* Knowledge of computer networking concepts and protocols, and network security methodologies.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge of external organizations and academic institutions with cyber focus (e.g., cyber curriculum/training and Research & Development).

Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization’s strategic plan.

Identify and address cyber workforce planning and management issues (e.g. recruitment, retention, and training).

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

Advocate for adequate funding for cyber training resources, to include both internal and industry-provided courses, instructors, and related materials.

Coordinate with internal and external subject matter experts to ensure existing qualification standards reflect organizational functional requirements and meet industry standards.

Develop and implement standardized position descriptions based on established cyber work roles.

Develop cyber career field classification structure to include establishing career field entry requirements and other nomenclature such as codes and identifiers.

Ensure cyber career fields are managed in accordance with organizational Human Resource (HR) policies and directives.

Ensure cyber workforce management policies and processes comply with legal and organizational requirements regarding equal opportunity, diversity, and fair hiring/employment practices.

Establish and collect metrics to monitor and validate cyber workforce readiness including analysis of cyber workforce data to assess the status of positions identified, filled, and filled with qualified personnel.

Establish cyber career paths to allow career progression, deliberate development, and growth within and between cyber career fields.

Establish manpower, personnel, and qualification data element standards to support cyber workforce management and reporting requirements.

Establish, resource, implement, and assess cyber workforce management programs in accordance with organizational requirements.

Review and apply cyber career field qualification standards.

Review and apply organizational policies related to or having an effect on the cyber workforce.

Review/Assess cyber workforce effectiveness to adjust skill and/or qualification standards.

Support integration of qualified cyber workforce personnel into information systems lifecycle development processes.

Ability to assess and forecast manpower requirements to meet organizational objectives.

Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.

Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues.

Knowledge of Workforce Framework, work roles, and associated tasks, knowledge, skills, and abilities.

Skill in developing workforce and position qualification standards.

* Knowledge of specific operational impacts of cybersecurity lapses.

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge of current and emerging cyber technologies.

Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

Ability to determine the validity of workforce trend data.

Knowledge of emerging technologies that have potential for exploitation by adversaries.

Knowledge of industry indicators useful for identifying technology trends.

Knowledge of the nature and function of the relevant information structure (e.g., National Information Infrastructure).

Analyze organizational cyber policy.

Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities.

Define and integrate current and future mission environments.

Develop policy, programs, and guidelines for implementation.

Draft, staff, and publish cyber policy.

Establish and maintain communication channels with stakeholders.

Identify organizational policy stakeholders.

Monitor the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services.

Seek consensus on proposed policy changes from stakeholders.

Provide policy guidance to cyber management, staff, and users.

Review existing and proposed policies with stakeholders.

Review, conduct, or participate in audits of cyber programs and projects.

Serve on agency and interagency policy boards.

Support the CIO in the formulation of cyber-related policies.

Knowledge of the organization’s core business/mission processes.

Review and approve a supply chain security/risk management policy.

Interpret and apply applicable laws, statutes, and regulatory documents and integrate into policy.

Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed.

Coordinate with organizational manpower stakeholders to ensure appropriate allocation and distribution of human capital assets.

Develop and review recruiting, hiring, and retention procedures in accordance with current Human Resource (HR) policies.

Establish and oversee waiver processes for cyber career field entry and training qualification requirements.

Promote awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization’s mission, vision, and goals.

Knowledge of full spectrum cyber capabilities.

Knowledge of organizational human resource policies, processes, and procedures.

Knowledge of organizational training and education policies, processes, and procedures.

Skill in using manpower and personnel IT systems.

Ability to develop career path opportunities.