All-Source Collection Manager

All-Source Collection Manager Work Role ID: 311 (NIST: CO-CL-001) Workforce Element: Intelligence (Cyberspace)

Identifies collection authorities and environment; incorporates priority information requirements into collection management; develops concepts to meet leadership’s intent. Determines capabilities of available collection assets, identifies new collection capabilities; and constructs and disseminates collection plans. Monitors execution of tasked collection to ensure effective execution of the collection plan.


Items denoted by a * are CORE KSATs for every Work Role, while other CORE KSATs vary by Work Role.

Core KSATs

KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
2005

Adjust collection operations or collection plan to address identified issues/challenges and to synchronize collections with overall operational requirements.

Task
2015

Analyze feedback to determine extent to which collection products and services are meeting requirements.

Task
2021

Analyze plans, directives, guidance and policy for factors that would influence collection management’s operational structure and requirement s (e.g., duration, scope, communication requirements, interagency/international agreements).

Task
2035

Assess and apply operational environment factors and risks to collection management process.

Task
2096A

Compare allocated and available assets to collection demand as expressed through requirements.

Task
2165

Coordinate resource allocation of collection assets against prioritized collection requirements with collection discipline leads.

Task
2235

Determine how identified factors affect the tasking, collection, processing, exploitation and dissemination architecture’s form and function.

Task
2245

Develop a method for comparing collection reports to outstanding requirements to identify information gaps.

Task
2290

Allocate collection assets based on leadership’s guidance, priorities, and/or operational emphasis.

Task
2376

Establish processing, exploitation and dissemination management activity using approved guidance and/or procedures.

Task
2421

Formulate collection strategies based on knowledge of available intelligence discipline capabilities and gathering methods that align multi-discipline collection capabilities and accesses with targets and their observables.

Task
2451

Identify collaboration forums that can serve as mechanisms for coordinating processes, functions, and outputs with specified organizations and functional groups.

Task
2613

Optimize mix of collection assets and resources to increase effectiveness and efficiency against essential information associated with priority intelligence requirements.

Task
2705

Prioritize collection requirements for collection platforms based on platform capabilities.

Task
3010

Ability to apply collaborative skills and strategies.

Ability
3011

Ability to apply critical reading/thinking skills.

Ability
3102

Knowledge of operational planning processes.

Knowledge
3127

Knowledge of asset availability, capabilities and limitations.

Knowledge
3128

Knowledge of tasking mechanisms.

Knowledge
3148

Knowledge of collection capabilities and limitations.

Knowledge
3160

Knowledge of collaborative tools and environments.

Knowledge
3195

Knowledge of criteria for evaluating collection products.

Knowledge
3204

Knowledge of current collection requirements.

Knowledge
3297

Knowledge of how to establish priorities for resources.

Knowledge
3380

Knowledge of methods for ascertaining collection asset posture and availability.

Knowledge
3436

Knowledge of production exploitation and dissemination needs and architectures.

Knowledge
3464

Knowledge of research strategies and knowledge management.

Knowledge
3575

Knowledge of the factors of threat that could impact collection operations.

Knowledge
3619

Knowledge of the systems/architecture/communications used for coordination.

Knowledge
3663

Knowledge of tasking, collection, processing, exploitation and dissemination.

Knowledge
3974

Skill to apply the capabilities, limitations and tasking methodologies of available platforms, sensors, architectures and apparatus as they apply to organization objectives.

Skill
3991

Ability to coordinate and collaborate with analysts regarding surveillance requirements and essential information development.

Ability
3994

Ability to coordinate, collaborate and disseminate information to subordinate, lateral and higher-level organizations.

Ability
4002

Skill to determine feasibility of collection.

Skill
4004

Skill to develop a collection plan that clearly shows the discipline that can be used to collect the information needed.

Skill
4012

Skill to ensure that the collection strategy leverages all available resources.

Skill
4014

Skill to evaluate factors of the operational environment to objectives, and information requirements.

Skill
4019

Skill to extract information from available tools and applications associated with collection requirements and collection operations management.

Skill
4024

Skill to identify and apply tasking, collection, processing, exploitation and dissemination to associated collection disciplines.

Skill
4026

Skill in information prioritization as it relates to operations.

Skill
4033

Skill to interpret readiness reporting, its operational relevance and intelligence collection impact.

Skill
4049

Skill to prepare and deliver reports, presentations and briefings, to include using visual aids or presentation technology.

Skill
4056

Skill to review performance specifications and historical information about collection assets.

Skill
4066

Skill to use collaborative tools and environments.

Skill
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge

Additional KSATs

KSAT ID Description KSAT
52

Knowledge of human-computer interaction principles.

Knowledge
87

Knowledge of network traffic analysis methods.

Knowledge
2051

Assess performance of collection assets against prescribed specifications.

Task
2098

Compile lessons learned from collection management activity’s execution of organization collection objectives.

Task
2147

Consider efficiency and effectiveness of collection assets and resources if/when applied against priority information requirements.

Task
2153

Construct collection plans and matrixes using established guidance and procedures.

Task
2167

Coordinate inclusion of collection plan in appropriate documentation.

Task
2172

Re-task or re-direct collection assets and resources.

Task
2232

Determine course of action for addressing changes to objectives, guidance, and operational environment.

Task
2233

Determine existing collection management webpage databases, libraries and storehouses.

Task
2239

Determine organizations and/or echelons with collection authority over all accessible collection assets.

Task
2271

Develop coordinating instructions by collection discipline for each phase of an operation.

Task
2342

Disseminate tasking messages and collection plans.

Task
2373

Establish alternative processing, exploitation and dissemination pathways to address identified issues or problems.

Task
2414

Facilitate continuously updated intelligence, surveillance, and visualization input to common operational picture managers.

Task
2456

Identify coordination requirements and procedures with designated collection authorities.

Task
2464

Identify issues or problems that can disrupt and/or degrade processing, exploitation and dissemination architecture effectiveness.

Task
2475

Identify potential collection disciplines for application against priority information requirements.

Task
2479

Identify and mitigate risks to collection management ability to support the plan, operations and target cycle.

Task
2529

Issue requests for information.

Task
2538

Link priority collection requirements to optimal assets and resources.

Task
2597

Monitor completion of reallocated collection efforts.

Task
2604

Monitor operational status and effectiveness of the processing, exploitation and dissemination architecture.

Task
2609

Monitor the operational environment for potential factors and risks to the collection operation management process.

Task
2726

Provide advice/assistance to operations and intelligence decision makers with reassignment of collection assets and resources in response to dynamic operational situations.

Task
2793

Request discipline-specific processing, exploitation, and disseminate information collected using discipline’s collection assets and resources in accordance with approved guidance and/or procedures.

Task
2807

Review capabilities of allocated collection assets.

Task
2809

Review intelligence collection guidance for accuracy/applicability.

Task
2810

Review list of prioritized collection requirements and essential information.

Task
2812

Review and update overarching collection plan, as required.

Task
2817

Revise collection matrix based on availability of optimal assets and resources.

Task
2828

Specify changes to collection plan and/or operational environment that necessitate re-tasking or re-directing of collection assets and resources.

Task
2829

Specify discipline-specific collections and/or taskings that must be executed in the near term.

Task
2845

Synchronize the integrated employment of all available organic and partner intelligence collection assets using available collaboration capabilities and techniques.

Task
3092

Knowledge of database administration and maintenance.

Knowledge
3095

Knowledge of internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering).

Knowledge
3098

Knowledge of virtualization products (Vmware, Virtual PC).

Knowledge
3116

Knowledge of all possible circumstances that would result in changing collection management authorities.

Knowledge
3131

Knowledge of available databases and tools necessary to assess appropriate collection tasking.

Knowledge
3135

Knowledge of basic computer components and architectures, including the functions of various peripherals.

Knowledge
3137

Knowledge of basic malicious activity concepts (e.g., foot printing, scanning and enumeration).

Knowledge
3156

Knowledge of collection management tools.

Knowledge
3162

Knowledge of collection capabilities, accesses, performance specifications, and constraints utilized to satisfy collection plan.

Knowledge
3165

Knowledge of collection planning process and collection plan.

Knowledge
3175

Knowledge of leadership’s Intent and objectives.

Knowledge
3177

Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.).

Knowledge
3188

Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.).

Knowledge
3205

Knowledge of current computer-based intrusion sets.

Knowledge
3217

Knowledge of cyber lexicon/terminology

Knowledge
3225

Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).

Knowledge
3253

Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP).

Knowledge
3275

Knowledge of fundamental cyber concepts, principles, limitations, and effects.

Knowledge
3286

Knowledge of host-based security products and how they affect exploitation and vulnerability.

Knowledge
3291

Knowledge of how internet applications work (SMTP email, web-based email, chat clients, VOIP).

Knowledge
3292

Knowledge of how modern digital and telephony networks impact cyber operations.

Knowledge
3293

Knowledge of how modern wireless communications systems impact cyber operations.

Knowledge
3298

Knowledge of how to extract, analyze, and use metadata.

Knowledge
3322

Knowledge of indications and warning.

Knowledge
3325

Knowledge of information needs.

Knowledge
3332

Knowledge of tasking processes for organic and subordinate collection assets.

Knowledge
3361

Knowledge of key cyber threat actors and their equities.

Knowledge
3362A

Knowledge of key factors of the operational environment and related threats and vulnerabilities.

Knowledge
3374

Knowledge of malware.

Knowledge
3389

Knowledge of organization objectives and associated demand on collection management.

Knowledge
3417

Knowledge of non-traditional collection methodologies.

Knowledge
3420

Knowledge of ongoing and future operations.

Knowledge
3424

Knowledge of operational asset constraints.

Knowledge
3428

Knowledge of organization formats of resource and asset readiness reporting, its operational relevance and intelligence collection impact.

Knowledge
3430

Knowledge of organizational priorities, legal authorities and requirements submission processes.

Knowledge
3441

Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.

Knowledge
3470

Knowledge of risk management and mitigation strategies.

Knowledge
3541

Knowledge of the available tools and applications associated with collection requirements and collection management.

Knowledge
3543

Knowledge of the basic structure, architecture, and design of modern communication networks.

Knowledge
3545

Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).

Knowledge
3549

Knowledge of the capabilities and limitations of new and emerging collection capabilities, accesses and/or processes.

Knowledge
3552

Knowledge of the capabilities, limitations and tasking methodologies of internal and external collections as they apply to planned cyber activities.

Knowledge
3557

Knowledge of collection strategies.

Knowledge
3558

Knowledge of the priority information requirements from subordinate, lateral and higher levels of the organization.

Knowledge
3561

Knowledge of the common networking and routing protocols(e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.

Knowledge
3574

Knowledge of the existent tasking, collection, processing, exploitation and dissemination architecture.

Knowledge
3595

Knowledge of the organization, roles and responsibilities of higher, lower and adjacent sub-elements.

Knowledge
3598

Knowledge of the organizational plans/directives/guidance that describe objectives.

Knowledge
3599

Knowledge of the organizational policies/procedures for temporary transfer of collection authority.

Knowledge
3602

Knowledge of the POC’s, databases, tools and applications necessary to establish environment preparation and surveillance products.

Knowledge
3624

Knowledge of different organization objectives at all levels, including subordinate, lateral and higher.

Knowledge
3625

Knowledge of the organization’s established format for collection plan.

Knowledge
3626

Knowledge of the organization’s planning, operations and targeting cycles.

Knowledge
3631

Knowledge of internal and external partner organization capabilities and limitations (those with tasking, collection, processing, exploitation and dissemination responsibilities).

Knowledge
3633

Knowledge of tipping, cueing, mixing, and redundancy.

Knowledge
3650

Knowledge of priority information, how it is derived, where it is published, how to access, etc.

Knowledge
3651

Knowledge of what constitutes a “threat” to a network.

Knowledge
3654

Knowledge of who the organization’s operational planners are, how and where they can be contacted, and what are their expectations.

Knowledge
3957

Skill to access information on current assets available, usage.

Skill
3960

Skill to access the databases where plans/directives/guidance are maintained.

Skill
3977

Skill to articulate a needs statement/requirement and integrate new and emerging collection capabilities, accesses and/or processes into collection operations.

Skill
3985

Skill to associate Intelligence gaps to priority information requirements and observables.

Skill
3986

Skill to compare and contrast indicators/observables with requirements.

Skill
3995

Ability to correctly employ each organization or element into the collection plan and matrix.

Ability
4016

Skill to evaluate the capabilities, limitations and tasking methodologies of organic, theater, national, coalition and other collection capabilities.

Skill
4025

Skill to identify Intelligence gaps.

Skill
4027

Skill to identify when priority information requirements are satisfied.

Skill
4029

Skill to translate the capabilities, limitations and tasking methodologies of organic, theater, national, coalition and other collection capabilities.

Skill
4044

Skill to optimize collection system performance through repeated adjustment, testing, and re-adjustment.

Skill
4113

Knowledge of the request for information process.

Knowledge