Mission Assessment Specialist
Develops assessment plans and measures of performance/effectiveness. Conducts strategic and operational effectiveness assessments as required for cyber events. Determines whether systems performed as expected and provides input to the determination of operational effectiveness.
Core KSATs
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
52 | Knowledge of human-computer interaction principles. |
Knowledge |
87 | Knowledge of network traffic analysis methods. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
264 | Knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage). |
Knowledge |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
2063 | Assist in the coordination, validation, and management of all-source collection requirements, plans, and/or activities. |
Task |
2108 | Conduct end-of-operations assessments. |
Task |
2115 | Conduct in-depth research and analysis. |
Task |
2121 | Conduct nodal analysis. |
Task |
2134 | Conduct target research and analysis. |
Task |
2289 | Develop measures of effectiveness and measures of performance. |
Task |
2378 | Estimate operational effects generated through cyber activities. |
Task |
2379A | Identify threat vulnerabilities. |
Task |
2429 | Generate requests for information. |
Task |
2593 | Monitor and report changes in threat dispositions, activities, tactics, capabilities, objectives, etc. as related to designated cyber operations warning problem sets. |
Task |
2594 | Monitor and report on validated threat activities. |
Task |
2603 | Monitor operational environment and report on adversarial activities which fulfill leadership’s priority information requirements. |
Task |
2730 | Provide analyses and support for effectiveness assessment. |
Task |
2745 | Provide information and assessments for the purposes of informing leadership and customers; developing and refining objectives; supporting operation planning and execution; and assessing the effects of operations. |
Task |
2747 | Provide input and assist in post-action effectiveness assessments. |
Task |
2748 | Provide input and assist in the development of plans and guidance. |
Task |
3002 | Ability to focus research efforts to meet the customer’s decision-making needs. |
Ability |
3022 | Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means. |
Ability |
3039 | Ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists. |
Ability |
3044 | Ability to exercise judgment when policies are not well-defined. |
Ability |
3047 | Ability to function effectively in a dynamic, fast-paced environment. |
Ability |
3048 | Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—in order to leverage analytical and technical expertise. |
Ability |
3073 | Ability to recognize and mitigate cognitive biases which may affect analysis. |
Ability |
3077 | Ability to think critically. |
Ability |
3078A | Ability to think like threat actors. |
Ability |
3079 | Ability to understand objectives and effects. |
Ability |
3098 | Knowledge of virtualization products (Vmware, Virtual PC). |
Knowledge |
3106 | Knowledge of a wide range of basic communications media concepts and terminology (e.g., computer and telephone networks, satellite, cable, wireless). |
Knowledge |
3107 | Knowledge of a wide range of concepts associated with websites (e.g., website types, administration, functions, software systems, etc.). |
Knowledge |
3129 | Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.). |
Knowledge |
3137 | Knowledge of basic malicious activity concepts (e.g., foot printing, scanning and enumeration). |
Knowledge |
3154 | Knowledge of classification and control markings standards, policies and procedures. |
Knowledge |
3177 | Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.). |
Knowledge |
3188 | Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.). |
Knowledge |
3225 | Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media). |
Knowledge |
3253 | Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP). |
Knowledge |
3262 | Knowledge of evolving/emerging communications technologies. |
Knowledge |
3291 | Knowledge of how internet applications work (SMTP email, web-based email, chat clients, VOIP). |
Knowledge |
3292 | Knowledge of how modern digital and telephony networks impact cyber operations. |
Knowledge |
3293 | Knowledge of how modern wireless communications systems impact cyber operations. |
Knowledge |
3298 | Knowledge of how to extract, analyze, and use metadata. |
Knowledge |
3374 | Knowledge of malware. |
Knowledge |
3441 | Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc. |
Knowledge |
3539 | Knowledge of telecommunications fundamentals. |
Knowledge |
3543 | Knowledge of the basic structure, architecture, and design of modern communication networks. |
Knowledge |
3545 | Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection). |
Knowledge |
3561 | Knowledge of the common networking and routing protocols(e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications. |
Knowledge |
3651 | Knowledge of what constitutes a “threat” to a network. |
Knowledge |
3691 | Skill in assessing and/or estimating effects generated during and after cyber operations. |
Skill |
3756 | Skill in developing or recommending analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists. |
Skill |
3770 | Skill in evaluating available capabilities against desired effects in order to provide effective courses of action. |
Skill |
3772 | Skill in evaluating information for reliability, validity, and relevance. |
Skill |
3788 | Skill in identifying alternative analytical interpretations in order to minimize unanticipated outcomes. |
Skill |
3794 | Skill in identifying cyber threats which may jeopardize organization and/or partner interests. |
Skill |
3844 | Skill in preparing and presenting briefings. |
Skill |
3851 | Skill in providing understanding of target or threat systems through the identification and link analysis of physical, functional, or behavioral relationships. |
Skill |
3878 | Skill in reviewing and editing assessment products. |
Skill |
3893 | Skill in tailoring analysis to the necessary levels (e.g., classification and organizational). |
Skill |
3921 | Skill in using multiple search engines (e.g., Google, Yahoo, LexisNexis, DataStar) and tools in conducting open-source searches. |
Skill |
3946 | Skill in utilizing virtual collaborative workspaces and/or tools (e.g., IWS, VTCs, chat rooms, SharePoint). |
Skill |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
Additional KSATs
KSAT ID | Description | KSAT |
---|---|---|
2059 | Provide expertise to course of action development. |
Task |
2060 | Provide subject matter expertise to the development of a common operational picture. |
Task |
2061 | Provide subject matter expertise to the development of cyber operations specific indicators. |
Task |
2066 | Provide expertise to the development of measures of effectiveness and measures of performance. |
Task |
2068 | Assist in the identification of intelligence collection shortfalls. |
Task |
2075 | Brief threat and/or target current situations. |
Task |
2087 | Collaborate with intelligence analysts/targeting organizations involved in related areas. |
Task |
2288 | Develop information requirements necessary for answering priority information requests. |
Task |
2292 | Develop munitions effectiveness assessment or operational assessment materials. |
Task |
2356 | Engage customers to understand customers’ intelligence needs and wants. |
Task |
2379 | Evaluate threat decision-making processes. |
Task |
2459 | Identify intelligence gaps and shortfalls. |
Task |
2617 | Produce timely, fused, all-source cyber operations intelligence and/or indications and warnings intelligence products (e.g., threat assessments, briefings, intelligence studies, country studies). |
Task |
2621 | Provide SME and support to planning/developmental forums and working groups as appropriate. |
Task |
2735 | Provide current intelligence support to critical internal/external stakeholders as appropriate. |
Task |
2738 | Provide evaluation and feedback necessary for improving intelligence production, intelligence reporting, collection requirements, and operations. |
Task |
2757 | Provide effectiveness support to designated exercises, and/or time sensitive operations. |
Task |
2767 | Provide target recommendations which meet leadership objectives. |
Task |
2881 | Work closely with planners, intelligence analysts, and collection managers to ensure intelligence requirements and collection plans are accurate and up-to-date. |
Task |
3001 | Ability to accurately and completely source all data used in intelligence, assessment and/or planning products. |
Ability |
3019 | Ability to clearly articulate intelligence requirements into well-formulated research questions and data tracking variables for inquiry tracking purposes. |
Ability |
3041 | Ability to effectively collaborate via virtual teams. |
Ability |
3042 | Ability to evaluate information for reliability, validity, and relevance. |
Ability |
3043 | Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products. |
Ability |
3052 | Ability to identify intelligence gaps. |
Ability |
3074 | Ability to recognize and mitigate deception in reporting and analysis. |
Ability |
3081 | Ability to utilize multiple intelligence sources across all intelligence disciplines. |
Ability |
3095 | Knowledge of internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering). |
Knowledge |
3159 | Knowledge of cyber operations support or enabling processes. |
Knowledge |
3205 | Knowledge of current computer-based intrusion sets. |
Knowledge |
3210 | Knowledge of cyber laws and their effect on Cyber planning. |
Knowledge |
3271 | Knowledge of internal and external partner cyber operations capabilities and tools. |
Knowledge |
3274 | Knowledge of fundamental cyber operations concepts, terminology/lexicon (i.e., environment preparation, cyber attack, cyber defense), principles, capabilities, limitations, and effects. |
Knowledge |
3277 | Knowledge of general SCADA system components. |
Knowledge |
3286 | Knowledge of host-based security products and how they affect exploitation and vulnerability. |
Knowledge |
3334 | Knowledge of intelligence confidence levels. |
Knowledge |
3342 | Knowledge of intelligence support to planning, execution, and assessment. |
Knowledge |
3343 | Knowledge of cyber intelligence/information collection capabilities and repositories. |
Knowledge |
3358 | Knowledge of organizational hierarchy and cyber decision making processes. |
Knowledge |
3419 | Knowledge of organization or partner exploitation of digital networks. |
Knowledge |
3460 | Knowledge of internal tactics to anticipate and/or emulate threat capabilities and actions. |
Knowledge |
3504 | Knowledge of threat and/or target systems. |
Knowledge |
3533 | Knowledge of target vetting and validation procedures. |
Knowledge |
3584 | Knowledge of intelligence preparation of the environment and similar processes. |
Knowledge |
3587 | Knowledge of targeting cycles. |
Knowledge |
3615 | Knowledge of the structure and intent of organization specific plans, guidance and authorizations. |
Knowledge |
3630 | Knowledge of the ways in which targets or threats use the Internet. |
Knowledge |
3659 | Knowledge of wireless technologies (e.g., cellular, satellite, GSM) to include the basic structure, architecture, and design of modern wireless communications systems. |
Knowledge |
3704 | Skill in conducting non-attributable research. |
Skill |
3724 | Skill in defining and characterizing all pertinent aspects of the operational environment. |
Skill |
3793 | Skill in identifying critical target elements, to include critical target elements for the cyber domain. |
Skill |
3876 | Skill in writing, reviewing and editing cyber-related Intelligence/assessment products from multiple sources. |
Skill |
3907 | Skill in using targeting databases and software packages. |
Skill |
3910 | Skill in using Boolean operators to construct simple and complex queries. |
Skill |
3920 | Skill in using multiple analytic tools, databases, and techniques (e.g., Analyst’s Notebook, A-Space, Anchory, M3, divergent/convergent thinking, link charts, matrices, etc.). |
Skill |
3938 | Skill in utilizing feedback in order to improve processes, products, and services. |
Skill |
3953A | Skill in providing analysis to aid writing phased after action reports. |
Skill |