Facilitates AI adoption by supporting the users of AI-enabled solutions.

Workforce Element:
Data/AI

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
466A

Consult with customers and key stakeholders to evaluate functional requirements for AI and data applications.

Task
479A

Correlates training and learning to business or mission requirements.

Task
538

Develop new or identify existing awareness and training materials that are appropriate for intended audiences.

Task
918

Ability to prepare and deliver education and awareness briefings to ensure that systems, network, and data users are aware of and adhere to systems security policies and procedures.

Ability
1000B

Ensure that AI design and development activities are properly documented and updated.

Task
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
3022

Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

Ability
5380

Gather feedback on customer satisfaction and internal service performance to foster continual improvement.

Task
5430

Present technical information to technical and non-technical audiences.

Task
5843

Analyze national security/DoD mission priorities and gaps suitable for the application of AI solutions.

Task
5861

Coordinate with change management employees to plan, foster, and track change.

Task
5891

Identify viable AI projects based on organizational needs.

Task
5892

Identify ways to lead and motivate people to adopt AI solutions through cultural, organizational, or other types of change.

Task
5896

Maintain current knowledge of advancements in DoD AI Ethical Principles and Responsible AI.

Task
5909

Promote awareness of AI limitations and benefits.

Task
5918

Support an AI adoption strategy that aligns with the organization’s vision, mission, and goals.

Task
5921

Test how users interact with AI solutions.

Task
6311

Knowledge of machine learning theory and principles.

Knowledge
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6915A

Skill in communicating with all levels of the organization, including senior/mid-level executives, and operational-level personnel (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience).

Skill
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge
7001

Ability to inspire and lead a culture of innovation.

Ability
7003

Knowledge of AI security risks, threats, and vulnerabilities and potential risk mitigation solutions.

Knowledge
7008

Knowledge of change models and frameworks.

Knowledge
7020

Knowledge of DoD AI Ethical Principles (e.g., responsible, equitable, traceable, reliable, and governable).

Knowledge
7021

Knowledge of emerging trends and future use cases of AI.

Knowledge
7024

Knowledge of how AI is developed and operated.

Knowledge
7027

Knowledge of how humans interact with and/or are impacted by AI solutions within the DoD context.

Knowledge
7031

Knowledge of how to structure and display data.

Knowledge
7032

Knowledge of how to use data to tell a story.

Knowledge
7033

Knowledge of human factor engineering.

Knowledge
7037

Knowledge of machine learning operations (MLOps) processes and best practices.

Knowledge
7045

Knowledge of the AI lifecycle.

Knowledge
7046

Knowledge of the basic requirements for the successful delivery of AI solutions.

Knowledge
7047

Knowledge of the basics of customer experience, customer design, psychology of customer decision-making, and human-computer interaction.

Knowledge
7048

Knowledge of the benefits and limitations of AI capabilities.

Knowledge
7051

Knowledge of the possible impacts of machine learning blind spots and edge cases.

Knowledge
7053

Knowledge of the user experience (e.g., decision making, user design, and human-computer interaction) as it relates to AI systems.

Knowledge
7058

Skill in communicating AI and/or machine learning solutions to a wide range of audiences.

Skill
7065

Skill in explaining AI concepts and terminology.

Skill
7072

Skill in leading AI adoption efforts.

Skill

Additional KSATs:
KSAT ID Description KSAT
5861

Coordinate with change management employees to plan, foster, and track change.

Task
5880

Engage and collaborate with allies and partners to advance shared strategic AI objectives.

Task
5925

Use knowledge of business processes to create or recommend AI solutions.

Task
6380

Knowledge of principles and processes for conducting training and education needs assessment.

Knowledge
7013

Knowledge of customer mission priorities and capabilities, as related to the integration and adoption of AI solutions.

Knowledge
7033

Knowledge of human factor engineering.

Knowledge
7036

Knowledge of laws, regulations, and policies related to AI, data security/privacy, and use of publicly procured data for government.

Knowledge
7041

Knowledge of remedies against unintended bias in AI solutions.

Knowledge
942

Knowledge of the organization’s core business/mission processes.

Knowledge

Builds the organization’s AI vision and plan and leads policy and doctrine formation including how…

Workforce Element:
Data/AI

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
391A

Acquire and manage the necessary resources, including leadership support, financial resources, infrastructure, and key personnel, to support AI innovation adoption goals and objectives.

Task
395A

Advise senior management on risk levels, security posture, and necessary changes to existing AI policies.​

Task
492B

Design and integrate an AI adoption strategy that supports the organization’s vision, mission, and goals.

Task
524

Develop and maintain strategic plans.

Task
629B

Identify and address AI workforce planning and management issues (e.g., recruitment, retention, and training).

Task
680B

Oversee AI budget, staffing, and contracting decisions.

Task
942

Knowledge of the organization’s core business/mission processes.

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
2416

Facilitate interactions between internal and external partner decision makers to synchronize and integrate courses of action in support of objectives.

Task
2558

Maintain relationships with internal and external partners involved in cyber planning or related areas.

Task
2624A

Conduct long-range, strategic planning efforts with internal and external partners to support AI capability development and use.

Task
3591

Knowledge of organization objectives, leadership priorities, and decision-making risks.

Knowledge
5843

Analyze national security/DoD mission priorities and gaps suitable for the application of AI solutions.

Task
5845

Appoint and guide a multidisciplinary team of AI experts to identify and assess risk throughout the AI development lifecycle.

Task
5849

Assess value of implemented AI projects based on organizational metrics.

Task
5862

Create and/or maintain governance structure for oversight and accountability of AI solutions.

Task
5879

Direct and/or support organizational and project-level AI risk management activities.

Task
5880

Engage and collaborate with allies and partners to advance shared strategic AI objectives.

Task
5882

Establish and/or maintain processes to ensure Responsible AI practices are reflected in an organization’s approach to AI acquisition, development, and deployment.

Task
5883

Evaluate and develop AI workforce structure resources and requirements.

Task
5887

Identify and address key roadblocks to AI implementation.

Task
5891

Identify viable AI projects based on organizational needs.

Task
5892

Identify ways to lead and motivate people to adopt AI solutions through cultural, organizational, or other types of change.

Task
5896

Maintain current knowledge of advancements in DoD AI Ethical Principles and Responsible AI.

Task
5909

Promote awareness of AI limitations and benefits.

Task
5913

Remove barriers to data acquisition, collection, and curation efforts required for AI solutions.

Task
6040

Ability to assess and forecast manpower requirements to meet organizational objectives.

Ability
6250

Knowledge of Workforce Framework, work roles, and associated tasks, knowledge, skills, and abilities.

Knowledge
6311

Knowledge of machine learning theory and principles.

Knowledge
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6915A

Skill in communicating with all levels of the organization, including senior/mid-level executives, and operational-level personnel (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience).

Skill
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge
7000

Ability to identify, connect, and influence key stakeholders to speed AI adoption.

Ability
7001

Ability to inspire and lead a culture of innovation.

Ability
7003

Knowledge of AI security risks, threats, and vulnerabilities and potential risk mitigation solutions.

Knowledge
7007

Knowledge of best practices in organizational conflict management.

Knowledge
7014

Knowledge of data acquisition, collection, and curation best practices required for AI solutions.

Knowledge
7020

Knowledge of DoD AI Ethical Principles (e.g., responsible, equitable, traceable, reliable, and governable).

Knowledge
7021

Knowledge of emerging trends and future use cases of AI.

Knowledge
7024

Knowledge of how AI is developed and operated.

Knowledge
7034

Knowledge of interactions and integration of DataOps, MLOps, and DevSecOps in AI.

Knowledge
7042

Knowledge of resources and capabilities required to complete AI projects.

Knowledge
7043

Knowledge of staffing, contracting, and budgetary requirements to run an AI-enabled organization.

Knowledge
7045

Knowledge of the AI lifecycle.

Knowledge
7046

Knowledge of the basic requirements for the successful delivery of AI solutions.

Knowledge
7048

Knowledge of the benefits and limitations of AI capabilities.

Knowledge
7050

Knowledge of the nature and function of technology platforms and tools used to create and employ AI.

Knowledge
7058

Skill in communicating AI and/or machine learning solutions to a wide range of audiences.

Skill
7061

Skill in developing and influencing policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational AI activities.

Skill
7065

Skill in explaining AI concepts and terminology.

Skill
7068

Skill in identifying organizational and project-level AI risks, including AI security risks and requirements.

Skill
7072

Skill in leading AI adoption efforts.

Skill
7073

Skill in leveraging and optimizing resources required to complete AI projects and programs.

Skill

Additional KSATs:
KSAT ID Description KSAT
3146

Knowledge of both internal and external customers and partner organizations, including information needs, objectives, structure, capabilities, etc.

Knowledge
3356

Knowledge of organization policies and planning concepts for partnering with internal and/or external organizations.

Knowledge
5330A

Establish and collect metrics to monitor and validate AI workforce readiness.

Task
5868

Define and/or implement policies and procedures to enable an AI risk assessment process and assess risk mitigation efforts.

Task
5902

Monitor and evaluate the organization’s use of AI to ensure capabilities are performing as intended and to reduce the likelihood and severity of unintended consequences.

Task
5912

Recommend updates to military strategy and doctrine with respect to advances in AI technology, legal obligations, Responsible AI, and DoD AI Ethical Principles.

Task
6290

Knowledge of how to leverage government research and development centers, think tanks, academic research, and industry systems.

Knowledge
7005

Knowledge of AI-specific acquisition models (e.g., pay per use or per data element).

Knowledge
7036

Knowledge of laws, regulations, and policies related to AI, data security/privacy, and use of publicly procured data for government.

Knowledge
7038

Knowledge of metrics to evaluate the effectiveness of machine learning models.

Knowledge
7039

Knowledge of organization’s structure, training requirements, and existing operational hardware/software related to the AI solution to be adopted.

Knowledge
7041

Knowledge of remedies against unintended bias in AI solutions.

Knowledge
7051

Knowledge of the possible impacts of machine learning blind spots and edge cases.

Knowledge

Educates those involved in the development of AI and conducts assessments on the technical and…

Workforce Element:
Data/AI

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
537A

Develop methods to monitor and measure risk and assurance efforts on a continuous basis.

Task
765B

Perform AI architecture security reviews, identify gaps, and develop a risk management plan to address issues.

Task
952

Knowledge of emerging security issues, risks, and vulnerabilities.

Knowledge
963A

Ensure risk mitigation plans of action and milestones are in place.

Task
1000B

Ensure that AI design and development activities are properly documented and updated.

Task
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
5854

Collaborate with appropriate personnel to address Personal Health Information (PHI), Personally Identifiable Information (PII), and other data privacy and data resusability concerns for AI solutions.

Task
5856

Communicate the results of AI risk assessments to relevant stakeholders.

Task
5860

Coordinate with appropriate personnel to identify methods for users and developers to report concerns about the implementation of DoD AI Ethical Principles.

Task
5863

Create and/or maintain processes to ensure data management efforts comply with AI ethical principles.

Task
5873

Determine methods and metrics for quantitative and qualitative measurement of AI risks so that sensitivity, specificity, likelihood, confidence levels, and other metrics are identified, documented, and applied.

Task
5878

Develop risk mitigation strategies to ensure enumerated risks are prioritized, mitigated, shared, transferred, and/or accepted.

TAsk
5879

Direct and/or support organizational and project-level AI risk management activities.

Task
5881

Ensure risk management responsibilities are clearly defined, assigned, and communicated to relevant stakeholders.

Task
5889

Identify and submit exemplary AI use cases, best practices, failure modes, and risk mitigation strategies, including after-action reports.

Task
5893

Implement Responsible AI best practices and standards within AI solutions according to the DoD AI Ethical Principles, Responsible AI Guidelines, and/or any other pertinent laws.

Task
5896

Maintain current knowledge of advancements in DoD AI Ethical Principles and Responsible AI.

Task
5900

Measure the compliance of AI tools with DoD AI Ethical Principles.

Task
5904

Perform risk assessment on AI applications to identify technical, societal, organizational, and mission risks.

Task
6311

Knowledge of machine learning theory and principles.

Knowledge
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge
7003

Knowledge of AI security risks, threats, and vulnerabilities and potential risk mitigation solutions.

Knowledge
7020

Knowledge of DoD AI Ethical Principles (e.g., responsible, equitable, traceable, reliable, and governable).

Knowledge
7021

Knowledge of emerging trends and future use cases of AI.

Knowledge
7024

Knowledge of how AI is developed and operated.

Knowledge
7034

Knowledge of interactions and integration of DataOps, MLOps, and DevSecOps in AI.

Knowledge
7036

Knowledge of laws, regulations, and policies related to AI, data security/privacy, and use of publicly procured data for government.

Knowledge
7038

Knowledge of metrics to evaluate the effectiveness of machine learning models.

Knowledge
7040

Knowledge of Personal Health Information (PHI), Personally Identifiable Information (PII), and other data privacy and data reusability considerations for AI solutions.

Knowledge
7041

Knowledge of remedies against unintended bias in AI solutions.

Knowledge
7045

Knowledge of the AI lifecycle.

Knowledge
7048

Knowledge of the benefits and limitations of AI capabilities.

Knowledge
7051

Knowledge of the possible impacts of machine learning blind spots and edge cases.

Knowledge
7052

Knowledge of the principles, methods, and tools used for risk and bias assessment and mitigation, including assessment of failures and their consequences.

Knowledge
7056

Skill in assessing AI capabilities for bias or ethical concerns.

Skill
7064

Skill in developing solutions and/or recommendations to minimize negative impacts of machine learning, especially for edge cases.

Skill
7065

Skill in explaining AI concepts and terminology.

Skill
7067

Skill in identifying low-probability, high-impact risks in machine learning training data sets.

Skill
7068

Skill in identifying organizational and project-level AI risks, including AI security risks and requirements.

Skill
7069

Skill in identifying risk over the lifespan of an AI solution.

Skill
7075

Skill in testing and evaluating machine learning algorithms or AI solutions.

Skill

Additional KSATs:
KSAT ID Description KSAT
5905

Perform risk assessment whenever an AI application or AI-enabled system undergoes a major change, when emergent behaviors are detected, and/or unintended consequences are reported.

Task
7044

Knowledge of testing, evaluation, validation, and verification (T&E V&V) tools and procedures to ensure systems are working as intended.

Knowledge
942

Knowledge of the organization’s core business/mission processes.

Knowledge

Performs testing, evaluation, verification, and validation on AI solutions to ensure they are developed to…

Workforce Element:
Data/AI

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
182

Skill in determining an appropriate level of test rigor for a given system.

Skill
508

Determine level of assurance of developed capabilities based on test results.

Task
550

Develop test plans to address specifications and requirements.

Task
694

Make recommendations based on test results.

Task
858A

Test, evaluate, and verify hardware and/or software to determine compliance with defined specifications and requirements.

Task
858B

Record and manage test data.

Task
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
5120

Conduct hypothesis testing using statistical processes.

Task
5848

Assess technical risks and limitations of planned tests on AI systems.

Task
5851

Build assurance cases for AI systems that support the needs of different stakeholders (e.g., acquisition community, commanders, and operators).

Task
5858

Conduct AI risk assessments to ensure models and/or other solutions are performing as designed.

Task
5866

Create or customize existing Test and Evaluation Master Plans (TEMPs) for AI systems.

Task
5873

Determine methods and metrics for quantitative and qualitative measurement of AI risks so that sensitivity, specificity, likelihood, confidence levels, and other metrics are identified, documented, and applied.

Task
5876

Develop machine learning code testing and validation procedures.

Task
5877

Develop possible solutions for technical risks and limitations of planned tests on AI solutions.

Task
5896

Maintain current knowledge of advancements in DoD AI Ethical Principles and Responsible AI.

Task
5901

Measure the effectiveness, security, robustness, and trustworthiness of AI tools.

Task
5910

Provide quality assurance of AI products throughout their lifecycle.

Task
5914

Report test and evaluation deficiencies and possible solutions to appropriate personnel.

Task
5916

Select and use the appropriate models and prediction methods for evaluating AI performance.

Task
5919

Test AI tools against adversarial attacks in operationally realistic environments.

Task
5920

Test components to ensure they work as intended in a variety of scenarios for all aspects of the AI application.

Task
5921

Test how users interact with AI solutions.

Task
5922

Test the reliability, functionality, security, and compatibility of AI tools within systems.

Task
5923

Test the trustworthiness of AI solutions.

Task
5926

Use models and other methods for evaluating AI performance.

Task
6060

Ability to collect, verify, and validate test data.

Ability
6170

Ability to translate data and test results into evaluative conclusions.

Ability
6311

Knowledge of machine learning theory and principles.

Knowledge
6490

Skill in assessing the predictive power and subsequent generalizability of a model.

Skill
6630

Skill in preparing Test & Evaluation reports.

Skill
6641

Skill in providing Test & Evaluation resource estimate.

Skill
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge
7003

Knowledge of AI security risks, threats, and vulnerabilities and potential risk mitigation solutions.

Knowledge
7004

Knowledge of AI Test & Evaluation frameworks.

Knowledge
7006

Knowledge of best practices from industry and academia in test design activities for verification and validation of AI and machine learning systems.

Knowledge
7009

Knowledge of coding and scripting in languages that support AI development and use.

Knowledge
7020

Knowledge of DoD AI Ethical Principles (e.g., responsible, equitable, traceable, reliable, and governable).

Knowledge
7024

Knowledge of how AI is developed and operated.

Knowledge
7025

Knowledge of how AI solutions integrate with cloud or other IT infrastructure.

Knowledge
7028

Knowledge of how to automate development, testing, security, and deployment of AI/machine learning-enabled software to the DoD.

Knowledge
7029

Knowledge of how to collect, store, and monitor data.

Knowledge
7030

Knowledge of how to deploy test infrastructures with AI systems.

Knowledge
7034

Knowledge of interactions and integration of DataOps, MLOps, and DevSecOps in AI.

Knowledge
7036

Knowledge of laws, regulations, and policies related to AI, data security/privacy, and use of publicly procured data for government.

Knowledge
7037

Knowledge of machine learning operations (MLOps) processes and best practices.

Knowledge
7038

Knowledge of metrics to evaluate the effectiveness of machine learning models.

Knowledge
7041

Knowledge of remedies against unintended bias in AI solutions.

Knowledge
7044

Knowledge of testing, evaluation, validation, and verification (T&E V&V) tools and procedures to ensure systems are working as intended.

Knowledge
7045

Knowledge of the AI lifecycle.

Knowledge
7048

Knowledge of the benefits and limitations of AI capabilities.

Knowledge
7051

Knowledge of the possible impacts of machine learning blind spots and edge cases.

Knowledge
7053

Knowledge of the user experience (e.g., decision making, user design, and human-computer interaction) as it relates to AI systems.

Knowledge
7054

Knowledge of tools for testing the robustness and resilience of AI products and solutions.

Knowledge
7065

Skill in explaining AI concepts and terminology.

Skill
7067

Skill in identifying low-probability, high-impact risks in machine learning training data sets.

Skill
7069

Skill in identifying risk over the lifespan of an AI solution.

Skill
7070

Skill in integrating AI Test & Evaluation frameworks into test strategies for specific projects.

Skill
7075

Skill in testing and evaluating machine learning algorithms or AI solutions.

Skill
7076

Skill in testing for bias in data sets and AI system outputs as well as determining historically or often underrepresented and marginalized groups are properly represented in the training, testing, and validation data sets and AI system outputs.

Skill
7077

Skill in translating operation requirements for AI systems into testing requirements.

Skill

Additional KSATs:
KSAT ID Description KSAT
1133

Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).

Knowledge
40

Knowledge of organization’s evaluation and validation requirements.

Knowledge
5850

Assist integrated project teams to identify, curate, and manage data.

Task
5889

Identify and submit exemplary AI use cases, best practices, failure modes, and risk mitigation strategies, including after-action reports.

Task
7012

Knowledge of current test standards and safety standards that are applicable to AI (e.g. MIL-STD 882E, DO-178C, ISO26262).

Knowledge
7040

Knowledge of Personal Health Information (PHI), Personally Identifiable Information (PII), and other data privacy and data reusability considerations for AI solutions.

Knowledge
765B

Perform AI architecture security reviews, identify gaps, and develop a risk management plan to address issues.

Task
942

Knowledge of the organization’s core business/mission processes.

Knowledge

Designs, develops, and modifies AI applications, tools, and/or other solutions to enable successful accomplishment of…

Workforce Element:
Data/AI

Core KSATs:
KSAT ID Description KSAT
21

Knowledge of computer algorithms.

Knowledge
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
75A

Knowledge of mathematics, including logarithms, trigonometry, linear algebra, calculus, statistics, and operational analysis.

Knowledge
102

Knowledge of programming language structures and logic.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
166

Skill in conducting queries and developing algorithms to analyze data structures.

Skill
477

Correct errors by making appropriate changes and rechecking the program to ensure desired results are produced.

Task
506

Design, develop, and modify software systems, using scientific analysis and mathematical models to predict and measure outcome and consequences of design.

Task
543

Develop secure code and error handling.

Task
764

Perform secure programming and identify potential flaws in codes to mitigate vulnerabilities.

Task
1000B

Ensure that AI design and development activities are properly documented and updated.

Task
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
5120

Conduct hypothesis testing using statistical processes.

Task
5847

Assess and address the limitations of methods to deliver machine learning models.

Task
5858

Conduct AI risk assessments to ensure models and/or other solutions are performing as designed.

Task
5871

Design and develop machine learning models to achieve organizational objectives.

Task
5872

Design, develop, and implement AI tools and techniques to achieve organizational objectives.

Task
5873

Determine methods and metrics for quantitative and qualitative measurement of AI risks so that sensitivity, specificity, likelihood, confidence levels, and other metrics are identified, documented, and applied.

Task
5896

Maintain current knowledge of advancements in DoD AI Ethical Principles and Responsible AI.

Task
5915

Research the latest machine learning and AI tools, techniques, and best practices.

Task
5926

Use models and other methods for evaluating AI performance.

Task
5927

Write and document reproducible code.

Task
6060

Ability to collect, verify, and validate test data.

Ability
6311

Knowledge of machine learning theory and principles.

Knowledge
6760

Skill in writing scripts using R, Python, PIG, HIVE, SQL, etc.

Skill
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge
7009

Knowledge of coding and scripting in languages that support AI development and use.

Knowledge
7011

Knowledge of current AI and machine learning systems design and performance analysis models, algorithms, and tools.

Knowledge
7020

Knowledge of DoD AI Ethical Principles (e.g., responsible, equitable, traceable, reliable, and governable).

Knowledge
7024

Knowledge of how AI is developed and operated.

Knowledge
7028

Knowledge of how to automate development, testing, security, and deployment of AI/machine learning-enabled software to the DoD.

Knowledge
7029

Knowledge of how to collect, store, and monitor data.

Knowledge
7031

Knowledge of how to structure and display data.

Knowledge
7032

Knowledge of how to use data to tell a story.

Knowledge
7037

Knowledge of machine learning operations (MLOps) processes and best practices.

Knowledge
7038

Knowledge of metrics to evaluate the effectiveness of machine learning models.

Knowledge
7045

Knowledge of the AI lifecycle.

Knowledge
7046

Knowledge of the basic requirements for the successful delivery of AI solutions.

Knowledge
7048

Knowledge of the benefits and limitations of AI capabilities.

Knowledge
7049

Knowledge of the latest machine learning and AI tools, techniques, and best practices.

Knowledge
7050

Knowledge of the nature and function of technology platforms and tools used to create and employ AI.

Knowledge
7051

Knowledge of the possible impacts of machine learning blind spots and edge cases.

Knowledge
7055

Skill in analyzing the output from machine learning models.

Skill
7057

Skill in building and deploying machine learning models.

Skill
7059

Skill in creating machine learning models.

Skill
7065

Skill in explaining AI concepts and terminology.

Skill
7067

Skill in identifying low-probability, high-impact risks in machine learning training data sets.

Skill
7075

Skill in testing and evaluating machine learning algorithms or AI solutions.

Skill

Additional KSATs:
KSAT ID Description KSAT
5854

Collaborate with appropriate personnel to address Personal Health Information (PHI), Personally Identifiable Information (PII), and other data privacy and data resusability concerns for AI solutions.

Task
5859

Consider energy implications (graphical processing unit, tensor processing unit, etc.) when designing AI solutions.

Task
5870

Design and develop continuous integration/continuous delivery (CI/CD) in a containerized or other reproducible computing environment to support the machine learning life cycle.

Task
5889

Identify and submit exemplary AI use cases, best practices, failure modes, and risk mitigation strategies, including after-action reports.

Task
5893

Implement Responsible AI best practices and standards within AI solutions according to the DoD AI Ethical Principles, Responsible AI Guidelines, and/or any other pertinent laws.

Task
5925

Use knowledge of business processes to create or recommend AI solutions.

Task
6290

Knowledge of how to leverage government research and development centers, think tanks, academic research, and industry systems.

Knowledge
7003

Knowledge of AI security risks, threats, and vulnerabilities and potential risk mitigation solutions.

Knowledge
7021

Knowledge of emerging trends and future use cases of AI.

Knowledge
7022

Knowledge of how AI adoption can assist developers with service-oriented design.

Knowledge
7025

Knowledge of how AI solutions integrate with cloud or other IT infrastructure.

Knowledge
7026

Knowledge of how commercial and federal solutions solve Defense-related data environment and platform challenges.

Knowledge
7036

Knowledge of laws, regulations, and policies related to AI, data security/privacy, and use of publicly procured data for government.

Knowledge
7040

Knowledge of Personal Health Information (PHI), Personally Identifiable Information (PII), and other data privacy and data reusability considerations for AI solutions.

Knowledge
7041

Knowledge of remedies against unintended bias in AI solutions.

Knowledge
7044

Knowledge of testing, evaluation, validation, and verification (T&E V&V) tools and procedures to ensure systems are working as intended.

Knowledge
7069

Skill in identifying risk over the lifespan of an AI solution.

Skill
7071

Skill in labeling data to make it more discoverable and understandable.

Skill
942

Knowledge of the organization’s core business/mission processes.

Knowledge

Analyzes data/information from one or multiple sources to conduct preparation of the environment, respond to…

Workforce Element:
Intelligence (Cyberspace)

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
87

Knowledge of network traffic analysis methods.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
264

Knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
2028

Answer requests for information.

Task
2060A

Maintain a common intelligence picture.

Task
2075

Brief threat and/or target current situations.

Task
2115

Conduct in-depth research and analysis.

Task
2429

Generate requests for information.

Task
2434

Identify threat tactics, and methodologies.

Task
2603

Monitor operational environment and report on adversarial activities which fulfill leadership’s priority information requirements.

Task
2771

Provide timely notice of imminent or hostile intentions or activities which may impact organization objectives, resources, or capabilities.

Task
3001

Ability to accurately and completely source all data used in intelligence, assessment and/or planning products.

Ability
3002

Ability to focus research efforts to meet the customer’s decision-making needs.

Ability
3019

Ability to clearly articulate intelligence requirements into well-formulated research questions and data tracking variables for inquiry tracking purposes.

Ability
3022

Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

Ability
3041

Ability to effectively collaborate via virtual teams.

Ability
3042

Ability to evaluate information for reliability, validity, and relevance.

Ability
3043

Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products.

Ability
3047

Ability to function effectively in a dynamic, fast-paced environment.

Ability
3048

Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—in order to leverage analytical and technical expertise.

Ability
3052

Ability to identify intelligence gaps.

Ability
3073

Ability to recognize and mitigate cognitive biases which may affect analysis.

Ability
3077

Ability to think critically.

Ability
3081

Ability to utilize multiple intelligence sources across all intelligence disciplines.

Ability
3106

Knowledge of a wide range of basic communications media concepts and terminology (e.g., computer and telephone networks, satellite, cable, wireless).

Knowledge
3107

Knowledge of a wide range of concepts associated with websites (e.g., website types, administration, functions, software systems, etc.).

Knowledge
3129

Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.).

Knowledge
3137

Knowledge of basic malicious activity concepts (e.g., foot printing, scanning and enumeration).

Knowledge
3154

Knowledge of classification and control markings standards, policies and procedures.

Knowledge
3177

Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.).

Knowledge
3188

Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.).

Knowledge
3262

Knowledge of evolving/emerging communications technologies.

Knowledge
3274

Knowledge of fundamental cyber operations concepts, terminology/lexicon (i.e., environment preparation, cyber attack, cyber defense), principles, capabilities, limitations, and effects.

Knowledge
3292

Knowledge of how modern digital and telephony networks impact cyber operations.

Knowledge
3293

Knowledge of how modern wireless communications systems impact cyber operations.

Knowledge
3298

Knowledge of how to extract, analyze, and use metadata.

Knowledge
3335

Knowledge of intelligence disciplines.

Knowledge
3342

Knowledge of intelligence support to planning, execution, and assessment.

Knowledge
3374

Knowledge of malware.

Knowledge
3431

Knowledge of OSI model and underlying network protocols (e.g., TCP/IP).

Knowledge
3441

Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.

Knowledge
3539

Knowledge of telecommunications fundamentals.

Knowledge
3543

Knowledge of the basic structure, architecture, and design of modern communication networks.

Knowledge
3545

Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).

Knowledge
3561

Knowledge of the common networking and routing protocols(e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.

Knowledge
3582

Knowledge of the intelligence frameworks, processes, and related systems.

Knowledge
3584

Knowledge of intelligence preparation of the environment and similar processes.

Knowledge
3630

Knowledge of the ways in which targets or threats use the Internet.

Knowledge
3651

Knowledge of what constitutes a “threat” to a network.

Knowledge
3659

Knowledge of wireless technologies (e.g., cellular, satellite, GSM) to include the basic structure, architecture, and design of modern wireless communications systems.

Knowledge
3772

Skill in evaluating information for reliability, validity, and relevance.

Skill
3794

Skill in identifying cyber threats which may jeopardize organization and/or partner interests.

Skill
3844

Skill in preparing and presenting briefings.

Skill
3851

Skill in providing understanding of target or threat systems through the identification and link analysis of physical, functional, or behavioral relationships.

Skill
3876

Skill in writing, reviewing and editing cyber-related Intelligence/assessment products from multiple sources.

Skill
3910

Skill in using Boolean operators to construct simple and complex queries.

Skill
3920

Skill in using multiple analytic tools, databases, and techniques (e.g., Analyst’s Notebook, A-Space, Anchory, M3, divergent/convergent thinking, link charts, matrices, etc.).

Skill
3921

Skill in using multiple search engines (e.g., Google, Yahoo, LexisNexis, DataStar) and tools in conducting open-source searches.

Skill
3938

Skill in utilizing feedback in order to improve processes, products, and services.

Skill
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge

Additional KSATs:
KSAT ID Description KSAT
2059

Provide expertise to course of action development.

Task
2060

Provide subject matter expertise to the development of a common operational picture.

Task
2061

Provide subject matter expertise to the development of cyber operations specific indicators.

Task
2063

Assist in the coordination, validation, and management of all-source collection requirements, plans, and/or activities.

Task
2068

Assist in the identification of intelligence collection shortfalls.

Task
2087

Collaborate with intelligence analysts/targeting organizations involved in related areas.

Task
2121

Conduct nodal analysis.

Task
2195

Maintain awareness of internal and external cyber organization structures, strengths, and employments of staffing and technology.

Task
2288

Develop information requirements necessary for answering priority information requests.

Task
2356

Engage customers to understand customers’ intelligence needs and wants.

Task
2379

Evaluate threat decision-making processes.

Task
2379A

Identify threat vulnerabilities.

Task
2379B

Identify threats to Blue Force vulnerabilities.

Task
2441

Identify and evaluate threat critical capabilities, requirements, and vulnerabilities.

Task
2446

Identify and submit intelligence requirements for the purposes of designating priority information requirements.

Task
2459

Identify intelligence gaps and shortfalls.

Task
2593

Monitor and report changes in threat dispositions, activities, tactics, capabilities, objectives, etc. as related to designated cyber operations warning problem sets.

Task
2594

Monitor and report on validated threat activities.

Task
2602

Monitor open source websites for hostile content directed towards organizational or partner interests.

Task
2617

Produce timely, fused, all-source cyber operations intelligence and/or indications and warnings intelligence products (e.g., threat assessments, briefings, intelligence studies, country studies).

Task
2621

Provide SME and support to planning/developmental forums and working groups as appropriate.

Task
2685A

Provide subject matter expertise to website characterizations.

Task
2730

Provide analyses and support for effectiveness assessment.

Task
2735

Provide current intelligence support to critical internal/external stakeholders as appropriate.

Task
2738

Provide evaluation and feedback necessary for improving intelligence production, intelligence reporting, collection requirements, and operations.

Task
2745

Provide information and assessments for the purposes of informing leadership and customers; developing and refining objectives; supporting operation planning and execution; and assessing the effects of operations.

Task
2747

Provide input and assist in post-action effectiveness assessments.

Task
2748

Provide input and assist in the development of plans and guidance.

Task
2754

Provide intelligence analysis and support to designated exercises, planning activities, and time sensitive operations.

Task
2767

Provide target recommendations which meet leadership objectives.

Task
2789

Report intelligence-derived significant network events and intrusions.

Task
2881

Work closely with planners, intelligence analysts, and collection managers to ensure intelligence requirements and collection plans are accurate and up-to-date.

Task
3039

Ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.

Ability
3044

Ability to exercise judgment when policies are not well-defined.

Ability
3074

Ability to recognize and mitigate deception in reporting and analysis.

Ability
3078A

Ability to think like threat actors.

Ability
3079

Ability to understand objectives and effects.

Ability
3095

Knowledge of internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering).

Knowledge
3098

Knowledge of virtualization products (Vmware, Virtual PC).

Knowledge
3205

Knowledge of current computer-based intrusion sets.

Knowledge
3210

Knowledge of cyber laws and their effect on Cyber planning.

Knowledge
3253

Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP).

Knowledge
3271

Knowledge of internal and external partner cyber operations capabilities and tools.

Knowledge
3277

Knowledge of general SCADA system components.

Knowledge
3286

Knowledge of host-based security products and how they affect exploitation and vulnerability.

Knowledge
3291

Knowledge of how internet applications work (SMTP email, web-based email, chat clients, VOIP).

Knowledge
3334

Knowledge of intelligence confidence levels.

Knowledge
3343

Knowledge of cyber intelligence/information collection capabilities and repositories.

Knowledge
3358

Knowledge of organizational hierarchy and cyber decision making processes.

Knowledge
3419

Knowledge of organization or partner exploitation of digital networks.

Knowledge
3446

Knowledge of analytical constructs and their use in assessing the operational environment.

Knowledge
3460

Knowledge of internal tactics to anticipate and/or emulate threat capabilities and actions.

Knowledge
3504

Knowledge of threat and/or target systems.

Knowledge
3527

Knowledge of target development (i.e., concepts, roles, responsibilities, products, etc.).

Knowledge
3528

Knowledge of specific target identifiers, and their usage.

Knowledge
3533

Knowledge of target vetting and validation procedures.

Knowledge
3587

Knowledge of targeting cycles.

Knowledge
3615

Knowledge of the structure and intent of organization specific plans, guidance and authorizations.

Knowledge
3691

Skill in assessing and/or estimating effects generated during and after cyber operations.

Skill
3704

Skill in conducting non-attributable research.

Skill
3724

Skill in defining and characterizing all pertinent aspects of the operational environment.

Skill
3756

Skill in developing or recommending analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.

Skill
3788

Skill in identifying alternative analytical interpretations in order to minimize unanticipated outcomes.

Skill
3893

Skill in tailoring analysis to the necessary levels (e.g., classification and organizational).

Skill
3946

Skill in utilizing virtual collaborative workspaces and/or tools (e.g., IWS, VTCs, chat rooms, SharePoint).

Skill
3953A

Skill in providing analysis to aid writing phased after action reports.

Skill
52

Knowledge of human-computer interaction principles.

Knowledge

Identifies collection authorities and environment; incorporates priority information requirements into collection management; develops concepts to…

Workforce Element:
Intelligence (Cyberspace)

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
2005

Adjust collection operations or collection plan to address identified issues/challenges and to synchronize collections with overall operational requirements.

Task
2015

Analyze feedback to determine extent to which collection products and services are meeting requirements.

Task
2021

Analyze plans, directives, guidance and policy for factors that would influence collection management’s operational structure and requirement s (e.g., duration, scope, communication requirements, interagency/international agreements).

Task
2035

Assess and apply operational environment factors and risks to collection management process.

Task
2096A

Compare allocated and available assets to collection demand as expressed through requirements.

Task
2165

Coordinate resource allocation of collection assets against prioritized collection requirements with collection discipline leads.

Task
2235

Determine how identified factors affect the tasking, collection, processing, exploitation and dissemination architecture’s form and function.

Task
2245

Develop a method for comparing collection reports to outstanding requirements to identify information gaps.

Task
2290

Allocate collection assets based on leadership’s guidance, priorities, and/or operational emphasis.

Task
2376

Establish processing, exploitation and dissemination management activity using approved guidance and/or procedures.

Task
2421

Formulate collection strategies based on knowledge of available intelligence discipline capabilities and gathering methods that align multi-discipline collection capabilities and accesses with targets and their observables.

Task
2451

Identify collaboration forums that can serve as mechanisms for coordinating processes, functions, and outputs with specified organizations and functional groups.

Task
2613

Optimize mix of collection assets and resources to increase effectiveness and efficiency against essential information associated with priority intelligence requirements.

Task
2705

Prioritize collection requirements for collection platforms based on platform capabilities.

Task
3010

Ability to apply collaborative skills and strategies.

Ability
3011

Ability to apply critical reading/thinking skills.

Ability
3102

Knowledge of operational planning processes.

Knowledge
3127

Knowledge of asset availability, capabilities and limitations.

Knowledge
3128

Knowledge of tasking mechanisms.

Knowledge
3148

Knowledge of collection capabilities and limitations.

Knowledge
3160

Knowledge of collaborative tools and environments.

Knowledge
3195

Knowledge of criteria for evaluating collection products.

Knowledge
3204

Knowledge of current collection requirements.

Knowledge
3297

Knowledge of how to establish priorities for resources.

Knowledge
3380

Knowledge of methods for ascertaining collection asset posture and availability.

Knowledge
3436

Knowledge of production exploitation and dissemination needs and architectures.

Knowledge
3464

Knowledge of research strategies and knowledge management.

Knowledge
3575

Knowledge of the factors of threat that could impact collection operations.

Knowledge
3619

Knowledge of the systems/architecture/communications used for coordination.

Knowledge
3663

Knowledge of tasking, collection, processing, exploitation and dissemination.

Knowledge
3974

Skill to apply the capabilities, limitations and tasking methodologies of available platforms, sensors, architectures and apparatus as they apply to organization objectives.

Skill
3991

Ability to coordinate and collaborate with analysts regarding surveillance requirements and essential information development.

Ability
3994

Ability to coordinate, collaborate and disseminate information to subordinate, lateral and higher-level organizations.

Ability
4002

Skill to determine feasibility of collection.

Skill
4004

Skill to develop a collection plan that clearly shows the discipline that can be used to collect the information needed.

Skill
4012

Skill to ensure that the collection strategy leverages all available resources.

Skill
4014

Skill to evaluate factors of the operational environment to objectives, and information requirements.

Skill
4019

Skill to extract information from available tools and applications associated with collection requirements and collection operations management.

Skill
4024

Skill to identify and apply tasking, collection, processing, exploitation and dissemination to associated collection disciplines.

Skill
4026

Skill in information prioritization as it relates to operations.

Skill
4033

Skill to interpret readiness reporting, its operational relevance and intelligence collection impact.

Skill
4049

Skill to prepare and deliver reports, presentations and briefings, to include using visual aids or presentation technology.

Skill
4056

Skill to review performance specifications and historical information about collection assets.

Skill
4066

Skill to use collaborative tools and environments.

Skill
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge

Additional KSATs:
KSAT ID Description KSAT
2051

Assess performance of collection assets against prescribed specifications.

Task
2098

Compile lessons learned from collection management activity’s execution of organization collection objectives.

Task
2147

Consider efficiency and effectiveness of collection assets and resources if/when applied against priority information requirements.

Task
2153

Construct collection plans and matrixes using established guidance and procedures.

Task
2167

Coordinate inclusion of collection plan in appropriate documentation.

Task
2172

Re-task or re-direct collection assets and resources.

Task
2232

Determine course of action for addressing changes to objectives, guidance, and operational environment.

Task
2233

Determine existing collection management webpage databases, libraries and storehouses.

Task
2239

Determine organizations and/or echelons with collection authority over all accessible collection assets.

Task
2271

Develop coordinating instructions by collection discipline for each phase of an operation.

Task
2342

Disseminate tasking messages and collection plans.

Task
2373

Establish alternative processing, exploitation and dissemination pathways to address identified issues or problems.

Task
2414

Facilitate continuously updated intelligence, surveillance, and visualization input to common operational picture managers.

Task
2456

Identify coordination requirements and procedures with designated collection authorities.

Task
2464

Identify issues or problems that can disrupt and/or degrade processing, exploitation and dissemination architecture effectiveness.

Task
2475

Identify potential collection disciplines for application against priority information requirements.

Task
2479

Identify and mitigate risks to collection management ability to support the plan, operations and target cycle.

Task
2529

Issue requests for information.

Task
2538

Link priority collection requirements to optimal assets and resources.

Task
2597

Monitor completion of reallocated collection efforts.

Task
2604

Monitor operational status and effectiveness of the processing, exploitation and dissemination architecture.

Task
2609

Monitor the operational environment for potential factors and risks to the collection operation management process.

Task
2726

Provide advice/assistance to operations and intelligence decision makers with reassignment of collection assets and resources in response to dynamic operational situations.

Task
2793

Request discipline-specific processing, exploitation, and disseminate information collected using discipline’s collection assets and resources in accordance with approved guidance and/or procedures.

Task
2807

Review capabilities of allocated collection assets.

Task
2809

Review intelligence collection guidance for accuracy/applicability.

Task
2810

Review list of prioritized collection requirements and essential information.

Task
2812

Review and update overarching collection plan, as required.

Task
2817

Revise collection matrix based on availability of optimal assets and resources.

Task
2828

Specify changes to collection plan and/or operational environment that necessitate re-tasking or re-directing of collection assets and resources.

Task
2829

Specify discipline-specific collections and/or taskings that must be executed in the near term.

Task
2845

Synchronize the integrated employment of all available organic and partner intelligence collection assets using available collaboration capabilities and techniques.

Task
3092

Knowledge of database administration and maintenance.

Knowledge
3095

Knowledge of internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering).

Knowledge
3098

Knowledge of virtualization products (Vmware, Virtual PC).

Knowledge
3116

Knowledge of all possible circumstances that would result in changing collection management authorities.

Knowledge
3131

Knowledge of available databases and tools necessary to assess appropriate collection tasking.

Knowledge
3135

Knowledge of basic computer components and architectures, including the functions of various peripherals.

Knowledge
3137

Knowledge of basic malicious activity concepts (e.g., foot printing, scanning and enumeration).

Knowledge
3156

Knowledge of collection management tools.

Knowledge
3162

Knowledge of collection capabilities, accesses, performance specifications, and constraints utilized to satisfy collection plan.

Knowledge
3165

Knowledge of collection planning process and collection plan.

Knowledge
3175

Knowledge of leadership’s Intent and objectives.

Knowledge
3177

Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.).

Knowledge
3188

Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.).

Knowledge
3205

Knowledge of current computer-based intrusion sets.

Knowledge
3217

Knowledge of cyber lexicon/terminology

Knowledge
3225

Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).

Knowledge
3253

Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP).

Knowledge
3275

Knowledge of fundamental cyber concepts, principles, limitations, and effects.

Knowledge
3286

Knowledge of host-based security products and how they affect exploitation and vulnerability.

Knowledge
3291

Knowledge of how internet applications work (SMTP email, web-based email, chat clients, VOIP).

Knowledge
3292

Knowledge of how modern digital and telephony networks impact cyber operations.

Knowledge
3293

Knowledge of how modern wireless communications systems impact cyber operations.

Knowledge
3298

Knowledge of how to extract, analyze, and use metadata.

Knowledge
3322

Knowledge of indications and warning.

Knowledge
3325

Knowledge of information needs.

Knowledge
3332

Knowledge of tasking processes for organic and subordinate collection assets.

Knowledge
3361

Knowledge of key cyber threat actors and their equities.

Knowledge
3362A

Knowledge of key factors of the operational environment and related threats and vulnerabilities.

Knowledge
3374

Knowledge of malware.

Knowledge
3389

Knowledge of organization objectives and associated demand on collection management.

Knowledge
3417

Knowledge of non-traditional collection methodologies.

Knowledge
3420

Knowledge of ongoing and future operations.

Knowledge
3424

Knowledge of operational asset constraints.

Knowledge
3428

Knowledge of organization formats of resource and asset readiness reporting, its operational relevance and intelligence collection impact.

Knowledge
3430

Knowledge of organizational priorities, legal authorities and requirements submission processes.

Knowledge
3441

Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.

Knowledge
3470

Knowledge of risk management and mitigation strategies.

Knowledge
3541

Knowledge of the available tools and applications associated with collection requirements and collection management.

Knowledge
3543

Knowledge of the basic structure, architecture, and design of modern communication networks.

Knowledge
3545

Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).

Knowledge
3549

Knowledge of the capabilities and limitations of new and emerging collection capabilities, accesses and/or processes.

Knowledge
3552

Knowledge of the capabilities, limitations and tasking methodologies of internal and external collections as they apply to planned cyber activities.

Knowledge
3557

Knowledge of collection strategies.

Knowledge
3558

Knowledge of the priority information requirements from subordinate, lateral and higher levels of the organization.

Knowledge
3561

Knowledge of the common networking and routing protocols(e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.

Knowledge
3574

Knowledge of the existent tasking, collection, processing, exploitation and dissemination architecture.

Knowledge
3595

Knowledge of the organization, roles and responsibilities of higher, lower and adjacent sub-elements.

Knowledge
3598

Knowledge of the organizational plans/directives/guidance that describe objectives.

Knowledge
3599

Knowledge of the organizational policies/procedures for temporary transfer of collection authority.

Knowledge
3602

Knowledge of the POC’s, databases, tools and applications necessary to establish environment preparation and surveillance products.

Knowledge
3624

Knowledge of different organization objectives at all levels, including subordinate, lateral and higher.

Knowledge
3625

Knowledge of the organization’s established format for collection plan.

Knowledge
3626

Knowledge of the organization’s planning, operations and targeting cycles.

Knowledge
3631

Knowledge of internal and external partner organization capabilities and limitations (those with tasking, collection, processing, exploitation and dissemination responsibilities).

Knowledge
3633

Knowledge of tipping, cueing, mixing, and redundancy.

Knowledge
3650

Knowledge of priority information, how it is derived, where it is published, how to access, etc.

Knowledge
3651

Knowledge of what constitutes a “threat” to a network.

Knowledge
3654

Knowledge of who the organization’s operational planners are, how and where they can be contacted, and what are their expectations.

Knowledge
3957

Skill to access information on current assets available, usage.

Skill
3960

Skill to access the databases where plans/directives/guidance are maintained.

Skill
3977

Skill to articulate a needs statement/requirement and integrate new and emerging collection capabilities, accesses and/or processes into collection operations.

Skill
3985

Skill to associate Intelligence gaps to priority information requirements and observables.

Skill
3986

Skill to compare and contrast indicators/observables with requirements.

Skill
3995

Ability to correctly employ each organization or element into the collection plan and matrix.

Ability
4016

Skill to evaluate the capabilities, limitations and tasking methodologies of organic, theater, national, coalition and other collection capabilities.

Skill
4025

Skill to identify Intelligence gaps.

Skill
4027

Skill to identify when priority information requirements are satisfied.

Skill
4029

Skill to translate the capabilities, limitations and tasking methodologies of organic, theater, national, coalition and other collection capabilities.

Skill
4044

Skill to optimize collection system performance through repeated adjustment, testing, and re-adjustment.

Skill
4113

Knowledge of the request for information process.

Knowledge
52

Knowledge of human-computer interaction principles.

Knowledge
87

Knowledge of network traffic analysis methods.

Knowledge

Evaluates collection operations and develops effects-based collection requirements strategies using available sources and methods to…

Workforce Element:
Intelligence (Cyberspace)

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
2015

Analyze feedback to determine extent to which collection products and services are meeting requirements.

Task
2017

Analyze incoming collection requests.

Task
2021

Analyze plans, directives, guidance and policy for factors that would influence collection management’s operational structure and requirement s (e.g., duration, scope, communication requirements, interagency/international agreements).

Task
2053

Assess the effectiveness of collections in satisfying priority information gaps, using available capabilities and methods, and then adjust collection strategies and collection requirements accordingly.

Task
2093

Collaborate with customer to define information requirements.

Task
2245

Develop a method for comparing collection reports to outstanding requirements to identify information gaps.

Task
2375

Validate the link between collection requests and critical information requirements and priority intelligence requirements of leadership.

Task
2398

Evaluate the effectiveness of collection operations against the collection plan.

Task
2857

Translate collection requests into applicable discipline-specific collection requirements.

Task
3010

Ability to apply collaborative skills and strategies.

Ability
3011

Ability to apply critical reading/thinking skills.

Ability
3102

Knowledge of operational planning processes.

Knowledge
3380

Knowledge of methods for ascertaining collection asset posture and availability.

Knowledge
3557

Knowledge of collection strategies.

Knowledge
4024

Skill to identify and apply tasking, collection, processing, exploitation and dissemination to associated collection disciplines.

Skill
4066

Skill to use collaborative tools and environments.

Skill
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge

Additional KSATs:
KSAT ID Description KSAT
2046

Assess efficiency of existing information exchange and management systems.

Task
2051

Assess performance of collection assets against prescribed specifications.

Task
2082

Close requests for information once satisfied.

Task
2098

Compile lessons learned from collection management activity’s execution of organization collection objectives.

Task
2111

Conduct formal and informal coordination of collection requirements in accordance with established guidelines and procedures.

Task
2311

Develop procedures for providing feedback to collection managers, asset managers, and processing, exploitation and dissemination centers.

Task
2341

Disseminate reports to inform decision makers on collection issues.

Task
2347

Conduct and document an assessment of the collection results using established procedures.

Task
2384

Evaluate extent to which collected information and/or produced intelligence satisfy information requests.

Task
2397

Evaluate extent to which collection operations are synchronized with operational requirements.

Task
2451

Identify collaboration forums that can serve as mechanisms for coordinating processes, functions, and outputs with specified organizations and functional groups.

Task
2479

Identify and mitigate risks to collection management ability to support the plan, operations and target cycle.

Task
2514

Inform stakeholders (e.g., collection managers, asset managers, processing, exploitation and dissemination centers) of evaluation results using established procedures.

Task
2529

Issue requests for information.

Task
2587

Modify collection requirements as necessary.

Task
2727

Provide advisory and advocacy support to promote collection planning as an integrated component of the strategic campaign plans and other adaptive plans.

Task
2807

Review capabilities of allocated collection assets.

Task
2809

Review intelligence collection guidance for accuracy/applicability.

Task
2810

Review list of prioritized collection requirements and essential information.

Task
2827

Solicit and manage to completion feedback from requestors on quality, timeliness, and effectiveness of collection against collection requirements.

Task
2835

Submit information requests to collection requirement management section for processing as collection requests.

Task
2856

Track status of information requests, including those processed as collection requests and production requirements, using established procedures.

Task
2867

Use feedback results (e.g., lesson learned) to identify opportunities to improve collection management efficiency and effectiveness.

Task
2875

Validate requests for information according to established criteria.

Task
3092

Knowledge of database administration and maintenance.

Knowledge
3098

Knowledge of virtualization products (Vmware, Virtual PC).

Knowledge
3116

Knowledge of all possible circumstances that would result in changing collection management authorities.

Knowledge
3127

Knowledge of asset availability, capabilities and limitations.

Knowledge
3128

Knowledge of tasking mechanisms.

Knowledge
3131

Knowledge of available databases and tools necessary to assess appropriate collection tasking.

Knowledge
3135

Knowledge of basic computer components and architectures, including the functions of various peripherals.

Knowledge
3137

Knowledge of basic malicious activity concepts (e.g., foot printing, scanning and enumeration).

Knowledge
3148

Knowledge of collection capabilities and limitations.

Knowledge
3156

Knowledge of collection management tools.

Knowledge
3160

Knowledge of collaborative tools and environments.

Knowledge
3162

Knowledge of collection capabilities, accesses, performance specifications, and constraints utilized to satisfy collection plan.

Knowledge
3165

Knowledge of collection planning process and collection plan.

Knowledge
3175

Knowledge of leadership’s Intent and objectives.

Knowledge
3188

Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.).

Knowledge
3195

Knowledge of criteria for evaluating collection products.

Knowledge
3204

Knowledge of current collection requirements.

Knowledge
3217

Knowledge of cyber lexicon/terminology

Knowledge
3225

Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).

Knowledge
3234

Knowledge of databases, portals and associated dissemination vehicles.

Knowledge
3253

Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP).

Knowledge
3262

Knowledge of evolving/emerging communications technologies.

Knowledge
3275

Knowledge of fundamental cyber concepts, principles, limitations, and effects.

Knowledge
3291

Knowledge of how internet applications work (SMTP email, web-based email, chat clients, VOIP).

Knowledge
3292

Knowledge of how modern digital and telephony networks impact cyber operations.

Knowledge
3293

Knowledge of how modern wireless communications systems impact cyber operations.

Knowledge
3297

Knowledge of how to establish priorities for resources.

Knowledge
3322

Knowledge of indications and warning.

Knowledge
3325

Knowledge of information needs.

Knowledge
3361

Knowledge of key cyber threat actors and their equities.

Knowledge
3362A

Knowledge of key factors of the operational environment and related threats and vulnerabilities.

Knowledge
3374

Knowledge of malware.

Knowledge
3389

Knowledge of organization objectives and associated demand on collection management.

Knowledge
3417

Knowledge of non-traditional collection methodologies.

Knowledge
3420

Knowledge of ongoing and future operations.

Knowledge
3424

Knowledge of operational asset constraints.

Knowledge
3430

Knowledge of organizational priorities, legal authorities and requirements submission processes.

Knowledge
3441

Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.

Knowledge
3464

Knowledge of research strategies and knowledge management.

Knowledge
3470

Knowledge of risk management and mitigation strategies.

Knowledge
3541

Knowledge of the available tools and applications associated with collection requirements and collection management.

Knowledge
3543

Knowledge of the basic structure, architecture, and design of modern communication networks.

Knowledge
3545

Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).

Knowledge
3549

Knowledge of the capabilities and limitations of new and emerging collection capabilities, accesses and/or processes.

Knowledge
3552

Knowledge of the capabilities, limitations and tasking methodologies of internal and external collections as they apply to planned cyber activities.

Knowledge
3556

Knowledge of collection management functionality (e.g., positions, functions, responsibilities, products, reporting requirements).

Knowledge
3558

Knowledge of the priority information requirements from subordinate, lateral and higher levels of the organization.

Knowledge
3561

Knowledge of the common networking and routing protocols(e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.

Knowledge
3568

Knowledge of the definition of collection management and collection management authority.

Knowledge
3574

Knowledge of the existent tasking, collection, processing, exploitation and dissemination architecture.

Knowledge
3575

Knowledge of the factors of threat that could impact collection operations.

Knowledge
3595

Knowledge of the organization, roles and responsibilities of higher, lower and adjacent sub-elements.

Knowledge
3599

Knowledge of the organizational policies/procedures for temporary transfer of collection authority.

Knowledge
3602

Knowledge of the POC’s, databases, tools and applications necessary to establish environment preparation and surveillance products.

Knowledge
3624

Knowledge of different organization objectives at all levels, including subordinate, lateral and higher.

Knowledge
3625

Knowledge of the organization’s established format for collection plan.

Knowledge
3626

Knowledge of the organization’s planning, operations and targeting cycles.

Knowledge
3631

Knowledge of internal and external partner organization capabilities and limitations (those with tasking, collection, processing, exploitation and dissemination responsibilities).

Knowledge
3633

Knowledge of tipping, cueing, mixing, and redundancy.

Knowledge
3650

Knowledge of priority information, how it is derived, where it is published, how to access, etc.

Knowledge
3651

Knowledge of what constitutes a “threat” to a network.

Knowledge
3663

Knowledge of tasking, collection, processing, exploitation and dissemination.

Knowledge
3957

Skill to access information on current assets available, usage.

Skill
3960

Skill to access the databases where plans/directives/guidance are maintained.

Skill
3985

Skill to associate Intelligence gaps to priority information requirements and observables.

Skill
3986

Skill to compare and contrast indicators/observables with requirements.

Skill
3994

Ability to coordinate, collaborate and disseminate information to subordinate, lateral and higher-level organizations.

Ability
4012

Skill to ensure that the collection strategy leverages all available resources.

Skill
4016

Skill to evaluate the capabilities, limitations and tasking methodologies of organic, theater, national, coalition and other collection capabilities.

Skill
4025

Skill to identify Intelligence gaps.

Skill
4027

Skill to identify when priority information requirements are satisfied.

Skill
4028

Skill to implement established procedures for evaluating collection management and operations activities.

Skill
4033

Skill to interpret readiness reporting, its operational relevance and intelligence collection impact.

Skill
4049

Skill to prepare and deliver reports, presentations and briefings, to include using visual aids or presentation technology.

Skill
4055

Skill to resolve conflicting collection requirements.

Skill
4056

Skill to review performance specifications and historical information about collection assets.

Skill
4057

Skill to specify collections and/or taskings that must be conducted in the near term.

Skill
4063

Skill to evaluate requests for information to determine if response information exists.

Skill
4065

Skill to use systems and/or tools to track collection requirements and determine whether or not they are satisfied.

Skill
4113

Knowledge of the request for information process.

Knowledge
52

Knowledge of human-computer interaction principles.

Knowledge
87

Knowledge of network traffic analysis methods.

Knowledge

Senior official or executive with the authority to formally assume responsibility for operating an information…

Workforce Element:
Cybersecurity

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
38

Knowledge of organization’s enterprise information security architecture system.

Knowledge
53

Knowledge of the Security Assessment and Authorization process.

Knowledge
55

Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data.

Knowledge
63

Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Knowledge
69

Knowledge of Risk Management Framework (RMF) requirements.

Knowledge
77

Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.

Knowledge
88

Knowledge of new and emerging information technology (IT) and cybersecurity technologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
121

Knowledge of structured analysis principles and methods.

Knowledge
156A

Knowledge of confidentiality, integrity, and availability principles.

Knowledge
197

Skill in discerning the protection needs (i.e., security controls) of information systems and networks.

Skill
1034A

Knowledge of Personally Identifiable Information (PII) data security standards.

Knowledge
1037

Knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures.

Knowledge
1040A

Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.

Knowledge
1072

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
5320

Establish acceptable limits for the software application, network, or system.

Task
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge

Additional KSATs:
KSAT ID Description KSAT
1034B

Knowledge of Payment Card Industry (PCI) data security standards.

Knowledge
1034C

Knowledge of Personal Health Information (PHI) data security standards.

Knowledge
1036

Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed.

Knowledge
1037A

Knowledge of information technology (IT) risk management policies, requirements, and procedures.

Knowledge
1038

Knowledge of local specialized system requirements (e.g., critical infrastructure systems that may not use standard information technology [IT]) for safety, performance, and reliability.

Knowledge
105

Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

Knowledge
1131

Knowledge of security architecture concepts and enterprise architecture reference models (e.g., Zackman, Federal Enterprise Architecture [FEA]).

Knowledge
1142

Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).

Knowledge
1146

Develop and Implement cybersecurity independent audit processes for application software/networks/systems and oversee ongoing independent audits to ensure that operational and Research and Design (R&D) processes and procedures are in compliance with organizational and mandatory cybersecurity requirements and accurately followed by Systems Administrators and other cybersecurity staff when performing their day-to-day activities.

Task
1157A

Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity and AI.

Knowledge
128

Knowledge of systems diagnostic tools and fault identification techniques.

Knowledge
143

Knowledge of the organization’s enterprise information technology (IT) goals and objectives.

Knowledge
177B

Knowledge of countermeasures for identified security risks.

Knowledge
179

Skill in designing security controls based on cybersecurity principles and tenets.

Skill
19

Knowledge of cyber defense and vulnerability assessment tools, including open source tools, and their capabilities.

Knowledge
27

Knowledge of cryptography and cryptographic key management concepts.

Knowledge
325

Knowledge of secure acquisitions (e.g., relevant Contracting Officer’s Technical Representative [COTR] duties, secure procurement, supply chain risk management).

Knowledge
3591

Knowledge of organization objectives, leadership priorities, and decision-making risks.

Knowledge
40

Knowledge of organization’s evaluation and validation requirements.

Knowledge
43A

Knowledge of embedded systems.

Knowledge
58

Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.

Knowledge
5824

Authorizing Official only: Approve security and privacy assessment plans for systems and environments of operation.

Task
5827

Determine the authorization boundaries of systems.

Task
5837

Respond to threats and vulnerabilities based on the results of ongoing/continuous monitoring activities and risk assessments and decide if risk remains acceptable.

Task
5838

Review and approve security categorization results for systems.

Task
5839

Review security and privacy assessment plans for systems and environments of operation.

Task
600

Evaluate cost benefit, economic, and risk analysis in decision making process.

Task
6931

Knowledge of methods and techniques for analyzing risk.

Knowledge
6936

Knowledge of types of authorizations.

Knowledge
696B

Authorizing Official only: Approve authorization packages.

Task
696C

Manage authorization packages.

Task
70

Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).

Knowledge
710

Monitor and evaluate a system’s compliance with information technology (IT) security, resilience, and dependability requirements.

Task
801A

Provide enterprise cybersecurity and supply chain risk management guidance.

Task
836A

Authorizing Official only: Determine if the security and privacy risk from operating a system or using a system, service, or application from an external provider is acceptable.

Task
942

Knowledge of the organization’s core business/mission processes.

Knowledge
952

Knowledge of emerging security issues, risks, and vulnerabilities.

Knowledge
95A

Knowledge of penetration testing principles, tools, and techniques.

Knowledge
965

Knowledge of organization’s risk tolerance and/or risk management approach.

Knowledge
979

Knowledge of supply chain risk management standards, processes, and practices.

Knowledge
98

Knowledge of policy-based and risk adaptive access controls.

Knowledge

Manages the Communications Security (COMSEC) resources of an organization (CNSSI No. 4009).

Workforce Element:
Cybersecurity

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
25

Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]).

Knowledge
37

Knowledge of disaster recovery continuity of operations plans.

Knowledge
55

Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data.

Knowledge
61

Knowledge of incident response and handling methodologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
395

Advise senior management (e.g., CIO) on risk levels and security posture.

Task
578

Ensure security improvement actions are evaluated, validated, and implemented as required.

Task
824

Recognize a possible security violation and take appropriate action to report the incident, as required.

Task
852

Supervise or manage protective or corrective measures when an cybersecurity incident or vulnerability is discovered.

Task
1141A

Knowledge of an organization’s information classification program and procedures for information compromise.

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge

Additional KSATs:
KSAT ID Description KSAT
1004

Knowledge of critical information technology (IT) procurement requirements.

Knowledge
1040A

Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.

Knowledge
129

Knowledge of system life cycle management principles, including software security and usability.

Knowledge
143

Knowledge of the organization’s enterprise information technology (IT) goals and objectives.

Knowledge
183

Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.

Skill
299

Knowledge of information security program management and project management principles and techniques.

Knowledge
325

Knowledge of secure acquisitions (e.g., relevant Contracting Officer’s Technical Representative [COTR] duties, secure procurement, supply chain risk management).

Knowledge
396

Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, and systems, and elements.

Task
445

Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.

Task
475

Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.

Task
596

Establish overall enterprise information security architecture (EISA) with the organization’s overall security strategy.

Task
600

Evaluate cost benefit, economic, and risk analysis in decision making process.

Task

Responsible for device, equipment, and system-level cybersecurity configuration and day-to-day security operations of control systems,…

Workforce Element:
Cybersecurity

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
79

Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]).

Knowledge
106

Knowledge of remote access technology concepts.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
708A

Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative.

Task
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
3277

Knowledge of general SCADA system components.

Knowledge
3740

Skill in determining installed patches on various operating systems and identifying patch signatures.

Skill
5823

Apply updates, patches, and security technical implementation while maintaining control system performance and availability requirements.

Task
5829

Establish and maintain security configuration baseline for the control system(s), including field devices, IT components, interconnections, and interfaces.

Task
5830

Implement Risk Management Framework (RMF) Assessment requirements for control systems, and document/maintain records for them.

Task
5831

Maintain knowledge of the function and security of control system and IT technologies with which the control systems interface.

Task
5832

Maintain network segmentation to isolate control systems from business networks and other external connections as directed.

Task
5836

Perform asset management and maintain inventory of control system devices and components through physical inspection or logical scans.

Task
5840

Support risk assessments by reviewing and documenting the implementation status of security requirements of control systems.

Task
6929

Knowledge of control system technologies, such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, Distributed Control Systems (DCS) and Operational Technology (OT).

Knowledge
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6927

Knowledge of control system environment risks, threats and vulnerabilities.

Knowledge
6933

Knowledge of risk management processes specific to control systems.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge
6940

Skill in applying security and managing risk in resource-constrained systems and networks.

Skill
6941

Skill in architecting compensating security controls to reduce risk for control systems and control system components that do not have adequate or compliant security capabilities.

Skill
6946

Skill in securing control system communication protocols (e.g., IP/TCP, SSL/TLS, MODBUS/DNP3/PROFINET SCADA, GOOSE) and media used for field device control.

Skill

Additional KSATs:
KSAT ID Description KSAT
3353

Knowledge of the Risk Management Framework Assessment Methodology.

Knowledge
342A

Knowledge of operating system command line/prompt.

Knowledge
3A

Skill in recognizing vulnerabilities in security systems.

Skill
43A

Knowledge of embedded systems.

Knowledge
5821

Act as a liaison between facility operations/engineer teams and IT or network security teams to coordinate security activities.

Task
5822

Apply tailored organizational security policies and procedures for control system environments to maintain security, but also to ensure system availability.

Task
5826

Consult on control system security matters (e.g., risk assessment, configuration management) as needed.

Task
5828

Ensure configuration and collection of control system audit logs for monitoring and forensic analysis as appropriate.

Task
5833

Off-load and review control system audit logs and review for anomalies.

Task
5834

Participate in control system change management in conjunction with IT personnel and control system experts (e.g., system supplier).

Task
5835

Participate in control system incident and disaster response, including secure system recovery.

Task
6928

Knowledge of control system performance and availability requirements.

Knowledge
6934

Knowledge of RMF assessment types (e.g., Assess & Authorize (A&A), Assess Only) and authorization boundaries (e.g., Closed Restricted Network (CRN), Stand-alone Information System (SIS)).

Knowledge
6937

Knowledge of what “normal” control system operations for specific mission/business functions look like.

Knowledge
6939

Skill in active and passive methods to safely gather information and conduct vulnerability and network analysis scans in control system environments.

Skill
6943

Skill in identifying and investigating “abnormal” control system operations based on what specific mission/business functions look like.

Skill
69A

Knowledge of risk management processes and requirements per the Risk Management Framework (RMF).

Knowledge
809

Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).

Task
88A

Knowledge of current and emerging cyber technologies.

Knowledge

Identifies, collects, examines, and preserves evidence using controlled and documented analytical and investigative techniques.

Workforce Element:
Cyberspace Enablers / Legal/Law Enforcement

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
217

Skill in preserving evidence integrity according to standard operating procedures or national standards.

Skill
281

Knowledge of electronic devices (e.g., computer systems/components, access control devices, digital cameras, electronic organizers, hard drives, memory cards, modems, network components, printers, removable storage devices, scanners, telephones, copiers, credit card skimmers, facsimile machines, global positioning systems [GPSs]).

Knowledge
290

Knowledge of processes for seizing and preserving digital evidence (e.g., chain of custody).

Knowledge
340

Knowledge of types and collection of persistent data.

Knowledge
369

Skill in collecting, processing, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data.

Skill
1036

Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed.

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
3155

Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc.

Knowledge
3159

Knowledge of cyber operations support or enabling processes.

Knowledge
3211

Knowledge of cyber laws and legal considerations and their effect on cyber planning.

Knowledge
3235

Knowledge of deconfliction processes and procedures.

Knowledge
3257

Knowledge of target and threat organization structures, critical capabilities, and critical vulnerabilities.

Knowledge
3262

Knowledge of evolving/emerging communications technologies.

Knowledge
3264

Knowledge of existing, emerging, and long-range issues related to cyber operations strategy, policy, and organization.

Knowledge
3356

Knowledge of organization policies and planning concepts for partnering with internal and/or external organizations.

Knowledge
3419

Knowledge of organization or partner exploitation of digital networks.

Knowledge
3585

Knowledge of accepted organization planning systems.

Knowledge
3591

Knowledge of organization objectives, leadership priorities, and decision-making risks.

Knowledge
3615

Knowledge of the structure and intent of organization specific plans, guidance and authorizations.

Knowledge
3627

Knowledge of cryptologic capabilities, limitations, and contributions to cyber operations.

Knowledge
3638

Knowledge of organization issues, objectives, and operations in cyber as well as regulations and policy directives governing cyber operations.

Knowledge
3639

Knowledge of organization cyber operations programs, strategies, and resources.

Knowledge
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge

Additional KSATs:
KSAT ID Description KSAT
1039

Skill in evaluating the trustworthiness of the supplier and/or product.

Skill
105

Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

Knowledge
310

Knowledge of legal governance related to admissibility (e.g., Federal Rules of Evidence).

Knowledge
3480

Knowledge of security implications of software configurations.

Knowledge
383

Skill in using scientific rules and methods to solve problems.

Skill
454

Conduct interviews of victims and witnesses and conduct interviews or interrogations of suspects.

Task
5040

Analyze the crisis situation to ensure public, personal, and resource protection.

Task
5070

Assess the behavior of the individual victim, witness, or suspect as it relates to the investigation.

Task
507A

Determine and develop leads and identify sources of information in order to identify and/or prosecute the responsible parties to an intrusion or other crimes.

Task
512

Develop a plan to investigate alleged crime, violation, or suspicious activity utilizing computers and the internet.

Task
5210

Determine the extent of threats and recommend courses of action and countermeasures to mitigate risks.

Task
5580

Provide criminal investigative support to trial counsel during the judicial process.

Task
564A

Document original condition of digital and/or associated evidence (e.g., via digital photographs, written reports, hash function checking).

Task
597

Establish relationships, if applicable, between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies, vendors, and public relations professionals).

Task
620A

Employ information technology (IT) systems and digital storage media to solve, investigate, and/or prosecute cybercrimes and fraud committed against people and property.

Task
623

Fuse computer network attack analyses with criminal and counterintelligence investigations and operations.

Task
6230

Knowledge of crisis management protocols, processes, and techniques.

Knowledge
633

Identify and/or determine whether a security incident is indicative of a violation of law that requires specific legal action.

Task
636

Identify digital evidence for examination and analysis in such a way as to avoid unintentional alteration.

Task
6370

Knowledge of physical and physiological behaviors that may indicate suspicious or abnormal activity.

Knowledge
6440

Knowledge of the judicial process, including the presentation of facts and evidence.

Knowledge
649

Identify, collect, and seize documentary or physical evidence, to include digital media and logs associated with cyber intrusion incidents, investigations, and operations.

Task
788A

Prepare reports to document the investigation following legal standards and requirements.

Task
843

Secure the electronic device or information source.

Task
917

Knowledge of social dynamics of computer attackers in a global context.

Knowledge

Uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network…

Workforce Element:
Cybersecurity

Core KSATs:
KSAT ID Description KSAT
19

Knowledge of cyber defense and vulnerability assessment tools, including open source tools, and their capabilities.

Knowledge
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
59A

Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.

Knowledge
66

Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies.

Knowledge
70

Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).

Knowledge
81A

Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

Knowledge
87

Knowledge of network traffic analysis methods.

Knowledge
92

Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
150

Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.

Knowledge
214A

Skill in performing packet-level analysis.

Skill
353

Skill in collecting data from a variety of cyber defense resources.

Skill
433

Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.

Task
472

Coordinate with enterprise-wide cyber defense staff to validate network alerts.

Task
723

Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.

Task
745

Perform cyber defense trend analysis and reporting.

Task
750

Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.

Task
767

Perform security reviews and identify security gaps in security architecture resulting in recommendations for the inclusion into the risk mitigation strategy.

Task
800

Provide daily summary reports of network events and activity relevant to cyber defense practices.

Task
823

Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.

Task
895

Skill in recognizing and categorizing types of vulnerabilities and associated attacks.

Skill
922A

Knowledge of how to use network analysis tools to identify vulnerabilities.

Knowledge
956

Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.

Task
958

Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity.

Task
959

Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.

Task
984

Knowledge of cyber defense policies, procedures, and regulations.

Knowledge
990

Knowledge of the common attack vectors on the network layer.

Knowledge
991

Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution).

Knowledge
1069A

Knowledge of general kill chain (e.g., footprinting and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).

Knowledge
1107

Identify and analyze anomalies in network traffic using metadata (e.g., CENTAUR).

Task
1108

Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).

Task
1111

Identify applications and operating systems of a network device based on network traffic.

Task
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge

Additional KSATs:
KSAT ID Description KSAT
1033

Knowledge of basic system administration, network, and operating system hardening techniques.

Knowledge
1034A

Knowledge of Personally Identifiable Information (PII) data security standards.

Knowledge
1034B

Knowledge of Payment Card Industry (PCI) data security standards.

Knowledge
1034C

Knowledge of Personal Health Information (PHI) data security standards.

Knowledge
1036

Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed.

Knowledge
105

Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

Knowledge
1072

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Knowledge
1073

Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.

Knowledge
110

Knowledge of key concepts in security management (e.g., Release Management, Patch Management).

Knowledge
1103

Determine tactics, techniques, and procedures (TTPs) for intrusion sets.

Task
1104

Examine network topologies to understand data flows through the network.

Task
1105

Recommend computing environment vulnerability corrections.

Task
1109

Validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools.

Task
111

Knowledge of security system design tools, methods, and techniques.

Knowledge
1110

Isolate and remove malware.

Task
1111

Identify applications and operating systems of a network device based on network traffic.

Task
1112

Reconstruct a malicious attack or activity based off network traffic.

Task
1113

Identify network mapping and operating system (OS) fingerprinting activities.

Task
1114

Knowledge of encryption methodologies.

Knowledge
1118

Skill in reading and interpreting signatures (e.g., snort).

Skill
1119

Knowledge of signature implementation impact.

Knowledge
1120

Ability to interpret and incorporate data from multiple tool sources.

Ability
1121

Knowledge of Windows/Unix ports and services.

Knowledge
1142

Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).

Knowledge
130A

Knowledge of systems security testing and evaluation methods.

Knowledge
133

Knowledge of key telecommunications concepts (e.g., Routing Algorithms, Fiber Optics Systems Link Budgeting, Add/Drop Multiplexers).

Knowledge
138

Knowledge of the cyber defense Service Provider reporting structure and processes within one’s own organization.

Knowledge
139

Knowledge of the common networking protocols (e.g., TCP/IP), services (e.g., web, mail, Domain Name Server), and how they interact to provide network communications.

Knowledge
148

Knowledge of Virtual Private Network (VPN) security.

Knowledge
175

Skill in developing and deploying signatures.

Skill
177B

Knowledge of countermeasures for identified security risks.

Knowledge
179A

Skill in assessing security controls based on cybersecurity principles and tenets.

Skill
181A

Skill in detecting host and network based intrusions via intrusion detection technologies.

Skill
183

Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.

Skill
199

Skill in evaluating the adequacy of security designs.

Skill
2062

Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the NE or enclave.

Task
21

Knowledge of computer algorithms.

Knowledge
212A

Knowledge of network mapping and recreating network topologies.

Knowledge
229

Skill in using incident handling methodologies.

Skill
233

Skill in using protocol analyzers.

Skill
234B

Knowledge of the use of sub-netting tools.

Knowledge
25

Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]).

Knowledge
2611

Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event’s history, status, and potential impact for further action in accordance with the organization’s cyber incident response plan.

Task
27

Knowledge of cryptography and cryptographic key management concepts.

Knowledge
270

Knowledge of common adversary tactics, techniques, and procedures in assigned area of responsibility (i.e., historical country-specific tactics, techniques, and procedures; emerging capabilities).

Knowledge
271

Knowledge of common network tools (e.g., ping, traceroute, nslookup).

Knowledge
277

Knowledge of defense-in-depth principles and network security architecture.

Knowledge
278

Knowledge of different types of network communication (e.g., LAN, WAN, MAN, WLAN, WWAN).

Knowledge
286

Knowledge of file extensions (e.g., .dll, .bat, .zip, .pcap, .gzip).

Knowledge
3007

Ability to analyze malware.

Ability
34

Knowledge of database systems.

Knowledge
342A

Knowledge of operating system command line/prompt.

Knowledge
3431

Knowledge of OSI model and underlying network protocols (e.g., TCP/IP).

Knowledge
3461

Knowledge of relevant laws, legal authorities, restrictions, and regulations pertaining to cyber defense activities.

Knowledge
3C

Skill in recognizing vulnerabilities in information and/or data systems.

Skill
427

Develop content for cyber defense tools.

Task
43A

Knowledge of embedded systems.

Knowledge
49

Knowledge of host/network access control mechanisms (e.g., access control list).

Knowledge
559A

Analyze and report organizational security posture trends.

Task
559B

Analyze and report system security posture trends.

Task
576

Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.

Task
58

Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.

Knowledge
593A

Assess adequate access controls based on principles of least privilege and need-to-know.

Task
61

Knowledge of incident response and handling methodologies.

Knowledge
6210

Knowledge of cloud service models and possible limitations for an incident response.

Knowledge
63

Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Knowledge
716A

Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise.

Task
717A

Assess and monitor cybersecurity related to system implementation and testing practices.

Task
75C

Skill in conducting trend analysis.

Skill
782

Plan and recommend modifications or adjustments based on exercise results or system environment.

Task
79

Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]).

Knowledge
8

Knowledge of authentication, authorization, and access control methods.

Knowledge
806A

Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.

Task
880A

Work with stakeholders to resolve computer security incidents and vulnerability compliance.

Task
88A

Knowledge of current and emerging cyber technologies.

Knowledge
90

Knowledge of operating systems.

Knowledge
904

Knowledge of interpreted and compiled computer languages.

Knowledge
912

Knowledge of collection management processes, capabilities, and limitations.

Knowledge
915

Knowledge of front-end collection systems, including traffic collection, filtering, and selection.

Knowledge
922B

Skill in using network analysis tools, including specialized tools for non-traditional systems and networks (e.g., control systems), to identify vulnerabilities.​

Skill
938A

Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.

Task
95A

Knowledge of penetration testing principles, tools, and techniques.

Knowledge
98

Knowledge of policy-based and risk adaptive access controls.

Knowledge
992C

Knowledge of threat environments (e.g., first generation threat actors, threat activities).

Knowledge

Analyzes digital evidence and investigates computer security incidents to derive useful information in support of…

Workforce Element:
Cybersecurity

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
24A

Knowledge of basic concepts and practices of processing digital forensic data.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
217

Skill in preserving evidence integrity according to standard operating procedures or national standards.

Skill
302

Knowledge of investigative implications of hardware, Operating Systems, and network technologies.

Knowledge
350

Skill in analyzing memory dumps to extract information.

Skill
381

Skill in using forensic tool suites (e.g., EnCase, Sleuthkit, FTK).

Skill
438A

Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.

Task
447

Conduct analysis of log files, evidence, and other information in order to determine best methods for identifying the perpetrator(s) of a network intrusion.

Task
463

Confirm what is known about an intrusion and discover new information, if possible, after identifying intrusion via dynamic analysis.

Task
541

Provide technical summary of findings in accordance with established reporting procedures.

Task
613

Examine recovered data for information of relevance to the issue at hand.

Task
752

Perform file signature analysis.

Task
890

Skill in conducting forensic analyses in multiple operating system environments (e.g., mobile device systems).

Skill
1082

Perform file system forensic analysis.

Task
1086

Knowledge of data carving tools and techniques (e.g., Foremost).

Knowledge
1087

Skill in deep analysis of captured malicious code (e.g., malware forensics).

Skill
1088

Skill in using binary analysis tools (e.g., Hexedit, command code xxd, hexdump).

Skill
1089

Knowledge of reverse engineering concepts.

Knowledge
1092

Knowledge of anti-forensics tactics, techniques, and procedures.

Knowledge
1096

Knowledge of malware analysis tools (e.g., Oily Debug, Ida Pro).

Knowledge
1098

Skill in analyzing anomalous code as malicious or benign.

Skill
1099

Skill in analyzing volatile data.

Skill
1100

Skill in identifying obfuscation techniques.

Skill
1101

Skill in interpreting results of debugger to ascertain tactics, techniques, and procedures.

Skill
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
6810

Knowledge of binary analysis.

Knowledge
6850

Skill in analyzing malware.

Skill
6860

Skill in conducting bit-level analysis.

Skill
6870

Skill in processing digital evidence, to include protecting and making legally sound copies of evidence.

Skill
6890

Ability to conduct forensic analyses in and for both Windows and Unix/Linux environments.

Ability
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge

Additional KSATs:
KSAT ID Description KSAT
1031

Serve as technical expert and liaison to law enforcement personnel and explain incident details as required.

Task
1033

Knowledge of basic system administration, network, and operating system hardening techniques.

Knowledge
1036

Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed.

Knowledge
105

Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

Knowledge
1072

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Knowledge
1081

Perform virus scanning on digital media.

Task
1083

Perform static analysis to mount an “image” of a drive (without necessarily having the original drive).

Task
1084

Perform static malware analysis.

Task
1085

Utilize deployable forensics tool kit to support operations as necessary.

Task
1091

Skill in one way hash functions (e.g., Secure Hash Algorithm [SHA], Message Digest Algorithm [MD5]).

Skill
1093

Knowledge of common forensics tool configuration and support applications (e.g., VMWare, WIRESHARK).

Knowledge
1094

Knowledge of debugging procedures and tools.

Knowledge
1095

Knowledge of how different file types can be used for anomalous behavior.

Knowledge
1097

Knowledge of virtual machine aware malware, debugger aware malware, and packing.

Knowledge
113

Knowledge of server and client operating systems.

Knowledge
114

Knowledge of server diagnostic tools and fault identification techniques.

Knowledge
139

Knowledge of the common networking protocols (e.g., TCP/IP), services (e.g., web, mail, Domain Name Server), and how they interact to provide network communications.

Knowledge
193

Skill in developing, testing, and implementing network infrastructure contingency and recovery plans.

Skill
214A

Skill in performing packet-level analysis.

Skill
2179

Coordinate with intelligence analysts to correlate threat assessment data.

Task
25

Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]).

Knowledge
264

Knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).

Knowledge
287

Knowledge of file system implementations (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT]).

Knowledge
29

Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools.

Knowledge
290

Knowledge of processes for seizing and preserving digital evidence (e.g., chain of custody).

Knowledge
294

Knowledge of hacking methodologies in Windows or Unix/Linux environment.

Knowledge
310

Knowledge of legal governance related to admissibility (e.g., Federal Rules of Evidence).

Knowledge
316

Knowledge of processes for collecting, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data.

Knowledge
340

Knowledge of types and collection of persistent data.

Knowledge
345

Knowledge of web mail collection, searching/analyzing techniques, tools, and cookies.

Knowledge
346

Knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files.

Knowledge
3461

Knowledge of relevant laws, legal authorities, restrictions, and regulations pertaining to cyber defense activities.

Knowledge
3513

Knowledge of system administration concepts for Unix/Linux and/or Windows operating systems.

Knowledge
360

Skill in identifying and extracting data of forensic interest in diverse media (i.e., media forensics).

Skill
364

Skill in identifying, modifying, and manipulating applicable system components within Windows, Unix, or Linux (e.g., passwords, user accounts, files).

Skill
369

Skill in collecting, processing, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data.

Skill
374

Skill in setting up a forensic workstation.

Skill
386

Skill in using virtual machines.

Skill
389

Skill in physically disassembling PCs.

Skill
480

Create a forensically sound duplicate of the evidence (i.e., forensic image) that ensures the original evidence is not unintentionally modified, to use for data recovery and analysis processes. This includes, but is not limited to, hard drives, floppy diskettes, CD, PDA, mobile phones, GPS, and all tape formats.

Task
482

Decrypt seized data using technical means.

Task
5690

Process image with appropriate tools depending on analyst’s goals.

Task
5700

Perform Windows registry analysis.

Task
5720

Perform file and registry monitoring on the running system after identifying intrusion via dynamic analysis.

Task
573

Ensure chain of custody is followed for all digital media acquired in accordance with the Federal Rules of Evidence.

Task
5730

Enter media information into tracking database (e.g. Product Tracker Tool) for digital media that has been acquired.

Task
5740

Correlate incident data and perform cyber defense reporting.

Task
5760

Maintain deployable cyber defense toolkit (e.g. specialized cyber defense software/hardware) to support IRT mission.

Task
61

Knowledge of incident response and handling methodologies.

Knowledge
6210

Knowledge of cloud service models and possible limitations for an incident response.

Knowledge
636

Identify digital evidence for examination and analysis in such a way as to avoid unintentional alteration.

Task
6820

Knowledge of network architecture concepts including topology, protocols, and components.

Knowledge
749

Perform dynamic analysis to boot an “image” of a drive (without necessarily having the original drive) to see the intrusion as the user may have seen it, in a native environment.

Task
753

Perform hash comparison against established database.

Task
758

Perform real-time forensic analysis (e.g., using Helix in conjunction with LiveView).

Task
759

Perform timeline analysis.

Task
762

Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs).

Task
768

Perform static media analysis.

Task
771

Perform tier 1, 2, and 3 malware analysis.

Task
786

Prepare digital media for imaging by ensuring data integrity (e.g., write blockers in accordance with standard operating procedures).

Task
817

Provide technical assistance on digital evidence matters to appropriate personnel.

Task
825

Recognize and accurately report forensic artifacts indicative of a particular operating system.

Task
839A

Review forensic images and other data sources (e.g., volatile data) for recovery of potentially relevant information.

Task
868A

Use data carving techniques (e.g., FTK-Foremost) to extract data for further analysis.

Task
870

Capture and analyze network traffic associated with malicious activities using network monitoring tools.

Task
871

Use specialized equipment and techniques to catalog, document, extract, collect, package, and preserve digital evidence.

Task
882A

Write and publish cyber defense recommendations, reports, and white papers on incident findings to appropriate constituencies.

Task
888

Knowledge of types of digital forensics data and how to recognize them.

Knowledge
889

Knowledge of deployable forensics.

Knowledge
90

Knowledge of operating systems.

Knowledge
908

Ability to decrypt digital data collections.

Ability
923

Knowledge of security event correlation tools.

Knowledge
944

Conduct cursory binary analysis.

Task
983

Knowledge of legal rules of evidence and court procedure.

Knowledge

Investigates, analyzes, and responds to cyber incidents within the network environment or enclave.

Workforce Element:
Cybersecurity

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
37

Knowledge of disaster recovery continuity of operations plans.

Knowledge
50

Knowledge of how network services and protocols interact to provide network communications.

Knowledge
60

Knowledge of incident categories, incident responses, and timelines for responses.

Knowledge
61

Knowledge of incident response and handling methodologies.

Knowledge
66

Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies.

Knowledge
81A

Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

Knowledge
105

Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
150

Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.

Knowledge
153

Skill of identifying, capturing, containing, and reporting malware.

Skill
217

Skill in preserving evidence integrity according to standard operating procedures or national standards.

Skill
470

Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.

Task
716A

Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise.

Task
741A

Coordinate incident response functions.

Task
745

Perform cyber defense trend analysis and reporting.

Task
755

Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.

Task
823

Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.

Task
882

Write and publish cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies.

Task
893

Skill in securing network communications.

Skill
895

Skill in recognizing and categorizing types of vulnerabilities and associated attacks.

Skill
896

Skill in protecting a network against malware.

Skill
897

Skill in performing damage assessments.

Skill
923A

Skill in using security event correlation tools.

Skill
984

Knowledge of cyber defense policies, procedures, and regulations.

Knowledge
991

Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution).

Knowledge
1029A

Knowledge of malware analysis concepts and methodologies.

Knowledge
1030

Collect intrusion artifacts (e.g., source code, malware, trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.

Task
1033

Knowledge of basic system administration, network, and operating system hardening techniques.

Knowledge
1069

Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation or privileges, maintaining access, network exploitation, covering tracks).

Knowledge
1072

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
3431

Knowledge of OSI model and underlying network protocols (e.g., TCP/IP).

Knowledge
5670

Write and publish after action reviews.

Task
6210

Knowledge of cloud service models and possible limitations for an incident response.

Knowledge
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge

Additional KSATs:
KSAT ID Description KSAT
1031

Serve as technical expert and liaison to law enforcement personnel and explain incident details as required.

Task
1141A

Knowledge of an organization’s information classification program and procedures for information compromise.

Knowledge
2179

Coordinate with intelligence analysts to correlate threat assessment data.

Task
29

Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools.

Knowledge
3362A

Knowledge of key factors of the operational environment and related threats and vulnerabilities.

Knowledge
3561

Knowledge of the common networking and routing protocols(e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.

Knowledge
478

Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.

Task
49

Knowledge of host/network access control mechanisms (e.g., access control list).

Knowledge
6210

Knowledge of cloud service models and possible limitations for an incident response.

Knowledge
738

Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security.

Task
743

Perform cyber defense incident triage, to include determining scope, urgency, and potential impact; identifying the specific vulnerability; and making recommendations that enable expeditious remediation.

Task
762

Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs).

Task
861

Track and document cyber defense incidents from initial detection through final resolution.

Task
87

Knowledge of network traffic analysis methods.

Knowledge
93

Knowledge of packet-level analysis.

Knowledge
961

Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness).

Task
992C

Knowledge of threat environments (e.g., first generation threat actors, threat activities).

Knowledge

Tests, implements, deploys, maintains, and administers the infrastructure hardware and software.

Workforce Element:
Cybersecurity

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
49

Knowledge of host/network access control mechanisms (e.g., access control list).

Knowledge
59A

Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.

Knowledge
61

Knowledge of incident response and handling methodologies.

Knowledge
63

Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Knowledge
81A

Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

Knowledge
87A

Knowledge of network traffic analysis (tools, methodologies, processes).

Knowledge
92B

Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol (TCP), Internet Protocol (IP), Open System Interconnection Model (OSI)).

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
148

Knowledge of Virtual Private Network (VPN) security.

Knowledge
150

Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.

Knowledge
643A

Identify potential conflicts with implementation of any cyber defense tools(e.g., tool and signature testing and optimization).

Task
960

Assist in identifying, prioritizing, and coordinating the protection of critical cyber defense infrastructure and key resources.

Task
984

Knowledge of cyber defense policies, procedures, and regulations.

Knowledge
1012A

Knowledge of test procedures, principles, and methodologies (e.g., Capabilities and Maturity Model Integration (CMMI)).

Knowledge
1072

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
2772

Build, install, configure, and test dedicated cyber defense hardware.

Task
5090

Assist in assessing the impact of implementing and sustaining a dedicated cyber defense infrastructure.

Task
6700

Skill in troubleshooting and diagnosing cyber defense infrastructure anomalies and work through resolution.

Skill
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge

Additional KSATs:
KSAT ID Description KSAT
1074A

Knowledge of transmission records (e.g., Bluetooth, Radio Frequency Identification (RFID), Infrared Networking (IR), Wireless Fidelity (Wi-Fi). paging, cellular, satellite dishes, Voice over Internet Protocol (VoIP)), and jamming techniques that enable transmission of undesirable information, or prevent installed systems from operating correctly.

Knowledge
1125

Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration.

Knowledge
157

Skill in applying host/network access controls (e.g., access control list).

Skill
227

Skill in tuning sensors.

Skill
229

Skill in using incident handling methodologies.

Skill
237

Skill in using Virtual Private Network (VPN) devices and encryption.

Skill
29

Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools.

Knowledge
3143

Knowledge of basic system, network, and OS hardening techniques.

Knowledge
393B

Coordinate with system administrators to create cyber defense tools, test bed(s), and test and evaluate applications, hardware infrastructure, rules/signatures, access controls, and configurations of platforms managed by service provider(s).

Task
471

Coordinate with Cyber Defense Analysts to manage and administer the updating of rules and signatures (e.g., intrusion detection/protection systems, anti-virus, and content blacklists) for specialized cyber defense applications.

Task
481A

Create, edit, and manage network access control lists on specialized cyber defense systems (e.g., firewalls and intrusion prevention systems).

Task
6210

Knowledge of cloud service models and possible limitations for an incident response.

Knowledge
654B

Implement risk assessment and authorization requirements per the Risk Management Framework (RMF) process for dedicated cyber defense systems within the enterprise, and document and maintain records for them.

Task
6670

Skill in system, network, and OS hardening techniques.

Skill
6918

Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments.

Ability
6919

Ability to determine the best cloud deployment model for the appropriate operating environment.

Ability
6942

Skill in designing or implementing cloud computing deployment models.

Skill
6945

Skill in migrating workloads to, from, and among the different cloud computing service models.

Skill
769

Perform system administration on specialized cyber defense applications and systems (e.g., anti-virus, audit and remediation) or Virtual Private Network (VPN) devices, to include installation, configuration, maintenance, backup and restoration.

Task
893

Skill in securing network communications.

Skill
896

Skill in protecting a network against malware.

Skill
900

Knowledge of web filtering technologies.

Knowledge
93

Knowledge of packet-level analysis.

Knowledge

Develops, plans, coordinates, and evaluates cyber training/education courses, methods, and techniques based on instructional needs.

Workforce Element:
Cyberspace Enablers / Training and Education

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
332

Ability to develop curriculum that speaks to the topic at the appropriate level for the target audience.

Ability
504A

Design training curriculum and course content based on requirements.

Task
841A

Conduct periodic reviews/revisions of course content for accuracy, completeness alignment, and currency (e.g., course content documents, lesson plans, student texts, examinations, schedules of instruction, and course descriptions).

Task
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
5260

Develop or assist in the development of training policies and protocols for cyber training.

Task
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge

Additional KSATs:
KSAT ID Description KSAT
1125

Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration.

Knowledge
1136A

Knowledge of use cases related to collaboration and content synchronization across platforms (e.g., Mobile, PC, Cloud).

Knowledge
1141A

Knowledge of an organization’s information classification program and procedures for information compromise.

Knowledge
246A

Ability to apply the Instructional System Design (ISD) methodology.

Ability
314

Knowledge of multiple cognitive domains and appropriate tools and methods for learning in each domain.

Knowledge
359

Skill in developing and executing technical training programs and curricula.

Skill
363

Skill in identifying gaps in technical capabilities.

Skill
363A

Skill in identifying gaps in technical delivery capabilities.

Skill
376

Skill in talking to others to convey information effectively.

Skill
479A

Correlates training and learning to business or mission requirements.

Task
490A

Create training courses tailored to the audience and physical environment.

Task
5060

Assess effectiveness and efficiency of instruction according to ease of instructional technology use and student learning, knowledge transfer, and satisfaction.

Task
5130

Conduct learning needs assessments and identify requirements.

Task
5180

Create interactive learning exercises to create an effective learning environment.

Task
5280

Develop the goals and objectives for cyber curriculum.

Task
5420

Plan instructional strategies such as lectures, demonstrations, interactive exercises, multimedia presentations, video courses, web-based courses for most effective learning environment In conjunction with educators and trainers.

Task
6090

Ability to develop curriculum for use within a virtual environment.

Ability
6320

Knowledge of media production, communication, and dissemination techniques and methods, including alternative ways to inform via written, oral, and visual media.

Knowledge
6380

Knowledge of principles and processes for conducting training and education needs assessment.

Knowledge
6390

Knowledge of relevant concepts, procedures, software, equipment, and technology applications.

Knowledge
6450

Knowledge of training and education principles and methods for curriculum design, teaching and instruction for individuals and groups, and the measurement of training and education effects.

Knowledge
6480

Skill in applying technical delivery capabilities.

Skill
6918

Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments.

Ability
6919

Ability to determine the best cloud deployment model for the appropriate operating environment.

Ability
845A

Serve as an internal consultant and advisor in own area of expertise (e.g., technical, copyright, print media, electronic media).

Task
855

Support the design and execution of exercise scenarios.

Task
885

Write instructional materials (e.g., standard operating procedures, production manual) to provide detailed guidance to relevant portion of the workforce.

Task
88A

Knowledge of current and emerging cyber technologies.

Knowledge
905

Knowledge of secure coding techniques.

Knowledge
942

Knowledge of the organization’s core business/mission processes.

Knowledge
952

Knowledge of emerging security issues, risks, and vulnerabilities.

Knowledge

Develops and conducts training or education of personnel within cyber domain.

Workforce Element:
Cyberspace Enablers / Training and Education

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
282

Knowledge of emerging computer-based technology that has potential for exploitation by adversaries.

Knowledge
359

Skill in developing and executing technical training programs and curricula.

Skill
551A

Ensure training meets the goals and objectives for cybersecurity training, education, or awareness.

Task
952

Knowledge of emerging security issues, risks, and vulnerabilities.

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge

Additional KSATs:
KSAT ID Description KSAT
1125

Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration.

Knowledge
1136A

Knowledge of use cases related to collaboration and content synchronization across platforms (e.g., Mobile, PC, Cloud).

Knowledge
1141A

Knowledge of an organization’s information classification program and procedures for information compromise.

Knowledge
2295

Develop or assist in the development of computer based training modules or classes.

Task
2296

Develop or assist in the development of course assignments.

Task
2299

Develop or assist in the development of course evaluations.

Task
2300

Develop or assist in the development of grading and proficiency standards.

Task
2301

Assist in the development of individual/collective development, training, and/or remediation plans.

Task
2303

Develop or assist in the development of learning objectives and goals.

Task
2304

Develop or assist in the development of on-the-job training materials or programs.

Task
2306

Develop or assist in the development of written tests for measuring and assessing learner proficiency.

Task
3009

Ability to answer questions in a clear and concise manner.

Ability
3016

Ability to ask clarifying questions.

Ability
3022

Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

Ability
3024

Ability to communicate effectively when writing.

Ability
3046

Ability to facilitate small group discussions.

Ability
3049

Ability to gauge learner understanding and knowledge level.

Ability
3070

Ability to provide effective feedback to students for improving learning.

Ability
3126

Knowledge of assessment techniques (rubrics, evaluation plans, tests, quizzes).

Knowledge
314

Knowledge of multiple cognitive domains and appropriate tools and methods for learning in each domain.

Knowledge
3186

Knowledge of computer based training and e-learning services.

Knowledge
332A

Ability to tailor curriculum that speaks to the topic at the appropriate level for the target audience.

Ability
3330

Knowledge of instructional design and evaluation models (e.g., ADDIE, Smith/Ragan model, Gagne’s Events of Instruction, Kirkpatrick’s model of evaluation).

Knowledge
3360

Knowledge of organizational training policies.

Knowledge
3364

Knowledge of learning levels (i.e., Bloom’s Taxonomy of learning).

Knowledge
3365

Knowledge of Learning Management Systems and their use in managing learning.

Knowledge
3366

Knowledge of learning styles (e.g., assimilator, auditory, kinesthetic).

Knowledge
3395

Knowledge of modes of learning (e.g., rote learning, observation).

Knowledge
344

Knowledge of virtualization technologies and virtual machine development and maintenance.

Knowledge
3588

Knowledge of organizational training systems.

Knowledge
3604

Ability to apply principles of adult learning.

Ability
363B

Knowledge of technical delivery capabilities and their limitations.

Knowledge
3734

Ability to design valid and reliable assessments.

Ability
3749

Ability to develop clear directions and instructional materials.

Ability
376

Skill in talking to others to convey information effectively.

Skill
3942

Skill in utilizing or developing learning activities (e.g., scenarios, instructional games, interactive exercises).

Skill
3944

Skill in utilizing technologies (e.g., SmartBoards, websites, computers, projectors) for instructional purposes.

Skill
453

Conduct interactive training exercises to create an effective learning environment.

Task
490B

Deliver training courses tailored to the audience and physical/virtual environments.

Task
491A

Apply concepts, procedures, software, equipment, and/or technology applications to students.

Task
504B

Participate in development of training curriculum and course content.

Task
538

Develop new or identify existing awareness and training materials that are appropriate for intended audiences.

Task
606

Evaluate the effectiveness and comprehensiveness of existing training programs.

Task
6210

Knowledge of cloud service models and possible limitations for an incident response.

Knowledge
6919

Ability to determine the best cloud deployment model for the appropriate operating environment.

Ability
778A

Plan and coordinate the delivery of classroom techniques and formats (e.g., lectures, demonstrations, interactive exercises, multimedia presentations) for most effective learning environment.

Task
779A

Plan non-classroom educational techniques and formats (e.g., video courses, mentoring, web-based courses).

Task
841

Review training documentation (e.g., Course Content Documents [CCD], lesson plans, student texts, examinations, Schedules of Instruction [SOI], and course descriptions).

Task
842A

Recommend revisions to curriculum end course content based on feedback from previous training sessions.

Task
845A

Serve as an internal consultant and advisor in own area of expertise (e.g., technical, copyright, print media, electronic media).

Task
855

Support the design and execution of exercise scenarios.

Task
885

Write instructional materials (e.g., standard operating procedures, production manual) to provide detailed guidance to relevant portion of the workforce.

Task
88A

Knowledge of current and emerging cyber technologies.

Knowledge
905A

Skill in applying secure coding techniques.

Skill
918

Ability to prepare and deliver education and awareness briefings to ensure that systems, network, and data users are aware of and adhere to systems security policies and procedures.

Ability
942

Knowledge of the organization’s core business/mission processes.

Knowledge

Develops detailed intelligence plans to satisfy cyber operations requirements. Collaborates with cyber operations planners to…

Workforce Element:
Intelligence (Cyberspace)

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
264

Knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).

Knowledge
1056

Knowledge of operations security.

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
2009

Provide input to the analysis, design, development or acquisition of capabilities used for meeting objectives.

Task
2043

Coordinate for intelligence support to operational planning activities.

Task
2045

Assess all-source intelligence and recommend targets to support cyber operation objectives.

Task
2052

Assess target vulnerabilities and/or operational capabilities to determine course of action.

Task
2064

Assist in the development and refinement of priority information requirements.

Task
2070

Enable synchronization of intelligence support plans across partner organizations as required.

Task
2159

Contribute to crisis action planning for cyber operations.

Task
2163

Incorporate intelligence equities into the overall design of cyber operations plans.

Task
2181

Coordinate with intelligence planners to ensure collection managers receive information requirements.

Task
2185

Coordinate with the intelligence planning team to assess capability to satisfy assigned intelligence tasks.

Task
2186

Coordinate, produce and track intelligence requirements.

Task
2187

Coordinate, synchronize and draft applicable intelligence sections of cyber operations plans.

Task
2237

Determine indicators (e.g., measures of effectiveness) that are best suited to specific cyber operation objectives.

Task
2267

Develop and review intelligence guidance for integration into supporting cyber operations planning and execution.

Task
2276

Develop detailed intelligence support to cyber operations requirements.

Task
2352

Draft cyber intelligence collection and production requirements.

Task
2368

Ensure that intelligence planning activities are integrated and synchronized with operational planning timelines.

Task
2386

Evaluate intelligence estimates to support the planning cycle.

Task
2425

Incorporate intelligence and counterintelligence to support plan development.

Task
2442

Identify, draft, evaluate, and prioritize relevant intelligence or information requirements.

Task
2459A

Identify cyber intelligence gaps and shortfalls.

Task
2484

Identify the need, scope, and timeframe for applicable intelligence environment preparation derived production.

Task
2509

Provide input to or develop courses of action based on threat factors.

Task
2529

Issue requests for information.

Task
2530

Knowledge and understanding of operational design.

Knowledge
2531

Knowledge of organizational planning concepts.

Knowledge
2532

Lead and coordinate intelligence support to operational planning.

Task
2558

Maintain relationships with internal and external partners involved in cyber planning or related areas.

Task
2619

Provide subject matter expertise to planning teams, coordination groups, and task forces as necessary.

Task
2624

Conduct long-range, strategic planning efforts with internal and external partners in cyber activities.

Task
2736

Provide cyber focused guidance and advice on intelligence support plan inputs.

Task
2778

Recommend refinement, adaption, termination, and execution of operational plans as appropriate.

Task
2806

Review and comprehend organizational leadership objectives and guidance for planning.

Task
2819

Scope the cyber intelligence planning effort.

Task
2888

Document lessons learned that convey the results of events and/or exercises.

Task
3003

Ability to adjust to and operate in a diverse, unpredictable, challenging, and fast-paced work environment.

Ability
3011

Ability to apply critical reading/thinking skills.

Ability
3015

Ability to apply approved planning development and staffing processes.

Ability
3021

Ability to collaborate effectively with others.

Ability
3022

Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

Ability
3033

Ability to coordinate cyber operations with other organization functions or support activities.

Ability
3040

Ability to develop or recommend planning solutions to problems and situations for which no precedent exists.

Ability
3041

Ability to effectively collaborate via virtual teams.

Ability
3044

Ability to exercise judgment when policies are not well-defined.

Ability
3048

Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—in order to leverage analytical and technical expertise.

Ability
3060

Ability to interpret and understand complex and rapidly evolving concepts.

Ability
3066

Ability to participate as a member of planning teams, coordination groups, and task forces as necessary.

Ability
3076

Ability to tailor technical and planning information to a customer’s level of understanding.

Ability
3106

Knowledge of a wide range of basic communications media concepts and terminology (e.g., computer and telephone networks, satellite, cable, wireless).

Knowledge
3107

Knowledge of a wide range of concepts associated with websites (e.g., website types, administration, functions, software systems, etc.).

Knowledge
3114

Knowledge of all forms of intelligence support needs, topics, and focus areas.

Knowledge
3117

Knowledge of all-source reporting and dissemination procedures.

Knowledge
3129

Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.).

Knowledge
3154

Knowledge of classification and control markings standards, policies and procedures.

Knowledge
3155

Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc.

Knowledge
3159

Knowledge of cyber operations support or enabling processes.

Knowledge
3174

Knowledge of the intelligence requirements development and request for information processes.

Knowledge
3177

Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.).

Knowledge
3188

Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.).

Knowledge
3194

Knowledge of crisis action planning and time sensitive planning procedures.

Knowledge
3215

Knowledge of cyber actions (i.e. cyber defense, information gathering, environment preparation, cyber attack) principles, capabilities, limitations, and effects.

Knowledge
3225

Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).

Knowledge
3257

Knowledge of target and threat organization structures, critical capabilities, and critical vulnerabilities.

Knowledge
3264

Knowledge of existing, emerging, and long-range issues related to cyber operations strategy, policy, and organization.

Knowledge
3274

Knowledge of fundamental cyber operations concepts, terminology/lexicon (i.e., environment preparation, cyber attack, cyber defense), principles, capabilities, limitations, and effects.

Knowledge
3275

Knowledge of fundamental cyber concepts, principles, limitations, and effects.

Knowledge
3287

Knowledge of how collection requirements and information needs are translated, tracked, and prioritized across the extended enterprise.

Knowledge
3311

Knowledge of analytical standards and the purpose of intelligence confidence levels.

Knowledge
3336

Knowledge of intelligence employment requirements (i.e., logistical, communications support, maneuverability, legal restrictions, etc.).

Knowledge
3340

Knowledge of intelligence requirements tasking systems.

Knowledge
3342

Knowledge of intelligence support to planning, execution, and assessment.

Knowledge
3388

Knowledge of crisis action planning for cyber operations.

Knowledge
3397

Knowledge of intelligence capabilities and limitations.

Knowledge
3443

Knowledge of PIR approval process.

Knowledge
3444

Knowledge of planning activity initiation.

Knowledge
3445

Knowledge of planning timelines adaptive, crisis action, and time-sensitive planning.

Knowledge
3463

Knowledge of required intelligence planning products associated with cyber operational planning.

Knowledge
3489

Knowledge of organizational structures and associated intelligence capabilities.

Knowledge
3554

Knowledge of the critical information requirements and how they’re used in planning.

Knowledge
3560

Knowledge of the production responsibilities and organic analysis and production capabilities.

Knowledge
3561

Knowledge of the common networking and routing protocols(e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.

Knowledge
3582

Knowledge of the intelligence frameworks, processes, and related systems.

Knowledge
3584

Knowledge of intelligence preparation of the environment and similar processes.

Knowledge
3585

Knowledge of accepted organization planning systems.

Knowledge
3606

Knowledge of the process used to assess the performance and impact of operations.

Knowledge
3609

Knowledge of the range of cyber operations and their underlying intelligence support needs, topics, and focus areas.

Knowledge
3610

Knowledge of the relationships between end states, objectives, effects, lines of operation, etc.

Knowledge
3611

Knowledge of the relationships of operational objectives, intelligence requirements, and intelligence production tasks.

Knowledge
3629

Knowledge of the various collection disciplines and capabilities.

Knowledge
3651

Knowledge of what constitutes a “threat” to a network.

Knowledge
3659

Knowledge of wireless technologies (e.g., cellular, satellite, GSM) to include the basic structure, architecture, and design of modern wireless communications systems.

Knowledge
3665

Skill in administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures.

Skill
3681

Skill in applying analytical methods typically employed to support planning and to justify recommended strategies and courses of action.

Skill
3685

Skill in applying crisis planning procedures.

Skill
3742

Skill in determining the physical location of network devices.

Skill
3772

Skill in evaluating information for reliability, validity, and relevance.

Skill
3844

Skill in preparing and presenting briefings.

Skill
3845

Skill in preparing plans and related correspondence.

Skill
3879

Skill in reviewing and editing plans.

Skill
3938

Skill in utilizing feedback in order to improve processes, products, and services.

Skill
3965

Skill to analyze strategic guidance for issues requiring clarification and/or additional guidance.

Skill
3966

Skill to anticipate intelligence capability employment requirements.

Skill
3967

Skill to anticipate key target or threat activities which are likely to prompt a leadership decision.

Skill
3971

Skill to apply analytical standards to evaluate intelligence products.

Skill
3976

Skill to apply the process used to assess the performance and impact of cyber operations.

Skill
3978

Skill to articulate the needs of joint planners to all-source analysts.

Skill
3979

Skill to articulate intelligence capabilities available to support execution of the plan.

Skill
3987

Skill to conceptualize the entirety of the intelligence process in the multiple domains and dimensions.

Skill
3990

Skill to convert intelligence requirements into intelligence production tasks.

Skill
3992

Skill to coordinate the development of tailored intelligence products.

Skill
3996

Skill to correlate intelligence priorities to the allocation of intelligence resources/assets.

Skill
3998

Skill to craft indicators of operational progress/success.

Skill
4000

Skill to create and maintain up-to-date planning documents and tracking of services/production.

Skill
4018

Skill to express orally and in writing the relationship between intelligence capability limitations and decision making risk and impacts on the overall operation.

Skill
4032

Skill to interpret planning guidance to discern level of analytical support required.

Skill
4045

Skill to orchestrate intelligence planning teams, coordinate collection and production support, and monitor status.

Skill
4053

Skill to relate intelligence resources/assets to anticipated intelligence requirements.

Skill
4059

Skill to synchronize planning activities and required intelligence support.

Skill
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge

Additional KSATs:
KSAT ID Description KSAT
2058

Assist and advise inter-agency partners in identifying and developing best practices for facilitating operational support to achievement of organization objectives.

Task
2073

Provide input to the identification of cyber-related success criteria.

Task
2091

Collaborate with other team members or partner organizations to develop a diverse program of information materials (e.g., web pages, briefings, print materials).

Task
2160

Contribute to the development of the organization’s decision support tools if necessary.

Task
2192

Use intelligence estimates to counter potential target actions.

Task
2310

Develop potential courses of action.

Task
2327

Develop, implement, and recommend changes to appropriate planning procedures and policies.

Task
2392

Evaluate the conditions that affect employment of available cyber intelligence capabilities.

Task
2435

Identify all available partner intelligence capabilities and limitations supporting cyber operations.

Task
2528

Interpret environment preparations assessments to determine a course of action.

Task
2564

Maintain situational awareness to determine if changes to the operating environment require review of the plan.

Task
2702

Prepare for and provide subject matter expertise to exercises.

Task
3001

Ability to accurately and completely source all data used in intelligence, assessment and/or planning products.

Ability
3054

Ability to identify external partners with common cyber operations interests.

Ability
3057

Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives.

Ability
3095

Knowledge of internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering).

Knowledge
3098

Knowledge of virtualization products (Vmware, Virtual PC).

Knowledge
3205

Knowledge of current computer-based intrusion sets.

Knowledge
3211

Knowledge of cyber laws and legal considerations and their effect on cyber planning.

Knowledge
3235

Knowledge of deconfliction processes and procedures.

Knowledge
3253

Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP).

Knowledge
3262

Knowledge of evolving/emerging communications technologies.

Knowledge
3271

Knowledge of internal and external partner cyber operations capabilities and tools.

Knowledge
3286

Knowledge of host-based security products and how they affect exploitation and vulnerability.

Knowledge
3291

Knowledge of how internet applications work (SMTP email, web-based email, chat clients, VOIP).

Knowledge
3292

Knowledge of how modern digital and telephony networks impact cyber operations.

Knowledge
3293

Knowledge of how modern wireless communications systems impact cyber operations.

Knowledge
3326

Knowledge of information security concepts, facilitating technologies and methods.

Knowledge
3356

Knowledge of organization policies and planning concepts for partnering with internal and/or external organizations.

Knowledge
3358

Knowledge of organizational hierarchy and cyber decision making processes.

Knowledge
3374

Knowledge of malware.

Knowledge
3391

Knowledge of objectives, situation, operational environment, and the status and disposition of internal and external partner collection capabilities available to support planning.

Knowledge
3419

Knowledge of organization or partner exploitation of digital networks.

Knowledge
3459

Knowledge of the functions and capabilities of internal teams that emulate threat activities to benefit the organization.

Knowledge
3539

Knowledge of telecommunications fundamentals.

Knowledge
3543

Knowledge of the basic structure, architecture, and design of modern communication networks.

Knowledge
3545

Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).

Knowledge
3570

Knowledge of the organizational structure as it pertains to full spectrum cyber operations, including the functions, responsibilities, and interrelationships among distinct internal elements.

Knowledge
3571

Knowledge of the organizational planning and staffing process.

Knowledge
3572

Knowledge of organization decision support tools and/or methods.

Knowledge
3578

Knowledge of the impacts of internal and external partner staffing estimates.

Knowledge
3591

Knowledge of organization objectives, leadership priorities, and decision-making risks.

Knowledge
3601

Knowledge of the outputs of course of action and exercise analysis.

Knowledge
3607

Knowledge of the processes to synchronize operational assessment procedures with the critical information requirement process.

Knowledge
3615

Knowledge of the structure and intent of organization specific plans, guidance and authorizations.

Knowledge
3616

Knowledge of the structure, architecture, and design of modern digital and telephony networks.

Knowledge
3627

Knowledge of cryptologic capabilities, limitations, and contributions to cyber operations.

Knowledge
3630

Knowledge of the ways in which targets or threats use the Internet.

Knowledge
3638

Knowledge of organization issues, objectives, and operations in cyber as well as regulations and policy directives governing cyber operations.

Knowledge
3639

Knowledge of organization cyber operations programs, strategies, and resources.

Knowledge
3766

Skill in documenting and communicating complex technical and programmatic information.

Skill
3877

Skill in reviewing and editing intelligence products from various sources for cyber operations.

Skill
3893

Skill in tailoring analysis to the necessary levels (e.g., classification and organizational).

Skill
3946

Skill in utilizing virtual collaborative workspaces and/or tools (e.g., IWS, VTCs, chat rooms, SharePoint).

Skill
3964

Skill to analyze target or threat sources of strength and morale.

Skill
4023

Skill to graphically depict decision support materials containing intelligence and partner capability estimates.

Skill
4041

Skill to monitor threat effects to partner capabilities and maintain a running estimate.

Skill
4042

Skill to monitor target or threat situation and environmental factors.

Skill
52

Knowledge of human-computer interaction principles.

Knowledge

Provides legal advice and recommendations on relevant topics related to cyber law.

Workforce Element:
Cyberspace Enablers / Legal/Law Enforcement

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
390A

Acquire and maintain a working knowledge of constitutional issues relevant laws, regulations, policies, agreements, standards, procedures, or other issuances.

Task
574A

Provide legal analysis and decisions to inspector generals, privacy officers, oversight and compliance personnel with regard to compliance with cybersecurity policies and relevant legal and regulatory requirements.

Task
984

Knowledge of cyber defense policies, procedures, and regulations.

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge

Additional KSATs:
KSAT ID Description KSAT
1070A

Ability to monitor and assess the potential impact of emerging technologies on laws, regulations, and/or policies.

Ability
24

Knowledge of concepts and practices of processing digital forensic data.

Knowledge
252

Knowledge of and experience in Insider Threat investigations, reporting, investigative tools and laws/regulations.

Knowledge
300A

Knowledge of intelligence principles, policies, and procedures including legal authorities and restrictions.

Knowledge
398

Advocate organization’s official position in legal and legislative proceedings.

Task
451A

Conduct framing of pleadings to properly identify alleged violations of law, regulations, or policy/guidance.

Task
539A

Develop guidelines for implementation.

Task
599

Evaluate contracts to ensure compliance with funding, legal, and program requirements.

Task
607

Evaluate the effectiveness of laws, regulations, policies, standards, or procedures.

Task
612A

Evaluate the impact of changes to laws, regulations, policies, standards, or procedures.

Task
618A

Provide guidance on laws, regulations, policies, standards, or procedures to management, personnel, or clients.

Task
6210

Knowledge of cloud service models and possible limitations for an incident response.

Knowledge
655A

Facilitate implementation of new or revised laws, regulations, executive orders, policies, standards, or procedures.

Task
675

Interpret and apply laws, regulations, policies, standards, or procedures to specific issues.

Task
787A

Prepare legal and other relevant documents (e.g., depositions, briefs, affidavits, declarations, appeals, pleadings, discovery).

Task
834

Resolve conflicts in laws, regulations, policies, standards, or procedures.

Task
88A

Knowledge of current and emerging cyber technologies.

Knowledge
954A

Knowledge of foreign disclosure policies and import/export control regulations as related to cybersecurity.

Knowledge

Develops detailed plans for the conduct or support of the applicable range of cyber operations…

Workforce Element:
Cyberspace Effects

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
52

Knowledge of human-computer interaction principles.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
264

Knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).

Knowledge
1056

Knowledge of operations security.

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
2009

Provide input to the analysis, design, development or acquisition of capabilities used for meeting objectives.

Task
2032

Apply expertise in policy and processes to facilitate the development, negotiation, and internal staffing of plans and/or memorandums of agreement.

Task
2052

Assess target vulnerabilities and/or operational capabilities to determine course of action.

Task
2073

Provide input to the identification of cyber-related success criteria.

Task
2130

Develop, review and implement all levels of planning guidance in support of cyber operations.

Task
2159

Contribute to crisis action planning for cyber operations.

Task
2180

Coordinate with intelligence and cyber defense partners to obtain relevant essential information.

Task
2192

Use intelligence estimates to counter potential target actions.

Task
2265

Develop and maintain deliberate and/or crisis plans.

Task
2266

Develop and review specific cyber operations guidance for integration into broader planning activities.

Task
2272

Develop cyber operations plans and guidance to ensure that execution and resource allocation decisions align with organization objectives.

Task
2308

Develop or participate in the development of standards for providing, requesting, and/or obtaining support from external partners to synchronize cyber operations.

Task
2310

Develop potential courses of action.

Task
2327

Develop, implement, and recommend changes to appropriate planning procedures and policies.

Task
2331

Devise, document, and validate cyber operation strategy, and planning documents.

Task
2365

Ensure operational planning efforts are effectively transitioned to current operations.

Task
2416

Facilitate interactions between internal and external partner decision makers to synchronize and integrate courses of action in support of objectives.

Task
2422

Gather and analyze data (e.g., measures of effectiveness) to determine effectiveness, and provide reporting for follow-on activities.

Task
2424

Incorporate cyber operations and communications security support plans into organization objectives.

Task
2524

Integrate cyber planning/targeting efforts with other organizations.

Task
2528

Interpret environment preparations assessments to determine a course of action.

Task
2529

Issue requests for information.

Task
2530

Knowledge and understanding of operational design.

Knowledge
2531

Knowledge of organizational planning concepts.

Knowledge
2564

Maintain situational awareness to determine if changes to the operating environment require review of the plan.

Task
2590

Monitor and evaluate integrated cyber operations to identify opportunities to meet organization objectives.

Task
2626

Provide subject matter expertise to planning efforts with internal and external cyber operations partners.

Task
2702

Prepare for and provide subject matter expertise to exercises.

Task
2746

Provide input for the development and refinement of the cyber operations objectives, priorities, strategies, plans, and programs.

Task
2752

Provide input to the administrative and logistical elements of an operational support plan.

Task
2761

Provide planning support between internal and external partners.

Task
2778

Recommend refinement, adaption, termination, and execution of operational plans as appropriate.

Task
2816

Review, approve, prioritize, and submit operational requirements for research, development, and/or acquisition of cyber capabilities.

Task
2837

Submit or respond to requests for deconfliction of cyber operations.

Task
2888

Document lessons learned that convey the results of events and/or exercises.

Task
3001

Ability to accurately and completely source all data used in intelligence, assessment and/or planning products.

Ability
3003

Ability to adjust to and operate in a diverse, unpredictable, challenging, and fast-paced work environment.

Ability
3011

Ability to apply critical reading/thinking skills.

Ability
3015

Ability to apply approved planning development and staffing processes.

Ability
3021

Ability to collaborate effectively with others.

Ability
3022

Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

Ability
3033

Ability to coordinate cyber operations with other organization functions or support activities.

Ability
3040

Ability to develop or recommend planning solutions to problems and situations for which no precedent exists.

Ability
3041

Ability to effectively collaborate via virtual teams.

Ability
3044

Ability to exercise judgment when policies are not well-defined.

Ability
3048

Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—in order to leverage analytical and technical expertise.

Ability
3057

Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives.

Ability
3060

Ability to interpret and understand complex and rapidly evolving concepts.

Ability
3066

Ability to participate as a member of planning teams, coordination groups, and task forces as necessary.

Ability
3076

Ability to tailor technical and planning information to a customer’s level of understanding.

Ability
3095

Knowledge of internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering).

Knowledge
3098

Knowledge of virtualization products (Vmware, Virtual PC).

Knowledge
3106

Knowledge of a wide range of basic communications media concepts and terminology (e.g., computer and telephone networks, satellite, cable, wireless).

Knowledge
3107

Knowledge of a wide range of concepts associated with websites (e.g., website types, administration, functions, software systems, etc.).

Knowledge
3129

Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.).

Knowledge
3154

Knowledge of classification and control markings standards, policies and procedures.

Knowledge
3155

Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc.

Knowledge
3159

Knowledge of cyber operations support or enabling processes.

Knowledge
3173

Knowledge of operational effectiveness assessment.

Knowledge
3177

Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.).

Knowledge
3188

Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.).

Knowledge
3194

Knowledge of crisis action planning and time sensitive planning procedures.

Knowledge
3211

Knowledge of cyber laws and legal considerations and their effect on cyber planning.

Knowledge
3215

Knowledge of cyber actions (i.e. cyber defense, information gathering, environment preparation, cyber attack) principles, capabilities, limitations, and effects.

Knowledge
3225

Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).

Knowledge
3235

Knowledge of deconfliction processes and procedures.

Knowledge
3257

Knowledge of target and threat organization structures, critical capabilities, and critical vulnerabilities.

Knowledge
3262

Knowledge of evolving/emerging communications technologies.

Knowledge
3264

Knowledge of existing, emerging, and long-range issues related to cyber operations strategy, policy, and organization.

Knowledge
3268

Knowledge of staff management, assignment, and allocation processes.

Knowledge
3274

Knowledge of fundamental cyber operations concepts, terminology/lexicon (i.e., environment preparation, cyber attack, cyber defense), principles, capabilities, limitations, and effects.

Knowledge
3275

Knowledge of fundamental cyber concepts, principles, limitations, and effects.

Knowledge
3291

Knowledge of how internet applications work (SMTP email, web-based email, chat clients, VOIP).

Knowledge
3292

Knowledge of how modern digital and telephony networks impact cyber operations.

Knowledge
3326

Knowledge of information security concepts, facilitating technologies and methods.

Knowledge
3358

Knowledge of organizational hierarchy and cyber decision making processes.

Knowledge
3374

Knowledge of malware.

Knowledge
3388

Knowledge of crisis action planning for cyber operations.

Knowledge
3391

Knowledge of objectives, situation, operational environment, and the status and disposition of internal and external partner collection capabilities available to support planning.

Knowledge
3441

Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.

Knowledge
3444

Knowledge of planning activity initiation.

Knowledge
3445

Knowledge of planning timelines adaptive, crisis action, and time-sensitive planning.

Knowledge
3459

Knowledge of the functions and capabilities of internal teams that emulate threat activities to benefit the organization.

Knowledge
3539

Knowledge of telecommunications fundamentals.

Knowledge
3543

Knowledge of the basic structure, architecture, and design of modern communication networks.

Knowledge
3545

Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).

Knowledge
3554

Knowledge of the critical information requirements and how they’re used in planning.

Knowledge
3561

Knowledge of the common networking and routing protocols(e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.

Knowledge
3570

Knowledge of the organizational structure as it pertains to full spectrum cyber operations, including the functions, responsibilities, and interrelationships among distinct internal elements.

Knowledge
3585

Knowledge of accepted organization planning systems.

Knowledge
3591

Knowledge of organization objectives, leadership priorities, and decision-making risks.

Knowledge
3601

Knowledge of the outputs of course of action and exercise analysis.

Knowledge
3605

Knowledge of the information environment.

Knowledge
3606

Knowledge of the process used to assess the performance and impact of operations.

Knowledge
3609

Knowledge of the range of cyber operations and their underlying intelligence support needs, topics, and focus areas.

Knowledge
3610

Knowledge of the relationships between end states, objectives, effects, lines of operation, etc.

Knowledge
3613

Knowledge of the role of network operations in supporting and facilitating other organization operations.

Knowledge
3616

Knowledge of the structure, architecture, and design of modern digital and telephony networks.

Knowledge
3627

Knowledge of cryptologic capabilities, limitations, and contributions to cyber operations.

Knowledge
3630

Knowledge of the ways in which targets or threats use the Internet.

Knowledge
3639

Knowledge of organization cyber operations programs, strategies, and resources.

Knowledge
3651

Knowledge of what constitutes a “threat” to a network.

Knowledge
3659

Knowledge of wireless technologies (e.g., cellular, satellite, GSM) to include the basic structure, architecture, and design of modern wireless communications systems.

Knowledge
3665

Skill in administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures.

Skill
3681

Skill in applying analytical methods typically employed to support planning and to justify recommended strategies and courses of action.

Skill
3685

Skill in applying crisis planning procedures.

Skill
3747

Skill in developing and executing comprehensive cyber operations assessment programs for assessing and validating operational performance characteristics.

Skill
3766

Skill in documenting and communicating complex technical and programmatic information.

Skill
3772

Skill in evaluating information for reliability, validity, and relevance.

Skill
3844

Skill in preparing and presenting briefings.

Skill
3845

Skill in preparing plans and related correspondence.

Skill
3879

Skill in reviewing and editing plans.

Skill
3938

Skill in utilizing feedback in order to improve processes, products, and services.

Skill
3946

Skill in utilizing virtual collaborative workspaces and/or tools (e.g., IWS, VTCs, chat rooms, SharePoint).

Skill
3967

Skill to anticipate key target or threat activities which are likely to prompt a leadership decision.

Skill
4023

Skill to graphically depict decision support materials containing intelligence and partner capability estimates.

Skill
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge

Additional KSATs:
KSAT ID Description KSAT
2058

Assist and advise inter-agency partners in identifying and developing best practices for facilitating operational support to achievement of organization objectives.

Task
2160

Contribute to the development of the organization’s decision support tools if necessary.

Task
2237

Determine indicators (e.g., measures of effectiveness) that are best suited to specific cyber operation objectives.

Task
2368

Ensure that intelligence planning activities are integrated and synchronized with operational planning timelines.

Task
2386

Evaluate intelligence estimates to support the planning cycle.

Task
2459A

Identify cyber intelligence gaps and shortfalls.

Task
2558

Maintain relationships with internal and external partners involved in cyber planning or related areas.

Task
2561

Maintain situational awareness of cyber-related intelligence requirements and associated tasking.

Task
2562

Maintain situational awareness of partner capabilities and activities.

Task
2624

Conduct long-range, strategic planning efforts with internal and external partners in cyber activities.

Task
3054

Ability to identify external partners with common cyber operations interests.

Ability
3114

Knowledge of all forms of intelligence support needs, topics, and focus areas.

Knowledge
3271

Knowledge of internal and external partner cyber operations capabilities and tools.

Knowledge
3293

Knowledge of how modern wireless communications systems impact cyber operations.

Knowledge
3342

Knowledge of intelligence support to planning, execution, and assessment.

Knowledge
3356

Knowledge of organization policies and planning concepts for partnering with internal and/or external organizations.

Knowledge
3419

Knowledge of organization or partner exploitation of digital networks.

Knowledge
3463

Knowledge of required intelligence planning products associated with cyber operational planning.

Knowledge
3489

Knowledge of organizational structures and associated intelligence capabilities.

Knowledge
3571

Knowledge of the organizational planning and staffing process.

Knowledge
3572

Knowledge of organization decision support tools and/or methods.

Knowledge
3607

Knowledge of the processes to synchronize operational assessment procedures with the critical information requirement process.

Knowledge
3615

Knowledge of the structure and intent of organization specific plans, guidance and authorizations.

Knowledge
3638

Knowledge of organization issues, objectives, and operations in cyber as well as regulations and policy directives governing cyber operations.

Knowledge
3976

Skill to apply the process used to assess the performance and impact of cyber operations.

Skill
3998

Skill to craft indicators of operational progress/success.

Skill
4008

Skill to distinguish between notional and actual resources and their applicability to the plan under development.

Skill
4058

Skill to synchronize operational assessment procedures with the critical information requirement process.

Skill
4451

Knowledge of full-spectrum cyberspace operational missions (e.g., DODIN Operations, DCO, OCO, cyberspace ISR, and Operational Preparation of the Environment (OPE)), principles, capabilities, limitations, and effects.

KSA
4471

Knowledge of intelligence/SIGINT reporting and dissemination procedures.

KSA
8069

Develop cyberspace operations TTPs for integration into operational and tactical levels of planning.

Task

Develops cyberspace plans, strategy and policy to support and align with organizational cyberspace missions and…

Workforce Element:
Cyberspace Enablers / Leadership

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
88A

Knowledge of current and emerging cyber technologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
282A

Knowledge of emerging technologies that have potential for exploitation by adversaries.

Knowledge
320A

Knowledge of external organizations and academic institutions with cyber focus (e.g., cyber curriculum/training and Research & Development).

Knowledge
410A

Analyze organizational cyber policy.

Task
424B

Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities.

Task
492A

Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization’s strategic plan.

Task
565A

Draft, staff, and publish cyber policy.

Task
720A

Monitor the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services.

Task
812A

Provide policy guidance to cyber management, staff, and users.

Task
840A

Review, conduct, or participate in audits of cyber programs and projects.

Task
854A

Support the CIO in the formulation of cyber-related policies.

Task
1027A

Interpret and apply applicable laws, statutes, and regulatory documents and integrate into policy.

Task
1036

Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed.

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
5020

Advocate for adequate funding for cyber training resources, to include both internal and industry-provided courses, instructors, and related materials.

Task
5560

Promote awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization’s mission, vision, and goals.

Task
6100

Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.

Ability
6140

Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues.

Ability
6270

Knowledge of full spectrum cyber capabilities.

Knowledge
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge

Additional KSATs:
KSAT ID Description KSAT
105

Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

Knowledge
1125

Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration.

Knowledge
244

Ability to determine the validity of technology trend data.

Ability
297A

Knowledge of industry indicators useful for identifying technology trends.

Knowledge
336

Knowledge of the nature and function of the relevant information structure (e.g., National Information Infrastructure).

Knowledge
485A

Define and integrate current and future mission environments.

Task
5300

Ensure cyber workforce management policies and processes comply with legal and organizational requirements regarding equal opportunity, diversity, and fair hiring/employment practices.

Task
539

Develop policy, programs, and guidelines for implementation.

Task
5620

Review/Assess cyber workforce effectiveness to adjust skill and/or qualification standards.

Task
594

Establish and maintain communication channels with stakeholders.

Task
6210

Knowledge of cloud service models and possible limitations for an incident response.

Knowledge
6410

Knowledge of strategic theory and practice.

Knowledge
724A

Seek consensus on proposed policy changes from stakeholders.

Task
838

Review existing and proposed policies with stakeholders.

Task
847

Serve on agency and interagency policy boards.

Task
942

Knowledge of the organization’s core business/mission processes.

Knowledge

Develop cyberspace workforce plans, strategies and guidance to support cyberspace workforce manpower, personnel, training and…

Workforce Element:
Cyberspace Enablers / Leadership

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
320A

Knowledge of external organizations and academic institutions with cyber focus (e.g., cyber curriculum/training and Research & Development).

Knowledge
492A

Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization’s strategic plan.

Task
629A

Identify and address cyber workforce planning and management issues (e.g. recruitment, retention, and training).

Task
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
5020

Advocate for adequate funding for cyber training resources, to include both internal and industry-provided courses, instructors, and related materials.

Task
5160

Coordinate with internal and external subject matter experts to ensure existing qualification standards reflect organizational functional requirements and meet industry standards.

Task
5230

Develop and implement standardized position descriptions based on established cyber work roles.

Task
5250

Develop cyber career field classification structure to include establishing career field entry requirements and other nomenclature such as codes and identifiers.

Task
5290

Ensure cyber career fields are managed in accordance with organizational Human Resource (HR) policies and directives.

Task
5300

Ensure cyber workforce management policies and processes comply with legal and organizational requirements regarding equal opportunity, diversity, and fair hiring/employment practices.

Task
5330

Establish and collect metrics to monitor and validate cyber workforce readiness including analysis of cyber workforce data to assess the status of positions identified, filled, and filled with qualified personnel.

Task
5350

Establish cyber career paths to allow career progression, deliberate development, and growth within and between cyber career fields.

Task
5360

Establish manpower, personnel, and qualification data element standards to support cyber workforce management and reporting requirements.

Task
5370

Establish, resource, implement, and assess cyber workforce management programs in accordance with organizational requirements.

Task
5590

Review and apply cyber career field qualification standards.

Task
5600

Review and apply organizational policies related to or having an effect on the cyber workforce.

Task
5620

Review/Assess cyber workforce effectiveness to adjust skill and/or qualification standards.

Task
5630

Support integration of qualified cyber workforce personnel into information systems lifecycle development processes.

Task
6040

Ability to assess and forecast manpower requirements to meet organizational objectives.

Ability
6100

Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.

Ability
6140

Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues.

Ability
6250

Knowledge of Workforce Framework, work roles, and associated tasks, knowledge, skills, and abilities.

Knowledge
6560

Skill in developing workforce and position qualification standards.

Skill
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge

Additional KSATs:
KSAT ID Description KSAT
1027A

Interpret and apply applicable laws, statutes, and regulatory documents and integrate into policy.

Task
1036

Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed.

Knowledge
105

Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

Knowledge
244A

Ability to determine the validity of workforce trend data.

Ability
282A

Knowledge of emerging technologies that have potential for exploitation by adversaries.

Knowledge
297A

Knowledge of industry indicators useful for identifying technology trends.

Knowledge
336

Knowledge of the nature and function of the relevant information structure (e.g., National Information Infrastructure).

Knowledge
410A

Analyze organizational cyber policy.

Task
424B

Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities.

Task
485A

Define and integrate current and future mission environments.

Task
5170

Coordinate with organizational manpower stakeholders to ensure appropriate allocation and distribution of human capital assets.

Task
5240

Develop and review recruiting, hiring, and retention procedures in accordance with current Human Resource (HR) policies.

Task
5340

Establish and oversee waiver processes for cyber career field entry and training qualification requirements.

Task
539

Develop policy, programs, and guidelines for implementation.

Task
5560

Promote awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization’s mission, vision, and goals.

Task
565A

Draft, staff, and publish cyber policy.

Task
594

Establish and maintain communication channels with stakeholders.

Task
6270

Knowledge of full spectrum cyber capabilities.

Knowledge
6340

Knowledge of organizational human resource policies, processes, and procedures.

Knowledge
6360

Knowledge of organizational training and education policies, processes, and procedures.

Knowledge
641

Identify organizational policy stakeholders.

Task
6740

Skill in using manpower and personnel IT systems.

Skill
6800

Ability to develop career path opportunities.

Ability
720A

Monitor the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services.

Task
724A

Seek consensus on proposed policy changes from stakeholders.

Task
812A

Provide policy guidance to cyber management, staff, and users.

Task
838

Review existing and proposed policies with stakeholders.

Task
840A

Review, conduct, or participate in audits of cyber programs and projects.

Task
847

Serve on agency and interagency policy boards.

Task
854A

Support the CIO in the formulation of cyber-related policies.

Task
88A

Knowledge of current and emerging cyber technologies.

Knowledge
942

Knowledge of the organization’s core business/mission processes.

Knowledge
955B

Review and approve a supply chain security/risk management policy.

Task

Cyberspace Operators use a wide range of software applications for network navigation, tactical forensic analysis,…

Workforce Element:
Cyberspace Effects

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge

Additional KSATs:
KSAT ID Description KSAT
4191

Ability to apply tradecraft to minimize risk of detection, mitigate risk, and minimize creation of behavioral signature

Ability
4199

Ability to characterize a target admin/user’s technical abilities, habits, and skills.

Ability
4204

Ability to communicate operational plans and actions and provide feedback regarding OPSEC and tradecraft during mission pre-brief

Ability
4213

Ability to conduct open source research.

Ability
4219

Ability to construct a course of action using available exploitation tools and techniques.

Ability
4222

Ability to continually research and develop new tools/techniques

Ability
4229

Ability to create rules and filters (e.g., Berkeley Packet Filter, Regular Expression).

Ability
4243

Ability to ensure collected data is transferred to the appropriate storage locations.

Ability
4244

Ability to enumerate a network.

Ability
4248

Ability to enumerate user permissions and privileges.

Ability
4249

Ability to evade or counter security products or host based defenses.

Ability
4261

Ability to exploit vulnerabilities to gain additional access.

Ability
4263

Ability to extract credentials from hosts

Ability
4271

Ability to identify capability gaps (e.g., insufficient tools, training, or infrastructure)

Ability
4276

Ability to identify files containing information critical to operational objectives.

Ability
4278

Ability to identify legal, policy, and technical limitations when conducting cyberspace operations.

Ability
4279

Ability to identify logging capabilities on host

Ability
4285

Ability to identify what tools or Tactics, Techniques, and Procedures (TTPs) are applicable to a given situation

Ability
4292

Ability to improve the performance of cyberspace operators by providing constructive (positive and negative) feedback.

Ability
4293

Ability to install/modify/uninstall tools on target systems in accordance with current policies and procedures.

Ability
4296

Ability to interpret device configurations.

Ability
4297

Ability to interpret technical materials such as RFCs and technical manuals.

Ability
4298

Ability to maintain situational awareness of target environment.

Ability
4305

Ability to model a simulated environment to conduct mission rehearsal and mitigate risk of actions taken during operations.

Ability
4308

Ability to operate automated systems to interact with target environment.

Ability
4324

Ability to perform masquerade operations.

Ability
4325

Ability to perform privilege escalation.

Ability
4327

Ability to persist access to a target.

Ability
4330

Ability to plan, brief, execute, and debrief a mission.

Ability
4334

Ability to promote and enable organizational change.

Ability
4335

Ability to provide advice and guidance to various stakeholders regarding technical issues, capabilities, and approaches.

Ability
4336

Ability to provide feedback to developers if a tool requires continued development.

Ability
4340

Ability to provide technical leadership within an organization.

Ability
4341

Ability to read, write, modify, and execute compiled languages (e.g., C).

Ability
4342

Ability to recognize and extract salient information from large data set (e.g., critical information, anomalies).

Ability
4343

Ability to recognize and report mistakes or poor tradecraft to appropriate leadership in accordance with Standard Operating Procedures (SOPs).

Ability
4344

Ability to recognize and respond appropriately to Non-Standard Events.

Ability
4345

Ability to redirect and tunnel through target systems.

Ability
4346

Ability to remediate indicators of compromise.

Ability
4347

Ability to research non-standards within a project.

Ability
4350

Ability to retrieve historical operational and open-source data to analyze compatibility with approved capabilities.

Ability
4359

Ability to train other cyberspace operators.

Ability
4361

Ability to troubleshoot technical problems.

Ability
4367

Ability to use core toolset (e.g., implants, remote access tools).

Ability
4369

Ability to use dynamic analysis tools (e.g. process monitor, process explorer, and registry analysis)

Ability
4370

Ability to use enterprise tools to enumerate target information.

Ability
4378

Ability to verify file integrity for both uploads and downloads.

Ability
4379

Ability to weaken a target to facilitate/enable future access.

Ability
4380

Ability to write and modify markup languages (e.g., HTML, XML).

Ability
4381

Ability to write and modify source code (e.g., C).

Ability
4388

Knowledge of access control models (Role Based Access Control, Attribute Based Access Control).

Knowledge
4391

Knowledge of advanced redirection techniques.

Knowledge
4393

Knowledge of appropriate/inappropriate information to include in operational documentation (e.g., OPNOTES, technical summaries, action maps, etc.).

Knowledge
4395

Knowledge of basic client software applications and their attack surfaces.

Knowledge
4396

Knowledge of basic cloud-based technologies and concepts.

Knowledge
4399

Knowledge of basic Embedded Systems concepts.

Knowledge
4402

Knowledge of basic redirection techniques (e.g. IP Tables, SSH Tunneling, netsh)

Knowledge
4403

Knowledge of basic server software applications and their attack surfaces.

Knowledge
4404

Knowledge of code injection and its employment in cyberspace operations.

Knowledge
4414

Knowledge of common network administration best practices and the impact to operations.

Knowledge
4419

Knowledge of credential sources and restrictions related to credential usage.

Knowledge
4437

Knowledge of device reboots, including when they occur and their impact on tool functionality.

Knowledge
4444

Knowledge of evolving technologies.

Knowledge
4447

Knowledge of factors that would suspend or abort an operation.

Knowledge
4458

Knowledge of historical data relating to particular targets and projects, prior to an operation to include reviewing TECHSUMs, previous OPNOTEs, etc.

Knowledge
4463

Knowledge of how computer programs are executed

Knowledge
4464

Knowledge of how host-based security products, logging, and malware may affect tool functionality

Knowledge
4465

Knowledge of how other actors may affect operations

Knowledge
4466

Knowledge of how race conditions occur and can be employed to compromise shared resources

Knowledge
4482

Knowledge of malware triage.

Knowledge
4485

Knowledge of methods and procedures for sending a payload via an existing implant

Knowledge
4486

Knowledge of methods, strategies, and techniques of evading detection while conducting operations, such as noise, stealth, situational awareness, etc.

Knowledge
4487

Knowledge of methods, tools, and procedures for collecting information, including accessing databases and file systems

Knowledge
4488

Knowledge of methods, tools, and procedures for exploiting target systems

Knowledge
4489

Knowledge of methods, tools, and techniques used to determine the path to a target host/network (e.g., identify satellite hops).

Knowledge
4496

Knowledge of models for examining cyber threats (e.g. cyber kill chain, MITRE ATT&CK).

Knowledge
4498

Knowledge of modes of communication used by a target, such as cable, fiber optic, satellite, microwave, VSAT, or combinations of these.

Knowledge
4502

Knowledge of open source tactics that enable initial access (e.g. social engineering, phishing)

Knowledge
4503

Knowledge of operating system command shells, configuration data.

Knowledge
4505

Knowledge of operational infrastructure

Knowledge
4508

Knowledge of operational security, logging, admin concepts, and troubleshooting.

Knowledge
4510

Knowledge of password cracking techniques.

Knowledge
4519

Knowledge of process migration

Knowledge
4540

Knowledge of system administration concepts for distributed or managed operating environments.

Knowledge
4541

Knowledge of system administration concepts for stand alone operating systems.

Knowledge
4542

Knowledge of system calls

Knowledge
4552

Knowledge of the components of an authentication system.

Knowledge
4553

Knowledge of the concept of an advanced persistent threat (APT)

Knowledge
4563

Knowledge of the location and use of tool documentation.

Knowledge
4564

Knowledge of the methods and procedures for communicating with tools/modules, including the use of listening posts.

Knowledge
4565

Knowledge of the methods of persistence.

Knowledge
4567

Knowledge of the Mission Improvement Process

Knowledge
4571

Knowledge of the Plan, Brief, Execute, and Debrief process

Knowledge
4581

Knowledge of the tactics development process

Knowledge
4586

Knowledge of threats to OPSEC when installing, using, modifying, and uninstalling tools.

Knowledge
4587

Knowledge of tool release/testing process

Knowledge
4593

Knowledge of VPNs, their purpose, and how they can be leveraged.

Knowledge
4628

Skill in enumerating a host (e.g. file systems, host meta data host characteristics).

Skill
4641

Skill in manipulating firewall/host based security configuration and rulesets.

Skill
4663

Skill in retrieving memory resident data.

Skill
4670

Skill in transferring files to target devices (e.g., scp, tftp, http, ftp).

Skill
4674

Skill in using network enumeration and analysis tools, both active and passive.

Skill
8001

Advise leadership on operational tradecraft, emerging technology, and technical health of the force.

Task
8015

Approve remediation actions.

Task
8017

As authorized, train cyberspace operators at one’s certification level or below.

Task
8020

Assess the technical health of the cyberspace operator work role.

Task
8021

Assess, recommend, and evaluate remediation actions.

Task
8030

Conduct cyber activities to deny, degrade, disrupt, destroy, manipulate, (D4M).

Task
8037

Conduct post-mission actions.

Task
8039

Conduct pre-mission actions

Task
8040

Conduct pre-operation research and prep.

Task
8052

Create/normalize/document/evaluate TTPs in cyberspace operations.

Task
8067

Develop and/or inform risk assessments.

Task
8071

Develop Operational Training Solultions.

Task
8073

Develop remediation actions.

Task
8074

Develop risk assessments for non-standard events and ad hoc tradecraft.

Task
8083

Employ collection TTPs in cyberspace operations.

Task
8084

Employ credential access TTPs in cyberspace operations.

Task
8086

Employ discovery TTPs in cyberspace operations.

Task
8087

Employ exfiltration TTPs in cyberspace operations.

Task
8088

Employ lateral movement TTPs in cyberspace operations.

Task
8089

Employ TTPs in categories at one’s certification level or below.

Task
8097

Evaluate cyberspace operator performance at one’s certification level or below.

Task
8112

Identify targets of opportunity in order to influence operational planning.

Task
8113

Identify the appropriate operating authorities and guidance

Task
8130

Maintain operational and technical situational awareness during operations

Task
8158

Produce strategy to inform commander’s decision making process.

Task
8167

Provide input to mission debrief.

Task
8168

Provide input to operational policy.

Task
8169

Provide input to post mission planning.

Task
8170

Provide input to pre-mission planning.

Task
8174

Provide oversight of operations.

Task
8175

Provide quality control of operations and cyberspace operator products at one’s certification level or below.

Task
8181

Recognize and respond to indicators of compromise (IOC).

Task
8183

Recognize and respond to events that change risk.

Task
8184

Record and document activities during cyberspace operations.

Task
8192

Steward the cyberspace operator work role.

Task
8197

Train cyberspace operators at their certified level or below.

Task

Analyzes and interprets data from multiple disparate sources and builds visualizations and dashboards to report…

Workforce Element:
Data/AI

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
31

Knowledge of data mining and data warehousing principles.

Knowledge
104

Knowledge of query languages such as SQL (structured query language).

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
166

Skill in conducting queries and developing algorithms to analyze data structures.

Skill
201

Skill in generating queries and reports.

Skill
1120

Ability to interpret and incorporate data from multiple tool sources.

Ability
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
3022

Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

Ability
5030

Analyze data sources to provide actionable recommendations.

Task
5100

Collect metrics and trending data.

Task
5270

Develop strategic insights from large data sets.

Task
5430

Present technical information to technical and non-technical audiences.

Task
5899

Manipulate and clean large, disparate datasets for bulk analysis to identify connections.

Task
6130

Ability to identify basic common coding flaws at a high level.

Ability
6180

Ability to use data visualization tools (e.g., Flare, HighCharts, AmCharts, D3.js, Processing, Google Visualization API, Tableau, Raphael.js).

Ability
6300

Knowledge of how to utilize Hadoop, Java, Python, SQL, Hive, and PIG to explore data.

Knowledge
6470A

Read, interpret, write, modify, and execute scripts, macros, and functions.

Task
6570

Skill in identifying hidden patterns or relationships.

Skill
6710

Skill in using basic descriptive statistics and techniques (e.g., normality, model distribution, scatter plots).

Skill
6720

Skill in using data analysis tools (e.g., Excel, STATA SAS, SPSS).

Skill
6780

Utilize different programming languages to write code, open files, read files, and write output to different files.

Task
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge
7029

Knowledge of how to collect, store, and monitor data.

Knowledge
7031

Knowledge of how to structure and display data.

Knowledge
7032

Knowledge of how to use data to tell a story.

Knowledge

Additional KSATs:
KSAT ID Description KSAT
1034A

Knowledge of Personally Identifiable Information (PII) data security standards.

Knowledge
1034C

Knowledge of Personal Health Information (PHI) data security standards.

Knowledge
5030

Analyze data sources to provide actionable recommendations.

Task
5440

Present data in creative formats.

Task
5570

Provide actionable recommendations to critical stakeholders based on data analysis and findings.

Task
5896

Maintain current knowledge of advancements in DoD AI Ethical Principles and Responsible AI.

Task
6915A

Skill in communicating with all levels of the organization, including senior/mid-level executives, and operational-level personnel (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience).

Skill
7020

Knowledge of DoD AI Ethical Principles (e.g., responsible, equitable, traceable, reliable, and governable).

Knowledge
7036

Knowledge of laws, regulations, and policies related to AI, data security/privacy, and use of publicly procured data for government.

Knowledge
796

Provide a managed flow of relevant information (via web-based portals or other means) based on a mission requirements.

Task
942

Knowledge of the organization’s core business/mission processes.

Knowledge

Designs a system’s data models, data flow, interfaces, and infrastructure to meet the information requirements…

Workforce Element:
Data/AI

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
28

Knowledge of data administration and data standardization policies and standards.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
135

Knowledge of the capabilities and functionality associated with various technologies for organizing and managing information (e.g., databases, bookmarking engines).

Knowledge
137

Knowledge of the characteristics of physical and virtual data storage media.

Knowledge
187

Skill in developing data models.

Skill
401

Analyze and plan for anticipated changes in data capacity requirements.

Task
408

Analyze information to determine, recommend, and plan the development of a new application or modification of an existing application.

Task
466A

Consult with customers and key stakeholders to evaluate functional requirements for AI and data applications.

Task
815

Provide recommendations on new database technologies and architectures.

Task
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
5140

Confer with systems analysts, engineers, programmers and others to design application.

Task
5841

Advise higher level leadership on critical data management issues.

Task
5854

Collaborate with appropriate personnel to address Personal Health Information (PHI), Personally Identifiable Information (PII), and other data privacy and data resusability concerns for AI solutions.

Task
5885

Examine and identify database structural necessities by evaluating operations, applications, and programming.

Task
5908

Prepare database design and architecture reports.

Task
6190

Effectively allocate storage capacity in the design of data management systems.

Task
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge
7017

Knowledge of data operations (DataOps) processes and best practices.

Knowledge
7029

Knowledge of how to collect, store, and monitor data.

Knowledge
7060

Skill in designing the best approach and architecture for automated data labeling and data lifecycle.

Skill

Additional KSATs:
KSAT ID Description KSAT
1034A

Knowledge of Personally Identifiable Information (PII) data security standards.

Knowledge
1034C

Knowledge of Personal Health Information (PHI) data security standards.

Knowledge
1133

Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).

Knowledge
1141A

Knowledge of an organization’s information classification program and procedures for information compromise.

Knowledge
28

Knowledge of data administration and data standardization policies and standards.

Knowledge
296

Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise.

Knowledge
5896

Maintain current knowledge of advancements in DoD AI Ethical Principles and Responsible AI.

Task
6650

Skill in developing machine understandable semantic ontologies.

Skill
7010

Knowledge of container orchestration and resource management platforms.

Knowledge
7020

Knowledge of DoD AI Ethical Principles (e.g., responsible, equitable, traceable, reliable, and governable).

Knowledge
7025

Knowledge of how AI solutions integrate with cloud or other IT infrastructure.

Knowledge
7026

Knowledge of how commercial and federal solutions solve Defense-related data environment and platform challenges.

Knowledge
7028

Knowledge of how to automate development, testing, security, and deployment of AI/machine learning-enabled software to the DoD.

Knowledge
7036

Knowledge of laws, regulations, and policies related to AI, data security/privacy, and use of publicly procured data for government.

Knowledge
79

Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]).

Knowledge
942

Knowledge of the organization’s core business/mission processes.

Knowledge
952

Knowledge of emerging security issues, risks, and vulnerabilities.

Knowledge

Holds responsibility for developing, promoting, and overseeing implementation of data as an asset and the…

Workforce Element:
Data/AI

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
79

Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]).

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
120

Knowledge of sources, characteristics, and uses of the organization’s data assets.

Knowledge
296

Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise.

Knowledge
524

Develop and maintain strategic plans.

Task
529

Develop data standards, policies, and procedures.

Task
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
2416

Facilitate interactions between internal and external partner decision makers to synchronize and integrate courses of action in support of objectives.

Task
3591

Knowledge of organization objectives, leadership priorities, and decision-making risks.

Knowledge
5841

Advise higher level leadership on critical data management issues.

Task
5842

Analyze existing and planned data investments to ensure they address key business problems, are compatible with the organization’s mission, and align with the target data architecture.

Task
5867

Create policies for effective data management (e.g., data sharing agreements and security policies).

Task
5869

Demonstrate to executive stakeholders how data and analytics initiatives address agency challenges.

Task
5874

Develop a data management strategy that helps to prioritize investments and resource allocations (e.g., data analytics, data infrastructure).

Task
5875

Develop an organizational change management plan to support a data management strategy.

Task
5886

Facilitate cross-sharing of best practices for data usage.

Task
5894

Lead the development and documentation of solutions for assigned data analytical objectives and projects.

Task
5895

Lead the improvement of data system design processes that affect the success and continuation of key programs.

Task
5896

Maintain current knowledge of advancements in DoD AI Ethical Principles and Responsible AI.

Task
5898

Manage risk to the data program.

Task
5903

Oversee the management of data classification and handling requirements.

Task
5913

Remove barriers to data acquisition, collection, and curation efforts required for AI solutions.

Task
5917

Set strategic priorities by leveraging data insights.

Task
6040

Ability to assess and forecast manpower requirements to meet organizational objectives.

Ability
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6915A

Skill in communicating with all levels of the organization, including senior/mid-level executives, and operational-level personnel (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience).

Skill
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge
7001

Ability to inspire and lead a culture of innovation.

Ability
7014

Knowledge of data acquisition, collection, and curation best practices required for AI solutions.

Knowledge
7015

Knowledge of data architecture and data services implementation.

Knowledge
7016

Knowledge of data model development (e.g., conceptual, logical, and physical).

Knowledge
7019

Knowledge of data security roles and responsibilities.

Knowledge
7020

Knowledge of DoD AI Ethical Principles (e.g., responsible, equitable, traceable, reliable, and governable).

Knowledge
7029

Knowledge of how to collect, store, and monitor data.

Knowledge
7036

Knowledge of laws, regulations, and policies related to AI, data security/privacy, and use of publicly procured data for government.

Knowledge
7063

Skill in developing enterprise-level/Agency-level policies.

Skill
7074

Skill in performing strategic-level analysis to develop Enterprise Data Management (EDM) strategies.

Skill
7083

Ability to understand technology, management, and leadership issues related to organization processes and problem solving.

Ability
7110

Ability to understand technology, management, and leadership issues related to organization processes and problem solving.

Ability

Additional KSATs:
KSAT ID Description KSAT
1018

Ensure all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.

Task
2558

Maintain relationships with internal and external partners involved in cyber planning or related areas.

Task
3146

Knowledge of both internal and external customers and partner organizations, including information needs, objectives, structure, capabilities, etc.

Knowledge
3356

Knowledge of organization policies and planning concepts for partnering with internal and/or external organizations.

Knowledge
559C

Oversee the evaluation of contracts to ensure compliance with funding, legal, and program requirements.

Task
6250

Knowledge of Workforce Framework, work roles, and associated tasks, knowledge, skills, and abilities.

Knowledge
6290

Knowledge of how to leverage government research and development centers, think tanks, academic research, and industry systems.

Knowledge
942

Knowledge of the organization’s core business/mission processes.

Knowledge

Builds, manages, and operationalizes data pipelines.

Workforce Element:
Data/AI

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
28

Knowledge of data administration and data standardization policies and standards.

Knowledge
31

Knowledge of data mining and data warehousing principles.

Knowledge
32

Knowledge of database management systems, query languages, table relationships, and views.

Knowledge
104

Knowledge of query languages such as SQL (structured query language).

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
179B

Skill in establishing data security controls.

Skill
186

Skill in developing data dictionaries.

Skill
400A

Implement data management standards, requirements, and specifications.

Task
520B

Develop and implement data mining and data warehousing programs.

Task
543

Develop secure code and error handling.

Task
702

Manage the compilation, cataloging, caching, distribution, and retrieval of data.

Task
764

Perform secure programming and identify potential flaws in codes to mitigate vulnerabilities.

Task
858B

Record and manage test data.

Task
1128

Knowledge of Java-based database access application programming interface (API) (e.g., Java Database Connectivity [JDBC]).

Knowledge
1128A

Knowledge of database access application programming interfaces (APIs) (e.g., Java Database Connectivity [JDBC]).

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
3722

Skill in data mining techniques (e.g., searching file systems) and analysis.

Skill
5550

Program custom algorithms.

Task
5841

Advise higher level leadership on critical data management issues.

Task
5844

Apply data acquisition, cleaning, transformation, and ingestion best practices for machine learning data conduits.

Task
5846

Assess and address the limitations of methods to deliver data.

Task
5850

Assist integrated project teams to identify, curate, and manage data.

Task
5852

Build automated data management conduits.

Task
5857

Comply with data classification and handling requirements through access control and security best practices.

Task
5899

Manipulate and clean large, disparate datasets for bulk analysis to identify connections.

Task
6060

Ability to collect, verify, and validate test data.

Ability
6300

Knowledge of how to utilize Hadoop, Java, Python, SQL, Hive, and PIG to explore data.

Knowledge
6470

Read, interpret, write, modify, and execute simple scripts (e.g., PERL, VBS) on Windows and UNIX systems (e.g., those that perform tasks such as: parsing large data files, automating manual tasks, and fetching/processing remote data).

Task
6520

Skill in data pre-processing (e.g., imputation, dimensionality reduction, normalization, transformation, extraction, filtering, smoothing).

Skill
6610

Skill in performing format conversions to create a standard representation of the data.

Skill
6690

Skill in transformation analytics (e.g., aggregation, enrichment, processing).

Skill
6730

Skill in using data mapping tools.

Skill
6760

Skill in writing scripts using R, Python, PIG, HIVE, SQL, etc.

Skill
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge
7017

Knowledge of data operations (DataOps) processes and best practices.

Knowledge
7019

Knowledge of data security roles and responsibilities.

Knowledge
7029

Knowledge of how to collect, store, and monitor data.

Knowledge
7062

Skill in developing and maintaining automation scripts.

Skill
7066

Skill in identifying data acquisition, collection, and curation risks.

Skill

Additional KSATs:
KSAT ID Description KSAT
1034A

Knowledge of Personally Identifiable Information (PII) data security standards.

Knowledge
1034C

Knowledge of Personal Health Information (PHI) data security standards.

Knowledge
520A

Implement data mining and data warehousing applications.

Task
5854

Collaborate with appropriate personnel to address Personal Health Information (PHI), Personally Identifiable Information (PII), and other data privacy and data resusability concerns for AI solutions.

Task
5896

Maintain current knowledge of advancements in DoD AI Ethical Principles and Responsible AI.

Task
7010

Knowledge of container orchestration and resource management platforms.

Knowledge
7020

Knowledge of DoD AI Ethical Principles (e.g., responsible, equitable, traceable, reliable, and governable).

Knowledge
7025

Knowledge of how AI solutions integrate with cloud or other IT infrastructure.

Knowledge
7028

Knowledge of how to automate development, testing, security, and deployment of AI/machine learning-enabled software to the DoD.

Knowledge
7036

Knowledge of laws, regulations, and policies related to AI, data security/privacy, and use of publicly procured data for government.

Knowledge
942

Knowledge of the organization’s core business/mission processes.

Knowledge

Uncovers and explains actionable insights from data by combining scientific method, math and statistics, specialized…

Workforce Element:
Data/AI

Core KSATs:
KSAT ID Description KSAT
21A

Knowledge of statistical/machine learning algorithms.

Knowledge
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
75A

Knowledge of mathematics, including logarithms, trigonometry, linear algebra, calculus, statistics, and operational analysis.

Knowledge
102

Knowledge of programming language structures and logic.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
166

Skill in conducting queries and developing algorithms to analyze data structures.

Skill
172

Skill in creating and utilizing mathematical or statistical models.

Skill
1120

Ability to interpret and incorporate data from multiple tool sources.

Ability
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
3080

Ability to use and understand complex mathematical concepts (e.g., discrete math).

Ability
3756

Skill in developing or recommending analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.

Skill
5030

Analyze data sources to provide actionable recommendations.

Task
5120

Conduct hypothesis testing using statistical processes.

Task
5550

Program custom algorithms.

Task
5640

Utilize technical documentation or resources to implement a new mathematical, data science, or computer science method.

Task
5853

Build predictive, prescriptive, or descriptive models in collaboration with stakeholders.

Task
5906

Plan and conduct complex analytical, mathematical, and statistical research that informs operational requirements.

Task
5907

Plan, coordinate, and execute complex studies using advanced data modeling techniques and procedures, data trend analysis, and data algorithms.

Task
5924

Train and evaluate machine learning models.

Task
5927

Write and document reproducible code.

Task
6050

Ability to build complex data structures and high-level programming languages.

Ability
6060

Ability to collect, verify, and validate test data.

Ability
6120

Ability to dissect a problem and examine the interrelationships between data that may appear unrelated.

Ability
6490

Skill in assessing the predictive power and subsequent generalizability of a model.

Skill
6570

Skill in identifying hidden patterns or relationships.

Skill
6651

Skill in Regression Analysis (e.g., Hierarchical Stepwise, Generalized Linear Model, Ordinary Least Squares, Tree-Based Methods, Logistic).

Skill
6750

Skill in using outlier identification and removal techniques.

Skill
6760

Skill in writing scripts using R, Python, PIG, HIVE, SQL, etc.

Skill
6790A

Utilize open source languages, as appropriate, and apply quantitative techniques (e.g., descriptive and inferential statistics, sampling, experimental design, parametric and non-parametric tests of difference, ordinary least squares regression, general line).

Task
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge
7002

Assist integrated project teams identify, curate, and manage test data.

Task
7029

Knowledge of how to collect, store, and monitor data.

Knowledge
7071

Skill in labeling data to make it more discoverable and understandable.

Skill

Additional KSATs:
KSAT ID Description KSAT
1034A

Knowledge of Personally Identifiable Information (PII) data security standards.

Knowledge
1034C

Knowledge of Personal Health Information (PHI) data security standards.

Knowledge
35

Knowledge of digital rights management.

Knowledge
506

Design, develop, and modify software systems, using scientific analysis and mathematical models to predict and measure outcome and consequences of design.

Task
5854

Collaborate with appropriate personnel to address Personal Health Information (PHI), Personally Identifiable Information (PII), and other data privacy and data resusability concerns for AI solutions.

Task
5884

Evaluate energy implications (graphical processing unit, tensor processing unit, etc.) when designing AI solutions.

Task
5896

Maintain current knowledge of advancements in DoD AI Ethical Principles and Responsible AI.

Task
5907

Plan, coordinate, and execute complex studies using advanced data modeling techniques and procedures, data trend analysis, and data algorithms.

Task
6290

Knowledge of how to leverage government research and development centers, think tanks, academic research, and industry systems.

Knowledge
6651

Skill in Regression Analysis (e.g., Hierarchical Stepwise, Generalized Linear Model, Ordinary Least Squares, Tree-Based Methods, Logistic).

Skill
7020

Knowledge of DoD AI Ethical Principles (e.g., responsible, equitable, traceable, reliable, and governable).

Knowledge
7036

Knowledge of laws, regulations, and policies related to AI, data security/privacy, and use of publicly procured data for government.

Knowledge
7078

Skill in using deep learning approaches to build machine learning models.

Skill
942

Knowledge of the organization’s core business/mission processes.

Knowledge

Develops and maintains plans, policies, and processes for data management, data governance, security, quality, accessibility,…

Workforce Element:
Data/AI

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
28

Knowledge of data administration and data standardization policies and standards.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
186

Skill in developing data dictionaries.

Skill
400A

Implement data management standards, requirements, and specifications.

Task
400

Analyze and define data requirements and specifications.

Task
702

Manage the compilation, cataloging, caching, distribution, and retrieval of data.

Task
918

Ability to prepare and deliver education and awareness briefings to ensure that systems, network, and data users are aware of and adhere to systems security policies and procedures.

Ability
1034A

Knowledge of Personally Identifiable Information (PII) data security standards.

Knowledge
1034C

Knowledge of Personal Health Information (PHI) data security standards.

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
5080

Assess the validity of source data and subsequent findings.

Task
5380A

Review feedback on customer satisfaction and internal service performance to foster continual improvement.

Task
5850

Assist integrated project teams to identify, curate, and manage data.

Task
5854

Collaborate with appropriate personnel to address Personal Health Information (PHI), Personally Identifiable Information (PII), and other data privacy and data resusability concerns for AI solutions.

Task
5855

Collaborate with data owners to establish data quality rules and definitions.

Task
5864

Create data catalogs and dictionaries.

Task
5865

Create metrics that characterize the usability, timeliness, completeness, and accuracy of data for multiple users to reference and use.

Task
5888

Identify and document customer requirements when on-boarding new data assets.

Task
5897

Manage compliance with data classification and handling requirements.

Task
5911

Recommend data collection, integration, and retention requirements.

Task
6060

Ability to collect, verify, and validate test data.

Ability
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6915A

Skill in communicating with all levels of the organization, including senior/mid-level executives, and operational-level personnel (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience).

Skill
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge
7018

Knowledge of data protection standards and frameworks to prevent unauthorized access to data, and safeguard against unauthorized disclosure of data.

Knowledge
7019

Knowledge of data security roles and responsibilities.

Knowledge
7029

Knowledge of how to collect, store, and monitor data.

Knowledge
7036

Knowledge of laws, regulations, and policies related to AI, data security/privacy, and use of publicly procured data for government.

Knowledge
7040

Knowledge of Personal Health Information (PHI), Personally Identifiable Information (PII), and other data privacy and data reusability considerations for AI solutions.

Knowledge
7071

Skill in labeling data to make it more discoverable and understandable.

Skill

Additional KSATs:
KSAT ID Description KSAT
296

Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise.

Knowledge
466A

Consult with customers and key stakeholders to evaluate functional requirements for AI and data applications.

Task
5896

Maintain current knowledge of advancements in DoD AI Ethical Principles and Responsible AI.

Task
6650

Skill in developing machine understandable semantic ontologies.

Skill
7020

Knowledge of DoD AI Ethical Principles (e.g., responsible, equitable, traceable, reliable, and governable).

Knowledge
7035

Knowledge of key decision-support needs and questions to drive prioritization of data efforts.

Knowledge
942

Knowledge of the organization’s core business/mission processes.

Knowledge

Administers databases and/or data management systems that allow for the storage, query, and utilization of…

Workforce Element:
IT (Cyberspace)

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
28

Knowledge of data administration and data standardization policies and standards.

Knowledge
29

Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools.

Knowledge
32

Knowledge of database management systems, query languages, table relationships, and views.

Knowledge
79

Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]).

Knowledge
98

Knowledge of policy-based and risk adaptive access controls.

Knowledge
104

Knowledge of query languages such as SQL (structured query language).

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
137

Knowledge of the characteristics of physical and virtual data storage media.

Knowledge
179B

Skill in establishing data security controls.

Skill
208

Skill in maintaining databases.

Skill
213

Skill in optimizing database performance.

Skill
401

Analyze and plan for anticipated changes in data capacity requirements.

Task
664A

Install and configure database management systems and software.

Task
684

Maintain database management systems software.

Task
712

Monitor and maintain databases to ensure optimal performance.

Task
740

Perform backup and recovery of databases to ensure data integrity.

Task
815

Provide recommendations on new database technologies and architectures.

Task
910

Knowledge of database theory.

Knowledge
952

Knowledge of emerging security issues, risks, and vulnerabilities.

Knowledge
1123A

Knowledge of current and emerging data encryption (e.g., Column and Tablespace Encryption, file and disk encryption) security features in databases, including built-in cryptographic key management features.

Knowledge
1128A

Knowledge of database access application programming interfaces (APIs) (e.g., Java Database Connectivity [JDBC]).

Knowledge
1154

Performs configuration management, problem management, capacity management, and financial management for databases and data management systems.

Task
1155

Supports incident management, service level management, change management, release management, continuity management, and availability management for databases and data management systems.

Task
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
5890

Identify data consolidation opportunities across database systems, including data sharing and access between business lines.

Task
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge
7029

Knowledge of how to collect, store, and monitor data.

Knowledge

Additional KSATs:
KSAT ID Description KSAT
1034A

Knowledge of Personally Identifiable Information (PII) data security standards.

Knowledge
1034C

Knowledge of Personal Health Information (PHI) data security standards.

Knowledge
1124A

Knowledge of current and emerging data remediation security features in databases.

Knowledge
31

Knowledge of data mining and data warehousing principles.

Knowledge
520A

Implement data mining and data warehousing applications.

Task
6945

Skill in migrating workloads to, from, and among the different cloud computing service models.

Skill
7036

Knowledge of laws, regulations, and policies related to AI, data security/privacy, and use of publicly procured data for government.

Knowledge
942

Knowledge of the organization’s core business/mission processes.

Knowledge

Selects/Deploys/Maintains the set of Continuous Integration/Continuous Deployment (CI/CD) tools and processes used by the development…

Workforce Element:
Software Engineering

Core KSATs:
KSAT ID Description KSAT
3C

Skill in recognizing vulnerabilities in information and/or data systems.

Skill
3B

Skill in conducting vulnerability scans and recognizing vulnerabilities in information systems and networks.

Skill
4

Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.

Ability
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
34

Knowledge of database systems.

Knowledge
58

Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
130

Knowledge of systems testing and evaluation methods.

Knowledge
130A

Knowledge of systems security testing and evaluation methods.

Knowledge
142A

Knowledge of the operations and processes for incident, problem, and event management.

Knowledge
144

Knowledge of the systems engineering process.

Knowledge
190

Skill in developing operations-based testing scenarios.

Skill
238A

Skill in writing code in a currently supported programming language (e.g., Java, C++).

Skill
412A

Analyze the results of software, hardware, or interoperability testing.

Task
420

Apply security policies to meet security objectives of the system.

Task
421a

Apply security architecture principles to meet organization’s confidentiality, integrity, and availability requirements.

Task
452

Conduct functional and connectivity testing to ensure continuing operability.

Task
559B

Analyze and report system security posture trends.

Task
568

Employ secure configuration management processes.

Task
572

Ensure application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment.

Task
576

Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.

Task
653B

Implement security measures to mitigate or remediate vulnerabilities and security deficiencies, and provide justification for acceptance of residual risk.

Task
661A

Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation.

Task
708A

Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative.

Task
726

Oversee and make recommendations regarding configuration management.

Task
729A

Verify minimum security requirements are in place for all applications.

Task
754

Perform cybersecurity testing of developed applications and/or systems.

Task
880A

Work with stakeholders to resolve computer security incidents and vulnerability compliance.

Task
1037A

Knowledge of information technology (IT) risk management policies, requirements, and procedures.

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
2054

Assess the effectiveness of security controls.

Task
3030

Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.

Ability
3822

Skill in managing client relationships, including determining client needs/requirements, managing client expectations, and demonstrating commitment to delivering quality results.

Skill
5940

Work with designers and developers thru out the design, development and testing process.

Task
5939

Choose and deploy the appropriate automated application security testing tools.

Task
5941

Utilize tools and techniques like risk assessment, threat modeling, and cybersecurity to detect and analyze the threats.

Task
5942

Work with Security Engineers to ensure that all security threats are dealt with during the development phase.

Task
5943

Work with Automation tools are used to identify the vulnerabilities.

Task
5944

Identify and implement tooling for controlling the steps in a continuous integration (CI) and continuous deployment (CD) pipeline.

Task
5945

Develop and implement automatic test tools in a CI/CD pipeline, which could include Static Application Security Test (SAST) tools, Dynamic Application Security Test (DAST) tools, Unit Test tools, Static Code Analysis (SCA) tools, etc.

Task
5946

Develop code within a CI/CD Pipeline.

Task
5947

Select appropriate language and coding standards for software application for appropriate Continuous Integration/Continuous Deployment (CI/CD) framework.

Task
5948

Apply testing activities, understands fault vs. failures, conduct basic test planning, develop test selection or adequacy criteria, crafts test documentation, ensures test coverages, and conducts automated testing.

Task
5950

Develop and deploy software using continuous integration methods, processes, and tools, including test case writing against completion criteria (for each release, capability, micro-service, or component), build automation, and build processes.

Task
5953

Provide DevSecOps guidance to leadership.

Task
5955

Work closely with development teams to provide and support the environment needed to deliver an organization’s services.

Task
6090

Ability to develop curriculum for use within a virtual environment.

Ability
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge
7087

Knowledge of programming languages.

Knowledge
7088

Knowledge of continuous integration/continuous deployment (CI/CD) processes and pipeline tools.

Knowledge
7089

Knowledge of portable, extensible, open source platform for managing containerized workloads and services.

Knowledge
7090

Knowledge of cloud hosting providers.

Knowledge
7091

Knowledge of threat modeling, risk assessment techniques, code reviews, current best practices and the latest cybersecurity threats.

Knowledge
7092

Knowledge of how security impacts each development phase and the services.

Knowledge
7093

Knowledge of a Continuous Integration/Continuous Deployment (CI/CD) environment and processes.

Knowledge
7094

Knowledge of the steps for release to higher levels of integration testing, certification activities, and/or operations using testbeds, modeling and simulation to synchronize software releases with the development of an operations environment(s) to ensure compatibility.

Knowledge
7095

Knowledge of every stage in the software project lifecycle, from initial design and build to rollout and maintenance.

Knowledge

Additional KSATs:
KSAT ID Description KSAT
1040A

Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.

Knowledge
1139A

Knowledge of implementing enterprise key escrow systems to support data-at-rest encryption.

Knowledge
1141A

Knowledge of an organization’s information classification program and procedures for information compromise.

Knowledge
21

Knowledge of computer algorithms.

Knowledge
220

Skill in systems integration testing.

Skill
225A

Skill in the use of penetration testing tools and techniques, including specialized tools for non-traditional systems and networks (e.g., control systems).

Skill
25B

Knowledge of encryption algorithms.

Knowledge
27A

Knowledge of cryptology.

Knowledge
3642

Knowledge of various types of computer architectures.

Knowledge
5050

Assess all the configuration management (change configuration/release management) processes.

Task
571

Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.

Task
5949

Transition embedded and non-embedded software developed and sustained using traditional software methods into a DevSecOps environment.

Task
5951

Select and implement telemetry within the CI/CD pipeline and Ops software to support metrics and problem discovery and resolution.

Task
5954

Build test interfaces and perform complex integration.

Task
6240

Knowledge of critical protocols (e.g., IPSEC, AES, GRE, IKE).

Knowledge
717A

Assess and monitor cybersecurity related to system implementation and testing practices.

Task
75B

Knowledge of statistics.

Knowledge
765

Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.

Task
795

Properly document all systems security implementation, operations and maintenance activities and update as necessary.

Task
806A

Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.

Task
809

Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).

Task
876

Verify and update security documentation reflecting the application/system security design features.

Task
938A

Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.

Task
94

Knowledge of parallel and distributed computing concepts.

Knowledge

The DNEA analyzes intercepted intelligence information for metadata and content. They use this data to…

Workforce Element:
Cyberspace Effects

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge

Additional KSATs:
KSAT ID Description KSAT
4396

Knowledge of basic cloud-based technologies and concepts.

Knowledge
4399

Knowledge of basic Embedded Systems concepts.

Knowledge
4401

Knowledge of basic reconnaissance activity concepts and techniques (foot printing, scanning and enumeration).

Knowledge
4420

Knowledge of Critical Intelligence Communication (CRITIC) identification and reporting process.

Knowledge
4423

Knowledge of cryptologic and SIGINT reporting and dissemination procedures.

Knowledge
4428

Knowledge of cybersecurity concepts and principles.

Knowledge
4431

Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).

Knowledge
4460

Knowledge of how and when to request assistance from the Cryptanalysis and Signals Analysis and/or CNO.

Knowledge
4470

Knowledge of intelligence sources and their characteristics.

Knowledge
4490

Knowledge of methods, tools, sources, and techniques used to research, integrate and summarize all-source information pertaining to target.

Knowledge
4523

Knowledge of quality review process and procedures.

Knowledge
4533

Knowledge of SIGINT laws and directives.

Knowledge
4539

Knowledge of structured response frameworks (e.g. MITRE ATT&CK, Lockheed Martin Kill Chain, Diamond Model).

Knowledge
4570

Knowledge of the overall mission of the Cyber Mission Forces (CMF).

Knowledge
4578

Knowledge of the specific missions for CMF (i.e., Cyber Mission Teams (CMT), National Mission Teams (NMT), Combat Support Team (CST), National Support Team (NST), Cyber Protection Team (CPT).

Knowledge
4582

Knowledge of the U.S. Cryptologic Systems authorities, responsibilities, and contributions to the cyberspace operations mission.

Knowledge
4601

Skill in analyzing endpoint collection data.

Skill
4620

Skill in developing and maintaining target profiles.

Skill
4631

Skill in geolocating targets.

Skill
4643

Skill in operational use of raw collection databases.

Skill
4645

Skill in performing data fusion from all-source intelligence for geospatial analysis.

Skill
4646

Skill in performing data fusion from all-source intelligence for network analysis and reconstruction (e.g., Single Table Inheritance (STIs), network maps).

Skill
4647

Skill in performing data fusion from all-source intelligence.

Skill
4651

Skill in providing feedback to enhance future collection and analysis.

Skill
4656

Skill in recognizing exploitation opportunities.

Skill
4659

Skill in recognizing the value of survey data.

Skill
4667

Skill in selector normalization.

Skill
4669

Skill in targeting (e.g., selectors).

Skill
8011

Apply and/or develop analytic techniques to provide better intelligence.

Task
8013

Apply customer requirements to the analysis process.

Task
8023

Assist planners in the development of courses of action

Task
8063

Develop analytical techniques to gain more target information.

Task
8064

Develop and lead exercises

Task
8065

Develop and maintain target profiles using appropriate corporate tools and databases (e.g. Target associations, activities, communication infrastructures, etc.).

Task
8081

Document and disseminate analytic findings.

Task
8090

Enable targeting offices to find new sources of collection.

Task
8100

Evaluate the strengths and weaknesses of the intelligence source.

Task
8101

Evaluate threat critical capabilities, requirements, and vulnerabilities.

Task
8102

Facilitate collaboration with customers, Intelligence and targeting organizations involved in related cyber areas.

Task
8108

Identify and facilitate partner relationships to enhance mission capabilities

Task
8128

Lead work role working groups/planning and development forums

Task
8137

Manipulate information in mission relevant databases (e.g., converting data, generating reports).

Task
8138

Mitigate collection gaps

Task
8145

Perform network analysis to support new or continued collection.

Task
8157

Produce digital network intelligence against specific named target sets.

Task
8164

Provide expertise in support of operational effects generated through cyber activities.

Task
8173

Provide intel target recommendations which meet leadership objectives.

Task
8191

Select, build, and develop query strategies against appropriate collection databases.

Task
8205

Understand technologies used by a given target

Task
8206

Understand TTPs and methodologies to enable access ops or access vector opportunities.

Task

Develops and maintains business, systems, and information processes to support enterprise mission needs; develops information…

Workforce Element:
IT (Cyberspace)

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
38

Knowledge of organization’s enterprise information security architecture system.

Knowledge
68A

Ability to build architectures and frameworks.

Ability
79

Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]).

Knowledge
82A

Knowledge of network design processes, to include understanding of security objectives, operational objectives, and tradeoffs.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
141A

Knowledge of the enterprise information technology (IT) architectural concepts and patterns to include baseline and target architectures.

Knowledge
143A

Knowledge of integrating the organization’s goals and objectives into the architecture.

Knowledge
144

Knowledge of the systems engineering process.

Knowledge
413A

Analyze user needs and requirements to plan architecture.

Task
569A

Document and update as necessary all definition and architecture activities.

Task
579

Ensure acquired or developed system(s) and architecture(s) are consistent with organization’s cybersecurity architecture guidelines.

Task
780A

Plan implementation strategy to ensure enterprise components can be integrated and aligned.

Task
1072

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge

Additional KSATs:
KSAT ID Description KSAT
1037B

Knowledge of program protection planning to include information technology (IT) supply chain security/risk management policies, anti-tampering techniques, and requirements.

Knowledge
1038B

Knowledge of local specialized system requirements (e.g., critical infrastructure/control systems that may not use standard information technology [IT]) for safety, performance, and reliability).

Knowledge
1073

Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.

Knowledge
108A

Knowledge of the DoD implementation of the Risk Management Framework (RMF) to include processes.

Knowledge
109A

Knowledge of configuration management techniques.

Knowledge
110

Knowledge of key concepts in security management (e.g., Release Management, Patch Management).

Knowledge
111

Knowledge of security system design tools, methods, and techniques.

Knowledge
1130

Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions).

Knowledge
1133

Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).

Knowledge
1136A

Knowledge of use cases related to collaboration and content synchronization across platforms (e.g., Mobile, PC, Cloud).

Knowledge
113A

Knowledge of N-tiered typologies including server and client operating systems.

Knowledge
1141A

Knowledge of an organization’s information classification program and procedures for information compromise.

Knowledge
1142

Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).

Knowledge
1147A

Develop data management capabilities (e.g., cloud based, centralized cryptographic key management) to include support to the mobile workforce.

Task
119

Knowledge of software engineering.

Knowledge
130

Knowledge of systems testing and evaluation methods.

Knowledge
132A

Ability to execute technology integration processes.

Ability
133

Knowledge of key telecommunications concepts (e.g., Routing Algorithms, Fiber Optics Systems Link Budgeting, Add/Drop Multiplexers).

Knowledge
155

Skill in applying and incorporating information technologies into proposed solutions.

Skill
180

Skill in designing the integration of hardware and software solutions.

Skill
183

Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.

Skill
183A

Knowledge in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.

Knowledge
2014

Analyze candidate architectures, allocate security services, and select security mechanisms.

Task
224

Skill in design modeling and building use cases (e.g., unified modeling language).

Skill
2390

Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements contained in acquisition documents.

Task
2887

Write detailed functional specifications that document the architecture development process.

Task
3153

Knowledge of circuit analysis.

Knowledge
3246

Knowledge of confidentiality, integrity, and availability requirements.

Knowledge
3307

Knowledge of cybersecurity-enabled software products.

Knowledge
34

Knowledge of database systems.

Knowledge
3642

Knowledge of various types of computer architectures.

Knowledge
40

Knowledge of organization’s evaluation and validation requirements.

Knowledge
42

Knowledge of electrical engineering as applied to computer architecture, including circuit boards, processors, chips, and associated computer hardware.

Knowledge
43A

Knowledge of embedded systems.

Knowledge
46A

Knowledge of system fault tolerance methodologies.

Knowledge
483A

Captures and integrates essential system capabilities or business functions required for partial or full system restoration after a catastrophic failure event.

Task
484

Define appropriate levels of system availability based on critical system functions and ensure system requirements identify appropriate disaster recovery and continuity of operations requirements to include any appropriate fail-over/alternate site requirements, backup requirements, and material supportability requirements for system recover/restoration.

Task
502B

Develop enterprise architecture required to meet user needs.

Task
51

Knowledge of how system components are installed, integrated, and optimized.

Knowledge
53A

Knowledge of security risk assessments and authorization per Risk Management Framework processes.

Knowledge
602

Evaluate factors such as reporting formats required, cost constraints, and need for security restrictions to determine hardware configuration.

Task
6030

Ability to apply an organization’s goals and objectives to develop and maintain architecture.

Ability
6150

Ability to optimize systems to meet enterprise performance requirements.

Ability
62

Knowledge of industry-standard and organizationally accepted analysis principles and methods.

Knowledge
63

Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Knowledge
631

Identify and prioritize critical business functions in collaboration with organizational stakeholders.

Task
6330

Knowledge of multi-level/security cross domain solutions.

Knowledge
65A

Knowledge of Information Theory (e.g., source coding, channel coding, algorithm complexity theory, and data compression).

Knowledge
6680

Skill in the use of design methods.

Skill
6918

Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments.

Ability
6942

Skill in designing or implementing cloud computing deployment models.

Skill
6945

Skill in migrating workloads to, from, and among the different cloud computing service models.

Skill
69A

Knowledge of risk management processes and requirements per the Risk Management Framework (RMF).

Knowledge
70A

Knowledge of cybersecurity methods, such as firewalls, demilitarized zones, and encryption.

Knowledge
765A

Integrate results regarding the identification of gaps in security architecture.

Task
797

Provide advice on project costs, design concepts, or design changes.

Task
809

Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).

Task
81A

Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

Knowledge
864A

Translate proposed capabilities into technical requirements.

Task
90

Knowledge of operating systems.

Knowledge
92

Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).

Knowledge
94

Knowledge of parallel and distributed computing concepts.

Knowledge
993A

Ability to apply the methods, standards, and approaches for describing, analyzing, and documenting an organization’s enterprise information technology (IT) architecture (e.g., Open Group Architecture Framework [TOGAF], Department of Defense Architecture Framework [DoDAF], Federal Enterprise Architecture Framework [FEAF]).

Ability
994A

Document how the implementation of a new system or new interface between systems impacts the current and target environment including but not limited to security posture.

Task
996B

Integrate key management functions as related to cyberspace.

Task

Executes decision-making authorities and establishes vision and direction for an organization’s cyber and cyber-related policies,…

Workforce Element:
Cyberspace Enablers / Leadership

Core KSATs:
KSAT ID Description KSAT
10

Knowledge of application vulnerabilities.

Knowledge
15A

Knowledge of capabilities, applications, and potential vulnerabilities of network equipment including hubs, routers, switches, bridges, servers, transmission media, and related hardware.

Knowledge
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
105

Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
150

Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.

Knowledge
173

Skill in creating policies that reflect system security objectives.

Skill
321A

Knowledge of industry technologies and how differences affect exploitation/vulnerabilities.

Knowledge
391

Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.

Task
392

Acquire necessary resources, including financial resources, to conduct an effective enterprise continuity of operations program.

Task
395

Advise senior management (e.g., CIO) on risk levels and security posture.

Task
396

Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, and systems, and elements.

Task
424B

Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities.

Task
445

Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.

Task
475

Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.

Task
492A

Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization’s strategic plan.

Task
524

Develop and maintain strategic plans.

Task
542A

Develop mitigation strategies to address cost, schedule, performance, and security risks.

Task
599

Evaluate contracts to ensure compliance with funding, legal, and program requirements.

Task
600

Evaluate cost benefit, economic, and risk analysis in decision making process.

Task
674

Interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information.

Task
679

Lead and align information technology (IT) security priorities with the security strategy.

Task
680A

Lead and oversee budget, staffing, and contracting.

Task
680

Lead and oversee information security budget, staffing, and contracting.

Task
711

Monitor and evaluate the effectiveness of the enterprise’s cybersecurity safeguards to ensure they provide the intended level of protection.

Task
737B

Perform an information security risk assessment.

Task
797

Provide advice on project costs, design concepts, or design changes.

Task
801

Provide enterprise cybersecurity and supply chain risk management guidance for development of the Continuity of Operations Plans.

Task
801A

Provide enterprise cybersecurity and supply chain risk management guidance.

Task
807

Provide input on security requirements to be included in statements of work and other appropriate procurement documents.

Task
810

Provide leadership and direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities.

Task
848

Recommend policy and coordinate review and approval.

Task
852

Supervise or manage protective or corrective measures when an cybersecurity incident or vulnerability is discovered.

Task
919

Promote awareness of security issues among management and ensure sound security principles are reflected in the organization’s vision and goals.

Task
947

Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.

Task
952

Knowledge of emerging security issues, risks, and vulnerabilities.

Knowledge
962

Identify security requirements specific to an information technology (IT) system in all phases of the System Life Cycle.

Task
963

Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.

Task
979

Knowledge of supply chain risk management standards, processes, and practices.

Knowledge
1004A

Knowledge of information technology (IT) acquisition/procurement requirements.

Knowledge
1018

Ensure all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.

Task
1041

Define and/or implement policies and procedures to ensure protection of critical infrastructure as appropriate.

Task
1061A

Knowledge of the acquisition/procurement life cycle process.

Knowledge
1125

Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration.

Knowledge
1148B

Ensure supply chain, system, network, performance, and cyber security requirements are included in contract language and delivered.

Task
1148

Develop contract language to ensure supply chain, system, network, and operational security are met.

Task
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
2090

Collaborate with other internal and external partner organizations on target access and operational issues.

Task
2091

Collaborate with other team members or partner organizations to develop a diverse program of information materials (e.g., web pages, briefings, print materials).

Task
2416

Facilitate interactions between internal and external partner decision makers to synchronize and integrate courses of action in support of objectives.

Task
2558

Maintain relationships with internal and external partners involved in cyber planning or related areas.

Task
2624

Conduct long-range, strategic planning efforts with internal and external partners in cyber activities.

Task
2823

Serve as a liaison with external partners.

Task
2839

Supervise and assign work to programmers, designers, technologists and technicians and other engineering and scientific personnel.

Task
2894

Collaborate across internal and/or external organizational lines to enhance collection, analysis and dissemination.

Task
3011

Ability to apply critical reading/thinking skills.

Ability
3044

Ability to exercise judgment when policies are not well-defined.

Ability
3057

Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives.

Ability
3076

Ability to tailor technical and planning information to a customer’s level of understanding.

Ability
3077

Ability to think critically.

Ability
3994

Ability to coordinate, collaborate and disseminate information to subordinate, lateral and higher-level organizations.

Ability
5170

Coordinate with organizational manpower stakeholders to ensure appropriate allocation and distribution of human capital assets.

Task
5560

Promote awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization’s mission, vision, and goals.

Task
5767

Collaborate on cyber privacy and security policies and procedures.

Task
5768

Collaborate with cyber security personnel on the security risk assessment process to address privacy compliance and risk mitigation.

Task
5820

Appoint and guide a team of IT security experts.

Task
5825

Collaborate with key stakeholders to establish a cybersecurity risk management program

Task
6100

Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.

Ability
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6915

Skill in communicating with all levels of management including Board members (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience).

Skill
6920

Ability to ensure information security management processes are integrated with strategic and operational planning processes.

Ability
6921

Ability to ensure that senior officials within the organization provide information security for the information and systems that support the operations and assets under their control.

Ability
6922

Ability to prioritize and allocate cybersecurity resources correctly and efficiently.

Ability
6923

Ability to relate strategy, business, and technology in the context of organizational dynamics.

Ability
6925

Ability to understand the basic concepts and issues related to cyber and its organizational impact.

Ability
6926

Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list).

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge
6947

Skill to anticipate new security threats.

Skill
6948

Skill to remain aware of evolving technical infrastructures.

Skill
6949

Skill to use critical thinking to analyze organizational patterns and relationships.

Skill
7110

Ability to understand technology, management, and leadership issues related to organization processes and problem solving.

Ability

Additional KSATs:
KSAT ID Description KSAT
1004

Knowledge of critical information technology (IT) procurement requirements.

Knowledge
2058

Assist and advise inter-agency partners in identifying and developing best practices for facilitating operational support to achievement of organization objectives.

Task
2328

Develop, maintain, and assess cyber cooperation security agreements with external partners.

Task
2443

Identify and manage security cooperation priorities with external partners.

Task
325

Knowledge of secure acquisitions (e.g., relevant Contracting Officer’s Technical Representative [COTR] duties, secure procurement, supply chain risk management).

Knowledge
398

Advocate organization’s official position in legal and legislative proceedings.

Task
5763

Act as, or work with, counsel relating to business partner contracts.

Task
6160

Ability to oversee the development and update of the lifecycle cost estimate.

Ability
6930

Knowledge of cyber competitions as a way of developing skills by providing hands-on experience in simulated, real-world situations.

Knowledge
706

Manage the publishing of Computer Network Defense guidance (e.g., TCNOs, Concept of Operations, Net Analyst Reports, NTSM, MTOs) for the enterprise constituency.

Task
949

Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.

Task
954

Knowledge of import/export control regulations and responsible agencies for the purposes of reducing supply chain risk.

Knowledge
955B

Review and approve a supply chain security/risk management policy.

Task
965

Knowledge of organization’s risk tolerance and/or risk management approach.

Knowledge

Collaborates to identify access and collection gaps that can be satisfied through cyber collection and/or…

Workforce Element:
Cyberspace Effects

Core KSATs:
KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
264

Knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
2194

Create comprehensive exploitation strategies that identify exploitable technical or operational vulnerabilities.

Task
2400

Examine intercept-related metadata and content with an understanding of targeting significance.

Task
2718

Profile network or system administrators and their activities.

Task
3021

Ability to collaborate effectively with others.

Ability
3022

Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

Ability
3095

Knowledge of internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering).

Knowledge
3103A

Ability to identify/describe target vulnerability.

Ability
3103

Ability to identify/describe techniques/methods for conducting technical exploitation of the target.

Ability
3106

Knowledge of a wide range of basic communications media concepts and terminology (e.g., computer and telephone networks, satellite, cable, wireless).

Knowledge
3107

Knowledge of a wide range of concepts associated with websites (e.g., website types, administration, functions, software systems, etc.).

Knowledge
3129

Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.).

Knowledge
3137

Knowledge of basic malicious activity concepts (e.g., foot printing, scanning and enumeration).

Knowledge
3179

Knowledge of common networking devices and their configurations.

Knowledge
3191

Knowledge of concepts for operating systems (e.g., Linux, Unix).

Knowledge
3225

Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).

Knowledge
3289

Knowledge of how hubs, switches, routers work together in the design of a network.

Knowledge
3291

Knowledge of how internet applications work (SMTP email, web-based email, chat clients, VOIP).

Knowledge
3346

Knowledge of Internet and routing protocols.

Knowledge
3407

Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).

Knowledge
3410

Knowledge of network topology.

Knowledge
3513

Knowledge of system administration concepts for Unix/Linux and/or Windows operating systems.

Knowledge
3543

Knowledge of the basic structure, architecture, and design of modern communication networks.

Knowledge
3801

Skill in identifying the devices that work at each level of protocol models.

Skill