Proactively hunt for indicators of compromise and other malicious activity and vulnerabilities within an environment, and analyse irregular network traffic.
  • Understand methods used by criminals and employ this knowledge to help guide investigations and implement preventative solutions.
  • Process large and/or complex data sets to extract their content and file information, to make the data searchable reviewable in depth and at scale.
  • Identify, collect and produce electronic data in support of a variety of court cases.

Proactive Security Advisory & Penetration Testing

  • Monitor environments to identify and prioritise threats from cyber criminals.
  • Perform technical, information, application, and physical security risk assessments.
  • Conduct cyber threat simulations and recommend solutions to secure vulnerabilities.
  • Perform penetration testing on web and mobile applications as well as network penetration testing (external and internal) to include vulnerability exploitation and pivoting to gain remote system access.
  • Conduct application source code review.
  • Complete vulnerability research and exploit development.
Training and certification

From the very beginning of the program, you will be immersed in learning activities focused on boosting your business and client management skills, and equipping you with technical qualifications. The program kicks off with a one-week group training and orientation, including soft skills immersion, team building, and technical exercises.

Throughout the program, you will complete courses at highly acclaimed cyber security training institutions. You will also gain valuable information security certifications such as GIAC Certified Forensic Examiner, CREST Practitioner Security Analyst, amongst other.

At the same time, you’ll be going through on-the-job training, for example, working with leading tools and technology in our digital forensics labs, delving into cryptology, testing an application before it goes to market, or responding to a suspected data breach.

Learn from mentors with deep subject matter experience, while working across a variety of technical environments and enterprise networks.

You will learn from managers and colleagues with robust technical and legal backgrounds, many of whom contributed directly to developing the foundations of the practice of cyber-focused law enforcement.

You will also be exposed to a wide variety of technical environments and enterprise networks, working alongside our experienced technologists, who have deep scientific roots. We are elite forensic analysts, computer scientists, malware reverse engineers, Certified Information Systems Security Professionals, and Information Privacy Professionals. We are ISO 27001 (Cyber) certified across multiple service lines (cyber resilience and digital forensics) in seven US cities and the UK, where we have also obtained Cyber Essentials certification. Additionally, we are certified to offer the industry leading CREST (the Council of Registered Ethical Security Testers), STAR (Simulated Target Attack and Response), and CBEST cyber security testing services.

Our clients span industry sectors including financial services, healthcare, retail, hospitality, technology & communications, entertainment, and more. One day you may be chasing malicious hackers through a client’s network and the next day analysing messaging apps on an iPhone. The rotational program affords broad exposure to a wide range of real-world security situations.


To apply for our Cyber Associates programmes, you will need a minimum of a 2:1 degree or equivalent in a STEM subject (Science, Technology, Engineering and Mathematics), an interest in cyber security, excellent problem-solving skills and effective communication skills for our client facing work.

Timings & process

We are currently accepting applications, please use the apply button above and complete your application by 18th November 2019. Applications will be screened on an ongoing basis, as will online tests. Telephone interviews will take place during October and November and Assessment Centres during December 2019.