* Knowledge of computer networking concepts and protocols, and network security methodologies.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

* Knowledge of specific operational impacts of cybersecurity lapses.

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Ability to determine the validity of technology trend data.

Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise.

Knowledge of collection management processes, capabilities, and limitations.

Knowledge of front-end collection systems, including traffic collection, filtering, and selection.

Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed.

Knowledge of operations security.

Accurately characterize targets.

Classify documents in accordance with classification guidelines.

Collaborate with intelligence analysts/targeting organizations involved in related areas.

Collaborate with other customer, Intelligence and targeting organizations involved in related cyber areas.

Identify and conduct analysis of target communications to identify information essential to support operations.

Conduct target research and analysis.

Coordinate with other organizations to deconflict reporting.

Maintain awareness of internal and external cyber organization structures, strengths, and employments of staffing and technology.

Determine if information meets reporting requirements.

Determine what technologies are used by a given target.

Engage customers to understand customers’ intelligence needs and wants.

Examine intercept-related metadata and content with an understanding of targeting significance.

Gather information about networks through traditional and alternative techniques, (e.g., social network analysis, call-chaining, traffic analysis.)

Generate requests for information.

Identify threat tactics, and methodologies.

Identify and evaluate threat critical capabilities, requirements, and vulnerabilities.

Identify cyber intelligence gaps and shortfalls.

Initiate requests to guide tasking and assist with collection management.

Maintain awareness of advancements in hardware and software technologies (e.g., attend training or conferences, reading) and their potential implications.

Make recommendations to guide collection in support of customer requirements.

Monitor target networks to provide indications and warning of target communications changes or processing failures.

Provide SME and support to planning/developmental forums and working groups as appropriate.

Provide subject matter expertise to development of exercises.

Produce reports based on intelligence information using appropriate formats for dissemination.

Profile targets and their activities.

Provide time sensitive targeting support.

Review appropriate information sources to determine validity and relevance of information gathered.

Reconstruct networks in diagram or report format.

Research communications trends in emerging technologies (in computer and telephony networks, satellite, cable, and wireless) in both open and classified sources.

Sanitize and minimize information to protect sources and methods.

Support identification and documentation of collateral effects.

Assess, document, and apply a target’s motivation and/or frame of reference to facilitate analysis, targeting and collection opportunities.

Collaborate across internal and/or external organizational lines to enhance collection, analysis and dissemination.

Conduct analysis of target communications to identify essential information in support of organization objectives.

Evaluate and interpret metadata to look for patterns, anomalies, or events, thereby optimizing targeting, analysis and processing.

Identify cyber threat tactics and methodologies.

Identify target communications within the global network.

Maintain awareness of target communication tools, techniques, and the characteristics of target communication networks (e.g., capacity, functionality, paths, critical nodes) and their potential implications for targeting, collection, and analysis.

Perform or support technical network analysis and mapping.

Perform social network analysis and document as appropriate.

Tip critical or time-sensitive information to appropriate customers.

Ability to accurately and completely source all data used in intelligence, assessment and/or planning products.

Ability to focus research efforts to meet the customer’s decision-making needs.

Ability to clearly articulate intelligence requirements into well-formulated research questions and requests for information.

Ability to collaborate effectively with others.

Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

Ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.

Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products.

Ability to exercise judgment when policies are not well-defined.

Ability to function effectively in a dynamic, fast-paced environment.

Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—in order to leverage analytical and technical expertise.

Ability to identify intelligence gaps.

Ability to recognize and mitigate cognitive biases which may affect analysis.

Ability to recognize and mitigate deception in reporting and analysis.

Ability to think critically.

Knowledge of target methods and procedures.

Ability to utilize multiple intelligence sources across all intelligence disciplines.

Knowledge of internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering).

Knowledge of a wide range of basic communications media concepts and terminology (e.g., computer and telephone networks, satellite, cable, wireless).

Knowledge of target intelligence gathering and operational preparation techniques and life cycles.

Knowledge of all-source reporting and dissemination procedures.

Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.).

Knowledge of basic malicious activity concepts (e.g., foot printing, scanning and enumeration).

Knowledge of both internal and external customers and partner organizations, including information needs, objectives, structure, capabilities, etc.

Knowledge of classification and control markings standards, policies and procedures.

Knowledge of cyber operation objectives, policies, and legalities.

Knowledge of collection searching/analyzing techniques and tools for chat/buddy list, emerging technologies, VOIP, Media Over IP, VPN, VSAT/wireless, web mail and cookies.

Knowledge of collection sources including conventional and non-conventional sources.

Knowledge of the intelligence requirements development and request for information processes.

Knowledge of common networking devices and their configurations.

Knowledge of common reporting databases and tools.

Knowledge of cyber operations.

Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).

Knowledge of denial and deception techniques.

Knowledge of document classification procedures, policy, resources, and personnel.

Knowledge of evolving/emerging communications technologies.

Knowledge of how converged technologies impact cyber operations (e.g., digital, telephony, wireless).

Knowledge of how internet applications work (SMTP email, web-based email, chat clients, VOIP).

Knowledge of how modern digital and telephony networks impact cyber operations.

Knowledge of how modern wireless communications systems impact cyber operations.

Knowledge of how to collect, view, and identify essential information on targets of interest from metadata (e.g., email, http).

Knowledge of how to extract, analyze, and use metadata.

Knowledge of information and collateral intelligence sources.

Knowledge of intelligence reporting principles, policies, procedures, and vehicles, including report formats, reportability criteria (requirements and priorities), dissemination practices, and legal authorities and restrictions.

Knowledge of Internet and routing protocols.

Knowledge of methods to integrate and summarize information from any potential sources.

Knowledge of midpoint collection (process, objectives, organization, targets, etc.).

Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).

Knowledge of organization and/or partner collection systems, capabilities, and processes (e.g., collection and protocol processors).

Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.

Knowledge of principles and practices related to target development such as target knowledge, associations, communication systems, and infrastructure.

Knowledge of strategies and tools for target research.

Knowledge of target, including related current events, communication profile, actors, and history (language, culture) and/or frame of reference.

Knowledge of the basic structure, architecture, and design of converged applications.

Knowledge of the data flow from collection origin to repositories and tools.

Knowledge of the intelligence frameworks, processes, and related systems.

Knowledge of the organization, roles and responsibilities of higher, lower and adjacent sub-elements.

Knowledge of the principal methods, procedures, and techniques of gathering information and producing intelligence.

Knowledge of the purpose and contribution of target templates.

Knowledge of the structure, architecture, and design of modern digital and telephony networks.

Knowledge of the structure, architecture, and design of modern wireless communications systems.

Knowledge of cryptologic capabilities, limitations, and contributions to cyber operations.

Skill in identifying how a target communicates.

Skill in analyzing a target’s communication networks.

Skill in analyzing traffic to identify network devices.

Skill in applying various analytical methods, tools, and techniques (e.g., competing hypotheses; chain of reasoning; scenario methods; denial and deception detection; high impact-low probability; network/association or link analysis; Bayesian, Delphi, and Pattern analyses).

Skill in assessing the applicability of available analytical tools to various situations.

Skill in conducting social network analysis, buddy list analysis, and/or cookie analysis.

Skill in disseminating items of highest intelligence value in a timely manner.

Skill in evaluating data sources for relevance, reliability, and objectivity.

Skill in evaluating information for reliability, validity, and relevance.

Skill in evaluating information to recognize relevance, priority, etc.

Skill in evaluating accesses for intelligence value.

Skill in exploiting/querying organizational and/or partner collection databases.

Skill in identifying a target’s communications networks.

Skill in identifying leads for target development.

Skill in identifying, locating, and tracking targets via geospatial analysis techniques

Skill in interpreting metadata and content as applied by collection systems.

Skill in managing client relationships, including determining client needs/requirements, managing client expectations, and demonstrating commitment to delivering quality results.

Skill in navigating network visualization software.

Skill in recognizing midpoint opportunities and essential information.

Skill in recognizing relevance of information.

Skill in recognizing significant changes in a target’s communication patterns.

Skill in recognizing technical information that may be used for leads to enable remote operations (data includes users, passwords, email addresses, IP ranges of the target, frequency in DNI behavior, mail servers, domain servers, SMTP header information).

Skill in recognizing technical information that may be used for target development including intelligence development.

Skill in researching essential information.

Skill in fusion analysis

Skill in synthesizing, analyzing, and prioritizing meaning across data sets.

Skill in using research methods including multiple, different sources to reconstruct a target network.

Skill in using geospatial data and applying geospatial resources.

Skill in using non-attributable networks.

Skill in writing about facts and ideas in a clear, convincing, and organized manner.

Knowledge of collection systems, capabilities, and processes.

Knowledge of the feedback cycle in collection processes.

Knowledge of target or threat cyber actors and procedures.

Knowledge of basic cyber operations activity concepts (e.g., foot printing, scanning and enumeration, penetration testing, white/black listing).

Knowledge of approved intelligence dissemination processes.

Knowledge of relevant laws, regulations, and policies.

Knowledge of target communication profiles and their key elements (e.g., target associations, activities, communication infrastructure).

Knowledge of target communication tools and techniques.

Knowledge of the characteristics of targeted communication networks (e.g., capacity, functionality, paths, critical nodes).

Knowledge of networking and internet communications fundamentals (i.e. devices, device configuration, hardware, software, applications, ports/protocols, addressing, network architecture and infrastructure, routing, operating systems, etc.).

Knowledge of concepts related to websites (e.g., web servers/pages, hosting, DNS, registration, web languages such as HTML).

Knowledge of network security implementations (e.g., host-based IDS, IPS, access control lists), including their function and placement in a network.

Knowledge of customer information needs.

Knowledge of analytic tools and techniques.

Knowledge of the request for information process.

Skill in identifying a target’s network characteristics.

Skill in assessing a target’s frame of reference (e.g., motivation, technical capability, organizational structure, sensitivities).

Skill in conducting research using all available sources.

Skill in complying with the legal restrictions for targeted information.

Skill in developing intelligence reports.

Skill in evaluating and interpreting metadata.

Skill in identifying intelligence gaps and limitations.

Skill in providing analysis on target-related matters (e.g., language, cultural, communications).

Ability to review processed target language materials for accuracy and completeness.

Skill in interpreting traceroute results, as they apply to network analysis and reconstruction.

Knowledge of obfuscation techniques (e.g., TOR/Onion/anonymizers, VPN/VPS, encryption).

Knowledge of computer programming concepts, including computer languages, programming, testing, debugging, and file types.

Knowledge of basic cloud-based technologies and concepts.

Knowledge of Critical Intelligence Communication (CRITIC) identification and reporting process.

Knowledge of cryptologic and SIGINT reporting and dissemination procedures.

Knowledge of how and when to request assistance from the Cryptanalysis and Signals Analysis and/or CNO.

Knowledge of intelligence sources and their characteristics.

Knowledge of methods, tools, sources, and techniques used to research, integrate and summarize information pertaining to target.

Knowledge of quality review process and procedures.

Knowledge of the overall mission of the Cyber Mission Forces (CMF).

Knowledge of the specific missions for CMF (i.e., Cyber Mission Teams (CMT), National Mission Teams (NMT), Combat Support Team (CST), National Support Team (NST), Cyber Protection Team (CPT).

Knowledge of the U.S. SIGNIT System (USSS) authorities, responsibilities, and contributions to the cyberspace operations mission.

Skill in conducting derivative classification IAW organization standards/Policy

Skill in conducting quality review of serialized reports and reporting for time-sensitive USCYBERCOM operations.

Skill in developing and maintaining target profiles.

Skill in drafting serialized reports to support time-sensitive USCYBERCOM operations.

Skill in drafting serialized reports to the quality level meeting release standards.

Skill in executing post publication processes IAW organization standards/Policy

Skill in providing feedback to enhance future collection and analysis.

Skill in recognizing exploitation opportunities.

Skill in recognizing targeting opportunities and essential information.

Skill in releasing serialized and time-sensitive reports.

Apply analytic techniques to validate information or data in reporting.

Apply and/or develop analytic techniques to provide better intelligence.

Apply customer requirements to the analysis process.

Assist in the mitigation of collection gaps.

Assist planners in the development of courses of action

Conduct pre and post publication actions

Develop analytical techniques to gain more target information.

Develop and maintain target profiles using appropriate corporate tools and databases (e.g. Target associations, activities, communication infrastructures, etc.).

Document and disseminate analytic findings.

Enable targeting offices to find new sources of collection.

Evaluate the strengths and weaknesses of the intelligence source.

Evaluate threat critical capabilities, requirements, and vulnerabilities.

Identify and facilitate partner relationships to enhance mission capabilities

Lead work role working groups/planning and development forums

Manipulate information in mission relevant databases (e.g., converting data, generating reports).

Mitigate collection gaps

Perform network analysis to support new or continued collection.

Perform quality review and provide feedback on the materials delivered on which analysis and reporting is conducted.

Prioritize reporting based on SIGINT reporting instructions or other mission reporting priorities.

Produce digital network intelligence against specific named target sets.

Provide intel target recommendations which meet leadership objectives.

Provide SME support for the development and implementation of exercises.

Select, build, and develop query strategies against appropriate collection databases.

Understand hacker TTPs and methodologies.

Understand network components and their functionality to enable analysis and target development.

Understand technologies used by a given target

Verify and validate that network graphics are accurate and comply with reporting policy.