Network Technician

Network Technician Work Role ID: 442 (NIST: N/A) Workforce Element: Cyberspace Effects

The Network Technician provides enterprise and tactical infrastructure knowledge, experience, and integration to the Cyber Protection Team (CPT). The Network Technician supports CPT elements by understanding of network technologies, defining mission scope, and identifying terrain.


Items denoted by a * are CORE KSATs for every Work Role, while other CORE KSATs vary by Work Role.

Core KSATs

KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge

Additional KSATs

KSAT ID Description KSAT
4196

Ability to build, implement, and maintain distributed sensor grid.

Ability
4201

Ability to characterize network traffic for trends and patterns.

Ability
4215

Ability to configure and place distributed sensor grid

Ability
4224

Ability to coordinate with Sr Leaders of an Org. to ensure shared responsibility for supporting Org. mission/business functions using external providers of systems, services and apps receives visibility and is elevated to the appropriate decision-making authorities

Ability
4228

Ability to create rule sets within an Intrusion Detection System (IDS).

Ability
4230

Ability to create rules/alerts for traffic validation.

Ability
4273

Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.

Ability
4290

Ability to implement network TAP configuration

Ability
4291

Ability to implement sensors according to sensor plan

Ability
4294

Ability to integrate information security requirements into the acquisition process, using applicable baseline security controls as one of the sources for security requirements, ensuring a robust software quality control process and establishing multiple source

Ability
4316

Ability to organize policy standards to insure procedures and guidelines comply with cybersecurity policies.

Ability
4352

Ability to setup Serial and Ethernet interfaces.

Ability
4354

Ability to share meaningful insights about the context of an organization’s threat environment that improve its risk management posture.

Ability
4357

Ability to test tools within sensor grid.

Ability
4358

Ability to track the location and configuration of networked devices and software across departments, locations, facilities and potentially supporting business functions.

Ability
4360

Ability to troubleshoot computer software and hardware issues, make repairs, and schedule updates.

Ability
4365

Ability to use and/or integrate a Security Information and Event Management (SIEM) platform.

Ability
4390

Knowledge of active directory federated services.

Knowledge
4396

Knowledge of basic cloud-based technologies and concepts.

Knowledge
4398

Knowledge of basic Cyber Threat Emulation concepts.

Knowledge
4399

Knowledge of basic Embedded Systems concepts.

Knowledge
4415

Knowledge of common obfuscation techniques (e.g. command line execution, string substitution, clandestine side channel, Base64).

Knowledge
4429

Knowledge of cybersecurity controls and design principles and methods (e.g., firewalls, DMZ, and encryption).

Knowledge
4438

Knowledge of different types of log subscriptions (e.g. push vs pull, MS Windows event forwarding, winlogbeat, syslog).

Knowledge
4451

Knowledge of full-spectrum cyberspace operational missions (e.g., DODIN Operations, DCO, OCO, cyberspace ISR, and Operational Preparation of the Environment (OPE)), principles, capabilities, limitations, and effects.

KSA
4481

Knowledge of long haul circuits.

Knowledge
4499

Knowledge of Network OSs.

Knowledge
4500

Knowledge of network systems management methods including end-to-end systems performance monitoring.

Knowledge
4501

Knowledge of non-Active Directory domains (e.g. IDM, LDAP).

Knowledge
4516

Knowledge of principles and methods for integrating system and network components.

Knowledge
4522

Knowledge of public key infrastructure (PKI) libraries, certificate authorities, certificate management, and encryption functionalities.

Knowledge
4529

Knowledge of routing protocols such as RIPv1/v2, OSPF, IGRP, and EIGRP

Knowledge
4532

Knowledge of Security Technical Implementation Guide (STIG)

Knowledge
4537

Knowledge of stream providers (e.g. KAFKA).

Knowledge
4539

Knowledge of structured response frameworks (e.g. MITRE ATT&CK, Lockheed Martin Kill Chain, Diamond Model).

Knowledge
4588

Knowledge of transmission capabilities (e.g., Bluetooth, Radio Frequency Identification (RFID), Infrared Networking (IR), Wireless Fidelity (Wi-Fi). paging, cellular, satellite dishes, Voice over Internet Protocol (VoIP)).

Knowledge
4594

Knowledge of WAN technologies such as PPP, Frame-relay, dedicated T1s, ISDN, and routing protocols

Knowledge
4595

Knowledge of web applications and their common attack vectors.

Knowledge
4606

Skill in applying STIG upgrades

Skill
4609

Skill in cable management and organization

Skill
4615

Skill in configuring and utilizing software-based computer protection tools (e.g., software firewalls, anti-virus software, anti-spyware).

Skill
4635

Skill in implementing DHCP and DNS

Skill
4664

Skill in router IOS backup, recovery, and upgrade.

Skill
4671

Skill in understanding cybersecurity architecture, its implementation, and its expected behaviors and how changes in conditions affect outcomes.

Skill
8019

Assess exploited systems’ potential to provide additional access, target development information, intelligence and/or covert infrastructure.

Task
8042

Consult with customers about network system design and maintenance.

Task
8058

Design countermeasures and mitigations against potential weaknesses and vulnerabilities in system and elements.

Task
8059

Design, develop, and modify network systems, using scientific analysis and mathematical models to predict and measure outcome and consequences of design.

Task
8060

Detect exploits against networks and hosts and react accordingly (Does not apply to Red Team Interactive Operators).

Task
8078

Diagnose network connectivity problems.

Task
8091

Engage customers to understand their expectations and wants.

Task
8099

Evaluate security architecture and its design against cyberspace threats as identified in operational and acquisition documents.

Task
8110

Identify optimal locations for network sensor placement to collect on targeted devices.

Task
8117

Implement and enforce DCO policies and procedures reflecting applicable laws, policies, procedures, and regulations (such as United States Code Titles 10 and 50).

Task
8131

Maintain Operational, technical, and authoritative situational awareness during effects-based operations

Task
8139

Notify designated mission leadership or applicable team members of any suspected cyber incident.

Task
8161

Provide and maintain documentation for TTPs as inputs to training programs.

Task
8165

Provide feedback for RFI generation.

Task
8187

Repair network connectivity problems.

Task