* Knowledge of computer networking concepts and protocols, and network security methodologies.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

* Knowledge of specific operational impacts of cybersecurity lapses.

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Ability to determine the validity of technology trend data.

Knowledge of emerging computer-based technology that has potential for exploitation by adversaries.

Knowledge of industry technologies and how differences affect exploitation/vulnerabilities.

Knowledge of collection management processes, capabilities, and limitations.

Knowledge of front-end collection systems, including traffic collection, filtering, and selection.

Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.

Knowledge of operations security.

Identify and analyze anomalies in network traffic using metadata (e.g., CENTAUR).

Reconstruct a malicious attack or activity based off network traffic.

Accurately characterize targets.

Provide expertise to course of action development.

Provide expertise to the development of measures of effectiveness and measures of performance.

Perform analysis for target infrastructure exploitation activities.

Classify documents in accordance with classification guidelines.

Collaborate with intelligence analysts/targeting organizations involved in related areas.

Compile, integrate, and/or interpret all-source data for intelligence or vulnerability value with respect to specific targets.

Identify and conduct analysis of target communications to identify information essential to support operations.

Conduct analysis of physical and logical digital technologies (e.g., wireless, SCADA, telecom) to identify potential avenues of access.

Conduct quality control in order to determine validity and relevance of information gathered about networks.

Conduct target research and analysis.

Create comprehensive exploitation strategies that identify exploitable technical or operational vulnerabilities.

Maintain awareness of internal and external cyber organization structures, strengths, and employments of staffing and technology.

Determine how identified factors affect the tasking, collection, processing, exploitation and dissemination architecture’s form and function.

Determine if information meets reporting requirements.

Determine what technologies are used by a given target.

Apply analytic techniques to gain more target information.

Develop measures of effectiveness and measures of performance.

Engage customers to understand customers’ intelligence needs and wants.

Establish alternative processing, exploitation and dissemination pathways to address identified issues or problems.

Generate and evaluate the effectiveness of network analysis strategies.

Examine intercept-related metadata and content with an understanding of targeting significance.

Gather information about networks through traditional and alternative techniques, (e.g., social network analysis, call-chaining, traffic analysis.)

Generate requests for information.

Identify threat tactics, and methodologies.

Identify and evaluate threat critical capabilities, requirements, and vulnerabilities.

Identify collection gaps and potential collection strategies against targets.

Identify critical target elements.

Identify intelligence gaps and shortfalls.

Identify network components and their functionality to enable analysis and target development.

Initiate requests to guide tasking and assist with collection management.

Maintain awareness of advancements in hardware and software technologies (e.g., attend training or conferences, reading) and their potential implications.

Make recommendations to guide collection in support of customer requirements.

Monitor target networks to provide indications and warning of target communications changes or processing failures.

Provide SME and support to planning/developmental forums and working groups as appropriate.

Provide subject matter expertise to development of exercises.

Participate in exercises.

Perform content and/or metadata analysis to meet organization objectives.

Produce network reconstructions.

Profile targets and their activities.

Provide time sensitive targeting support.

Review appropriate information sources to determine validity and relevance of information gathered.

Reconstruct networks in diagram or report format.

Research communications trends in emerging technologies (in computer and telephony networks, satellite, cable, and wireless) in both open and classified sources.

Sanitize and minimize information to protect sources and methods.

Support identification and documentation of collateral effects.

Collaborate across internal and/or external organizational lines to enhance collection, analysis and dissemination.

Conduct analysis of target communications to identify essential information in support of organization objectives.

Evaluate and interpret metadata to look for patterns, anomalies, or events, thereby optimizing targeting, analysis and processing.

Identify target communications within the global network.

Maintain awareness of target communication tools, techniques, and the characteristics of target communication networks (e.g., capacity, functionality, paths, critical nodes) and their potential implications for targeting, collection, and analysis.

Provide feedback to collection managers to enhance future collection and analysis.

Perform or support technical network analysis and mapping.

Perform social network analysis and document as appropriate.

Tip critical or time-sensitive information to appropriate customers.

Ability to accurately and completely source all data used in intelligence, assessment and/or planning products.

Ability to focus research efforts to meet the customer’s decision-making needs.

Ability to clearly articulate intelligence requirements into well-formulated research questions and requests for information.

Ability to collaborate effectively with others.

Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

Ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.

Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products.

Ability to exercise judgment when policies are not well-defined.

Ability to function effectively in a dynamic, fast-paced environment.

Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—in order to leverage analytical and technical expertise.

Ability to identify intelligence gaps.

Ability to recognize and mitigate cognitive biases which may affect analysis.

Ability to recognize and mitigate deception in reporting and analysis.

Ability to think critically.

Knowledge of target methods and procedures.

Ability to utilize multiple intelligence sources across all intelligence disciplines.

Knowledge of internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering).

Knowledge of a wide range of basic communications media concepts and terminology (e.g., computer and telephone networks, satellite, cable, wireless).

Knowledge of target intelligence gathering and operational preparation techniques and life cycles.

Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.).

Knowledge of basic malicious activity concepts (e.g., foot printing, scanning and enumeration).

Knowledge of both internal and external customers and partner organizations, including information needs, objectives, structure, capabilities, etc.

Knowledge of classification and control markings standards, policies and procedures.

Knowledge of cyber operation objectives, policies, and legalities.

Knowledge of collection searching/analyzing techniques and tools for chat/buddy list, emerging technologies, VOIP, Media Over IP, VPN, VSAT/wireless, web mail and cookies.

Knowledge of collection sources including conventional and non-conventional sources.

Knowledge of the intelligence requirements development and request for information processes.

Knowledge of common networking devices and their configurations.

Knowledge of common reporting databases and tools.

Knowledge of cyber operations.

Knowledge of denial and deception techniques.

Knowledge of document classification procedures, policy, resources, and personnel.

Knowledge of evolving/emerging communications technologies.

Knowledge of general SCADA system components.

Knowledge of how converged technologies impact cyber operations (e.g., digital, telephony, wireless).

Knowledge of how internet applications work (SMTP email, web-based email, chat clients, VOIP).

Knowledge of how modern digital and telephony networks impact cyber operations.

Knowledge of how modern wireless communications systems impact cyber operations.

Knowledge of how to collect, view, and identify essential information on targets of interest from metadata (e.g., email, http).

Knowledge of how to extract, analyze, and use metadata.

Knowledge of information and collateral intelligence sources.

Knowledge of intelligence reporting principles, policies, procedures, and vehicles, including report formats, reportability criteria (requirements and priorities), dissemination practices, and legal authorities and restrictions.

Knowledge of Internet and routing protocols.

Knowledge of intrusion detection systems and signature development.

Knowledge of malware analysis and characteristics.

Knowledge of methods to integrate and summarize information from any potential sources.

Knowledge of midpoint collection (process, objectives, organization, targets, etc.).

Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).

Knowledge of organization and/or partner collection systems, capabilities, and processes (e.g., collection and protocol processors).

Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.

Knowledge of principles and practices related to target development such as target knowledge, associations, communication systems, and infrastructure.

Knowledge of strategies and tools for target research.

Knowledge of target, including related current events, communication profile, actors, and history (language, culture) and/or frame of reference.

Knowledge of the basic structure, architecture, and design of converged applications.

Knowledge of the data flow from collection origin to repositories and tools.

Knowledge of the intelligence frameworks, processes, and related systems.

Knowledge of the organization, roles and responsibilities of higher, lower and adjacent sub-elements.

Knowledge of the principal methods, procedures, and techniques of gathering information and producing intelligence.

Knowledge of the purpose and contribution of target templates.

Knowledge of the structure, architecture, and design of modern digital and telephony networks.

Knowledge of the structure, architecture, and design of modern wireless communications systems.

Knowledge of cryptologic capabilities, limitations, and contributions to cyber operations.

Knowledge of Unix/Linux and Windows operating systems structures and internals (e.g., process management, directory structure, installed applications).

Skill in identifying how a target communicates.

Skill in analyzing a target’s communication networks.

Skill in analyzing essential network data (e.g., router configuration files, routing protocols).

Skill in analyzing traffic to identify network devices.

Skill in applying various analytical methods, tools, and techniques (e.g., competing hypotheses; chain of reasoning; scenario methods; denial and deception detection; high impact-low probability; network/association or link analysis; Bayesian, Delphi, and Pattern analyses).

Skill in assessing the applicability of available analytical tools to various situations.

Skill in conducting social network analysis, buddy list analysis, and/or cookie analysis.

Skill in depicting source or collateral data on a network map.

Skill in determining the physical location of network devices.

Skill in disseminating items of highest intelligence value in a timely manner.

Skill in evaluating data sources for relevance, reliability, and objectivity.

Skill in evaluating information for reliability, validity, and relevance.

Skill in evaluating information to recognize relevance, priority, etc.

Skill in evaluating accesses for intelligence value.

Skill in exploiting/querying organizational and/or partner collection databases.

Skill in identifying a target’s communications networks.

Skill in identifying leads for target development.

Skill in identifying, locating, and tracking targets via geospatial analysis techniques

Skill in interpreting compiled and interpretive programming languages.

Skill in interpreting metadata and content as applied by collection systems.

Skill in using trace route tools and interpreting the results as they apply to network analysis and reconstruction.

Skill in managing client relationships, including determining client needs/requirements, managing client expectations, and demonstrating commitment to delivering quality results.

Skill in navigating network visualization software.

Skill in recognizing and interpreting malicious network activity in traffic.

Skill in recognizing relevance of information.

Skill in recognizing significant changes in a target’s communication patterns.

Skill in recognizing technical information that may be used for leads for metadata analysis.

Skill in recognizing technical information that may be used for target development including intelligence development.

Skill in researching essential information.

Skill in researching vulnerabilities and exploits utilized in traffic.

Skill in fusion analysis

Skill in survey, collection, and analysis of wireless LAN metadata.

Skill in synthesizing, analyzing, and prioritizing meaning across data sets.

Skill in target network anomaly identification (e.g., intrusions, dataflow or processing, target implementation of new technologies).

Skill in using research methods including multiple, different sources to reconstruct a target network.

Skill in using geospatial data and applying geospatial resources.

Skill in using non-attributable networks.

Skill in writing about facts and ideas in a clear, convincing, and organized manner.

Knowledge of collection systems, capabilities, and processes.

Knowledge of the feedback cycle in collection processes.

Knowledge of target or threat cyber actors and procedures.

Knowledge of basic cyber operations activity concepts (e.g., foot printing, scanning and enumeration, penetration testing, white/black listing).

Knowledge of approved intelligence dissemination processes.

Knowledge of relevant laws, regulations, and policies.

Knowledge of target communication profiles and their key elements (e.g., target associations, activities, communication infrastructure).

Knowledge of target communication tools and techniques.

Knowledge of the characteristics of targeted communication networks (e.g., capacity, functionality, paths, critical nodes).

Knowledge of networking and internet communications fundamentals (i.e. devices, device configuration, hardware, software, applications, ports/protocols, addressing, network architecture and infrastructure, routing, operating systems, etc.).

Knowledge of concepts related to websites (e.g., web servers/pages, hosting, DNS, registration, web languages such as HTML).

Knowledge of network security implementations (e.g., host-based IDS, IPS, access control lists), including their function and placement in a network.

Knowledge of customer information needs.

Knowledge of analytic tools and techniques.

Skill in identifying a target’s network characteristics.

Skill in assessing a target’s frame of reference (e.g., motivation, technical capability, organizational structure, sensitivities).

Skill in conducting research using all available sources.

Skill in complying with the legal restrictions for targeted information.

Skill in developing intelligence reports.

Skill in evaluating and interpreting metadata.

Skill in identifying intelligence gaps and limitations.

Skill in providing analysis on target-related matters (e.g., language, cultural, communications).

Skill in interpreting traceroute results, as they apply to network analysis and reconstruction.

Knowledge of obfuscation techniques (e.g., TOR/Onion/anonymizers, VPN/VPS, encryption).

Knowledge of computer programming concepts, including computer languages, programming, testing, debugging, and file types.

Knowledge of basic cloud-based technologies and concepts.

Knowledge of basic Embedded Systems concepts.

Knowledge of basic reconnaissance activity concepts and techniques (foot printing, scanning and enumeration).

Knowledge of Critical Intelligence Communication (CRITIC) identification and reporting process.

Knowledge of cryptologic and SIGINT reporting and dissemination procedures.

Knowledge of cybersecurity concepts and principles.

Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).

Knowledge of how and when to request assistance from the Cryptanalysis and Signals Analysis and/or CNO.

Knowledge of intelligence sources and their characteristics.

Knowledge of methods, tools, sources, and techniques used to research, integrate and summarize all-source information pertaining to target.

Knowledge of quality review process and procedures.

Knowledge of SIGINT laws and directives.

Knowledge of structured response frameworks (e.g. MITRE ATT&CK, Lockheed Martin Kill Chain, Diamond Model).

Knowledge of the overall mission of the Cyber Mission Forces (CMF).

Knowledge of the specific missions for CMF (i.e., Cyber Mission Teams (CMT), National Mission Teams (NMT), Combat Support Team (CST), National Support Team (NST), Cyber Protection Team (CPT).

Knowledge of the U.S. SIGNIT System (USSS) authorities, responsibilities, and contributions to the cyberspace operations mission.

Skill in analyzing endpoint collection data.

Skill in developing and maintaining target profiles.

Skill in geolocating targets.

Skill in operational use of raw collection databases.

Skill in performing data fusion from all-source intelligence for geospatial analysis.

Skill in performing data fusion from all-source intelligence for network analysis and reconstruction (e.g., Single Table Inheritance (STIs), network maps).

Skill in performing data fusion from all-source intelligence.

Skill in providing feedback to enhance future collection and analysis.

Skill in recognizing exploitation opportunities.

Skill in recognizing the value of survey data.

Skill in selector normalization.

Skill in targeting (e.g., selectors).

Apply and/or develop analytic techniques to provide better intelligence.

Apply customer requirements to the analysis process.

Assist planners in the development of courses of action

Develop analytical techniques to gain more target information.

Develop and lead exercises

Develop and maintain target profiles using appropriate corporate tools and databases (e.g. Target associations, activities, communication infrastructures, etc.).

Document and disseminate analytic findings.

Enable targeting offices to find new sources of collection.

Evaluate the strengths and weaknesses of the intelligence source.

Evaluate threat critical capabilities, requirements, and vulnerabilities.

Facilitate collaboration with customers, Intelligence and targeting organizations involved in related cyber areas.

Identify and facilitate partner relationships to enhance mission capabilities

Lead work role working groups/planning and development forums

Manipulate information in mission relevant databases (e.g., converting data, generating reports).

Mitigate collection gaps

Perform network analysis to support new or continued collection.

Produce digital network intelligence against specific named target sets.

Provide expertise in support of operational effects generated through cyber activities.

Provide intel target recommendations which meet leadership objectives.

Select, build, and develop query strategies against appropriate collection databases.

Understand technologies used by a given target

Understand TTPs and methodologies to enable access ops or access vector opportunities.