Cyber Operations Planner
Develops detailed plans for the conduct or support of the applicable range of cyber operations through collaboration with other planners, operators and/or analysts. Participates in targeting selection, validation, synchronization, and enables integration during the execution of cyber actions.
Core KSATs
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
52 | Knowledge of human-computer interaction principles. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
264 | Knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage). |
Knowledge |
1056 | Knowledge of operations security. |
Knowledge |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
2009 | Provide input to the analysis, design, development or acquisition of capabilities used for meeting objectives. |
Task |
2032 | Apply expertise in policy and processes to facilitate the development, negotiation, and internal staffing of plans and/or memorandums of agreement. |
Task |
2052 | Assess target vulnerabilities and/or operational capabilities to determine course of action. |
Task |
2073 | Provide input to the identification of cyber-related success criteria. |
Task |
2130 | Develop, review and implement all levels of planning guidance in support of cyber operations. |
Task |
2159 | Contribute to crisis action planning for cyber operations. |
Task |
2180 | Coordinate with intelligence and cyber defense partners to obtain relevant essential information. |
Task |
2192 | Use intelligence estimates to counter potential target actions. |
Task |
2265 | Develop and maintain deliberate and/or crisis plans. |
Task |
2266 | Develop and review specific cyber operations guidance for integration into broader planning activities. |
Task |
2272 | Develop cyber operations plans and guidance to ensure that execution and resource allocation decisions align with organization objectives. |
Task |
2308 | Develop or participate in the development of standards for providing, requesting, and/or obtaining support from external partners to synchronize cyber operations. |
Task |
2310 | Develop potential courses of action. |
Task |
2327 | Develop, implement, and recommend changes to appropriate planning procedures and policies. |
Task |
2331 | Devise, document, and validate cyber operation strategy, and planning documents. |
Task |
2365 | Ensure operational planning efforts are effectively transitioned to current operations. |
Task |
2416 | Facilitate interactions between internal and external partner decision makers to synchronize and integrate courses of action in support of objectives. |
Task |
2422 | Gather and analyze data (e.g., measures of effectiveness) to determine effectiveness, and provide reporting for follow-on activities. |
Task |
2424 | Incorporate cyber operations and communications security support plans into organization objectives. |
Task |
2524 | Integrate cyber planning/targeting efforts with other organizations. |
Task |
2528 | Interpret environment preparations assessments to determine a course of action. |
Task |
2529 | Issue requests for information. |
Task |
2530 | Knowledge and understanding of operational design. |
Knowledge |
2531 | Knowledge of organizational planning concepts. |
Knowledge |
2564 | Maintain situational awareness to determine if changes to the operating environment require review of the plan. |
Task |
2590 | Monitor and evaluate integrated cyber operations to identify opportunities to meet organization objectives. |
Task |
2626 | Provide subject matter expertise to planning efforts with internal and external cyber operations partners. |
Task |
2702 | Prepare for and provide subject matter expertise to exercises. |
Task |
2746 | Provide input for the development and refinement of the cyber operations objectives, priorities, strategies, plans, and programs. |
Task |
2752 | Provide input to the administrative and logistical elements of an operational support plan. |
Task |
2761 | Provide planning support between internal and external partners. |
Task |
2778 | Recommend refinement, adaption, termination, and execution of operational plans as appropriate. |
Task |
2816 | Review, approve, prioritize, and submit operational requirements for research, development, and/or acquisition of cyber capabilities. |
Task |
2837 | Submit or respond to requests for deconfliction of cyber operations. |
Task |
2888 | Document lessons learned that convey the results of events and/or exercises. |
Task |
3001 | Ability to accurately and completely source all data used in intelligence, assessment and/or planning products. |
Ability |
3003 | Ability to adjust to and operate in a diverse, unpredictable, challenging, and fast-paced work environment. |
Ability |
3011 | Ability to apply critical reading/thinking skills. |
Ability |
3015 | Ability to apply approved planning development and staffing processes. |
Ability |
3021 | Ability to collaborate effectively with others. |
Ability |
3022 | Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means. |
Ability |
3033 | Ability to coordinate cyber operations with other organization functions or support activities. |
Ability |
3040 | Ability to develop or recommend planning solutions to problems and situations for which no precedent exists. |
Ability |
3041 | Ability to effectively collaborate via virtual teams. |
Ability |
3044 | Ability to exercise judgment when policies are not well-defined. |
Ability |
3048 | Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—in order to leverage analytical and technical expertise. |
Ability |
3057 | Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives. |
Ability |
3060 | Ability to interpret and understand complex and rapidly evolving concepts. |
Ability |
3066 | Ability to participate as a member of planning teams, coordination groups, and task forces as necessary. |
Ability |
3076 | Ability to tailor technical and planning information to a customer’s level of understanding. |
Ability |
3095 | Knowledge of internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering). |
Knowledge |
3098 | Knowledge of virtualization products (Vmware, Virtual PC). |
Knowledge |
3106 | Knowledge of a wide range of basic communications media concepts and terminology (e.g., computer and telephone networks, satellite, cable, wireless). |
Knowledge |
3107 | Knowledge of a wide range of concepts associated with websites (e.g., website types, administration, functions, software systems, etc.). |
Knowledge |
3129 | Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.). |
Knowledge |
3154 | Knowledge of classification and control markings standards, policies and procedures. |
Knowledge |
3155 | Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc. |
Knowledge |
3159 | Knowledge of cyber operations support or enabling processes. |
Knowledge |
3173 | Knowledge of operational effectiveness assessment. |
Knowledge |
3177 | Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.). |
Knowledge |
3188 | Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.). |
Knowledge |
3194 | Knowledge of crisis action planning and time sensitive planning procedures. |
Knowledge |
3211 | Knowledge of cyber laws and legal considerations and their effect on cyber planning. |
Knowledge |
3215 | Knowledge of cyber actions (i.e. cyber defense, information gathering, environment preparation, cyber attack) principles, capabilities, limitations, and effects. |
Knowledge |
3225 | Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media). |
Knowledge |
3235 | Knowledge of deconfliction processes and procedures. |
Knowledge |
3257 | Knowledge of target and threat organization structures, critical capabilities, and critical vulnerabilities. |
Knowledge |
3262 | Knowledge of evolving/emerging communications technologies. |
Knowledge |
3264 | Knowledge of existing, emerging, and long-range issues related to cyber operations strategy, policy, and organization. |
Knowledge |
3268 | Knowledge of staff management, assignment, and allocation processes. |
Knowledge |
3274 | Knowledge of fundamental cyber operations concepts, terminology/lexicon (i.e., environment preparation, cyber attack, cyber defense), principles, capabilities, limitations, and effects. |
Knowledge |
3275 | Knowledge of fundamental cyber concepts, principles, limitations, and effects. |
Knowledge |
3291 | Knowledge of how internet applications work (SMTP email, web-based email, chat clients, VOIP). |
Knowledge |
3292 | Knowledge of how modern digital and telephony networks impact cyber operations. |
Knowledge |
3326 | Knowledge of information security concepts, facilitating technologies and methods. |
Knowledge |
3358 | Knowledge of organizational hierarchy and cyber decision making processes. |
Knowledge |
3374 | Knowledge of malware. |
Knowledge |
3388 | Knowledge of crisis action planning for cyber operations. |
Knowledge |
3391 | Knowledge of objectives, situation, operational environment, and the status and disposition of internal and external partner collection capabilities available to support planning. |
Knowledge |
3441 | Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc. |
Knowledge |
3444 | Knowledge of planning activity initiation. |
Knowledge |
3445 | Knowledge of planning timelines adaptive, crisis action, and time-sensitive planning. |
Knowledge |
3459 | Knowledge of the functions and capabilities of internal teams that emulate threat activities to benefit the organization. |
Knowledge |
3539 | Knowledge of telecommunications fundamentals. |
Knowledge |
3543 | Knowledge of the basic structure, architecture, and design of modern communication networks. |
Knowledge |
3545 | Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection). |
Knowledge |
3554 | Knowledge of the critical information requirements and how they’re used in planning. |
Knowledge |
3561 | Knowledge of the common networking and routing protocols(e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications. |
Knowledge |
3570 | Knowledge of the organizational structure as it pertains to full spectrum cyber operations, including the functions, responsibilities, and interrelationships among distinct internal elements. |
Knowledge |
3585 | Knowledge of accepted organization planning systems. |
Knowledge |
3591 | Knowledge of organization objectives, leadership priorities, and decision-making risks. |
Knowledge |
3601 | Knowledge of the outputs of course of action and exercise analysis. |
Knowledge |
3605 | Knowledge of the information environment. |
Knowledge |
3606 | Knowledge of the process used to assess the performance and impact of operations. |
Knowledge |
3609 | Knowledge of the range of cyber operations and their underlying intelligence support needs, topics, and focus areas. |
Knowledge |
3610 | Knowledge of the relationships between end states, objectives, effects, lines of operation, etc. |
Knowledge |
3613 | Knowledge of the role of network operations in supporting and facilitating other organization operations. |
Knowledge |
3616 | Knowledge of the structure, architecture, and design of modern digital and telephony networks. |
Knowledge |
3627 | Knowledge of cryptologic capabilities, limitations, and contributions to cyber operations. |
Knowledge |
3630 | Knowledge of the ways in which targets or threats use the Internet. |
Knowledge |
3639 | Knowledge of organization cyber operations programs, strategies, and resources. |
Knowledge |
3651 | Knowledge of what constitutes a “threat” to a network. |
Knowledge |
3659 | Knowledge of wireless technologies (e.g., cellular, satellite, GSM) to include the basic structure, architecture, and design of modern wireless communications systems. |
Knowledge |
3665 | Skill in administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures. |
Skill |
3681 | Skill in applying analytical methods typically employed to support planning and to justify recommended strategies and courses of action. |
Skill |
3685 | Skill in applying crisis planning procedures. |
Skill |
3747 | Skill in developing and executing comprehensive cyber operations assessment programs for assessing and validating operational performance characteristics. |
Skill |
3766 | Skill in documenting and communicating complex technical and programmatic information. |
Skill |
3772 | Skill in evaluating information for reliability, validity, and relevance. |
Skill |
3844 | Skill in preparing and presenting briefings. |
Skill |
3845 | Skill in preparing plans and related correspondence. |
Skill |
3879 | Skill in reviewing and editing plans. |
Skill |
3938 | Skill in utilizing feedback in order to improve processes, products, and services. |
Skill |
3946 | Skill in utilizing virtual collaborative workspaces and/or tools (e.g., IWS, VTCs, chat rooms, SharePoint). |
Skill |
3967 | Skill to anticipate key target or threat activities which are likely to prompt a leadership decision. |
Skill |
4023 | Skill to graphically depict decision support materials containing intelligence and partner capability estimates. |
Skill |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
Additional KSATs
KSAT ID | Description | KSAT |
---|---|---|
2058 | Assist and advise inter-agency partners in identifying and developing best practices for facilitating operational support to achievement of organization objectives. |
Task |
2160 | Contribute to the development of the organization’s decision support tools if necessary. |
Task |
2237 | Determine indicators (e.g., measures of effectiveness) that are best suited to specific cyber operation objectives. |
Task |
2368 | Ensure that intelligence planning activities are integrated and synchronized with operational planning timelines. |
Task |
2386 | Evaluate intelligence estimates to support the planning cycle. |
Task |
2459A | Identify cyber intelligence gaps and shortfalls. |
Task |
2558 | Maintain relationships with internal and external partners involved in cyber planning or related areas. |
Task |
2561 | Maintain situational awareness of cyber-related intelligence requirements and associated tasking. |
Task |
2562 | Maintain situational awareness of partner capabilities and activities. |
Task |
2624 | Conduct long-range, strategic planning efforts with internal and external partners in cyber activities. |
Task |
3054 | Ability to identify external partners with common cyber operations interests. |
Ability |
3114 | Knowledge of all forms of intelligence support needs, topics, and focus areas. |
Knowledge |
3271 | Knowledge of internal and external partner cyber operations capabilities and tools. |
Knowledge |
3293 | Knowledge of how modern wireless communications systems impact cyber operations. |
Knowledge |
3342 | Knowledge of intelligence support to planning, execution, and assessment. |
Knowledge |
3356 | Knowledge of organization policies and planning concepts for partnering with internal and/or external organizations. |
Knowledge |
3419 | Knowledge of organization or partner exploitation of digital networks. |
Knowledge |
3463 | Knowledge of required intelligence planning products associated with cyber operational planning. |
Knowledge |
3489 | Knowledge of organizational structures and associated intelligence capabilities. |
Knowledge |
3571 | Knowledge of the organizational planning and staffing process. |
Knowledge |
3572 | Knowledge of organization decision support tools and/or methods. |
Knowledge |
3607 | Knowledge of the processes to synchronize operational assessment procedures with the critical information requirement process. |
Knowledge |
3615 | Knowledge of the structure and intent of organization specific plans, guidance and authorizations. |
Knowledge |
3638 | Knowledge of organization issues, objectives, and operations in cyber as well as regulations and policy directives governing cyber operations. |
Knowledge |
3976 | Skill to apply the process used to assess the performance and impact of cyber operations. |
Skill |
3998 | Skill to craft indicators of operational progress/success. |
Skill |
4008 | Skill to distinguish between notional and actual resources and their applicability to the plan under development. |
Skill |
4058 | Skill to synchronize operational assessment procedures with the critical information requirement process. |
Skill |
4451 | Knowledge of full-spectrum cyberspace operational missions (e.g., DODIN Operations, DCO, OCO, cyberspace ISR, and Operational Preparation of the Environment (OPE)), principles, capabilities, limitations, and effects. |
KSA |
4471 | Knowledge of intelligence/SIGINT reporting and dissemination procedures. |
KSA |
8069 | Develop cyberspace operations TTPs for integration into operational and tactical levels of planning. |
Task |