Facilitates AI adoption by supporting the users of AI-enabled solutions.
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
466A | Consult with customers and key stakeholders to evaluate functional requirements for AI and data applications. |
Task |
479A | Correlates training and learning to business or mission requirements. |
Task |
538 | Develop new or identify existing awareness and training materials that are appropriate for intended audiences. |
Task |
918 | Ability to prepare and deliver education and awareness briefings to ensure that systems, network, and data users are aware of and adhere to systems security policies and procedures. |
Ability |
1000B | Ensure that AI design and development activities are properly documented and updated. |
Task |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
3022 | Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means. |
Ability |
5380 | Gather feedback on customer satisfaction and internal service performance to foster continual improvement. |
Task |
5430 | Present technical information to technical and non-technical audiences. |
Task |
5843 | Analyze national security/DoD mission priorities and gaps suitable for the application of AI solutions. |
Task |
5861 | Coordinate with change management employees to plan, foster, and track change. |
Task |
5891 | Identify viable AI projects based on organizational needs. |
Task |
5892 | Identify ways to lead and motivate people to adopt AI solutions through cultural, organizational, or other types of change. |
Task |
5896 | Maintain current knowledge of advancements in DoD AI Ethical Principles and Responsible AI. |
Task |
5909 | Promote awareness of AI limitations and benefits. |
Task |
5918 | Support an AI adoption strategy that aligns with the organization’s vision, mission, and goals. |
Task |
5921 | Test how users interact with AI solutions. |
Task |
6311 | Knowledge of machine learning theory and principles. |
Knowledge |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6915A | Skill in communicating with all levels of the organization, including senior/mid-level executives, and operational-level personnel (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience). |
Skill |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
7001 | Ability to inspire and lead a culture of innovation. |
Ability |
7003 | Knowledge of AI security risks, threats, and vulnerabilities and potential risk mitigation solutions. |
Knowledge |
7008 | Knowledge of change models and frameworks. |
Knowledge |
7020 | Knowledge of DoD AI Ethical Principles (e.g., responsible, equitable, traceable, reliable, and governable). |
Knowledge |
7021 | Knowledge of emerging trends and future use cases of AI. |
Knowledge |
7024 | Knowledge of how AI is developed and operated. |
Knowledge |
7027 | Knowledge of how humans interact with and/or are impacted by AI solutions within the DoD context. |
Knowledge |
7031 | Knowledge of how to structure and display data. |
Knowledge |
7032 | Knowledge of how to use data to tell a story. |
Knowledge |
7033 | Knowledge of human factor engineering. |
Knowledge |
7037 | Knowledge of machine learning operations (MLOps) processes and best practices. |
Knowledge |
7045 | Knowledge of the AI lifecycle. |
Knowledge |
7046 | Knowledge of the basic requirements for the successful delivery of AI solutions. |
Knowledge |
7047 | Knowledge of the basics of customer experience, customer design, psychology of customer decision-making, and human-computer interaction. |
Knowledge |
7048 | Knowledge of the benefits and limitations of AI capabilities. |
Knowledge |
7051 | Knowledge of the possible impacts of machine learning blind spots and edge cases. |
Knowledge |
7053 | Knowledge of the user experience (e.g., decision making, user design, and human-computer interaction) as it relates to AI systems. |
Knowledge |
7058 | Skill in communicating AI and/or machine learning solutions to a wide range of audiences. |
Skill |
7065 | Skill in explaining AI concepts and terminology. |
Skill |
7072 | Skill in leading AI adoption efforts. |
Skill |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
5861 | Coordinate with change management employees to plan, foster, and track change. |
Task |
5880 | Engage and collaborate with allies and partners to advance shared strategic AI objectives. |
Task |
5925 | Use knowledge of business processes to create or recommend AI solutions. |
Task |
6380 | Knowledge of principles and processes for conducting training and education needs assessment. |
Knowledge |
7013 | Knowledge of customer mission priorities and capabilities, as related to the integration and adoption of AI solutions. |
Knowledge |
7033 | Knowledge of human factor engineering. |
Knowledge |
7036 | Knowledge of laws, regulations, and policies related to AI, data security/privacy, and use of publicly procured data for government. |
Knowledge |
7041 | Knowledge of remedies against unintended bias in AI solutions. |
Knowledge |
942 | Knowledge of the organization’s core business/mission processes. |
Knowledge |
Builds the organization’s AI vision and plan and leads policy and doctrine formation including how…
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
391A | Acquire and manage the necessary resources, including leadership support, financial resources, infrastructure, and key personnel, to support AI innovation adoption goals and objectives. |
Task |
395A | Advise senior management on risk levels, security posture, and necessary changes to existing AI policies. |
Task |
492B | Design and integrate an AI adoption strategy that supports the organization’s vision, mission, and goals. |
Task |
524 | Develop and maintain strategic plans. |
Task |
629B | Identify and address AI workforce planning and management issues (e.g., recruitment, retention, and training). |
Task |
680B | Oversee AI budget, staffing, and contracting decisions. |
Task |
942 | Knowledge of the organization’s core business/mission processes. |
Knowledge |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
2416 | Facilitate interactions between internal and external partner decision makers to synchronize and integrate courses of action in support of objectives. |
Task |
2558 | Maintain relationships with internal and external partners involved in cyber planning or related areas. |
Task |
2624A | Conduct long-range, strategic planning efforts with internal and external partners to support AI capability development and use. |
Task |
3591 | Knowledge of organization objectives, leadership priorities, and decision-making risks. |
Knowledge |
5843 | Analyze national security/DoD mission priorities and gaps suitable for the application of AI solutions. |
Task |
5845 | Appoint and guide a multidisciplinary team of AI experts to identify and assess risk throughout the AI development lifecycle. |
Task |
5849 | Assess value of implemented AI projects based on organizational metrics. |
Task |
5862 | Create and/or maintain governance structure for oversight and accountability of AI solutions. |
Task |
5879 | Direct and/or support organizational and project-level AI risk management activities. |
Task |
5880 | Engage and collaborate with allies and partners to advance shared strategic AI objectives. |
Task |
5882 | Establish and/or maintain processes to ensure Responsible AI practices are reflected in an organization’s approach to AI acquisition, development, and deployment. |
Task |
5883 | Evaluate and develop AI workforce structure resources and requirements. |
Task |
5887 | Identify and address key roadblocks to AI implementation. |
Task |
5891 | Identify viable AI projects based on organizational needs. |
Task |
5892 | Identify ways to lead and motivate people to adopt AI solutions through cultural, organizational, or other types of change. |
Task |
5896 | Maintain current knowledge of advancements in DoD AI Ethical Principles and Responsible AI. |
Task |
5909 | Promote awareness of AI limitations and benefits. |
Task |
5913 | Remove barriers to data acquisition, collection, and curation efforts required for AI solutions. |
Task |
6040 | Ability to assess and forecast manpower requirements to meet organizational objectives. |
Ability |
6250 | Knowledge of Workforce Framework, work roles, and associated tasks, knowledge, skills, and abilities. |
Knowledge |
6311 | Knowledge of machine learning theory and principles. |
Knowledge |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6915A | Skill in communicating with all levels of the organization, including senior/mid-level executives, and operational-level personnel (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience). |
Skill |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
7000 | Ability to identify, connect, and influence key stakeholders to speed AI adoption. |
Ability |
7001 | Ability to inspire and lead a culture of innovation. |
Ability |
7003 | Knowledge of AI security risks, threats, and vulnerabilities and potential risk mitigation solutions. |
Knowledge |
7007 | Knowledge of best practices in organizational conflict management. |
Knowledge |
7014 | Knowledge of data acquisition, collection, and curation best practices required for AI solutions. |
Knowledge |
7020 | Knowledge of DoD AI Ethical Principles (e.g., responsible, equitable, traceable, reliable, and governable). |
Knowledge |
7021 | Knowledge of emerging trends and future use cases of AI. |
Knowledge |
7024 | Knowledge of how AI is developed and operated. |
Knowledge |
7034 | Knowledge of interactions and integration of DataOps, MLOps, and DevSecOps in AI. |
Knowledge |
7042 | Knowledge of resources and capabilities required to complete AI projects. |
Knowledge |
7043 | Knowledge of staffing, contracting, and budgetary requirements to run an AI-enabled organization. |
Knowledge |
7045 | Knowledge of the AI lifecycle. |
Knowledge |
7046 | Knowledge of the basic requirements for the successful delivery of AI solutions. |
Knowledge |
7048 | Knowledge of the benefits and limitations of AI capabilities. |
Knowledge |
7050 | Knowledge of the nature and function of technology platforms and tools used to create and employ AI. |
Knowledge |
7058 | Skill in communicating AI and/or machine learning solutions to a wide range of audiences. |
Skill |
7061 | Skill in developing and influencing policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational AI activities. |
Skill |
7065 | Skill in explaining AI concepts and terminology. |
Skill |
7068 | Skill in identifying organizational and project-level AI risks, including AI security risks and requirements. |
Skill |
7072 | Skill in leading AI adoption efforts. |
Skill |
7073 | Skill in leveraging and optimizing resources required to complete AI projects and programs. |
Skill |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
3146 | Knowledge of both internal and external customers and partner organizations, including information needs, objectives, structure, capabilities, etc. |
Knowledge |
3356 | Knowledge of organization policies and planning concepts for partnering with internal and/or external organizations. |
Knowledge |
5330A | Establish and collect metrics to monitor and validate AI workforce readiness. |
Task |
5868 | Define and/or implement policies and procedures to enable an AI risk assessment process and assess risk mitigation efforts. |
Task |
5902 | Monitor and evaluate the organization’s use of AI to ensure capabilities are performing as intended and to reduce the likelihood and severity of unintended consequences. |
Task |
5912 | Recommend updates to military strategy and doctrine with respect to advances in AI technology, legal obligations, Responsible AI, and DoD AI Ethical Principles. |
Task |
6290 | Knowledge of how to leverage government research and development centers, think tanks, academic research, and industry systems. |
Knowledge |
7005 | Knowledge of AI-specific acquisition models (e.g., pay per use or per data element). |
Knowledge |
7036 | Knowledge of laws, regulations, and policies related to AI, data security/privacy, and use of publicly procured data for government. |
Knowledge |
7038 | Knowledge of metrics to evaluate the effectiveness of machine learning models. |
Knowledge |
7039 | Knowledge of organization’s structure, training requirements, and existing operational hardware/software related to the AI solution to be adopted. |
Knowledge |
7041 | Knowledge of remedies against unintended bias in AI solutions. |
Knowledge |
7051 | Knowledge of the possible impacts of machine learning blind spots and edge cases. |
Knowledge |
Educates those involved in the development of AI and conducts assessments on the technical and…
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
537A | Develop methods to monitor and measure risk and assurance efforts on a continuous basis. |
Task |
765B | Perform AI architecture security reviews, identify gaps, and develop a risk management plan to address issues. |
Task |
952 | Knowledge of emerging security issues, risks, and vulnerabilities. |
Knowledge |
963A | Ensure risk mitigation plans of action and milestones are in place. |
Task |
1000B | Ensure that AI design and development activities are properly documented and updated. |
Task |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
5854 | Collaborate with appropriate personnel to address Personal Health Information (PHI), Personally Identifiable Information (PII), and other data privacy and data resusability concerns for AI solutions. |
Task |
5856 | Communicate the results of AI risk assessments to relevant stakeholders. |
Task |
5860 | Coordinate with appropriate personnel to identify methods for users and developers to report concerns about the implementation of DoD AI Ethical Principles. |
Task |
5863 | Create and/or maintain processes to ensure data management efforts comply with AI ethical principles. |
Task |
5873 | Determine methods and metrics for quantitative and qualitative measurement of AI risks so that sensitivity, specificity, likelihood, confidence levels, and other metrics are identified, documented, and applied. |
Task |
5878 | Develop risk mitigation strategies to ensure enumerated risks are prioritized, mitigated, shared, transferred, and/or accepted. |
TAsk |
5879 | Direct and/or support organizational and project-level AI risk management activities. |
Task |
5881 | Ensure risk management responsibilities are clearly defined, assigned, and communicated to relevant stakeholders. |
Task |
5889 | Identify and submit exemplary AI use cases, best practices, failure modes, and risk mitigation strategies, including after-action reports. |
Task |
5893 | Implement Responsible AI best practices and standards within AI solutions according to the DoD AI Ethical Principles, Responsible AI Guidelines, and/or any other pertinent laws. |
Task |
5896 | Maintain current knowledge of advancements in DoD AI Ethical Principles and Responsible AI. |
Task |
5900 | Measure the compliance of AI tools with DoD AI Ethical Principles. |
Task |
5904 | Perform risk assessment on AI applications to identify technical, societal, organizational, and mission risks. |
Task |
6311 | Knowledge of machine learning theory and principles. |
Knowledge |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
7003 | Knowledge of AI security risks, threats, and vulnerabilities and potential risk mitigation solutions. |
Knowledge |
7020 | Knowledge of DoD AI Ethical Principles (e.g., responsible, equitable, traceable, reliable, and governable). |
Knowledge |
7021 | Knowledge of emerging trends and future use cases of AI. |
Knowledge |
7024 | Knowledge of how AI is developed and operated. |
Knowledge |
7034 | Knowledge of interactions and integration of DataOps, MLOps, and DevSecOps in AI. |
Knowledge |
7036 | Knowledge of laws, regulations, and policies related to AI, data security/privacy, and use of publicly procured data for government. |
Knowledge |
7038 | Knowledge of metrics to evaluate the effectiveness of machine learning models. |
Knowledge |
7040 | Knowledge of Personal Health Information (PHI), Personally Identifiable Information (PII), and other data privacy and data reusability considerations for AI solutions. |
Knowledge |
7041 | Knowledge of remedies against unintended bias in AI solutions. |
Knowledge |
7045 | Knowledge of the AI lifecycle. |
Knowledge |
7048 | Knowledge of the benefits and limitations of AI capabilities. |
Knowledge |
7051 | Knowledge of the possible impacts of machine learning blind spots and edge cases. |
Knowledge |
7052 | Knowledge of the principles, methods, and tools used for risk and bias assessment and mitigation, including assessment of failures and their consequences. |
Knowledge |
7056 | Skill in assessing AI capabilities for bias or ethical concerns. |
Skill |
7064 | Skill in developing solutions and/or recommendations to minimize negative impacts of machine learning, especially for edge cases. |
Skill |
7065 | Skill in explaining AI concepts and terminology. |
Skill |
7067 | Skill in identifying low-probability, high-impact risks in machine learning training data sets. |
Skill |
7068 | Skill in identifying organizational and project-level AI risks, including AI security risks and requirements. |
Skill |
7069 | Skill in identifying risk over the lifespan of an AI solution. |
Skill |
7075 | Skill in testing and evaluating machine learning algorithms or AI solutions. |
Skill |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
5905 | Perform risk assessment whenever an AI application or AI-enabled system undergoes a major change, when emergent behaviors are detected, and/or unintended consequences are reported. |
Task |
7044 | Knowledge of testing, evaluation, validation, and verification (T&E V&V) tools and procedures to ensure systems are working as intended. |
Knowledge |
942 | Knowledge of the organization’s core business/mission processes. |
Knowledge |
Performs testing, evaluation, verification, and validation on AI solutions to ensure they are developed to…
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
182 | Skill in determining an appropriate level of test rigor for a given system. |
Skill |
508 | Determine level of assurance of developed capabilities based on test results. |
Task |
550 | Develop test plans to address specifications and requirements. |
Task |
694 | Make recommendations based on test results. |
Task |
858A | Test, evaluate, and verify hardware and/or software to determine compliance with defined specifications and requirements. |
Task |
858B | Record and manage test data. |
Task |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
5120 | Conduct hypothesis testing using statistical processes. |
Task |
5848 | Assess technical risks and limitations of planned tests on AI systems. |
Task |
5851 | Build assurance cases for AI systems that support the needs of different stakeholders (e.g., acquisition community, commanders, and operators). |
Task |
5858 | Conduct AI risk assessments to ensure models and/or other solutions are performing as designed. |
Task |
5866 | Create or customize existing Test and Evaluation Master Plans (TEMPs) for AI systems. |
Task |
5873 | Determine methods and metrics for quantitative and qualitative measurement of AI risks so that sensitivity, specificity, likelihood, confidence levels, and other metrics are identified, documented, and applied. |
Task |
5876 | Develop machine learning code testing and validation procedures. |
Task |
5877 | Develop possible solutions for technical risks and limitations of planned tests on AI solutions. |
Task |
5896 | Maintain current knowledge of advancements in DoD AI Ethical Principles and Responsible AI. |
Task |
5901 | Measure the effectiveness, security, robustness, and trustworthiness of AI tools. |
Task |
5910 | Provide quality assurance of AI products throughout their lifecycle. |
Task |
5914 | Report test and evaluation deficiencies and possible solutions to appropriate personnel. |
Task |
5916 | Select and use the appropriate models and prediction methods for evaluating AI performance. |
Task |
5919 | Test AI tools against adversarial attacks in operationally realistic environments. |
Task |
5920 | Test components to ensure they work as intended in a variety of scenarios for all aspects of the AI application. |
Task |
5921 | Test how users interact with AI solutions. |
Task |
5922 | Test the reliability, functionality, security, and compatibility of AI tools within systems. |
Task |
5923 | Test the trustworthiness of AI solutions. |
Task |
5926 | Use models and other methods for evaluating AI performance. |
Task |
6060 | Ability to collect, verify, and validate test data. |
Ability |
6170 | Ability to translate data and test results into evaluative conclusions. |
Ability |
6311 | Knowledge of machine learning theory and principles. |
Knowledge |
6490 | Skill in assessing the predictive power and subsequent generalizability of a model. |
Skill |
6630 | Skill in preparing Test & Evaluation reports. |
Skill |
6641 | Skill in providing Test & Evaluation resource estimate. |
Skill |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
7003 | Knowledge of AI security risks, threats, and vulnerabilities and potential risk mitigation solutions. |
Knowledge |
7004 | Knowledge of AI Test & Evaluation frameworks. |
Knowledge |
7006 | Knowledge of best practices from industry and academia in test design activities for verification and validation of AI and machine learning systems. |
Knowledge |
7009 | Knowledge of coding and scripting in languages that support AI development and use. |
Knowledge |
7020 | Knowledge of DoD AI Ethical Principles (e.g., responsible, equitable, traceable, reliable, and governable). |
Knowledge |
7024 | Knowledge of how AI is developed and operated. |
Knowledge |
7025 | Knowledge of how AI solutions integrate with cloud or other IT infrastructure. |
Knowledge |
7028 | Knowledge of how to automate development, testing, security, and deployment of AI/machine learning-enabled software to the DoD. |
Knowledge |
7029 | Knowledge of how to collect, store, and monitor data. |
Knowledge |
7030 | Knowledge of how to deploy test infrastructures with AI systems. |
Knowledge |
7034 | Knowledge of interactions and integration of DataOps, MLOps, and DevSecOps in AI. |
Knowledge |
7036 | Knowledge of laws, regulations, and policies related to AI, data security/privacy, and use of publicly procured data for government. |
Knowledge |
7037 | Knowledge of machine learning operations (MLOps) processes and best practices. |
Knowledge |
7038 | Knowledge of metrics to evaluate the effectiveness of machine learning models. |
Knowledge |
7041 | Knowledge of remedies against unintended bias in AI solutions. |
Knowledge |
7044 | Knowledge of testing, evaluation, validation, and verification (T&E V&V) tools and procedures to ensure systems are working as intended. |
Knowledge |
7045 | Knowledge of the AI lifecycle. |
Knowledge |
7048 | Knowledge of the benefits and limitations of AI capabilities. |
Knowledge |
7051 | Knowledge of the possible impacts of machine learning blind spots and edge cases. |
Knowledge |
7053 | Knowledge of the user experience (e.g., decision making, user design, and human-computer interaction) as it relates to AI systems. |
Knowledge |
7054 | Knowledge of tools for testing the robustness and resilience of AI products and solutions. |
Knowledge |
7065 | Skill in explaining AI concepts and terminology. |
Skill |
7067 | Skill in identifying low-probability, high-impact risks in machine learning training data sets. |
Skill |
7069 | Skill in identifying risk over the lifespan of an AI solution. |
Skill |
7070 | Skill in integrating AI Test & Evaluation frameworks into test strategies for specific projects. |
Skill |
7075 | Skill in testing and evaluating machine learning algorithms or AI solutions. |
Skill |
7076 | Skill in testing for bias in data sets and AI system outputs as well as determining historically or often underrepresented and marginalized groups are properly represented in the training, testing, and validation data sets and AI system outputs. |
Skill |
7077 | Skill in translating operation requirements for AI systems into testing requirements. |
Skill |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
1133 | Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]). |
Knowledge |
40 | Knowledge of organization’s evaluation and validation requirements. |
Knowledge |
5850 | Assist integrated project teams to identify, curate, and manage data. |
Task |
5889 | Identify and submit exemplary AI use cases, best practices, failure modes, and risk mitigation strategies, including after-action reports. |
Task |
7012 | Knowledge of current test standards and safety standards that are applicable to AI (e.g. MIL-STD 882E, DO-178C, ISO26262). |
Knowledge |
7040 | Knowledge of Personal Health Information (PHI), Personally Identifiable Information (PII), and other data privacy and data reusability considerations for AI solutions. |
Knowledge |
765B | Perform AI architecture security reviews, identify gaps, and develop a risk management plan to address issues. |
Task |
942 | Knowledge of the organization’s core business/mission processes. |
Knowledge |
Designs, develops, and modifies AI applications, tools, and/or other solutions to enable successful accomplishment of…
KSAT ID | Description | KSAT |
---|---|---|
21 | Knowledge of computer algorithms. |
Knowledge |
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
75A | Knowledge of mathematics, including logarithms, trigonometry, linear algebra, calculus, statistics, and operational analysis. |
Knowledge |
102 | Knowledge of programming language structures and logic. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
166 | Skill in conducting queries and developing algorithms to analyze data structures. |
Skill |
477 | Correct errors by making appropriate changes and rechecking the program to ensure desired results are produced. |
Task |
506 | Design, develop, and modify software systems, using scientific analysis and mathematical models to predict and measure outcome and consequences of design. |
Task |
543 | Develop secure code and error handling. |
Task |
764 | Perform secure programming and identify potential flaws in codes to mitigate vulnerabilities. |
Task |
1000B | Ensure that AI design and development activities are properly documented and updated. |
Task |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
5120 | Conduct hypothesis testing using statistical processes. |
Task |
5847 | Assess and address the limitations of methods to deliver machine learning models. |
Task |
5858 | Conduct AI risk assessments to ensure models and/or other solutions are performing as designed. |
Task |
5871 | Design and develop machine learning models to achieve organizational objectives. |
Task |
5872 | Design, develop, and implement AI tools and techniques to achieve organizational objectives. |
Task |
5873 | Determine methods and metrics for quantitative and qualitative measurement of AI risks so that sensitivity, specificity, likelihood, confidence levels, and other metrics are identified, documented, and applied. |
Task |
5896 | Maintain current knowledge of advancements in DoD AI Ethical Principles and Responsible AI. |
Task |
5915 | Research the latest machine learning and AI tools, techniques, and best practices. |
Task |
5926 | Use models and other methods for evaluating AI performance. |
Task |
5927 | Write and document reproducible code. |
Task |
6060 | Ability to collect, verify, and validate test data. |
Ability |
6311 | Knowledge of machine learning theory and principles. |
Knowledge |
6760 | Skill in writing scripts using R, Python, PIG, HIVE, SQL, etc. |
Skill |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
7009 | Knowledge of coding and scripting in languages that support AI development and use. |
Knowledge |
7011 | Knowledge of current AI and machine learning systems design and performance analysis models, algorithms, and tools. |
Knowledge |
7020 | Knowledge of DoD AI Ethical Principles (e.g., responsible, equitable, traceable, reliable, and governable). |
Knowledge |
7024 | Knowledge of how AI is developed and operated. |
Knowledge |
7028 | Knowledge of how to automate development, testing, security, and deployment of AI/machine learning-enabled software to the DoD. |
Knowledge |
7029 | Knowledge of how to collect, store, and monitor data. |
Knowledge |
7031 | Knowledge of how to structure and display data. |
Knowledge |
7032 | Knowledge of how to use data to tell a story. |
Knowledge |
7037 | Knowledge of machine learning operations (MLOps) processes and best practices. |
Knowledge |
7038 | Knowledge of metrics to evaluate the effectiveness of machine learning models. |
Knowledge |
7045 | Knowledge of the AI lifecycle. |
Knowledge |
7046 | Knowledge of the basic requirements for the successful delivery of AI solutions. |
Knowledge |
7048 | Knowledge of the benefits and limitations of AI capabilities. |
Knowledge |
7049 | Knowledge of the latest machine learning and AI tools, techniques, and best practices. |
Knowledge |
7050 | Knowledge of the nature and function of technology platforms and tools used to create and employ AI. |
Knowledge |
7051 | Knowledge of the possible impacts of machine learning blind spots and edge cases. |
Knowledge |
7055 | Skill in analyzing the output from machine learning models. |
Skill |
7057 | Skill in building and deploying machine learning models. |
Skill |
7059 | Skill in creating machine learning models. |
Skill |
7065 | Skill in explaining AI concepts and terminology. |
Skill |
7067 | Skill in identifying low-probability, high-impact risks in machine learning training data sets. |
Skill |
7075 | Skill in testing and evaluating machine learning algorithms or AI solutions. |
Skill |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
5854 | Collaborate with appropriate personnel to address Personal Health Information (PHI), Personally Identifiable Information (PII), and other data privacy and data resusability concerns for AI solutions. |
Task |
5859 | Consider energy implications (graphical processing unit, tensor processing unit, etc.) when designing AI solutions. |
Task |
5870 | Design and develop continuous integration/continuous delivery (CI/CD) in a containerized or other reproducible computing environment to support the machine learning life cycle. |
Task |
5889 | Identify and submit exemplary AI use cases, best practices, failure modes, and risk mitigation strategies, including after-action reports. |
Task |
5893 | Implement Responsible AI best practices and standards within AI solutions according to the DoD AI Ethical Principles, Responsible AI Guidelines, and/or any other pertinent laws. |
Task |
5925 | Use knowledge of business processes to create or recommend AI solutions. |
Task |
6290 | Knowledge of how to leverage government research and development centers, think tanks, academic research, and industry systems. |
Knowledge |
7003 | Knowledge of AI security risks, threats, and vulnerabilities and potential risk mitigation solutions. |
Knowledge |
7021 | Knowledge of emerging trends and future use cases of AI. |
Knowledge |
7022 | Knowledge of how AI adoption can assist developers with service-oriented design. |
Knowledge |
7025 | Knowledge of how AI solutions integrate with cloud or other IT infrastructure. |
Knowledge |
7026 | Knowledge of how commercial and federal solutions solve Defense-related data environment and platform challenges. |
Knowledge |
7036 | Knowledge of laws, regulations, and policies related to AI, data security/privacy, and use of publicly procured data for government. |
Knowledge |
7040 | Knowledge of Personal Health Information (PHI), Personally Identifiable Information (PII), and other data privacy and data reusability considerations for AI solutions. |
Knowledge |
7041 | Knowledge of remedies against unintended bias in AI solutions. |
Knowledge |
7044 | Knowledge of testing, evaluation, validation, and verification (T&E V&V) tools and procedures to ensure systems are working as intended. |
Knowledge |
7069 | Skill in identifying risk over the lifespan of an AI solution. |
Skill |
7071 | Skill in labeling data to make it more discoverable and understandable. |
Skill |
942 | Knowledge of the organization’s core business/mission processes. |
Knowledge |
Analyzes data/information from one or multiple sources to conduct preparation of the environment, respond to…
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
87 | Knowledge of network traffic analysis methods. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
264 | Knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage). |
Knowledge |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
2028 | Answer requests for information. |
Task |
2060A | Maintain a common intelligence picture. |
Task |
2075 | Brief threat and/or target current situations. |
Task |
2115 | Conduct in-depth research and analysis. |
Task |
2429 | Generate requests for information. |
Task |
2434 | Identify threat tactics, and methodologies. |
Task |
2603 | Monitor operational environment and report on adversarial activities which fulfill leadership’s priority information requirements. |
Task |
2771 | Provide timely notice of imminent or hostile intentions or activities which may impact organization objectives, resources, or capabilities. |
Task |
3001 | Ability to accurately and completely source all data used in intelligence, assessment and/or planning products. |
Ability |
3002 | Ability to focus research efforts to meet the customer’s decision-making needs. |
Ability |
3019 | Ability to clearly articulate intelligence requirements into well-formulated research questions and data tracking variables for inquiry tracking purposes. |
Ability |
3022 | Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means. |
Ability |
3041 | Ability to effectively collaborate via virtual teams. |
Ability |
3042 | Ability to evaluate information for reliability, validity, and relevance. |
Ability |
3043 | Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products. |
Ability |
3047 | Ability to function effectively in a dynamic, fast-paced environment. |
Ability |
3048 | Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—in order to leverage analytical and technical expertise. |
Ability |
3052 | Ability to identify intelligence gaps. |
Ability |
3073 | Ability to recognize and mitigate cognitive biases which may affect analysis. |
Ability |
3077 | Ability to think critically. |
Ability |
3081 | Ability to utilize multiple intelligence sources across all intelligence disciplines. |
Ability |
3106 | Knowledge of a wide range of basic communications media concepts and terminology (e.g., computer and telephone networks, satellite, cable, wireless). |
Knowledge |
3107 | Knowledge of a wide range of concepts associated with websites (e.g., website types, administration, functions, software systems, etc.). |
Knowledge |
3129 | Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.). |
Knowledge |
3137 | Knowledge of basic malicious activity concepts (e.g., foot printing, scanning and enumeration). |
Knowledge |
3154 | Knowledge of classification and control markings standards, policies and procedures. |
Knowledge |
3177 | Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.). |
Knowledge |
3188 | Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.). |
Knowledge |
3262 | Knowledge of evolving/emerging communications technologies. |
Knowledge |
3274 | Knowledge of fundamental cyber operations concepts, terminology/lexicon (i.e., environment preparation, cyber attack, cyber defense), principles, capabilities, limitations, and effects. |
Knowledge |
3292 | Knowledge of how modern digital and telephony networks impact cyber operations. |
Knowledge |
3293 | Knowledge of how modern wireless communications systems impact cyber operations. |
Knowledge |
3298 | Knowledge of how to extract, analyze, and use metadata. |
Knowledge |
3335 | Knowledge of intelligence disciplines. |
Knowledge |
3342 | Knowledge of intelligence support to planning, execution, and assessment. |
Knowledge |
3374 | Knowledge of malware. |
Knowledge |
3431 | Knowledge of OSI model and underlying network protocols (e.g., TCP/IP). |
Knowledge |
3441 | Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc. |
Knowledge |
3539 | Knowledge of telecommunications fundamentals. |
Knowledge |
3543 | Knowledge of the basic structure, architecture, and design of modern communication networks. |
Knowledge |
3545 | Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection). |
Knowledge |
3561 | Knowledge of the common networking and routing protocols(e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications. |
Knowledge |
3582 | Knowledge of the intelligence frameworks, processes, and related systems. |
Knowledge |
3584 | Knowledge of intelligence preparation of the environment and similar processes. |
Knowledge |
3630 | Knowledge of the ways in which targets or threats use the Internet. |
Knowledge |
3651 | Knowledge of what constitutes a “threat” to a network. |
Knowledge |
3659 | Knowledge of wireless technologies (e.g., cellular, satellite, GSM) to include the basic structure, architecture, and design of modern wireless communications systems. |
Knowledge |
3772 | Skill in evaluating information for reliability, validity, and relevance. |
Skill |
3794 | Skill in identifying cyber threats which may jeopardize organization and/or partner interests. |
Skill |
3844 | Skill in preparing and presenting briefings. |
Skill |
3851 | Skill in providing understanding of target or threat systems through the identification and link analysis of physical, functional, or behavioral relationships. |
Skill |
3876 | Skill in writing, reviewing and editing cyber-related Intelligence/assessment products from multiple sources. |
Skill |
3910 | Skill in using Boolean operators to construct simple and complex queries. |
Skill |
3920 | Skill in using multiple analytic tools, databases, and techniques (e.g., Analyst’s Notebook, A-Space, Anchory, M3, divergent/convergent thinking, link charts, matrices, etc.). |
Skill |
3921 | Skill in using multiple search engines (e.g., Google, Yahoo, LexisNexis, DataStar) and tools in conducting open-source searches. |
Skill |
3938 | Skill in utilizing feedback in order to improve processes, products, and services. |
Skill |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
2059 | Provide expertise to course of action development. |
Task |
2060 | Provide subject matter expertise to the development of a common operational picture. |
Task |
2061 | Provide subject matter expertise to the development of cyber operations specific indicators. |
Task |
2063 | Assist in the coordination, validation, and management of all-source collection requirements, plans, and/or activities. |
Task |
2068 | Assist in the identification of intelligence collection shortfalls. |
Task |
2087 | Collaborate with intelligence analysts/targeting organizations involved in related areas. |
Task |
2121 | Conduct nodal analysis. |
Task |
2195 | Maintain awareness of internal and external cyber organization structures, strengths, and employments of staffing and technology. |
Task |
2288 | Develop information requirements necessary for answering priority information requests. |
Task |
2356 | Engage customers to understand customers’ intelligence needs and wants. |
Task |
2379 | Evaluate threat decision-making processes. |
Task |
2379A | Identify threat vulnerabilities. |
Task |
2379B | Identify threats to Blue Force vulnerabilities. |
Task |
2441 | Identify and evaluate threat critical capabilities, requirements, and vulnerabilities. |
Task |
2446 | Identify and submit intelligence requirements for the purposes of designating priority information requirements. |
Task |
2459 | Identify intelligence gaps and shortfalls. |
Task |
2593 | Monitor and report changes in threat dispositions, activities, tactics, capabilities, objectives, etc. as related to designated cyber operations warning problem sets. |
Task |
2594 | Monitor and report on validated threat activities. |
Task |
2602 | Monitor open source websites for hostile content directed towards organizational or partner interests. |
Task |
2617 | Produce timely, fused, all-source cyber operations intelligence and/or indications and warnings intelligence products (e.g., threat assessments, briefings, intelligence studies, country studies). |
Task |
2621 | Provide SME and support to planning/developmental forums and working groups as appropriate. |
Task |
2685A | Provide subject matter expertise to website characterizations. |
Task |
2730 | Provide analyses and support for effectiveness assessment. |
Task |
2735 | Provide current intelligence support to critical internal/external stakeholders as appropriate. |
Task |
2738 | Provide evaluation and feedback necessary for improving intelligence production, intelligence reporting, collection requirements, and operations. |
Task |
2745 | Provide information and assessments for the purposes of informing leadership and customers; developing and refining objectives; supporting operation planning and execution; and assessing the effects of operations. |
Task |
2747 | Provide input and assist in post-action effectiveness assessments. |
Task |
2748 | Provide input and assist in the development of plans and guidance. |
Task |
2754 | Provide intelligence analysis and support to designated exercises, planning activities, and time sensitive operations. |
Task |
2767 | Provide target recommendations which meet leadership objectives. |
Task |
2789 | Report intelligence-derived significant network events and intrusions. |
Task |
2881 | Work closely with planners, intelligence analysts, and collection managers to ensure intelligence requirements and collection plans are accurate and up-to-date. |
Task |
3039 | Ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists. |
Ability |
3044 | Ability to exercise judgment when policies are not well-defined. |
Ability |
3074 | Ability to recognize and mitigate deception in reporting and analysis. |
Ability |
3078A | Ability to think like threat actors. |
Ability |
3079 | Ability to understand objectives and effects. |
Ability |
3095 | Knowledge of internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering). |
Knowledge |
3098 | Knowledge of virtualization products (Vmware, Virtual PC). |
Knowledge |
3205 | Knowledge of current computer-based intrusion sets. |
Knowledge |
3210 | Knowledge of cyber laws and their effect on Cyber planning. |
Knowledge |
3253 | Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP). |
Knowledge |
3271 | Knowledge of internal and external partner cyber operations capabilities and tools. |
Knowledge |
3277 | Knowledge of general SCADA system components. |
Knowledge |
3286 | Knowledge of host-based security products and how they affect exploitation and vulnerability. |
Knowledge |
3291 | Knowledge of how internet applications work (SMTP email, web-based email, chat clients, VOIP). |
Knowledge |
3334 | Knowledge of intelligence confidence levels. |
Knowledge |
3343 | Knowledge of cyber intelligence/information collection capabilities and repositories. |
Knowledge |
3358 | Knowledge of organizational hierarchy and cyber decision making processes. |
Knowledge |
3419 | Knowledge of organization or partner exploitation of digital networks. |
Knowledge |
3446 | Knowledge of analytical constructs and their use in assessing the operational environment. |
Knowledge |
3460 | Knowledge of internal tactics to anticipate and/or emulate threat capabilities and actions. |
Knowledge |
3504 | Knowledge of threat and/or target systems. |
Knowledge |
3527 | Knowledge of target development (i.e., concepts, roles, responsibilities, products, etc.). |
Knowledge |
3528 | Knowledge of specific target identifiers, and their usage. |
Knowledge |
3533 | Knowledge of target vetting and validation procedures. |
Knowledge |
3587 | Knowledge of targeting cycles. |
Knowledge |
3615 | Knowledge of the structure and intent of organization specific plans, guidance and authorizations. |
Knowledge |
3691 | Skill in assessing and/or estimating effects generated during and after cyber operations. |
Skill |
3704 | Skill in conducting non-attributable research. |
Skill |
3724 | Skill in defining and characterizing all pertinent aspects of the operational environment. |
Skill |
3756 | Skill in developing or recommending analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists. |
Skill |
3788 | Skill in identifying alternative analytical interpretations in order to minimize unanticipated outcomes. |
Skill |
3893 | Skill in tailoring analysis to the necessary levels (e.g., classification and organizational). |
Skill |
3946 | Skill in utilizing virtual collaborative workspaces and/or tools (e.g., IWS, VTCs, chat rooms, SharePoint). |
Skill |
3953A | Skill in providing analysis to aid writing phased after action reports. |
Skill |
52 | Knowledge of human-computer interaction principles. |
Knowledge |
Identifies collection authorities and environment; incorporates priority information requirements into collection management; develops concepts to…
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
2005 | Adjust collection operations or collection plan to address identified issues/challenges and to synchronize collections with overall operational requirements. |
Task |
2015 | Analyze feedback to determine extent to which collection products and services are meeting requirements. |
Task |
2021 | Analyze plans, directives, guidance and policy for factors that would influence collection management’s operational structure and requirement s (e.g., duration, scope, communication requirements, interagency/international agreements). |
Task |
2035 | Assess and apply operational environment factors and risks to collection management process. |
Task |
2096A | Compare allocated and available assets to collection demand as expressed through requirements. |
Task |
2165 | Coordinate resource allocation of collection assets against prioritized collection requirements with collection discipline leads. |
Task |
2235 | Determine how identified factors affect the tasking, collection, processing, exploitation and dissemination architecture’s form and function. |
Task |
2245 | Develop a method for comparing collection reports to outstanding requirements to identify information gaps. |
Task |
2290 | Allocate collection assets based on leadership’s guidance, priorities, and/or operational emphasis. |
Task |
2376 | Establish processing, exploitation and dissemination management activity using approved guidance and/or procedures. |
Task |
2421 | Formulate collection strategies based on knowledge of available intelligence discipline capabilities and gathering methods that align multi-discipline collection capabilities and accesses with targets and their observables. |
Task |
2451 | Identify collaboration forums that can serve as mechanisms for coordinating processes, functions, and outputs with specified organizations and functional groups. |
Task |
2613 | Optimize mix of collection assets and resources to increase effectiveness and efficiency against essential information associated with priority intelligence requirements. |
Task |
2705 | Prioritize collection requirements for collection platforms based on platform capabilities. |
Task |
3010 | Ability to apply collaborative skills and strategies. |
Ability |
3011 | Ability to apply critical reading/thinking skills. |
Ability |
3102 | Knowledge of operational planning processes. |
Knowledge |
3127 | Knowledge of asset availability, capabilities and limitations. |
Knowledge |
3128 | Knowledge of tasking mechanisms. |
Knowledge |
3148 | Knowledge of collection capabilities and limitations. |
Knowledge |
3160 | Knowledge of collaborative tools and environments. |
Knowledge |
3195 | Knowledge of criteria for evaluating collection products. |
Knowledge |
3204 | Knowledge of current collection requirements. |
Knowledge |
3297 | Knowledge of how to establish priorities for resources. |
Knowledge |
3380 | Knowledge of methods for ascertaining collection asset posture and availability. |
Knowledge |
3436 | Knowledge of production exploitation and dissemination needs and architectures. |
Knowledge |
3464 | Knowledge of research strategies and knowledge management. |
Knowledge |
3575 | Knowledge of the factors of threat that could impact collection operations. |
Knowledge |
3619 | Knowledge of the systems/architecture/communications used for coordination. |
Knowledge |
3663 | Knowledge of tasking, collection, processing, exploitation and dissemination. |
Knowledge |
3974 | Skill to apply the capabilities, limitations and tasking methodologies of available platforms, sensors, architectures and apparatus as they apply to organization objectives. |
Skill |
3991 | Ability to coordinate and collaborate with analysts regarding surveillance requirements and essential information development. |
Ability |
3994 | Ability to coordinate, collaborate and disseminate information to subordinate, lateral and higher-level organizations. |
Ability |
4002 | Skill to determine feasibility of collection. |
Skill |
4004 | Skill to develop a collection plan that clearly shows the discipline that can be used to collect the information needed. |
Skill |
4012 | Skill to ensure that the collection strategy leverages all available resources. |
Skill |
4014 | Skill to evaluate factors of the operational environment to objectives, and information requirements. |
Skill |
4019 | Skill to extract information from available tools and applications associated with collection requirements and collection operations management. |
Skill |
4024 | Skill to identify and apply tasking, collection, processing, exploitation and dissemination to associated collection disciplines. |
Skill |
4026 | Skill in information prioritization as it relates to operations. |
Skill |
4033 | Skill to interpret readiness reporting, its operational relevance and intelligence collection impact. |
Skill |
4049 | Skill to prepare and deliver reports, presentations and briefings, to include using visual aids or presentation technology. |
Skill |
4056 | Skill to review performance specifications and historical information about collection assets. |
Skill |
4066 | Skill to use collaborative tools and environments. |
Skill |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
2051 | Assess performance of collection assets against prescribed specifications. |
Task |
2098 | Compile lessons learned from collection management activity’s execution of organization collection objectives. |
Task |
2147 | Consider efficiency and effectiveness of collection assets and resources if/when applied against priority information requirements. |
Task |
2153 | Construct collection plans and matrixes using established guidance and procedures. |
Task |
2167 | Coordinate inclusion of collection plan in appropriate documentation. |
Task |
2172 | Re-task or re-direct collection assets and resources. |
Task |
2232 | Determine course of action for addressing changes to objectives, guidance, and operational environment. |
Task |
2233 | Determine existing collection management webpage databases, libraries and storehouses. |
Task |
2239 | Determine organizations and/or echelons with collection authority over all accessible collection assets. |
Task |
2271 | Develop coordinating instructions by collection discipline for each phase of an operation. |
Task |
2342 | Disseminate tasking messages and collection plans. |
Task |
2373 | Establish alternative processing, exploitation and dissemination pathways to address identified issues or problems. |
Task |
2414 | Facilitate continuously updated intelligence, surveillance, and visualization input to common operational picture managers. |
Task |
2456 | Identify coordination requirements and procedures with designated collection authorities. |
Task |
2464 | Identify issues or problems that can disrupt and/or degrade processing, exploitation and dissemination architecture effectiveness. |
Task |
2475 | Identify potential collection disciplines for application against priority information requirements. |
Task |
2479 | Identify and mitigate risks to collection management ability to support the plan, operations and target cycle. |
Task |
2529 | Issue requests for information. |
Task |
2538 | Link priority collection requirements to optimal assets and resources. |
Task |
2597 | Monitor completion of reallocated collection efforts. |
Task |
2604 | Monitor operational status and effectiveness of the processing, exploitation and dissemination architecture. |
Task |
2609 | Monitor the operational environment for potential factors and risks to the collection operation management process. |
Task |
2726 | Provide advice/assistance to operations and intelligence decision makers with reassignment of collection assets and resources in response to dynamic operational situations. |
Task |
2793 | Request discipline-specific processing, exploitation, and disseminate information collected using discipline’s collection assets and resources in accordance with approved guidance and/or procedures. |
Task |
2807 | Review capabilities of allocated collection assets. |
Task |
2809 | Review intelligence collection guidance for accuracy/applicability. |
Task |
2810 | Review list of prioritized collection requirements and essential information. |
Task |
2812 | Review and update overarching collection plan, as required. |
Task |
2817 | Revise collection matrix based on availability of optimal assets and resources. |
Task |
2828 | Specify changes to collection plan and/or operational environment that necessitate re-tasking or re-directing of collection assets and resources. |
Task |
2829 | Specify discipline-specific collections and/or taskings that must be executed in the near term. |
Task |
2845 | Synchronize the integrated employment of all available organic and partner intelligence collection assets using available collaboration capabilities and techniques. |
Task |
3092 | Knowledge of database administration and maintenance. |
Knowledge |
3095 | Knowledge of internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering). |
Knowledge |
3098 | Knowledge of virtualization products (Vmware, Virtual PC). |
Knowledge |
3116 | Knowledge of all possible circumstances that would result in changing collection management authorities. |
Knowledge |
3131 | Knowledge of available databases and tools necessary to assess appropriate collection tasking. |
Knowledge |
3135 | Knowledge of basic computer components and architectures, including the functions of various peripherals. |
Knowledge |
3137 | Knowledge of basic malicious activity concepts (e.g., foot printing, scanning and enumeration). |
Knowledge |
3156 | Knowledge of collection management tools. |
Knowledge |
3162 | Knowledge of collection capabilities, accesses, performance specifications, and constraints utilized to satisfy collection plan. |
Knowledge |
3165 | Knowledge of collection planning process and collection plan. |
Knowledge |
3175 | Knowledge of leadership’s Intent and objectives. |
Knowledge |
3177 | Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.). |
Knowledge |
3188 | Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.). |
Knowledge |
3205 | Knowledge of current computer-based intrusion sets. |
Knowledge |
3217 | Knowledge of cyber lexicon/terminology |
Knowledge |
3225 | Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media). |
Knowledge |
3253 | Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP). |
Knowledge |
3275 | Knowledge of fundamental cyber concepts, principles, limitations, and effects. |
Knowledge |
3286 | Knowledge of host-based security products and how they affect exploitation and vulnerability. |
Knowledge |
3291 | Knowledge of how internet applications work (SMTP email, web-based email, chat clients, VOIP). |
Knowledge |
3292 | Knowledge of how modern digital and telephony networks impact cyber operations. |
Knowledge |
3293 | Knowledge of how modern wireless communications systems impact cyber operations. |
Knowledge |
3298 | Knowledge of how to extract, analyze, and use metadata. |
Knowledge |
3322 | Knowledge of indications and warning. |
Knowledge |
3325 | Knowledge of information needs. |
Knowledge |
3332 | Knowledge of tasking processes for organic and subordinate collection assets. |
Knowledge |
3361 | Knowledge of key cyber threat actors and their equities. |
Knowledge |
3362A | Knowledge of key factors of the operational environment and related threats and vulnerabilities. |
Knowledge |
3374 | Knowledge of malware. |
Knowledge |
3389 | Knowledge of organization objectives and associated demand on collection management. |
Knowledge |
3417 | Knowledge of non-traditional collection methodologies. |
Knowledge |
3420 | Knowledge of ongoing and future operations. |
Knowledge |
3424 | Knowledge of operational asset constraints. |
Knowledge |
3428 | Knowledge of organization formats of resource and asset readiness reporting, its operational relevance and intelligence collection impact. |
Knowledge |
3430 | Knowledge of organizational priorities, legal authorities and requirements submission processes. |
Knowledge |
3441 | Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc. |
Knowledge |
3470 | Knowledge of risk management and mitigation strategies. |
Knowledge |
3541 | Knowledge of the available tools and applications associated with collection requirements and collection management. |
Knowledge |
3543 | Knowledge of the basic structure, architecture, and design of modern communication networks. |
Knowledge |
3545 | Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection). |
Knowledge |
3549 | Knowledge of the capabilities and limitations of new and emerging collection capabilities, accesses and/or processes. |
Knowledge |
3552 | Knowledge of the capabilities, limitations and tasking methodologies of internal and external collections as they apply to planned cyber activities. |
Knowledge |
3557 | Knowledge of collection strategies. |
Knowledge |
3558 | Knowledge of the priority information requirements from subordinate, lateral and higher levels of the organization. |
Knowledge |
3561 | Knowledge of the common networking and routing protocols(e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications. |
Knowledge |
3574 | Knowledge of the existent tasking, collection, processing, exploitation and dissemination architecture. |
Knowledge |
3595 | Knowledge of the organization, roles and responsibilities of higher, lower and adjacent sub-elements. |
Knowledge |
3598 | Knowledge of the organizational plans/directives/guidance that describe objectives. |
Knowledge |
3599 | Knowledge of the organizational policies/procedures for temporary transfer of collection authority. |
Knowledge |
3602 | Knowledge of the POC’s, databases, tools and applications necessary to establish environment preparation and surveillance products. |
Knowledge |
3624 | Knowledge of different organization objectives at all levels, including subordinate, lateral and higher. |
Knowledge |
3625 | Knowledge of the organization’s established format for collection plan. |
Knowledge |
3626 | Knowledge of the organization’s planning, operations and targeting cycles. |
Knowledge |
3631 | Knowledge of internal and external partner organization capabilities and limitations (those with tasking, collection, processing, exploitation and dissemination responsibilities). |
Knowledge |
3633 | Knowledge of tipping, cueing, mixing, and redundancy. |
Knowledge |
3650 | Knowledge of priority information, how it is derived, where it is published, how to access, etc. |
Knowledge |
3651 | Knowledge of what constitutes a “threat” to a network. |
Knowledge |
3654 | Knowledge of who the organization’s operational planners are, how and where they can be contacted, and what are their expectations. |
Knowledge |
3957 | Skill to access information on current assets available, usage. |
Skill |
3960 | Skill to access the databases where plans/directives/guidance are maintained. |
Skill |
3977 | Skill to articulate a needs statement/requirement and integrate new and emerging collection capabilities, accesses and/or processes into collection operations. |
Skill |
3985 | Skill to associate Intelligence gaps to priority information requirements and observables. |
Skill |
3986 | Skill to compare and contrast indicators/observables with requirements. |
Skill |
3995 | Ability to correctly employ each organization or element into the collection plan and matrix. |
Ability |
4016 | Skill to evaluate the capabilities, limitations and tasking methodologies of organic, theater, national, coalition and other collection capabilities. |
Skill |
4025 | Skill to identify Intelligence gaps. |
Skill |
4027 | Skill to identify when priority information requirements are satisfied. |
Skill |
4029 | Skill to translate the capabilities, limitations and tasking methodologies of organic, theater, national, coalition and other collection capabilities. |
Skill |
4044 | Skill to optimize collection system performance through repeated adjustment, testing, and re-adjustment. |
Skill |
4113 | Knowledge of the request for information process. |
Knowledge |
52 | Knowledge of human-computer interaction principles. |
Knowledge |
87 | Knowledge of network traffic analysis methods. |
Knowledge |
Evaluates collection operations and develops effects-based collection requirements strategies using available sources and methods to…
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
2015 | Analyze feedback to determine extent to which collection products and services are meeting requirements. |
Task |
2017 | Analyze incoming collection requests. |
Task |
2021 | Analyze plans, directives, guidance and policy for factors that would influence collection management’s operational structure and requirement s (e.g., duration, scope, communication requirements, interagency/international agreements). |
Task |
2053 | Assess the effectiveness of collections in satisfying priority information gaps, using available capabilities and methods, and then adjust collection strategies and collection requirements accordingly. |
Task |
2093 | Collaborate with customer to define information requirements. |
Task |
2245 | Develop a method for comparing collection reports to outstanding requirements to identify information gaps. |
Task |
2375 | Validate the link between collection requests and critical information requirements and priority intelligence requirements of leadership. |
Task |
2398 | Evaluate the effectiveness of collection operations against the collection plan. |
Task |
2857 | Translate collection requests into applicable discipline-specific collection requirements. |
Task |
3010 | Ability to apply collaborative skills and strategies. |
Ability |
3011 | Ability to apply critical reading/thinking skills. |
Ability |
3102 | Knowledge of operational planning processes. |
Knowledge |
3380 | Knowledge of methods for ascertaining collection asset posture and availability. |
Knowledge |
3557 | Knowledge of collection strategies. |
Knowledge |
4024 | Skill to identify and apply tasking, collection, processing, exploitation and dissemination to associated collection disciplines. |
Skill |
4066 | Skill to use collaborative tools and environments. |
Skill |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
2046 | Assess efficiency of existing information exchange and management systems. |
Task |
2051 | Assess performance of collection assets against prescribed specifications. |
Task |
2082 | Close requests for information once satisfied. |
Task |
2098 | Compile lessons learned from collection management activity’s execution of organization collection objectives. |
Task |
2111 | Conduct formal and informal coordination of collection requirements in accordance with established guidelines and procedures. |
Task |
2311 | Develop procedures for providing feedback to collection managers, asset managers, and processing, exploitation and dissemination centers. |
Task |
2341 | Disseminate reports to inform decision makers on collection issues. |
Task |
2347 | Conduct and document an assessment of the collection results using established procedures. |
Task |
2384 | Evaluate extent to which collected information and/or produced intelligence satisfy information requests. |
Task |
2397 | Evaluate extent to which collection operations are synchronized with operational requirements. |
Task |
2451 | Identify collaboration forums that can serve as mechanisms for coordinating processes, functions, and outputs with specified organizations and functional groups. |
Task |
2479 | Identify and mitigate risks to collection management ability to support the plan, operations and target cycle. |
Task |
2514 | Inform stakeholders (e.g., collection managers, asset managers, processing, exploitation and dissemination centers) of evaluation results using established procedures. |
Task |
2529 | Issue requests for information. |
Task |
2587 | Modify collection requirements as necessary. |
Task |
2727 | Provide advisory and advocacy support to promote collection planning as an integrated component of the strategic campaign plans and other adaptive plans. |
Task |
2807 | Review capabilities of allocated collection assets. |
Task |
2809 | Review intelligence collection guidance for accuracy/applicability. |
Task |
2810 | Review list of prioritized collection requirements and essential information. |
Task |
2827 | Solicit and manage to completion feedback from requestors on quality, timeliness, and effectiveness of collection against collection requirements. |
Task |
2835 | Submit information requests to collection requirement management section for processing as collection requests. |
Task |
2856 | Track status of information requests, including those processed as collection requests and production requirements, using established procedures. |
Task |
2867 | Use feedback results (e.g., lesson learned) to identify opportunities to improve collection management efficiency and effectiveness. |
Task |
2875 | Validate requests for information according to established criteria. |
Task |
3092 | Knowledge of database administration and maintenance. |
Knowledge |
3098 | Knowledge of virtualization products (Vmware, Virtual PC). |
Knowledge |
3116 | Knowledge of all possible circumstances that would result in changing collection management authorities. |
Knowledge |
3127 | Knowledge of asset availability, capabilities and limitations. |
Knowledge |
3128 | Knowledge of tasking mechanisms. |
Knowledge |
3131 | Knowledge of available databases and tools necessary to assess appropriate collection tasking. |
Knowledge |
3135 | Knowledge of basic computer components and architectures, including the functions of various peripherals. |
Knowledge |
3137 | Knowledge of basic malicious activity concepts (e.g., foot printing, scanning and enumeration). |
Knowledge |
3148 | Knowledge of collection capabilities and limitations. |
Knowledge |
3156 | Knowledge of collection management tools. |
Knowledge |
3160 | Knowledge of collaborative tools and environments. |
Knowledge |
3162 | Knowledge of collection capabilities, accesses, performance specifications, and constraints utilized to satisfy collection plan. |
Knowledge |
3165 | Knowledge of collection planning process and collection plan. |
Knowledge |
3175 | Knowledge of leadership’s Intent and objectives. |
Knowledge |
3188 | Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.). |
Knowledge |
3195 | Knowledge of criteria for evaluating collection products. |
Knowledge |
3204 | Knowledge of current collection requirements. |
Knowledge |
3217 | Knowledge of cyber lexicon/terminology |
Knowledge |
3225 | Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media). |
Knowledge |
3234 | Knowledge of databases, portals and associated dissemination vehicles. |
Knowledge |
3253 | Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP). |
Knowledge |
3262 | Knowledge of evolving/emerging communications technologies. |
Knowledge |
3275 | Knowledge of fundamental cyber concepts, principles, limitations, and effects. |
Knowledge |
3291 | Knowledge of how internet applications work (SMTP email, web-based email, chat clients, VOIP). |
Knowledge |
3292 | Knowledge of how modern digital and telephony networks impact cyber operations. |
Knowledge |
3293 | Knowledge of how modern wireless communications systems impact cyber operations. |
Knowledge |
3297 | Knowledge of how to establish priorities for resources. |
Knowledge |
3322 | Knowledge of indications and warning. |
Knowledge |
3325 | Knowledge of information needs. |
Knowledge |
3361 | Knowledge of key cyber threat actors and their equities. |
Knowledge |
3362A | Knowledge of key factors of the operational environment and related threats and vulnerabilities. |
Knowledge |
3374 | Knowledge of malware. |
Knowledge |
3389 | Knowledge of organization objectives and associated demand on collection management. |
Knowledge |
3417 | Knowledge of non-traditional collection methodologies. |
Knowledge |
3420 | Knowledge of ongoing and future operations. |
Knowledge |
3424 | Knowledge of operational asset constraints. |
Knowledge |
3430 | Knowledge of organizational priorities, legal authorities and requirements submission processes. |
Knowledge |
3441 | Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc. |
Knowledge |
3464 | Knowledge of research strategies and knowledge management. |
Knowledge |
3470 | Knowledge of risk management and mitigation strategies. |
Knowledge |
3541 | Knowledge of the available tools and applications associated with collection requirements and collection management. |
Knowledge |
3543 | Knowledge of the basic structure, architecture, and design of modern communication networks. |
Knowledge |
3545 | Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection). |
Knowledge |
3549 | Knowledge of the capabilities and limitations of new and emerging collection capabilities, accesses and/or processes. |
Knowledge |
3552 | Knowledge of the capabilities, limitations and tasking methodologies of internal and external collections as they apply to planned cyber activities. |
Knowledge |
3556 | Knowledge of collection management functionality (e.g., positions, functions, responsibilities, products, reporting requirements). |
Knowledge |
3558 | Knowledge of the priority information requirements from subordinate, lateral and higher levels of the organization. |
Knowledge |
3561 | Knowledge of the common networking and routing protocols(e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications. |
Knowledge |
3568 | Knowledge of the definition of collection management and collection management authority. |
Knowledge |
3574 | Knowledge of the existent tasking, collection, processing, exploitation and dissemination architecture. |
Knowledge |
3575 | Knowledge of the factors of threat that could impact collection operations. |
Knowledge |
3595 | Knowledge of the organization, roles and responsibilities of higher, lower and adjacent sub-elements. |
Knowledge |
3599 | Knowledge of the organizational policies/procedures for temporary transfer of collection authority. |
Knowledge |
3602 | Knowledge of the POC’s, databases, tools and applications necessary to establish environment preparation and surveillance products. |
Knowledge |
3624 | Knowledge of different organization objectives at all levels, including subordinate, lateral and higher. |
Knowledge |
3625 | Knowledge of the organization’s established format for collection plan. |
Knowledge |
3626 | Knowledge of the organization’s planning, operations and targeting cycles. |
Knowledge |
3631 | Knowledge of internal and external partner organization capabilities and limitations (those with tasking, collection, processing, exploitation and dissemination responsibilities). |
Knowledge |
3633 | Knowledge of tipping, cueing, mixing, and redundancy. |
Knowledge |
3650 | Knowledge of priority information, how it is derived, where it is published, how to access, etc. |
Knowledge |
3651 | Knowledge of what constitutes a “threat” to a network. |
Knowledge |
3663 | Knowledge of tasking, collection, processing, exploitation and dissemination. |
Knowledge |
3957 | Skill to access information on current assets available, usage. |
Skill |
3960 | Skill to access the databases where plans/directives/guidance are maintained. |
Skill |
3985 | Skill to associate Intelligence gaps to priority information requirements and observables. |
Skill |
3986 | Skill to compare and contrast indicators/observables with requirements. |
Skill |
3994 | Ability to coordinate, collaborate and disseminate information to subordinate, lateral and higher-level organizations. |
Ability |
4012 | Skill to ensure that the collection strategy leverages all available resources. |
Skill |
4016 | Skill to evaluate the capabilities, limitations and tasking methodologies of organic, theater, national, coalition and other collection capabilities. |
Skill |
4025 | Skill to identify Intelligence gaps. |
Skill |
4027 | Skill to identify when priority information requirements are satisfied. |
Skill |
4028 | Skill to implement established procedures for evaluating collection management and operations activities. |
Skill |
4033 | Skill to interpret readiness reporting, its operational relevance and intelligence collection impact. |
Skill |
4049 | Skill to prepare and deliver reports, presentations and briefings, to include using visual aids or presentation technology. |
Skill |
4055 | Skill to resolve conflicting collection requirements. |
Skill |
4056 | Skill to review performance specifications and historical information about collection assets. |
Skill |
4057 | Skill to specify collections and/or taskings that must be conducted in the near term. |
Skill |
4063 | Skill to evaluate requests for information to determine if response information exists. |
Skill |
4065 | Skill to use systems and/or tools to track collection requirements and determine whether or not they are satisfied. |
Skill |
4113 | Knowledge of the request for information process. |
Knowledge |
52 | Knowledge of human-computer interaction principles. |
Knowledge |
87 | Knowledge of network traffic analysis methods. |
Knowledge |
Senior official or executive with the authority to formally assume responsibility for operating an information…
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
38 | Knowledge of organization’s enterprise information security architecture system. |
Knowledge |
53 | Knowledge of the Security Assessment and Authorization process. |
Knowledge |
55 | Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data. |
Knowledge |
63 | Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). |
Knowledge |
69 | Knowledge of Risk Management Framework (RMF) requirements. |
Knowledge |
77 | Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities. |
Knowledge |
88 | Knowledge of new and emerging information technology (IT) and cybersecurity technologies. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
121 | Knowledge of structured analysis principles and methods. |
Knowledge |
156A | Knowledge of confidentiality, integrity, and availability principles. |
Knowledge |
197 | Skill in discerning the protection needs (i.e., security controls) of information systems and networks. |
Skill |
1034A | Knowledge of Personally Identifiable Information (PII) data security standards. |
Knowledge |
1037 | Knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures. |
Knowledge |
1040A | Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure. |
Knowledge |
1072 | Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). |
Knowledge |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
5320 | Establish acceptable limits for the software application, network, or system. |
Task |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
1034B | Knowledge of Payment Card Industry (PCI) data security standards. |
Knowledge |
1034C | Knowledge of Personal Health Information (PHI) data security standards. |
Knowledge |
1036 | Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed. |
Knowledge |
1037A | Knowledge of information technology (IT) risk management policies, requirements, and procedures. |
Knowledge |
1038 | Knowledge of local specialized system requirements (e.g., critical infrastructure systems that may not use standard information technology [IT]) for safety, performance, and reliability. |
Knowledge |
105 | Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). |
Knowledge |
1131 | Knowledge of security architecture concepts and enterprise architecture reference models (e.g., Zackman, Federal Enterprise Architecture [FEA]). |
Knowledge |
1142 | Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model). |
Knowledge |
1146 | Develop and Implement cybersecurity independent audit processes for application software/networks/systems and oversee ongoing independent audits to ensure that operational and Research and Design (R&D) processes and procedures are in compliance with organizational and mandatory cybersecurity requirements and accurately followed by Systems Administrators and other cybersecurity staff when performing their day-to-day activities. |
Task |
1157A | Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity and AI. |
Knowledge |
128 | Knowledge of systems diagnostic tools and fault identification techniques. |
Knowledge |
143 | Knowledge of the organization’s enterprise information technology (IT) goals and objectives. |
Knowledge |
177B | Knowledge of countermeasures for identified security risks. |
Knowledge |
179 | Skill in designing security controls based on cybersecurity principles and tenets. |
Skill |
19 | Knowledge of cyber defense and vulnerability assessment tools, including open source tools, and their capabilities. |
Knowledge |
27 | Knowledge of cryptography and cryptographic key management concepts. |
Knowledge |
325 | Knowledge of secure acquisitions (e.g., relevant Contracting Officer’s Technical Representative [COTR] duties, secure procurement, supply chain risk management). |
Knowledge |
3591 | Knowledge of organization objectives, leadership priorities, and decision-making risks. |
Knowledge |
40 | Knowledge of organization’s evaluation and validation requirements. |
Knowledge |
43A | Knowledge of embedded systems. |
Knowledge |
58 | Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins. |
Knowledge |
5824 | Authorizing Official only: Approve security and privacy assessment plans for systems and environments of operation. |
Task |
5827 | Determine the authorization boundaries of systems. |
Task |
5837 | Respond to threats and vulnerabilities based on the results of ongoing/continuous monitoring activities and risk assessments and decide if risk remains acceptable. |
Task |
5838 | Review and approve security categorization results for systems. |
Task |
5839 | Review security and privacy assessment plans for systems and environments of operation. |
Task |
600 | Evaluate cost benefit, economic, and risk analysis in decision making process. |
Task |
6931 | Knowledge of methods and techniques for analyzing risk. |
Knowledge |
6936 | Knowledge of types of authorizations. |
Knowledge |
696B | Authorizing Official only: Approve authorization packages. |
Task |
696C | Manage authorization packages. |
Task |
70 | Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption). |
Knowledge |
710 | Monitor and evaluate a system’s compliance with information technology (IT) security, resilience, and dependability requirements. |
Task |
801A | Provide enterprise cybersecurity and supply chain risk management guidance. |
Task |
836A | Authorizing Official only: Determine if the security and privacy risk from operating a system or using a system, service, or application from an external provider is acceptable. |
Task |
942 | Knowledge of the organization’s core business/mission processes. |
Knowledge |
952 | Knowledge of emerging security issues, risks, and vulnerabilities. |
Knowledge |
95A | Knowledge of penetration testing principles, tools, and techniques. |
Knowledge |
965 | Knowledge of organization’s risk tolerance and/or risk management approach. |
Knowledge |
979 | Knowledge of supply chain risk management standards, processes, and practices. |
Knowledge |
98 | Knowledge of policy-based and risk adaptive access controls. |
Knowledge |
Manages the Communications Security (COMSEC) resources of an organization (CNSSI No. 4009).
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
25 | Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]). |
Knowledge |
37 | Knowledge of disaster recovery continuity of operations plans. |
Knowledge |
55 | Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data. |
Knowledge |
61 | Knowledge of incident response and handling methodologies. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
395 | Advise senior management (e.g., CIO) on risk levels and security posture. |
Task |
578 | Ensure security improvement actions are evaluated, validated, and implemented as required. |
Task |
824 | Recognize a possible security violation and take appropriate action to report the incident, as required. |
Task |
852 | Supervise or manage protective or corrective measures when an cybersecurity incident or vulnerability is discovered. |
Task |
1141A | Knowledge of an organization’s information classification program and procedures for information compromise. |
Knowledge |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
1004 | Knowledge of critical information technology (IT) procurement requirements. |
Knowledge |
1040A | Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure. |
Knowledge |
129 | Knowledge of system life cycle management principles, including software security and usability. |
Knowledge |
143 | Knowledge of the organization’s enterprise information technology (IT) goals and objectives. |
Knowledge |
183 | Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes. |
Skill |
299 | Knowledge of information security program management and project management principles and techniques. |
Knowledge |
325 | Knowledge of secure acquisitions (e.g., relevant Contracting Officer’s Technical Representative [COTR] duties, secure procurement, supply chain risk management). |
Knowledge |
396 | Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, and systems, and elements. |
Task |
445 | Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders. |
Task |
475 | Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance. |
Task |
596 | Establish overall enterprise information security architecture (EISA) with the organization’s overall security strategy. |
Task |
600 | Evaluate cost benefit, economic, and risk analysis in decision making process. |
Task |
Responsible for device, equipment, and system-level cybersecurity configuration and day-to-day security operations of control systems,…
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
79 | Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]). |
Knowledge |
106 | Knowledge of remote access technology concepts. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
708A | Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative. |
Task |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
3277 | Knowledge of general SCADA system components. |
Knowledge |
3740 | Skill in determining installed patches on various operating systems and identifying patch signatures. |
Skill |
5823 | Apply updates, patches, and security technical implementation while maintaining control system performance and availability requirements. |
Task |
5829 | Establish and maintain security configuration baseline for the control system(s), including field devices, IT components, interconnections, and interfaces. |
Task |
5830 | Implement Risk Management Framework (RMF) Assessment requirements for control systems, and document/maintain records for them. |
Task |
5831 | Maintain knowledge of the function and security of control system and IT technologies with which the control systems interface. |
Task |
5832 | Maintain network segmentation to isolate control systems from business networks and other external connections as directed. |
Task |
5836 | Perform asset management and maintain inventory of control system devices and components through physical inspection or logical scans. |
Task |
5840 | Support risk assessments by reviewing and documenting the implementation status of security requirements of control systems. |
Task |
6929 | Knowledge of control system technologies, such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, Distributed Control Systems (DCS) and Operational Technology (OT). |
Knowledge |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6927 | Knowledge of control system environment risks, threats and vulnerabilities. |
Knowledge |
6933 | Knowledge of risk management processes specific to control systems. |
Knowledge |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
6940 | Skill in applying security and managing risk in resource-constrained systems and networks. |
Skill |
6941 | Skill in architecting compensating security controls to reduce risk for control systems and control system components that do not have adequate or compliant security capabilities. |
Skill |
6946 | Skill in securing control system communication protocols (e.g., IP/TCP, SSL/TLS, MODBUS/DNP3/PROFINET SCADA, GOOSE) and media used for field device control. |
Skill |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
3353 | Knowledge of the Risk Management Framework Assessment Methodology. |
Knowledge |
342A | Knowledge of operating system command line/prompt. |
Knowledge |
3A | Skill in recognizing vulnerabilities in security systems. |
Skill |
43A | Knowledge of embedded systems. |
Knowledge |
5821 | Act as a liaison between facility operations/engineer teams and IT or network security teams to coordinate security activities. |
Task |
5822 | Apply tailored organizational security policies and procedures for control system environments to maintain security, but also to ensure system availability. |
Task |
5826 | Consult on control system security matters (e.g., risk assessment, configuration management) as needed. |
Task |
5828 | Ensure configuration and collection of control system audit logs for monitoring and forensic analysis as appropriate. |
Task |
5833 | Off-load and review control system audit logs and review for anomalies. |
Task |
5834 | Participate in control system change management in conjunction with IT personnel and control system experts (e.g., system supplier). |
Task |
5835 | Participate in control system incident and disaster response, including secure system recovery. |
Task |
6928 | Knowledge of control system performance and availability requirements. |
Knowledge |
6934 | Knowledge of RMF assessment types (e.g., Assess & Authorize (A&A), Assess Only) and authorization boundaries (e.g., Closed Restricted Network (CRN), Stand-alone Information System (SIS)). |
Knowledge |
6937 | Knowledge of what “normal” control system operations for specific mission/business functions look like. |
Knowledge |
6939 | Skill in active and passive methods to safely gather information and conduct vulnerability and network analysis scans in control system environments. |
Skill |
6943 | Skill in identifying and investigating “abnormal” control system operations based on what specific mission/business functions look like. |
Skill |
69A | Knowledge of risk management processes and requirements per the Risk Management Framework (RMF). |
Knowledge |
809 | Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials). |
Task |
88A | Knowledge of current and emerging cyber technologies. |
Knowledge |
Identifies, collects, examines, and preserves evidence using controlled and documented analytical and investigative techniques.
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
217 | Skill in preserving evidence integrity according to standard operating procedures or national standards. |
Skill |
281 | Knowledge of electronic devices (e.g., computer systems/components, access control devices, digital cameras, electronic organizers, hard drives, memory cards, modems, network components, printers, removable storage devices, scanners, telephones, copiers, credit card skimmers, facsimile machines, global positioning systems [GPSs]). |
Knowledge |
290 | Knowledge of processes for seizing and preserving digital evidence (e.g., chain of custody). |
Knowledge |
340 | Knowledge of types and collection of persistent data. |
Knowledge |
369 | Skill in collecting, processing, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data. |
Skill |
1036 | Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed. |
Knowledge |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
3155 | Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc. |
Knowledge |
3159 | Knowledge of cyber operations support or enabling processes. |
Knowledge |
3211 | Knowledge of cyber laws and legal considerations and their effect on cyber planning. |
Knowledge |
3235 | Knowledge of deconfliction processes and procedures. |
Knowledge |
3257 | Knowledge of target and threat organization structures, critical capabilities, and critical vulnerabilities. |
Knowledge |
3262 | Knowledge of evolving/emerging communications technologies. |
Knowledge |
3264 | Knowledge of existing, emerging, and long-range issues related to cyber operations strategy, policy, and organization. |
Knowledge |
3356 | Knowledge of organization policies and planning concepts for partnering with internal and/or external organizations. |
Knowledge |
3419 | Knowledge of organization or partner exploitation of digital networks. |
Knowledge |
3585 | Knowledge of accepted organization planning systems. |
Knowledge |
3591 | Knowledge of organization objectives, leadership priorities, and decision-making risks. |
Knowledge |
3615 | Knowledge of the structure and intent of organization specific plans, guidance and authorizations. |
Knowledge |
3627 | Knowledge of cryptologic capabilities, limitations, and contributions to cyber operations. |
Knowledge |
3638 | Knowledge of organization issues, objectives, and operations in cyber as well as regulations and policy directives governing cyber operations. |
Knowledge |
3639 | Knowledge of organization cyber operations programs, strategies, and resources. |
Knowledge |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
1039 | Skill in evaluating the trustworthiness of the supplier and/or product. |
Skill |
105 | Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). |
Knowledge |
310 | Knowledge of legal governance related to admissibility (e.g., Federal Rules of Evidence). |
Knowledge |
3480 | Knowledge of security implications of software configurations. |
Knowledge |
383 | Skill in using scientific rules and methods to solve problems. |
Skill |
454 | Conduct interviews of victims and witnesses and conduct interviews or interrogations of suspects. |
Task |
5040 | Analyze the crisis situation to ensure public, personal, and resource protection. |
Task |
5070 | Assess the behavior of the individual victim, witness, or suspect as it relates to the investigation. |
Task |
507A | Determine and develop leads and identify sources of information in order to identify and/or prosecute the responsible parties to an intrusion or other crimes. |
Task |
512 | Develop a plan to investigate alleged crime, violation, or suspicious activity utilizing computers and the internet. |
Task |
5210 | Determine the extent of threats and recommend courses of action and countermeasures to mitigate risks. |
Task |
5580 | Provide criminal investigative support to trial counsel during the judicial process. |
Task |
564A | Document original condition of digital and/or associated evidence (e.g., via digital photographs, written reports, hash function checking). |
Task |
597 | Establish relationships, if applicable, between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies, vendors, and public relations professionals). |
Task |
620A | Employ information technology (IT) systems and digital storage media to solve, investigate, and/or prosecute cybercrimes and fraud committed against people and property. |
Task |
623 | Fuse computer network attack analyses with criminal and counterintelligence investigations and operations. |
Task |
6230 | Knowledge of crisis management protocols, processes, and techniques. |
Knowledge |
633 | Identify and/or determine whether a security incident is indicative of a violation of law that requires specific legal action. |
Task |
636 | Identify digital evidence for examination and analysis in such a way as to avoid unintentional alteration. |
Task |
6370 | Knowledge of physical and physiological behaviors that may indicate suspicious or abnormal activity. |
Knowledge |
6440 | Knowledge of the judicial process, including the presentation of facts and evidence. |
Knowledge |
649 | Identify, collect, and seize documentary or physical evidence, to include digital media and logs associated with cyber intrusion incidents, investigations, and operations. |
Task |
788A | Prepare reports to document the investigation following legal standards and requirements. |
Task |
843 | Secure the electronic device or information source. |
Task |
917 | Knowledge of social dynamics of computer attackers in a global context. |
Knowledge |
Uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network…
KSAT ID | Description | KSAT |
---|---|---|
19 | Knowledge of cyber defense and vulnerability assessment tools, including open source tools, and their capabilities. |
Knowledge |
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
59A | Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications. |
Knowledge |
66 | Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies. |
Knowledge |
70 | Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption). |
Knowledge |
81A | Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. |
Knowledge |
87 | Knowledge of network traffic analysis methods. |
Knowledge |
92 | Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]). |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
150 | Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities. |
Knowledge |
214A | Skill in performing packet-level analysis. |
Skill |
353 | Skill in collecting data from a variety of cyber defense resources. |
Skill |
433 | Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources. |
Task |
472 | Coordinate with enterprise-wide cyber defense staff to validate network alerts. |
Task |
723 | Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment. |
Task |
745 | Perform cyber defense trend analysis and reporting. |
Task |
750 | Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack. |
Task |
767 | Perform security reviews and identify security gaps in security architecture resulting in recommendations for the inclusion into the risk mitigation strategy. |
Task |
800 | Provide daily summary reports of network events and activity relevant to cyber defense practices. |
Task |
823 | Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts. |
Task |
895 | Skill in recognizing and categorizing types of vulnerabilities and associated attacks. |
Skill |
922A | Knowledge of how to use network analysis tools to identify vulnerabilities. |
Knowledge |
956 | Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities. |
Task |
958 | Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity. |
Task |
959 | Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information. |
Task |
984 | Knowledge of cyber defense policies, procedures, and regulations. |
Knowledge |
990 | Knowledge of the common attack vectors on the network layer. |
Knowledge |
991 | Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution). |
Knowledge |
1069A | Knowledge of general kill chain (e.g., footprinting and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). |
Knowledge |
1107 | Identify and analyze anomalies in network traffic using metadata (e.g., CENTAUR). |
Task |
1108 | Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings). |
Task |
1111 | Identify applications and operating systems of a network device based on network traffic. |
Task |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
1033 | Knowledge of basic system administration, network, and operating system hardening techniques. |
Knowledge |
1034A | Knowledge of Personally Identifiable Information (PII) data security standards. |
Knowledge |
1034B | Knowledge of Payment Card Industry (PCI) data security standards. |
Knowledge |
1034C | Knowledge of Personal Health Information (PHI) data security standards. |
Knowledge |
1036 | Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed. |
Knowledge |
105 | Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). |
Knowledge |
1072 | Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). |
Knowledge |
1073 | Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools. |
Knowledge |
110 | Knowledge of key concepts in security management (e.g., Release Management, Patch Management). |
Knowledge |
1103 | Determine tactics, techniques, and procedures (TTPs) for intrusion sets. |
Task |
1104 | Examine network topologies to understand data flows through the network. |
Task |
1105 | Recommend computing environment vulnerability corrections. |
Task |
1109 | Validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools. |
Task |
111 | Knowledge of security system design tools, methods, and techniques. |
Knowledge |
1110 | Isolate and remove malware. |
Task |
1111 | Identify applications and operating systems of a network device based on network traffic. |
Task |
1112 | Reconstruct a malicious attack or activity based off network traffic. |
Task |
1113 | Identify network mapping and operating system (OS) fingerprinting activities. |
Task |
1114 | Knowledge of encryption methodologies. |
Knowledge |
1118 | Skill in reading and interpreting signatures (e.g., snort). |
Skill |
1119 | Knowledge of signature implementation impact. |
Knowledge |
1120 | Ability to interpret and incorporate data from multiple tool sources. |
Ability |
1121 | Knowledge of Windows/Unix ports and services. |
Knowledge |
1142 | Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model). |
Knowledge |
130A | Knowledge of systems security testing and evaluation methods. |
Knowledge |
133 | Knowledge of key telecommunications concepts (e.g., Routing Algorithms, Fiber Optics Systems Link Budgeting, Add/Drop Multiplexers). |
Knowledge |
138 | Knowledge of the cyber defense Service Provider reporting structure and processes within one’s own organization. |
Knowledge |
139 | Knowledge of the common networking protocols (e.g., TCP/IP), services (e.g., web, mail, Domain Name Server), and how they interact to provide network communications. |
Knowledge |
148 | Knowledge of Virtual Private Network (VPN) security. |
Knowledge |
175 | Skill in developing and deploying signatures. |
Skill |
177B | Knowledge of countermeasures for identified security risks. |
Knowledge |
179A | Skill in assessing security controls based on cybersecurity principles and tenets. |
Skill |
181A | Skill in detecting host and network based intrusions via intrusion detection technologies. |
Skill |
183 | Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes. |
Skill |
199 | Skill in evaluating the adequacy of security designs. |
Skill |
2062 | Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the NE or enclave. |
Task |
21 | Knowledge of computer algorithms. |
Knowledge |
212A | Knowledge of network mapping and recreating network topologies. |
Knowledge |
229 | Skill in using incident handling methodologies. |
Skill |
233 | Skill in using protocol analyzers. |
Skill |
234B | Knowledge of the use of sub-netting tools. |
Knowledge |
25 | Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]). |
Knowledge |
2611 | Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event’s history, status, and potential impact for further action in accordance with the organization’s cyber incident response plan. |
Task |
27 | Knowledge of cryptography and cryptographic key management concepts. |
Knowledge |
270 | Knowledge of common adversary tactics, techniques, and procedures in assigned area of responsibility (i.e., historical country-specific tactics, techniques, and procedures; emerging capabilities). |
Knowledge |
271 | Knowledge of common network tools (e.g., ping, traceroute, nslookup). |
Knowledge |
277 | Knowledge of defense-in-depth principles and network security architecture. |
Knowledge |
278 | Knowledge of different types of network communication (e.g., LAN, WAN, MAN, WLAN, WWAN). |
Knowledge |
286 | Knowledge of file extensions (e.g., .dll, .bat, .zip, .pcap, .gzip). |
Knowledge |
3007 | Ability to analyze malware. |
Ability |
34 | Knowledge of database systems. |
Knowledge |
342A | Knowledge of operating system command line/prompt. |
Knowledge |
3431 | Knowledge of OSI model and underlying network protocols (e.g., TCP/IP). |
Knowledge |
3461 | Knowledge of relevant laws, legal authorities, restrictions, and regulations pertaining to cyber defense activities. |
Knowledge |
3C | Skill in recognizing vulnerabilities in information and/or data systems. |
Skill |
427 | Develop content for cyber defense tools. |
Task |
43A | Knowledge of embedded systems. |
Knowledge |
49 | Knowledge of host/network access control mechanisms (e.g., access control list). |
Knowledge |
559A | Analyze and report organizational security posture trends. |
Task |
559B | Analyze and report system security posture trends. |
Task |
576 | Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level. |
Task |
58 | Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins. |
Knowledge |
593A | Assess adequate access controls based on principles of least privilege and need-to-know. |
Task |
61 | Knowledge of incident response and handling methodologies. |
Knowledge |
6210 | Knowledge of cloud service models and possible limitations for an incident response. |
Knowledge |
63 | Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). |
Knowledge |
716A | Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise. |
Task |
717A | Assess and monitor cybersecurity related to system implementation and testing practices. |
Task |
75C | Skill in conducting trend analysis. |
Skill |
782 | Plan and recommend modifications or adjustments based on exercise results or system environment. |
Task |
79 | Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]). |
Knowledge |
8 | Knowledge of authentication, authorization, and access control methods. |
Knowledge |
806A | Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities. |
Task |
880A | Work with stakeholders to resolve computer security incidents and vulnerability compliance. |
Task |
88A | Knowledge of current and emerging cyber technologies. |
Knowledge |
90 | Knowledge of operating systems. |
Knowledge |
904 | Knowledge of interpreted and compiled computer languages. |
Knowledge |
912 | Knowledge of collection management processes, capabilities, and limitations. |
Knowledge |
915 | Knowledge of front-end collection systems, including traffic collection, filtering, and selection. |
Knowledge |
922B | Skill in using network analysis tools, including specialized tools for non-traditional systems and networks (e.g., control systems), to identify vulnerabilities. |
Skill |
938A | Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans. |
Task |
95A | Knowledge of penetration testing principles, tools, and techniques. |
Knowledge |
98 | Knowledge of policy-based and risk adaptive access controls. |
Knowledge |
992C | Knowledge of threat environments (e.g., first generation threat actors, threat activities). |
Knowledge |
Analyzes digital evidence and investigates computer security incidents to derive useful information in support of…
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
24A | Knowledge of basic concepts and practices of processing digital forensic data. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
217 | Skill in preserving evidence integrity according to standard operating procedures or national standards. |
Skill |
302 | Knowledge of investigative implications of hardware, Operating Systems, and network technologies. |
Knowledge |
350 | Skill in analyzing memory dumps to extract information. |
Skill |
381 | Skill in using forensic tool suites (e.g., EnCase, Sleuthkit, FTK). |
Skill |
438A | Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. |
Task |
447 | Conduct analysis of log files, evidence, and other information in order to determine best methods for identifying the perpetrator(s) of a network intrusion. |
Task |
463 | Confirm what is known about an intrusion and discover new information, if possible, after identifying intrusion via dynamic analysis. |
Task |
541 | Provide technical summary of findings in accordance with established reporting procedures. |
Task |
613 | Examine recovered data for information of relevance to the issue at hand. |
Task |
752 | Perform file signature analysis. |
Task |
890 | Skill in conducting forensic analyses in multiple operating system environments (e.g., mobile device systems). |
Skill |
1082 | Perform file system forensic analysis. |
Task |
1086 | Knowledge of data carving tools and techniques (e.g., Foremost). |
Knowledge |
1087 | Skill in deep analysis of captured malicious code (e.g., malware forensics). |
Skill |
1088 | Skill in using binary analysis tools (e.g., Hexedit, command code xxd, hexdump). |
Skill |
1089 | Knowledge of reverse engineering concepts. |
Knowledge |
1092 | Knowledge of anti-forensics tactics, techniques, and procedures. |
Knowledge |
1096 | Knowledge of malware analysis tools (e.g., Oily Debug, Ida Pro). |
Knowledge |
1098 | Skill in analyzing anomalous code as malicious or benign. |
Skill |
1099 | Skill in analyzing volatile data. |
Skill |
1100 | Skill in identifying obfuscation techniques. |
Skill |
1101 | Skill in interpreting results of debugger to ascertain tactics, techniques, and procedures. |
Skill |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
6810 | Knowledge of binary analysis. |
Knowledge |
6850 | Skill in analyzing malware. |
Skill |
6860 | Skill in conducting bit-level analysis. |
Skill |
6870 | Skill in processing digital evidence, to include protecting and making legally sound copies of evidence. |
Skill |
6890 | Ability to conduct forensic analyses in and for both Windows and Unix/Linux environments. |
Ability |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
1031 | Serve as technical expert and liaison to law enforcement personnel and explain incident details as required. |
Task |
1033 | Knowledge of basic system administration, network, and operating system hardening techniques. |
Knowledge |
1036 | Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed. |
Knowledge |
105 | Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). |
Knowledge |
1072 | Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). |
Knowledge |
1081 | Perform virus scanning on digital media. |
Task |
1083 | Perform static analysis to mount an “image” of a drive (without necessarily having the original drive). |
Task |
1084 | Perform static malware analysis. |
Task |
1085 | Utilize deployable forensics tool kit to support operations as necessary. |
Task |
1091 | Skill in one way hash functions (e.g., Secure Hash Algorithm [SHA], Message Digest Algorithm [MD5]). |
Skill |
1093 | Knowledge of common forensics tool configuration and support applications (e.g., VMWare, WIRESHARK). |
Knowledge |
1094 | Knowledge of debugging procedures and tools. |
Knowledge |
1095 | Knowledge of how different file types can be used for anomalous behavior. |
Knowledge |
1097 | Knowledge of virtual machine aware malware, debugger aware malware, and packing. |
Knowledge |
113 | Knowledge of server and client operating systems. |
Knowledge |
114 | Knowledge of server diagnostic tools and fault identification techniques. |
Knowledge |
139 | Knowledge of the common networking protocols (e.g., TCP/IP), services (e.g., web, mail, Domain Name Server), and how they interact to provide network communications. |
Knowledge |
193 | Skill in developing, testing, and implementing network infrastructure contingency and recovery plans. |
Skill |
214A | Skill in performing packet-level analysis. |
Skill |
2179 | Coordinate with intelligence analysts to correlate threat assessment data. |
Task |
25 | Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]). |
Knowledge |
264 | Knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage). |
Knowledge |
287 | Knowledge of file system implementations (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT]). |
Knowledge |
29 | Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools. |
Knowledge |
290 | Knowledge of processes for seizing and preserving digital evidence (e.g., chain of custody). |
Knowledge |
294 | Knowledge of hacking methodologies in Windows or Unix/Linux environment. |
Knowledge |
310 | Knowledge of legal governance related to admissibility (e.g., Federal Rules of Evidence). |
Knowledge |
316 | Knowledge of processes for collecting, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data. |
Knowledge |
340 | Knowledge of types and collection of persistent data. |
Knowledge |
345 | Knowledge of web mail collection, searching/analyzing techniques, tools, and cookies. |
Knowledge |
346 | Knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files. |
Knowledge |
3461 | Knowledge of relevant laws, legal authorities, restrictions, and regulations pertaining to cyber defense activities. |
Knowledge |
3513 | Knowledge of system administration concepts for Unix/Linux and/or Windows operating systems. |
Knowledge |
360 | Skill in identifying and extracting data of forensic interest in diverse media (i.e., media forensics). |
Skill |
364 | Skill in identifying, modifying, and manipulating applicable system components within Windows, Unix, or Linux (e.g., passwords, user accounts, files). |
Skill |
369 | Skill in collecting, processing, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data. |
Skill |
374 | Skill in setting up a forensic workstation. |
Skill |
386 | Skill in using virtual machines. |
Skill |
389 | Skill in physically disassembling PCs. |
Skill |
480 | Create a forensically sound duplicate of the evidence (i.e., forensic image) that ensures the original evidence is not unintentionally modified, to use for data recovery and analysis processes. This includes, but is not limited to, hard drives, floppy diskettes, CD, PDA, mobile phones, GPS, and all tape formats. |
Task |
482 | Decrypt seized data using technical means. |
Task |
5690 | Process image with appropriate tools depending on analyst’s goals. |
Task |
5700 | Perform Windows registry analysis. |
Task |
5720 | Perform file and registry monitoring on the running system after identifying intrusion via dynamic analysis. |
Task |
573 | Ensure chain of custody is followed for all digital media acquired in accordance with the Federal Rules of Evidence. |
Task |
5730 | Enter media information into tracking database (e.g. Product Tracker Tool) for digital media that has been acquired. |
Task |
5740 | Correlate incident data and perform cyber defense reporting. |
Task |
5760 | Maintain deployable cyber defense toolkit (e.g. specialized cyber defense software/hardware) to support IRT mission. |
Task |
61 | Knowledge of incident response and handling methodologies. |
Knowledge |
6210 | Knowledge of cloud service models and possible limitations for an incident response. |
Knowledge |
636 | Identify digital evidence for examination and analysis in such a way as to avoid unintentional alteration. |
Task |
6820 | Knowledge of network architecture concepts including topology, protocols, and components. |
Knowledge |
749 | Perform dynamic analysis to boot an “image” of a drive (without necessarily having the original drive) to see the intrusion as the user may have seen it, in a native environment. |
Task |
753 | Perform hash comparison against established database. |
Task |
758 | Perform real-time forensic analysis (e.g., using Helix in conjunction with LiveView). |
Task |
759 | Perform timeline analysis. |
Task |
762 | Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs). |
Task |
768 | Perform static media analysis. |
Task |
771 | Perform tier 1, 2, and 3 malware analysis. |
Task |
786 | Prepare digital media for imaging by ensuring data integrity (e.g., write blockers in accordance with standard operating procedures). |
Task |
817 | Provide technical assistance on digital evidence matters to appropriate personnel. |
Task |
825 | Recognize and accurately report forensic artifacts indicative of a particular operating system. |
Task |
839A | Review forensic images and other data sources (e.g., volatile data) for recovery of potentially relevant information. |
Task |
868A | Use data carving techniques (e.g., FTK-Foremost) to extract data for further analysis. |
Task |
870 | Capture and analyze network traffic associated with malicious activities using network monitoring tools. |
Task |
871 | Use specialized equipment and techniques to catalog, document, extract, collect, package, and preserve digital evidence. |
Task |
882A | Write and publish cyber defense recommendations, reports, and white papers on incident findings to appropriate constituencies. |
Task |
888 | Knowledge of types of digital forensics data and how to recognize them. |
Knowledge |
889 | Knowledge of deployable forensics. |
Knowledge |
90 | Knowledge of operating systems. |
Knowledge |
908 | Ability to decrypt digital data collections. |
Ability |
923 | Knowledge of security event correlation tools. |
Knowledge |
944 | Conduct cursory binary analysis. |
Task |
983 | Knowledge of legal rules of evidence and court procedure. |
Knowledge |
Investigates, analyzes, and responds to cyber incidents within the network environment or enclave.
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
37 | Knowledge of disaster recovery continuity of operations plans. |
Knowledge |
50 | Knowledge of how network services and protocols interact to provide network communications. |
Knowledge |
60 | Knowledge of incident categories, incident responses, and timelines for responses. |
Knowledge |
61 | Knowledge of incident response and handling methodologies. |
Knowledge |
66 | Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies. |
Knowledge |
81A | Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. |
Knowledge |
105 | Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
150 | Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities. |
Knowledge |
153 | Skill of identifying, capturing, containing, and reporting malware. |
Skill |
217 | Skill in preserving evidence integrity according to standard operating procedures or national standards. |
Skill |
470 | Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents. |
Task |
716A | Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise. |
Task |
741A | Coordinate incident response functions. |
Task |
745 | Perform cyber defense trend analysis and reporting. |
Task |
755 | Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems. |
Task |
823 | Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts. |
Task |
882 | Write and publish cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies. |
Task |
893 | Skill in securing network communications. |
Skill |
895 | Skill in recognizing and categorizing types of vulnerabilities and associated attacks. |
Skill |
896 | Skill in protecting a network against malware. |
Skill |
897 | Skill in performing damage assessments. |
Skill |
923A | Skill in using security event correlation tools. |
Skill |
984 | Knowledge of cyber defense policies, procedures, and regulations. |
Knowledge |
991 | Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution). |
Knowledge |
1029A | Knowledge of malware analysis concepts and methodologies. |
Knowledge |
1030 | Collect intrusion artifacts (e.g., source code, malware, trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. |
Task |
1033 | Knowledge of basic system administration, network, and operating system hardening techniques. |
Knowledge |
1069 | Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation or privileges, maintaining access, network exploitation, covering tracks). |
Knowledge |
1072 | Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). |
Knowledge |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
3431 | Knowledge of OSI model and underlying network protocols (e.g., TCP/IP). |
Knowledge |
5670 | Write and publish after action reviews. |
Task |
6210 | Knowledge of cloud service models and possible limitations for an incident response. |
Knowledge |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
1031 | Serve as technical expert and liaison to law enforcement personnel and explain incident details as required. |
Task |
1141A | Knowledge of an organization’s information classification program and procedures for information compromise. |
Knowledge |
2179 | Coordinate with intelligence analysts to correlate threat assessment data. |
Task |
29 | Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools. |
Knowledge |
3362A | Knowledge of key factors of the operational environment and related threats and vulnerabilities. |
Knowledge |
3561 | Knowledge of the common networking and routing protocols(e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications. |
Knowledge |
478 | Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation. |
Task |
49 | Knowledge of host/network access control mechanisms (e.g., access control list). |
Knowledge |
6210 | Knowledge of cloud service models and possible limitations for an incident response. |
Knowledge |
738 | Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security. |
Task |
743 | Perform cyber defense incident triage, to include determining scope, urgency, and potential impact; identifying the specific vulnerability; and making recommendations that enable expeditious remediation. |
Task |
762 | Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs). |
Task |
861 | Track and document cyber defense incidents from initial detection through final resolution. |
Task |
87 | Knowledge of network traffic analysis methods. |
Knowledge |
93 | Knowledge of packet-level analysis. |
Knowledge |
961 | Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness). |
Task |
992C | Knowledge of threat environments (e.g., first generation threat actors, threat activities). |
Knowledge |
Tests, implements, deploys, maintains, and administers the infrastructure hardware and software.
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
49 | Knowledge of host/network access control mechanisms (e.g., access control list). |
Knowledge |
59A | Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications. |
Knowledge |
61 | Knowledge of incident response and handling methodologies. |
Knowledge |
63 | Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). |
Knowledge |
81A | Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. |
Knowledge |
87A | Knowledge of network traffic analysis (tools, methodologies, processes). |
Knowledge |
92B | Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol (TCP), Internet Protocol (IP), Open System Interconnection Model (OSI)). |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
148 | Knowledge of Virtual Private Network (VPN) security. |
Knowledge |
150 | Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities. |
Knowledge |
643A | Identify potential conflicts with implementation of any cyber defense tools(e.g., tool and signature testing and optimization). |
Task |
960 | Assist in identifying, prioritizing, and coordinating the protection of critical cyber defense infrastructure and key resources. |
Task |
984 | Knowledge of cyber defense policies, procedures, and regulations. |
Knowledge |
1012A | Knowledge of test procedures, principles, and methodologies (e.g., Capabilities and Maturity Model Integration (CMMI)). |
Knowledge |
1072 | Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). |
Knowledge |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
2772 | Build, install, configure, and test dedicated cyber defense hardware. |
Task |
5090 | Assist in assessing the impact of implementing and sustaining a dedicated cyber defense infrastructure. |
Task |
6700 | Skill in troubleshooting and diagnosing cyber defense infrastructure anomalies and work through resolution. |
Skill |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
1074A | Knowledge of transmission records (e.g., Bluetooth, Radio Frequency Identification (RFID), Infrared Networking (IR), Wireless Fidelity (Wi-Fi). paging, cellular, satellite dishes, Voice over Internet Protocol (VoIP)), and jamming techniques that enable transmission of undesirable information, or prevent installed systems from operating correctly. |
Knowledge |
1125 | Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration. |
Knowledge |
157 | Skill in applying host/network access controls (e.g., access control list). |
Skill |
227 | Skill in tuning sensors. |
Skill |
229 | Skill in using incident handling methodologies. |
Skill |
237 | Skill in using Virtual Private Network (VPN) devices and encryption. |
Skill |
29 | Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools. |
Knowledge |
3143 | Knowledge of basic system, network, and OS hardening techniques. |
Knowledge |
393B | Coordinate with system administrators to create cyber defense tools, test bed(s), and test and evaluate applications, hardware infrastructure, rules/signatures, access controls, and configurations of platforms managed by service provider(s). |
Task |
471 | Coordinate with Cyber Defense Analysts to manage and administer the updating of rules and signatures (e.g., intrusion detection/protection systems, anti-virus, and content blacklists) for specialized cyber defense applications. |
Task |
481A | Create, edit, and manage network access control lists on specialized cyber defense systems (e.g., firewalls and intrusion prevention systems). |
Task |
6210 | Knowledge of cloud service models and possible limitations for an incident response. |
Knowledge |
654B | Implement risk assessment and authorization requirements per the Risk Management Framework (RMF) process for dedicated cyber defense systems within the enterprise, and document and maintain records for them. |
Task |
6670 | Skill in system, network, and OS hardening techniques. |
Skill |
6918 | Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments. |
Ability |
6919 | Ability to determine the best cloud deployment model for the appropriate operating environment. |
Ability |
6942 | Skill in designing or implementing cloud computing deployment models. |
Skill |
6945 | Skill in migrating workloads to, from, and among the different cloud computing service models. |
Skill |
769 | Perform system administration on specialized cyber defense applications and systems (e.g., anti-virus, audit and remediation) or Virtual Private Network (VPN) devices, to include installation, configuration, maintenance, backup and restoration. |
Task |
893 | Skill in securing network communications. |
Skill |
896 | Skill in protecting a network against malware. |
Skill |
900 | Knowledge of web filtering technologies. |
Knowledge |
93 | Knowledge of packet-level analysis. |
Knowledge |
Develops, plans, coordinates, and evaluates cyber training/education courses, methods, and techniques based on instructional needs.
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
332 | Ability to develop curriculum that speaks to the topic at the appropriate level for the target audience. |
Ability |
504A | Design training curriculum and course content based on requirements. |
Task |
841A | Conduct periodic reviews/revisions of course content for accuracy, completeness alignment, and currency (e.g., course content documents, lesson plans, student texts, examinations, schedules of instruction, and course descriptions). |
Task |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
5260 | Develop or assist in the development of training policies and protocols for cyber training. |
Task |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
1125 | Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration. |
Knowledge |
1136A | Knowledge of use cases related to collaboration and content synchronization across platforms (e.g., Mobile, PC, Cloud). |
Knowledge |
1141A | Knowledge of an organization’s information classification program and procedures for information compromise. |
Knowledge |
246A | Ability to apply the Instructional System Design (ISD) methodology. |
Ability |
314 | Knowledge of multiple cognitive domains and appropriate tools and methods for learning in each domain. |
Knowledge |
359 | Skill in developing and executing technical training programs and curricula. |
Skill |
363 | Skill in identifying gaps in technical capabilities. |
Skill |
363A | Skill in identifying gaps in technical delivery capabilities. |
Skill |
376 | Skill in talking to others to convey information effectively. |
Skill |
479A | Correlates training and learning to business or mission requirements. |
Task |
490A | Create training courses tailored to the audience and physical environment. |
Task |
5060 | Assess effectiveness and efficiency of instruction according to ease of instructional technology use and student learning, knowledge transfer, and satisfaction. |
Task |
5130 | Conduct learning needs assessments and identify requirements. |
Task |
5180 | Create interactive learning exercises to create an effective learning environment. |
Task |
5280 | Develop the goals and objectives for cyber curriculum. |
Task |
5420 | Plan instructional strategies such as lectures, demonstrations, interactive exercises, multimedia presentations, video courses, web-based courses for most effective learning environment In conjunction with educators and trainers. |
Task |
6090 | Ability to develop curriculum for use within a virtual environment. |
Ability |
6320 | Knowledge of media production, communication, and dissemination techniques and methods, including alternative ways to inform via written, oral, and visual media. |
Knowledge |
6380 | Knowledge of principles and processes for conducting training and education needs assessment. |
Knowledge |
6390 | Knowledge of relevant concepts, procedures, software, equipment, and technology applications. |
Knowledge |
6450 | Knowledge of training and education principles and methods for curriculum design, teaching and instruction for individuals and groups, and the measurement of training and education effects. |
Knowledge |
6480 | Skill in applying technical delivery capabilities. |
Skill |
6918 | Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments. |
Ability |
6919 | Ability to determine the best cloud deployment model for the appropriate operating environment. |
Ability |
845A | Serve as an internal consultant and advisor in own area of expertise (e.g., technical, copyright, print media, electronic media). |
Task |
855 | Support the design and execution of exercise scenarios. |
Task |
885 | Write instructional materials (e.g., standard operating procedures, production manual) to provide detailed guidance to relevant portion of the workforce. |
Task |
88A | Knowledge of current and emerging cyber technologies. |
Knowledge |
905 | Knowledge of secure coding techniques. |
Knowledge |
942 | Knowledge of the organization’s core business/mission processes. |
Knowledge |
952 | Knowledge of emerging security issues, risks, and vulnerabilities. |
Knowledge |
Develops and conducts training or education of personnel within cyber domain.
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
282 | Knowledge of emerging computer-based technology that has potential for exploitation by adversaries. |
Knowledge |
359 | Skill in developing and executing technical training programs and curricula. |
Skill |
551A | Ensure training meets the goals and objectives for cybersecurity training, education, or awareness. |
Task |
952 | Knowledge of emerging security issues, risks, and vulnerabilities. |
Knowledge |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
1125 | Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration. |
Knowledge |
1136A | Knowledge of use cases related to collaboration and content synchronization across platforms (e.g., Mobile, PC, Cloud). |
Knowledge |
1141A | Knowledge of an organization’s information classification program and procedures for information compromise. |
Knowledge |
2295 | Develop or assist in the development of computer based training modules or classes. |
Task |
2296 | Develop or assist in the development of course assignments. |
Task |
2299 | Develop or assist in the development of course evaluations. |
Task |
2300 | Develop or assist in the development of grading and proficiency standards. |
Task |
2301 | Assist in the development of individual/collective development, training, and/or remediation plans. |
Task |
2303 | Develop or assist in the development of learning objectives and goals. |
Task |
2304 | Develop or assist in the development of on-the-job training materials or programs. |
Task |
2306 | Develop or assist in the development of written tests for measuring and assessing learner proficiency. |
Task |
3009 | Ability to answer questions in a clear and concise manner. |
Ability |
3016 | Ability to ask clarifying questions. |
Ability |
3022 | Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means. |
Ability |
3024 | Ability to communicate effectively when writing. |
Ability |
3046 | Ability to facilitate small group discussions. |
Ability |
3049 | Ability to gauge learner understanding and knowledge level. |
Ability |
3070 | Ability to provide effective feedback to students for improving learning. |
Ability |
3126 | Knowledge of assessment techniques (rubrics, evaluation plans, tests, quizzes). |
Knowledge |
314 | Knowledge of multiple cognitive domains and appropriate tools and methods for learning in each domain. |
Knowledge |
3186 | Knowledge of computer based training and e-learning services. |
Knowledge |
332A | Ability to tailor curriculum that speaks to the topic at the appropriate level for the target audience. |
Ability |
3330 | Knowledge of instructional design and evaluation models (e.g., ADDIE, Smith/Ragan model, Gagne’s Events of Instruction, Kirkpatrick’s model of evaluation). |
Knowledge |
3360 | Knowledge of organizational training policies. |
Knowledge |
3364 | Knowledge of learning levels (i.e., Bloom’s Taxonomy of learning). |
Knowledge |
3365 | Knowledge of Learning Management Systems and their use in managing learning. |
Knowledge |
3366 | Knowledge of learning styles (e.g., assimilator, auditory, kinesthetic). |
Knowledge |
3395 | Knowledge of modes of learning (e.g., rote learning, observation). |
Knowledge |
344 | Knowledge of virtualization technologies and virtual machine development and maintenance. |
Knowledge |
3588 | Knowledge of organizational training systems. |
Knowledge |
3604 | Ability to apply principles of adult learning. |
Ability |
363B | Knowledge of technical delivery capabilities and their limitations. |
Knowledge |
3734 | Ability to design valid and reliable assessments. |
Ability |
3749 | Ability to develop clear directions and instructional materials. |
Ability |
376 | Skill in talking to others to convey information effectively. |
Skill |
3942 | Skill in utilizing or developing learning activities (e.g., scenarios, instructional games, interactive exercises). |
Skill |
3944 | Skill in utilizing technologies (e.g., SmartBoards, websites, computers, projectors) for instructional purposes. |
Skill |
453 | Conduct interactive training exercises to create an effective learning environment. |
Task |
490B | Deliver training courses tailored to the audience and physical/virtual environments. |
Task |
491A | Apply concepts, procedures, software, equipment, and/or technology applications to students. |
Task |
504B | Participate in development of training curriculum and course content. |
Task |
538 | Develop new or identify existing awareness and training materials that are appropriate for intended audiences. |
Task |
606 | Evaluate the effectiveness and comprehensiveness of existing training programs. |
Task |
6210 | Knowledge of cloud service models and possible limitations for an incident response. |
Knowledge |
6919 | Ability to determine the best cloud deployment model for the appropriate operating environment. |
Ability |
778A | Plan and coordinate the delivery of classroom techniques and formats (e.g., lectures, demonstrations, interactive exercises, multimedia presentations) for most effective learning environment. |
Task |
779A | Plan non-classroom educational techniques and formats (e.g., video courses, mentoring, web-based courses). |
Task |
841 | Review training documentation (e.g., Course Content Documents [CCD], lesson plans, student texts, examinations, Schedules of Instruction [SOI], and course descriptions). |
Task |
842A | Recommend revisions to curriculum end course content based on feedback from previous training sessions. |
Task |
845A | Serve as an internal consultant and advisor in own area of expertise (e.g., technical, copyright, print media, electronic media). |
Task |
855 | Support the design and execution of exercise scenarios. |
Task |
885 | Write instructional materials (e.g., standard operating procedures, production manual) to provide detailed guidance to relevant portion of the workforce. |
Task |
88A | Knowledge of current and emerging cyber technologies. |
Knowledge |
905A | Skill in applying secure coding techniques. |
Skill |
918 | Ability to prepare and deliver education and awareness briefings to ensure that systems, network, and data users are aware of and adhere to systems security policies and procedures. |
Ability |
942 | Knowledge of the organization’s core business/mission processes. |
Knowledge |
Develops detailed intelligence plans to satisfy cyber operations requirements. Collaborates with cyber operations planners to…
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
264 | Knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage). |
Knowledge |
1056 | Knowledge of operations security. |
Knowledge |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
2009 | Provide input to the analysis, design, development or acquisition of capabilities used for meeting objectives. |
Task |
2043 | Coordinate for intelligence support to operational planning activities. |
Task |
2045 | Assess all-source intelligence and recommend targets to support cyber operation objectives. |
Task |
2052 | Assess target vulnerabilities and/or operational capabilities to determine course of action. |
Task |
2064 | Assist in the development and refinement of priority information requirements. |
Task |
2070 | Enable synchronization of intelligence support plans across partner organizations as required. |
Task |
2159 | Contribute to crisis action planning for cyber operations. |
Task |
2163 | Incorporate intelligence equities into the overall design of cyber operations plans. |
Task |
2181 | Coordinate with intelligence planners to ensure collection managers receive information requirements. |
Task |
2185 | Coordinate with the intelligence planning team to assess capability to satisfy assigned intelligence tasks. |
Task |
2186 | Coordinate, produce and track intelligence requirements. |
Task |
2187 | Coordinate, synchronize and draft applicable intelligence sections of cyber operations plans. |
Task |
2237 | Determine indicators (e.g., measures of effectiveness) that are best suited to specific cyber operation objectives. |
Task |
2267 | Develop and review intelligence guidance for integration into supporting cyber operations planning and execution. |
Task |
2276 | Develop detailed intelligence support to cyber operations requirements. |
Task |
2352 | Draft cyber intelligence collection and production requirements. |
Task |
2368 | Ensure that intelligence planning activities are integrated and synchronized with operational planning timelines. |
Task |
2386 | Evaluate intelligence estimates to support the planning cycle. |
Task |
2425 | Incorporate intelligence and counterintelligence to support plan development. |
Task |
2442 | Identify, draft, evaluate, and prioritize relevant intelligence or information requirements. |
Task |
2459A | Identify cyber intelligence gaps and shortfalls. |
Task |
2484 | Identify the need, scope, and timeframe for applicable intelligence environment preparation derived production. |
Task |
2509 | Provide input to or develop courses of action based on threat factors. |
Task |
2529 | Issue requests for information. |
Task |
2530 | Knowledge and understanding of operational design. |
Knowledge |
2531 | Knowledge of organizational planning concepts. |
Knowledge |
2532 | Lead and coordinate intelligence support to operational planning. |
Task |
2558 | Maintain relationships with internal and external partners involved in cyber planning or related areas. |
Task |
2619 | Provide subject matter expertise to planning teams, coordination groups, and task forces as necessary. |
Task |
2624 | Conduct long-range, strategic planning efforts with internal and external partners in cyber activities. |
Task |
2736 | Provide cyber focused guidance and advice on intelligence support plan inputs. |
Task |
2778 | Recommend refinement, adaption, termination, and execution of operational plans as appropriate. |
Task |
2806 | Review and comprehend organizational leadership objectives and guidance for planning. |
Task |
2819 | Scope the cyber intelligence planning effort. |
Task |
2888 | Document lessons learned that convey the results of events and/or exercises. |
Task |
3003 | Ability to adjust to and operate in a diverse, unpredictable, challenging, and fast-paced work environment. |
Ability |
3011 | Ability to apply critical reading/thinking skills. |
Ability |
3015 | Ability to apply approved planning development and staffing processes. |
Ability |
3021 | Ability to collaborate effectively with others. |
Ability |
3022 | Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means. |
Ability |
3033 | Ability to coordinate cyber operations with other organization functions or support activities. |
Ability |
3040 | Ability to develop or recommend planning solutions to problems and situations for which no precedent exists. |
Ability |
3041 | Ability to effectively collaborate via virtual teams. |
Ability |
3044 | Ability to exercise judgment when policies are not well-defined. |
Ability |
3048 | Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—in order to leverage analytical and technical expertise. |
Ability |
3060 | Ability to interpret and understand complex and rapidly evolving concepts. |
Ability |
3066 | Ability to participate as a member of planning teams, coordination groups, and task forces as necessary. |
Ability |
3076 | Ability to tailor technical and planning information to a customer’s level of understanding. |
Ability |
3106 | Knowledge of a wide range of basic communications media concepts and terminology (e.g., computer and telephone networks, satellite, cable, wireless). |
Knowledge |
3107 | Knowledge of a wide range of concepts associated with websites (e.g., website types, administration, functions, software systems, etc.). |
Knowledge |
3114 | Knowledge of all forms of intelligence support needs, topics, and focus areas. |
Knowledge |
3117 | Knowledge of all-source reporting and dissemination procedures. |
Knowledge |
3129 | Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.). |
Knowledge |
3154 | Knowledge of classification and control markings standards, policies and procedures. |
Knowledge |
3155 | Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc. |
Knowledge |
3159 | Knowledge of cyber operations support or enabling processes. |
Knowledge |
3174 | Knowledge of the intelligence requirements development and request for information processes. |
Knowledge |
3177 | Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.). |
Knowledge |
3188 | Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.). |
Knowledge |
3194 | Knowledge of crisis action planning and time sensitive planning procedures. |
Knowledge |
3215 | Knowledge of cyber actions (i.e. cyber defense, information gathering, environment preparation, cyber attack) principles, capabilities, limitations, and effects. |
Knowledge |
3225 | Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media). |
Knowledge |
3257 | Knowledge of target and threat organization structures, critical capabilities, and critical vulnerabilities. |
Knowledge |
3264 | Knowledge of existing, emerging, and long-range issues related to cyber operations strategy, policy, and organization. |
Knowledge |
3274 | Knowledge of fundamental cyber operations concepts, terminology/lexicon (i.e., environment preparation, cyber attack, cyber defense), principles, capabilities, limitations, and effects. |
Knowledge |
3275 | Knowledge of fundamental cyber concepts, principles, limitations, and effects. |
Knowledge |
3287 | Knowledge of how collection requirements and information needs are translated, tracked, and prioritized across the extended enterprise. |
Knowledge |
3311 | Knowledge of analytical standards and the purpose of intelligence confidence levels. |
Knowledge |
3336 | Knowledge of intelligence employment requirements (i.e., logistical, communications support, maneuverability, legal restrictions, etc.). |
Knowledge |
3340 | Knowledge of intelligence requirements tasking systems. |
Knowledge |
3342 | Knowledge of intelligence support to planning, execution, and assessment. |
Knowledge |
3388 | Knowledge of crisis action planning for cyber operations. |
Knowledge |
3397 | Knowledge of intelligence capabilities and limitations. |
Knowledge |
3443 | Knowledge of PIR approval process. |
Knowledge |
3444 | Knowledge of planning activity initiation. |
Knowledge |
3445 | Knowledge of planning timelines adaptive, crisis action, and time-sensitive planning. |
Knowledge |
3463 | Knowledge of required intelligence planning products associated with cyber operational planning. |
Knowledge |
3489 | Knowledge of organizational structures and associated intelligence capabilities. |
Knowledge |
3554 | Knowledge of the critical information requirements and how they’re used in planning. |
Knowledge |
3560 | Knowledge of the production responsibilities and organic analysis and production capabilities. |
Knowledge |
3561 | Knowledge of the common networking and routing protocols(e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications. |
Knowledge |
3582 | Knowledge of the intelligence frameworks, processes, and related systems. |
Knowledge |
3584 | Knowledge of intelligence preparation of the environment and similar processes. |
Knowledge |
3585 | Knowledge of accepted organization planning systems. |
Knowledge |
3606 | Knowledge of the process used to assess the performance and impact of operations. |
Knowledge |
3609 | Knowledge of the range of cyber operations and their underlying intelligence support needs, topics, and focus areas. |
Knowledge |
3610 | Knowledge of the relationships between end states, objectives, effects, lines of operation, etc. |
Knowledge |
3611 | Knowledge of the relationships of operational objectives, intelligence requirements, and intelligence production tasks. |
Knowledge |
3629 | Knowledge of the various collection disciplines and capabilities. |
Knowledge |
3651 | Knowledge of what constitutes a “threat” to a network. |
Knowledge |
3659 | Knowledge of wireless technologies (e.g., cellular, satellite, GSM) to include the basic structure, architecture, and design of modern wireless communications systems. |
Knowledge |
3665 | Skill in administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures. |
Skill |
3681 | Skill in applying analytical methods typically employed to support planning and to justify recommended strategies and courses of action. |
Skill |
3685 | Skill in applying crisis planning procedures. |
Skill |
3742 | Skill in determining the physical location of network devices. |
Skill |
3772 | Skill in evaluating information for reliability, validity, and relevance. |
Skill |
3844 | Skill in preparing and presenting briefings. |
Skill |
3845 | Skill in preparing plans and related correspondence. |
Skill |
3879 | Skill in reviewing and editing plans. |
Skill |
3938 | Skill in utilizing feedback in order to improve processes, products, and services. |
Skill |
3965 | Skill to analyze strategic guidance for issues requiring clarification and/or additional guidance. |
Skill |
3966 | Skill to anticipate intelligence capability employment requirements. |
Skill |
3967 | Skill to anticipate key target or threat activities which are likely to prompt a leadership decision. |
Skill |
3971 | Skill to apply analytical standards to evaluate intelligence products. |
Skill |
3976 | Skill to apply the process used to assess the performance and impact of cyber operations. |
Skill |
3978 | Skill to articulate the needs of joint planners to all-source analysts. |
Skill |
3979 | Skill to articulate intelligence capabilities available to support execution of the plan. |
Skill |
3987 | Skill to conceptualize the entirety of the intelligence process in the multiple domains and dimensions. |
Skill |
3990 | Skill to convert intelligence requirements into intelligence production tasks. |
Skill |
3992 | Skill to coordinate the development of tailored intelligence products. |
Skill |
3996 | Skill to correlate intelligence priorities to the allocation of intelligence resources/assets. |
Skill |
3998 | Skill to craft indicators of operational progress/success. |
Skill |
4000 | Skill to create and maintain up-to-date planning documents and tracking of services/production. |
Skill |
4018 | Skill to express orally and in writing the relationship between intelligence capability limitations and decision making risk and impacts on the overall operation. |
Skill |
4032 | Skill to interpret planning guidance to discern level of analytical support required. |
Skill |
4045 | Skill to orchestrate intelligence planning teams, coordinate collection and production support, and monitor status. |
Skill |
4053 | Skill to relate intelligence resources/assets to anticipated intelligence requirements. |
Skill |
4059 | Skill to synchronize planning activities and required intelligence support. |
Skill |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
2058 | Assist and advise inter-agency partners in identifying and developing best practices for facilitating operational support to achievement of organization objectives. |
Task |
2073 | Provide input to the identification of cyber-related success criteria. |
Task |
2091 | Collaborate with other team members or partner organizations to develop a diverse program of information materials (e.g., web pages, briefings, print materials). |
Task |
2160 | Contribute to the development of the organization’s decision support tools if necessary. |
Task |
2192 | Use intelligence estimates to counter potential target actions. |
Task |
2310 | Develop potential courses of action. |
Task |
2327 | Develop, implement, and recommend changes to appropriate planning procedures and policies. |
Task |
2392 | Evaluate the conditions that affect employment of available cyber intelligence capabilities. |
Task |
2435 | Identify all available partner intelligence capabilities and limitations supporting cyber operations. |
Task |
2528 | Interpret environment preparations assessments to determine a course of action. |
Task |
2564 | Maintain situational awareness to determine if changes to the operating environment require review of the plan. |
Task |
2702 | Prepare for and provide subject matter expertise to exercises. |
Task |
3001 | Ability to accurately and completely source all data used in intelligence, assessment and/or planning products. |
Ability |
3054 | Ability to identify external partners with common cyber operations interests. |
Ability |
3057 | Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives. |
Ability |
3095 | Knowledge of internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering). |
Knowledge |
3098 | Knowledge of virtualization products (Vmware, Virtual PC). |
Knowledge |
3205 | Knowledge of current computer-based intrusion sets. |
Knowledge |
3211 | Knowledge of cyber laws and legal considerations and their effect on cyber planning. |
Knowledge |
3235 | Knowledge of deconfliction processes and procedures. |
Knowledge |
3253 | Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP). |
Knowledge |
3262 | Knowledge of evolving/emerging communications technologies. |
Knowledge |
3271 | Knowledge of internal and external partner cyber operations capabilities and tools. |
Knowledge |
3286 | Knowledge of host-based security products and how they affect exploitation and vulnerability. |
Knowledge |
3291 | Knowledge of how internet applications work (SMTP email, web-based email, chat clients, VOIP). |
Knowledge |
3292 | Knowledge of how modern digital and telephony networks impact cyber operations. |
Knowledge |
3293 | Knowledge of how modern wireless communications systems impact cyber operations. |
Knowledge |
3326 | Knowledge of information security concepts, facilitating technologies and methods. |
Knowledge |
3356 | Knowledge of organization policies and planning concepts for partnering with internal and/or external organizations. |
Knowledge |
3358 | Knowledge of organizational hierarchy and cyber decision making processes. |
Knowledge |
3374 | Knowledge of malware. |
Knowledge |
3391 | Knowledge of objectives, situation, operational environment, and the status and disposition of internal and external partner collection capabilities available to support planning. |
Knowledge |
3419 | Knowledge of organization or partner exploitation of digital networks. |
Knowledge |
3459 | Knowledge of the functions and capabilities of internal teams that emulate threat activities to benefit the organization. |
Knowledge |
3539 | Knowledge of telecommunications fundamentals. |
Knowledge |
3543 | Knowledge of the basic structure, architecture, and design of modern communication networks. |
Knowledge |
3545 | Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection). |
Knowledge |
3570 | Knowledge of the organizational structure as it pertains to full spectrum cyber operations, including the functions, responsibilities, and interrelationships among distinct internal elements. |
Knowledge |
3571 | Knowledge of the organizational planning and staffing process. |
Knowledge |
3572 | Knowledge of organization decision support tools and/or methods. |
Knowledge |
3578 | Knowledge of the impacts of internal and external partner staffing estimates. |
Knowledge |
3591 | Knowledge of organization objectives, leadership priorities, and decision-making risks. |
Knowledge |
3601 | Knowledge of the outputs of course of action and exercise analysis. |
Knowledge |
3607 | Knowledge of the processes to synchronize operational assessment procedures with the critical information requirement process. |
Knowledge |
3615 | Knowledge of the structure and intent of organization specific plans, guidance and authorizations. |
Knowledge |
3616 | Knowledge of the structure, architecture, and design of modern digital and telephony networks. |
Knowledge |
3627 | Knowledge of cryptologic capabilities, limitations, and contributions to cyber operations. |
Knowledge |
3630 | Knowledge of the ways in which targets or threats use the Internet. |
Knowledge |
3638 | Knowledge of organization issues, objectives, and operations in cyber as well as regulations and policy directives governing cyber operations. |
Knowledge |
3639 | Knowledge of organization cyber operations programs, strategies, and resources. |
Knowledge |
3766 | Skill in documenting and communicating complex technical and programmatic information. |
Skill |
3877 | Skill in reviewing and editing intelligence products from various sources for cyber operations. |
Skill |
3893 | Skill in tailoring analysis to the necessary levels (e.g., classification and organizational). |
Skill |
3946 | Skill in utilizing virtual collaborative workspaces and/or tools (e.g., IWS, VTCs, chat rooms, SharePoint). |
Skill |
3964 | Skill to analyze target or threat sources of strength and morale. |
Skill |
4023 | Skill to graphically depict decision support materials containing intelligence and partner capability estimates. |
Skill |
4041 | Skill to monitor threat effects to partner capabilities and maintain a running estimate. |
Skill |
4042 | Skill to monitor target or threat situation and environmental factors. |
Skill |
52 | Knowledge of human-computer interaction principles. |
Knowledge |
Provides legal advice and recommendations on relevant topics related to cyber law.
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
390A | Acquire and maintain a working knowledge of constitutional issues relevant laws, regulations, policies, agreements, standards, procedures, or other issuances. |
Task |
574A | Provide legal analysis and decisions to inspector generals, privacy officers, oversight and compliance personnel with regard to compliance with cybersecurity policies and relevant legal and regulatory requirements. |
Task |
984 | Knowledge of cyber defense policies, procedures, and regulations. |
Knowledge |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
1070A | Ability to monitor and assess the potential impact of emerging technologies on laws, regulations, and/or policies. |
Ability |
24 | Knowledge of concepts and practices of processing digital forensic data. |
Knowledge |
252 | Knowledge of and experience in Insider Threat investigations, reporting, investigative tools and laws/regulations. |
Knowledge |
300A | Knowledge of intelligence principles, policies, and procedures including legal authorities and restrictions. |
Knowledge |
398 | Advocate organization’s official position in legal and legislative proceedings. |
Task |
451A | Conduct framing of pleadings to properly identify alleged violations of law, regulations, or policy/guidance. |
Task |
539A | Develop guidelines for implementation. |
Task |
599 | Evaluate contracts to ensure compliance with funding, legal, and program requirements. |
Task |
607 | Evaluate the effectiveness of laws, regulations, policies, standards, or procedures. |
Task |
612A | Evaluate the impact of changes to laws, regulations, policies, standards, or procedures. |
Task |
618A | Provide guidance on laws, regulations, policies, standards, or procedures to management, personnel, or clients. |
Task |
6210 | Knowledge of cloud service models and possible limitations for an incident response. |
Knowledge |
655A | Facilitate implementation of new or revised laws, regulations, executive orders, policies, standards, or procedures. |
Task |
675 | Interpret and apply laws, regulations, policies, standards, or procedures to specific issues. |
Task |
787A | Prepare legal and other relevant documents (e.g., depositions, briefs, affidavits, declarations, appeals, pleadings, discovery). |
Task |
834 | Resolve conflicts in laws, regulations, policies, standards, or procedures. |
Task |
88A | Knowledge of current and emerging cyber technologies. |
Knowledge |
954A | Knowledge of foreign disclosure policies and import/export control regulations as related to cybersecurity. |
Knowledge |
Develops detailed plans for the conduct or support of the applicable range of cyber operations…
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
52 | Knowledge of human-computer interaction principles. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
264 | Knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage). |
Knowledge |
1056 | Knowledge of operations security. |
Knowledge |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
2009 | Provide input to the analysis, design, development or acquisition of capabilities used for meeting objectives. |
Task |
2032 | Apply expertise in policy and processes to facilitate the development, negotiation, and internal staffing of plans and/or memorandums of agreement. |
Task |
2052 | Assess target vulnerabilities and/or operational capabilities to determine course of action. |
Task |
2073 | Provide input to the identification of cyber-related success criteria. |
Task |
2130 | Develop, review and implement all levels of planning guidance in support of cyber operations. |
Task |
2159 | Contribute to crisis action planning for cyber operations. |
Task |
2180 | Coordinate with intelligence and cyber defense partners to obtain relevant essential information. |
Task |
2192 | Use intelligence estimates to counter potential target actions. |
Task |
2265 | Develop and maintain deliberate and/or crisis plans. |
Task |
2266 | Develop and review specific cyber operations guidance for integration into broader planning activities. |
Task |
2272 | Develop cyber operations plans and guidance to ensure that execution and resource allocation decisions align with organization objectives. |
Task |
2308 | Develop or participate in the development of standards for providing, requesting, and/or obtaining support from external partners to synchronize cyber operations. |
Task |
2310 | Develop potential courses of action. |
Task |
2327 | Develop, implement, and recommend changes to appropriate planning procedures and policies. |
Task |
2331 | Devise, document, and validate cyber operation strategy, and planning documents. |
Task |
2365 | Ensure operational planning efforts are effectively transitioned to current operations. |
Task |
2416 | Facilitate interactions between internal and external partner decision makers to synchronize and integrate courses of action in support of objectives. |
Task |
2422 | Gather and analyze data (e.g., measures of effectiveness) to determine effectiveness, and provide reporting for follow-on activities. |
Task |
2424 | Incorporate cyber operations and communications security support plans into organization objectives. |
Task |
2524 | Integrate cyber planning/targeting efforts with other organizations. |
Task |
2528 | Interpret environment preparations assessments to determine a course of action. |
Task |
2529 | Issue requests for information. |
Task |
2530 | Knowledge and understanding of operational design. |
Knowledge |
2531 | Knowledge of organizational planning concepts. |
Knowledge |
2564 | Maintain situational awareness to determine if changes to the operating environment require review of the plan. |
Task |
2590 | Monitor and evaluate integrated cyber operations to identify opportunities to meet organization objectives. |
Task |
2626 | Provide subject matter expertise to planning efforts with internal and external cyber operations partners. |
Task |
2702 | Prepare for and provide subject matter expertise to exercises. |
Task |
2746 | Provide input for the development and refinement of the cyber operations objectives, priorities, strategies, plans, and programs. |
Task |
2752 | Provide input to the administrative and logistical elements of an operational support plan. |
Task |
2761 | Provide planning support between internal and external partners. |
Task |
2778 | Recommend refinement, adaption, termination, and execution of operational plans as appropriate. |
Task |
2816 | Review, approve, prioritize, and submit operational requirements for research, development, and/or acquisition of cyber capabilities. |
Task |
2837 | Submit or respond to requests for deconfliction of cyber operations. |
Task |
2888 | Document lessons learned that convey the results of events and/or exercises. |
Task |
3001 | Ability to accurately and completely source all data used in intelligence, assessment and/or planning products. |
Ability |
3003 | Ability to adjust to and operate in a diverse, unpredictable, challenging, and fast-paced work environment. |
Ability |
3011 | Ability to apply critical reading/thinking skills. |
Ability |
3015 | Ability to apply approved planning development and staffing processes. |
Ability |
3021 | Ability to collaborate effectively with others. |
Ability |
3022 | Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means. |
Ability |
3033 | Ability to coordinate cyber operations with other organization functions or support activities. |
Ability |
3040 | Ability to develop or recommend planning solutions to problems and situations for which no precedent exists. |
Ability |
3041 | Ability to effectively collaborate via virtual teams. |
Ability |
3044 | Ability to exercise judgment when policies are not well-defined. |
Ability |
3048 | Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—in order to leverage analytical and technical expertise. |
Ability |
3057 | Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives. |
Ability |
3060 | Ability to interpret and understand complex and rapidly evolving concepts. |
Ability |
3066 | Ability to participate as a member of planning teams, coordination groups, and task forces as necessary. |
Ability |
3076 | Ability to tailor technical and planning information to a customer’s level of understanding. |
Ability |
3095 | Knowledge of internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering). |
Knowledge |
3098 | Knowledge of virtualization products (Vmware, Virtual PC). |
Knowledge |
3106 | Knowledge of a wide range of basic communications media concepts and terminology (e.g., computer and telephone networks, satellite, cable, wireless). |
Knowledge |
3107 | Knowledge of a wide range of concepts associated with websites (e.g., website types, administration, functions, software systems, etc.). |
Knowledge |
3129 | Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.). |
Knowledge |
3154 | Knowledge of classification and control markings standards, policies and procedures. |
Knowledge |
3155 | Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc. |
Knowledge |
3159 | Knowledge of cyber operations support or enabling processes. |
Knowledge |
3173 | Knowledge of operational effectiveness assessment. |
Knowledge |
3177 | Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.). |
Knowledge |
3188 | Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.). |
Knowledge |
3194 | Knowledge of crisis action planning and time sensitive planning procedures. |
Knowledge |
3211 | Knowledge of cyber laws and legal considerations and their effect on cyber planning. |
Knowledge |
3215 | Knowledge of cyber actions (i.e. cyber defense, information gathering, environment preparation, cyber attack) principles, capabilities, limitations, and effects. |
Knowledge |
3225 | Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media). |
Knowledge |
3235 | Knowledge of deconfliction processes and procedures. |
Knowledge |
3257 | Knowledge of target and threat organization structures, critical capabilities, and critical vulnerabilities. |
Knowledge |
3262 | Knowledge of evolving/emerging communications technologies. |
Knowledge |
3264 | Knowledge of existing, emerging, and long-range issues related to cyber operations strategy, policy, and organization. |
Knowledge |
3268 | Knowledge of staff management, assignment, and allocation processes. |
Knowledge |
3274 | Knowledge of fundamental cyber operations concepts, terminology/lexicon (i.e., environment preparation, cyber attack, cyber defense), principles, capabilities, limitations, and effects. |
Knowledge |
3275 | Knowledge of fundamental cyber concepts, principles, limitations, and effects. |
Knowledge |
3291 | Knowledge of how internet applications work (SMTP email, web-based email, chat clients, VOIP). |
Knowledge |
3292 | Knowledge of how modern digital and telephony networks impact cyber operations. |
Knowledge |
3326 | Knowledge of information security concepts, facilitating technologies and methods. |
Knowledge |
3358 | Knowledge of organizational hierarchy and cyber decision making processes. |
Knowledge |
3374 | Knowledge of malware. |
Knowledge |
3388 | Knowledge of crisis action planning for cyber operations. |
Knowledge |
3391 | Knowledge of objectives, situation, operational environment, and the status and disposition of internal and external partner collection capabilities available to support planning. |
Knowledge |
3441 | Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc. |
Knowledge |
3444 | Knowledge of planning activity initiation. |
Knowledge |
3445 | Knowledge of planning timelines adaptive, crisis action, and time-sensitive planning. |
Knowledge |
3459 | Knowledge of the functions and capabilities of internal teams that emulate threat activities to benefit the organization. |
Knowledge |
3539 | Knowledge of telecommunications fundamentals. |
Knowledge |
3543 | Knowledge of the basic structure, architecture, and design of modern communication networks. |
Knowledge |
3545 | Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection). |
Knowledge |
3554 | Knowledge of the critical information requirements and how they’re used in planning. |
Knowledge |
3561 | Knowledge of the common networking and routing protocols(e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications. |
Knowledge |
3570 | Knowledge of the organizational structure as it pertains to full spectrum cyber operations, including the functions, responsibilities, and interrelationships among distinct internal elements. |
Knowledge |
3585 | Knowledge of accepted organization planning systems. |
Knowledge |
3591 | Knowledge of organization objectives, leadership priorities, and decision-making risks. |
Knowledge |
3601 | Knowledge of the outputs of course of action and exercise analysis. |
Knowledge |
3605 | Knowledge of the information environment. |
Knowledge |
3606 | Knowledge of the process used to assess the performance and impact of operations. |
Knowledge |
3609 | Knowledge of the range of cyber operations and their underlying intelligence support needs, topics, and focus areas. |
Knowledge |
3610 | Knowledge of the relationships between end states, objectives, effects, lines of operation, etc. |
Knowledge |
3613 | Knowledge of the role of network operations in supporting and facilitating other organization operations. |
Knowledge |
3616 | Knowledge of the structure, architecture, and design of modern digital and telephony networks. |
Knowledge |
3627 | Knowledge of cryptologic capabilities, limitations, and contributions to cyber operations. |
Knowledge |
3630 | Knowledge of the ways in which targets or threats use the Internet. |
Knowledge |
3639 | Knowledge of organization cyber operations programs, strategies, and resources. |
Knowledge |
3651 | Knowledge of what constitutes a “threat” to a network. |
Knowledge |
3659 | Knowledge of wireless technologies (e.g., cellular, satellite, GSM) to include the basic structure, architecture, and design of modern wireless communications systems. |
Knowledge |
3665 | Skill in administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures. |
Skill |
3681 | Skill in applying analytical methods typically employed to support planning and to justify recommended strategies and courses of action. |
Skill |
3685 | Skill in applying crisis planning procedures. |
Skill |
3747 | Skill in developing and executing comprehensive cyber operations assessment programs for assessing and validating operational performance characteristics. |
Skill |
3766 | Skill in documenting and communicating complex technical and programmatic information. |
Skill |
3772 | Skill in evaluating information for reliability, validity, and relevance. |
Skill |
3844 | Skill in preparing and presenting briefings. |
Skill |
3845 | Skill in preparing plans and related correspondence. |
Skill |
3879 | Skill in reviewing and editing plans. |
Skill |
3938 | Skill in utilizing feedback in order to improve processes, products, and services. |
Skill |
3946 | Skill in utilizing virtual collaborative workspaces and/or tools (e.g., IWS, VTCs, chat rooms, SharePoint). |
Skill |
3967 | Skill to anticipate key target or threat activities which are likely to prompt a leadership decision. |
Skill |
4023 | Skill to graphically depict decision support materials containing intelligence and partner capability estimates. |
Skill |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
2058 | Assist and advise inter-agency partners in identifying and developing best practices for facilitating operational support to achievement of organization objectives. |
Task |
2160 | Contribute to the development of the organization’s decision support tools if necessary. |
Task |
2237 | Determine indicators (e.g., measures of effectiveness) that are best suited to specific cyber operation objectives. |
Task |
2368 | Ensure that intelligence planning activities are integrated and synchronized with operational planning timelines. |
Task |
2386 | Evaluate intelligence estimates to support the planning cycle. |
Task |
2459A | Identify cyber intelligence gaps and shortfalls. |
Task |
2558 | Maintain relationships with internal and external partners involved in cyber planning or related areas. |
Task |
2561 | Maintain situational awareness of cyber-related intelligence requirements and associated tasking. |
Task |
2562 | Maintain situational awareness of partner capabilities and activities. |
Task |
2624 | Conduct long-range, strategic planning efforts with internal and external partners in cyber activities. |
Task |
3054 | Ability to identify external partners with common cyber operations interests. |
Ability |
3114 | Knowledge of all forms of intelligence support needs, topics, and focus areas. |
Knowledge |
3271 | Knowledge of internal and external partner cyber operations capabilities and tools. |
Knowledge |
3293 | Knowledge of how modern wireless communications systems impact cyber operations. |
Knowledge |
3342 | Knowledge of intelligence support to planning, execution, and assessment. |
Knowledge |
3356 | Knowledge of organization policies and planning concepts for partnering with internal and/or external organizations. |
Knowledge |
3419 | Knowledge of organization or partner exploitation of digital networks. |
Knowledge |
3463 | Knowledge of required intelligence planning products associated with cyber operational planning. |
Knowledge |
3489 | Knowledge of organizational structures and associated intelligence capabilities. |
Knowledge |
3571 | Knowledge of the organizational planning and staffing process. |
Knowledge |
3572 | Knowledge of organization decision support tools and/or methods. |
Knowledge |
3607 | Knowledge of the processes to synchronize operational assessment procedures with the critical information requirement process. |
Knowledge |
3615 | Knowledge of the structure and intent of organization specific plans, guidance and authorizations. |
Knowledge |
3638 | Knowledge of organization issues, objectives, and operations in cyber as well as regulations and policy directives governing cyber operations. |
Knowledge |
3976 | Skill to apply the process used to assess the performance and impact of cyber operations. |
Skill |
3998 | Skill to craft indicators of operational progress/success. |
Skill |
4008 | Skill to distinguish between notional and actual resources and their applicability to the plan under development. |
Skill |
4058 | Skill to synchronize operational assessment procedures with the critical information requirement process. |
Skill |
4451 | Knowledge of full-spectrum cyberspace operational missions (e.g., DODIN Operations, DCO, OCO, cyberspace ISR, and Operational Preparation of the Environment (OPE)), principles, capabilities, limitations, and effects. |
KSA |
4471 | Knowledge of intelligence/SIGINT reporting and dissemination procedures. |
KSA |
8069 | Develop cyberspace operations TTPs for integration into operational and tactical levels of planning. |
Task |
Develops cyberspace plans, strategy and policy to support and align with organizational cyberspace missions and…
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
88A | Knowledge of current and emerging cyber technologies. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
282A | Knowledge of emerging technologies that have potential for exploitation by adversaries. |
Knowledge |
320A | Knowledge of external organizations and academic institutions with cyber focus (e.g., cyber curriculum/training and Research & Development). |
Knowledge |
410A | Analyze organizational cyber policy. |
Task |
424B | Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities. |
Task |
492A | Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization’s strategic plan. |
Task |
565A | Draft, staff, and publish cyber policy. |
Task |
720A | Monitor the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services. |
Task |
812A | Provide policy guidance to cyber management, staff, and users. |
Task |
840A | Review, conduct, or participate in audits of cyber programs and projects. |
Task |
854A | Support the CIO in the formulation of cyber-related policies. |
Task |
1027A | Interpret and apply applicable laws, statutes, and regulatory documents and integrate into policy. |
Task |
1036 | Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed. |
Knowledge |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
5020 | Advocate for adequate funding for cyber training resources, to include both internal and industry-provided courses, instructors, and related materials. |
Task |
5560 | Promote awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization’s mission, vision, and goals. |
Task |
6100 | Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities. |
Ability |
6140 | Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues. |
Ability |
6270 | Knowledge of full spectrum cyber capabilities. |
Knowledge |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
105 | Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). |
Knowledge |
1125 | Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration. |
Knowledge |
244 | Ability to determine the validity of technology trend data. |
Ability |
297A | Knowledge of industry indicators useful for identifying technology trends. |
Knowledge |
336 | Knowledge of the nature and function of the relevant information structure (e.g., National Information Infrastructure). |
Knowledge |
485A | Define and integrate current and future mission environments. |
Task |
5300 | Ensure cyber workforce management policies and processes comply with legal and organizational requirements regarding equal opportunity, diversity, and fair hiring/employment practices. |
Task |
539 | Develop policy, programs, and guidelines for implementation. |
Task |
5620 | Review/Assess cyber workforce effectiveness to adjust skill and/or qualification standards. |
Task |
594 | Establish and maintain communication channels with stakeholders. |
Task |
6210 | Knowledge of cloud service models and possible limitations for an incident response. |
Knowledge |
6410 | Knowledge of strategic theory and practice. |
Knowledge |
724A | Seek consensus on proposed policy changes from stakeholders. |
Task |
838 | Review existing and proposed policies with stakeholders. |
Task |
847 | Serve on agency and interagency policy boards. |
Task |
942 | Knowledge of the organization’s core business/mission processes. |
Knowledge |
Develop cyberspace workforce plans, strategies and guidance to support cyberspace workforce manpower, personnel, training and…
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
320A | Knowledge of external organizations and academic institutions with cyber focus (e.g., cyber curriculum/training and Research & Development). |
Knowledge |
492A | Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization’s strategic plan. |
Task |
629A | Identify and address cyber workforce planning and management issues (e.g. recruitment, retention, and training). |
Task |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
5020 | Advocate for adequate funding for cyber training resources, to include both internal and industry-provided courses, instructors, and related materials. |
Task |
5160 | Coordinate with internal and external subject matter experts to ensure existing qualification standards reflect organizational functional requirements and meet industry standards. |
Task |
5230 | Develop and implement standardized position descriptions based on established cyber work roles. |
Task |
5250 | Develop cyber career field classification structure to include establishing career field entry requirements and other nomenclature such as codes and identifiers. |
Task |
5290 | Ensure cyber career fields are managed in accordance with organizational Human Resource (HR) policies and directives. |
Task |
5300 | Ensure cyber workforce management policies and processes comply with legal and organizational requirements regarding equal opportunity, diversity, and fair hiring/employment practices. |
Task |
5330 | Establish and collect metrics to monitor and validate cyber workforce readiness including analysis of cyber workforce data to assess the status of positions identified, filled, and filled with qualified personnel. |
Task |
5350 | Establish cyber career paths to allow career progression, deliberate development, and growth within and between cyber career fields. |
Task |
5360 | Establish manpower, personnel, and qualification data element standards to support cyber workforce management and reporting requirements. |
Task |
5370 | Establish, resource, implement, and assess cyber workforce management programs in accordance with organizational requirements. |
Task |
5590 | Review and apply cyber career field qualification standards. |
Task |
5600 | Review and apply organizational policies related to or having an effect on the cyber workforce. |
Task |
5620 | Review/Assess cyber workforce effectiveness to adjust skill and/or qualification standards. |
Task |
5630 | Support integration of qualified cyber workforce personnel into information systems lifecycle development processes. |
Task |
6040 | Ability to assess and forecast manpower requirements to meet organizational objectives. |
Ability |
6100 | Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities. |
Ability |
6140 | Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues. |
Ability |
6250 | Knowledge of Workforce Framework, work roles, and associated tasks, knowledge, skills, and abilities. |
Knowledge |
6560 | Skill in developing workforce and position qualification standards. |
Skill |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
1027A | Interpret and apply applicable laws, statutes, and regulatory documents and integrate into policy. |
Task |
1036 | Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed. |
Knowledge |
105 | Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). |
Knowledge |
244A | Ability to determine the validity of workforce trend data. |
Ability |
282A | Knowledge of emerging technologies that have potential for exploitation by adversaries. |
Knowledge |
297A | Knowledge of industry indicators useful for identifying technology trends. |
Knowledge |
336 | Knowledge of the nature and function of the relevant information structure (e.g., National Information Infrastructure). |
Knowledge |
410A | Analyze organizational cyber policy. |
Task |
424B | Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities. |
Task |
485A | Define and integrate current and future mission environments. |
Task |
5170 | Coordinate with organizational manpower stakeholders to ensure appropriate allocation and distribution of human capital assets. |
Task |
5240 | Develop and review recruiting, hiring, and retention procedures in accordance with current Human Resource (HR) policies. |
Task |
5340 | Establish and oversee waiver processes for cyber career field entry and training qualification requirements. |
Task |
539 | Develop policy, programs, and guidelines for implementation. |
Task |
5560 | Promote awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization’s mission, vision, and goals. |
Task |
565A | Draft, staff, and publish cyber policy. |
Task |
594 | Establish and maintain communication channels with stakeholders. |
Task |
6270 | Knowledge of full spectrum cyber capabilities. |
Knowledge |
6340 | Knowledge of organizational human resource policies, processes, and procedures. |
Knowledge |
6360 | Knowledge of organizational training and education policies, processes, and procedures. |
Knowledge |
641 | Identify organizational policy stakeholders. |
Task |
6740 | Skill in using manpower and personnel IT systems. |
Skill |
6800 | Ability to develop career path opportunities. |
Ability |
720A | Monitor the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services. |
Task |
724A | Seek consensus on proposed policy changes from stakeholders. |
Task |
812A | Provide policy guidance to cyber management, staff, and users. |
Task |
838 | Review existing and proposed policies with stakeholders. |
Task |
840A | Review, conduct, or participate in audits of cyber programs and projects. |
Task |
847 | Serve on agency and interagency policy boards. |
Task |
854A | Support the CIO in the formulation of cyber-related policies. |
Task |
88A | Knowledge of current and emerging cyber technologies. |
Knowledge |
942 | Knowledge of the organization’s core business/mission processes. |
Knowledge |
955B | Review and approve a supply chain security/risk management policy. |
Task |
Cyberspace Operators use a wide range of software applications for network navigation, tactical forensic analysis,…
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
4191 | Ability to apply tradecraft to minimize risk of detection, mitigate risk, and minimize creation of behavioral signature |
Ability |
4199 | Ability to characterize a target admin/user’s technical abilities, habits, and skills. |
Ability |
4204 | Ability to communicate operational plans and actions and provide feedback regarding OPSEC and tradecraft during mission pre-brief |
Ability |
4213 | Ability to conduct open source research. |
Ability |
4219 | Ability to construct a course of action using available exploitation tools and techniques. |
Ability |
4222 | Ability to continually research and develop new tools/techniques |
Ability |
4229 | Ability to create rules and filters (e.g., Berkeley Packet Filter, Regular Expression). |
Ability |
4243 | Ability to ensure collected data is transferred to the appropriate storage locations. |
Ability |
4244 | Ability to enumerate a network. |
Ability |
4248 | Ability to enumerate user permissions and privileges. |
Ability |
4249 | Ability to evade or counter security products or host based defenses. |
Ability |
4261 | Ability to exploit vulnerabilities to gain additional access. |
Ability |
4263 | Ability to extract credentials from hosts |
Ability |
4271 | Ability to identify capability gaps (e.g., insufficient tools, training, or infrastructure) |
Ability |
4276 | Ability to identify files containing information critical to operational objectives. |
Ability |
4278 | Ability to identify legal, policy, and technical limitations when conducting cyberspace operations. |
Ability |
4279 | Ability to identify logging capabilities on host |
Ability |
4285 | Ability to identify what tools or Tactics, Techniques, and Procedures (TTPs) are applicable to a given situation |
Ability |
4292 | Ability to improve the performance of cyberspace operators by providing constructive (positive and negative) feedback. |
Ability |
4293 | Ability to install/modify/uninstall tools on target systems in accordance with current policies and procedures. |
Ability |
4296 | Ability to interpret device configurations. |
Ability |
4297 | Ability to interpret technical materials such as RFCs and technical manuals. |
Ability |
4298 | Ability to maintain situational awareness of target environment. |
Ability |
4305 | Ability to model a simulated environment to conduct mission rehearsal and mitigate risk of actions taken during operations. |
Ability |
4308 | Ability to operate automated systems to interact with target environment. |
Ability |
4324 | Ability to perform masquerade operations. |
Ability |
4325 | Ability to perform privilege escalation. |
Ability |
4327 | Ability to persist access to a target. |
Ability |
4330 | Ability to plan, brief, execute, and debrief a mission. |
Ability |
4334 | Ability to promote and enable organizational change. |
Ability |
4335 | Ability to provide advice and guidance to various stakeholders regarding technical issues, capabilities, and approaches. |
Ability |
4336 | Ability to provide feedback to developers if a tool requires continued development. |
Ability |
4340 | Ability to provide technical leadership within an organization. |
Ability |
4341 | Ability to read, write, modify, and execute compiled languages (e.g., C). |
Ability |
4342 | Ability to recognize and extract salient information from large data set (e.g., critical information, anomalies). |
Ability |
4343 | Ability to recognize and report mistakes or poor tradecraft to appropriate leadership in accordance with Standard Operating Procedures (SOPs). |
Ability |
4344 | Ability to recognize and respond appropriately to Non-Standard Events. |
Ability |
4345 | Ability to redirect and tunnel through target systems. |
Ability |
4346 | Ability to remediate indicators of compromise. |
Ability |
4347 | Ability to research non-standards within a project. |
Ability |
4350 | Ability to retrieve historical operational and open-source data to analyze compatibility with approved capabilities. |
Ability |
4359 | Ability to train other cyberspace operators. |
Ability |
4361 | Ability to troubleshoot technical problems. |
Ability |
4367 | Ability to use core toolset (e.g., implants, remote access tools). |
Ability |
4369 | Ability to use dynamic analysis tools (e.g. process monitor, process explorer, and registry analysis) |
Ability |
4370 | Ability to use enterprise tools to enumerate target information. |
Ability |
4378 | Ability to verify file integrity for both uploads and downloads. |
Ability |
4379 | Ability to weaken a target to facilitate/enable future access. |
Ability |
4380 | Ability to write and modify markup languages (e.g., HTML, XML). |
Ability |
4381 | Ability to write and modify source code (e.g., C). |
Ability |
4388 | Knowledge of access control models (Role Based Access Control, Attribute Based Access Control). |
Knowledge |
4391 | Knowledge of advanced redirection techniques. |
Knowledge |
4393 | Knowledge of appropriate/inappropriate information to include in operational documentation (e.g., OPNOTES, technical summaries, action maps, etc.). |
Knowledge |
4395 | Knowledge of basic client software applications and their attack surfaces. |
Knowledge |
4396 | Knowledge of basic cloud-based technologies and concepts. |
Knowledge |
4399 | Knowledge of basic Embedded Systems concepts. |
Knowledge |
4402 | Knowledge of basic redirection techniques (e.g. IP Tables, SSH Tunneling, netsh) |
Knowledge |
4403 | Knowledge of basic server software applications and their attack surfaces. |
Knowledge |
4404 | Knowledge of code injection and its employment in cyberspace operations. |
Knowledge |
4414 | Knowledge of common network administration best practices and the impact to operations. |
Knowledge |
4419 | Knowledge of credential sources and restrictions related to credential usage. |
Knowledge |
4437 | Knowledge of device reboots, including when they occur and their impact on tool functionality. |
Knowledge |
4444 | Knowledge of evolving technologies. |
Knowledge |
4447 | Knowledge of factors that would suspend or abort an operation. |
Knowledge |
4458 | Knowledge of historical data relating to particular targets and projects, prior to an operation to include reviewing TECHSUMs, previous OPNOTEs, etc. |
Knowledge |
4463 | Knowledge of how computer programs are executed |
Knowledge |
4464 | Knowledge of how host-based security products, logging, and malware may affect tool functionality |
Knowledge |
4465 | Knowledge of how other actors may affect operations |
Knowledge |
4466 | Knowledge of how race conditions occur and can be employed to compromise shared resources |
Knowledge |
4482 | Knowledge of malware triage. |
Knowledge |
4485 | Knowledge of methods and procedures for sending a payload via an existing implant |
Knowledge |
4486 | Knowledge of methods, strategies, and techniques of evading detection while conducting operations, such as noise, stealth, situational awareness, etc. |
Knowledge |
4487 | Knowledge of methods, tools, and procedures for collecting information, including accessing databases and file systems |
Knowledge |
4488 | Knowledge of methods, tools, and procedures for exploiting target systems |
Knowledge |
4489 | Knowledge of methods, tools, and techniques used to determine the path to a target host/network (e.g., identify satellite hops). |
Knowledge |
4496 | Knowledge of models for examining cyber threats (e.g. cyber kill chain, MITRE ATT&CK). |
Knowledge |
4498 | Knowledge of modes of communication used by a target, such as cable, fiber optic, satellite, microwave, VSAT, or combinations of these. |
Knowledge |
4502 | Knowledge of open source tactics that enable initial access (e.g. social engineering, phishing) |
Knowledge |
4503 | Knowledge of operating system command shells, configuration data. |
Knowledge |
4505 | Knowledge of operational infrastructure |
Knowledge |
4508 | Knowledge of operational security, logging, admin concepts, and troubleshooting. |
Knowledge |
4510 | Knowledge of password cracking techniques. |
Knowledge |
4519 | Knowledge of process migration |
Knowledge |
4540 | Knowledge of system administration concepts for distributed or managed operating environments. |
Knowledge |
4541 | Knowledge of system administration concepts for stand alone operating systems. |
Knowledge |
4542 | Knowledge of system calls |
Knowledge |
4552 | Knowledge of the components of an authentication system. |
Knowledge |
4553 | Knowledge of the concept of an advanced persistent threat (APT) |
Knowledge |
4563 | Knowledge of the location and use of tool documentation. |
Knowledge |
4564 | Knowledge of the methods and procedures for communicating with tools/modules, including the use of listening posts. |
Knowledge |
4565 | Knowledge of the methods of persistence. |
Knowledge |
4567 | Knowledge of the Mission Improvement Process |
Knowledge |
4571 | Knowledge of the Plan, Brief, Execute, and Debrief process |
Knowledge |
4581 | Knowledge of the tactics development process |
Knowledge |
4586 | Knowledge of threats to OPSEC when installing, using, modifying, and uninstalling tools. |
Knowledge |
4587 | Knowledge of tool release/testing process |
Knowledge |
4593 | Knowledge of VPNs, their purpose, and how they can be leveraged. |
Knowledge |
4628 | Skill in enumerating a host (e.g. file systems, host meta data host characteristics). |
Skill |
4641 | Skill in manipulating firewall/host based security configuration and rulesets. |
Skill |
4663 | Skill in retrieving memory resident data. |
Skill |
4670 | Skill in transferring files to target devices (e.g., scp, tftp, http, ftp). |
Skill |
4674 | Skill in using network enumeration and analysis tools, both active and passive. |
Skill |
8001 | Advise leadership on operational tradecraft, emerging technology, and technical health of the force. |
Task |
8015 | Approve remediation actions. |
Task |
8017 | As authorized, train cyberspace operators at one’s certification level or below. |
Task |
8020 | Assess the technical health of the cyberspace operator work role. |
Task |
8021 | Assess, recommend, and evaluate remediation actions. |
Task |
8030 | Conduct cyber activities to deny, degrade, disrupt, destroy, manipulate, (D4M). |
Task |
8037 | Conduct post-mission actions. |
Task |
8039 | Conduct pre-mission actions |
Task |
8040 | Conduct pre-operation research and prep. |
Task |
8052 | Create/normalize/document/evaluate TTPs in cyberspace operations. |
Task |
8067 | Develop and/or inform risk assessments. |
Task |
8071 | Develop Operational Training Solultions. |
Task |
8073 | Develop remediation actions. |
Task |
8074 | Develop risk assessments for non-standard events and ad hoc tradecraft. |
Task |
8083 | Employ collection TTPs in cyberspace operations. |
Task |
8084 | Employ credential access TTPs in cyberspace operations. |
Task |
8086 | Employ discovery TTPs in cyberspace operations. |
Task |
8087 | Employ exfiltration TTPs in cyberspace operations. |
Task |
8088 | Employ lateral movement TTPs in cyberspace operations. |
Task |
8089 | Employ TTPs in categories at one’s certification level or below. |
Task |
8097 | Evaluate cyberspace operator performance at one’s certification level or below. |
Task |
8112 | Identify targets of opportunity in order to influence operational planning. |
Task |
8113 | Identify the appropriate operating authorities and guidance |
Task |
8130 | Maintain operational and technical situational awareness during operations |
Task |
8158 | Produce strategy to inform commander’s decision making process. |
Task |
8167 | Provide input to mission debrief. |
Task |
8168 | Provide input to operational policy. |
Task |
8169 | Provide input to post mission planning. |
Task |
8170 | Provide input to pre-mission planning. |
Task |
8174 | Provide oversight of operations. |
Task |
8175 | Provide quality control of operations and cyberspace operator products at one’s certification level or below. |
Task |
8181 | Recognize and respond to indicators of compromise (IOC). |
Task |
8183 | Recognize and respond to events that change risk. |
Task |
8184 | Record and document activities during cyberspace operations. |
Task |
8192 | Steward the cyberspace operator work role. |
Task |
8197 | Train cyberspace operators at their certified level or below. |
Task |
Analyzes and interprets data from multiple disparate sources and builds visualizations and dashboards to report…
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
31 | Knowledge of data mining and data warehousing principles. |
Knowledge |
104 | Knowledge of query languages such as SQL (structured query language). |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
166 | Skill in conducting queries and developing algorithms to analyze data structures. |
Skill |
201 | Skill in generating queries and reports. |
Skill |
1120 | Ability to interpret and incorporate data from multiple tool sources. |
Ability |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
3022 | Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means. |
Ability |
5030 | Analyze data sources to provide actionable recommendations. |
Task |
5100 | Collect metrics and trending data. |
Task |
5270 | Develop strategic insights from large data sets. |
Task |
5430 | Present technical information to technical and non-technical audiences. |
Task |
5899 | Manipulate and clean large, disparate datasets for bulk analysis to identify connections. |
Task |
6130 | Ability to identify basic common coding flaws at a high level. |
Ability |
6180 | Ability to use data visualization tools (e.g., Flare, HighCharts, AmCharts, D3.js, Processing, Google Visualization API, Tableau, Raphael.js). |
Ability |
6300 | Knowledge of how to utilize Hadoop, Java, Python, SQL, Hive, and PIG to explore data. |
Knowledge |
6470A | Read, interpret, write, modify, and execute scripts, macros, and functions. |
Task |
6570 | Skill in identifying hidden patterns or relationships. |
Skill |
6710 | Skill in using basic descriptive statistics and techniques (e.g., normality, model distribution, scatter plots). |
Skill |
6720 | Skill in using data analysis tools (e.g., Excel, STATA SAS, SPSS). |
Skill |
6780 | Utilize different programming languages to write code, open files, read files, and write output to different files. |
Task |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
7029 | Knowledge of how to collect, store, and monitor data. |
Knowledge |
7031 | Knowledge of how to structure and display data. |
Knowledge |
7032 | Knowledge of how to use data to tell a story. |
Knowledge |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
1034A | Knowledge of Personally Identifiable Information (PII) data security standards. |
Knowledge |
1034C | Knowledge of Personal Health Information (PHI) data security standards. |
Knowledge |
5030 | Analyze data sources to provide actionable recommendations. |
Task |
5440 | Present data in creative formats. |
Task |
5570 | Provide actionable recommendations to critical stakeholders based on data analysis and findings. |
Task |
5896 | Maintain current knowledge of advancements in DoD AI Ethical Principles and Responsible AI. |
Task |
6915A | Skill in communicating with all levels of the organization, including senior/mid-level executives, and operational-level personnel (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience). |
Skill |
7020 | Knowledge of DoD AI Ethical Principles (e.g., responsible, equitable, traceable, reliable, and governable). |
Knowledge |
7036 | Knowledge of laws, regulations, and policies related to AI, data security/privacy, and use of publicly procured data for government. |
Knowledge |
796 | Provide a managed flow of relevant information (via web-based portals or other means) based on a mission requirements. |
Task |
942 | Knowledge of the organization’s core business/mission processes. |
Knowledge |
Designs a system’s data models, data flow, interfaces, and infrastructure to meet the information requirements…
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
28 | Knowledge of data administration and data standardization policies and standards. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
135 | Knowledge of the capabilities and functionality associated with various technologies for organizing and managing information (e.g., databases, bookmarking engines). |
Knowledge |
137 | Knowledge of the characteristics of physical and virtual data storage media. |
Knowledge |
187 | Skill in developing data models. |
Skill |
401 | Analyze and plan for anticipated changes in data capacity requirements. |
Task |
408 | Analyze information to determine, recommend, and plan the development of a new application or modification of an existing application. |
Task |
466A | Consult with customers and key stakeholders to evaluate functional requirements for AI and data applications. |
Task |
815 | Provide recommendations on new database technologies and architectures. |
Task |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
5140 | Confer with systems analysts, engineers, programmers and others to design application. |
Task |
5841 | Advise higher level leadership on critical data management issues. |
Task |
5854 | Collaborate with appropriate personnel to address Personal Health Information (PHI), Personally Identifiable Information (PII), and other data privacy and data resusability concerns for AI solutions. |
Task |
5885 | Examine and identify database structural necessities by evaluating operations, applications, and programming. |
Task |
5908 | Prepare database design and architecture reports. |
Task |
6190 | Effectively allocate storage capacity in the design of data management systems. |
Task |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
7017 | Knowledge of data operations (DataOps) processes and best practices. |
Knowledge |
7029 | Knowledge of how to collect, store, and monitor data. |
Knowledge |
7060 | Skill in designing the best approach and architecture for automated data labeling and data lifecycle. |
Skill |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
1034A | Knowledge of Personally Identifiable Information (PII) data security standards. |
Knowledge |
1034C | Knowledge of Personal Health Information (PHI) data security standards. |
Knowledge |
1133 | Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]). |
Knowledge |
1141A | Knowledge of an organization’s information classification program and procedures for information compromise. |
Knowledge |
28 | Knowledge of data administration and data standardization policies and standards. |
Knowledge |
296 | Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise. |
Knowledge |
5896 | Maintain current knowledge of advancements in DoD AI Ethical Principles and Responsible AI. |
Task |
6650 | Skill in developing machine understandable semantic ontologies. |
Skill |
7010 | Knowledge of container orchestration and resource management platforms. |
Knowledge |
7020 | Knowledge of DoD AI Ethical Principles (e.g., responsible, equitable, traceable, reliable, and governable). |
Knowledge |
7025 | Knowledge of how AI solutions integrate with cloud or other IT infrastructure. |
Knowledge |
7026 | Knowledge of how commercial and federal solutions solve Defense-related data environment and platform challenges. |
Knowledge |
7028 | Knowledge of how to automate development, testing, security, and deployment of AI/machine learning-enabled software to the DoD. |
Knowledge |
7036 | Knowledge of laws, regulations, and policies related to AI, data security/privacy, and use of publicly procured data for government. |
Knowledge |
79 | Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]). |
Knowledge |
942 | Knowledge of the organization’s core business/mission processes. |
Knowledge |
952 | Knowledge of emerging security issues, risks, and vulnerabilities. |
Knowledge |
Holds responsibility for developing, promoting, and overseeing implementation of data as an asset and the…
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
79 | Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]). |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
120 | Knowledge of sources, characteristics, and uses of the organization’s data assets. |
Knowledge |
296 | Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise. |
Knowledge |
524 | Develop and maintain strategic plans. |
Task |
529 | Develop data standards, policies, and procedures. |
Task |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
2416 | Facilitate interactions between internal and external partner decision makers to synchronize and integrate courses of action in support of objectives. |
Task |
3591 | Knowledge of organization objectives, leadership priorities, and decision-making risks. |
Knowledge |
5841 | Advise higher level leadership on critical data management issues. |
Task |
5842 | Analyze existing and planned data investments to ensure they address key business problems, are compatible with the organization’s mission, and align with the target data architecture. |
Task |
5867 | Create policies for effective data management (e.g., data sharing agreements and security policies). |
Task |
5869 | Demonstrate to executive stakeholders how data and analytics initiatives address agency challenges. |
Task |
5874 | Develop a data management strategy that helps to prioritize investments and resource allocations (e.g., data analytics, data infrastructure). |
Task |
5875 | Develop an organizational change management plan to support a data management strategy. |
Task |
5886 | Facilitate cross-sharing of best practices for data usage. |
Task |
5894 | Lead the development and documentation of solutions for assigned data analytical objectives and projects. |
Task |
5895 | Lead the improvement of data system design processes that affect the success and continuation of key programs. |
Task |
5896 | Maintain current knowledge of advancements in DoD AI Ethical Principles and Responsible AI. |
Task |
5898 | Manage risk to the data program. |
Task |
5903 | Oversee the management of data classification and handling requirements. |
Task |
5913 | Remove barriers to data acquisition, collection, and curation efforts required for AI solutions. |
Task |
5917 | Set strategic priorities by leveraging data insights. |
Task |
6040 | Ability to assess and forecast manpower requirements to meet organizational objectives. |
Ability |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6915A | Skill in communicating with all levels of the organization, including senior/mid-level executives, and operational-level personnel (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience). |
Skill |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
7001 | Ability to inspire and lead a culture of innovation. |
Ability |
7014 | Knowledge of data acquisition, collection, and curation best practices required for AI solutions. |
Knowledge |
7015 | Knowledge of data architecture and data services implementation. |
Knowledge |
7016 | Knowledge of data model development (e.g., conceptual, logical, and physical). |
Knowledge |
7019 | Knowledge of data security roles and responsibilities. |
Knowledge |
7020 | Knowledge of DoD AI Ethical Principles (e.g., responsible, equitable, traceable, reliable, and governable). |
Knowledge |
7029 | Knowledge of how to collect, store, and monitor data. |
Knowledge |
7036 | Knowledge of laws, regulations, and policies related to AI, data security/privacy, and use of publicly procured data for government. |
Knowledge |
7063 | Skill in developing enterprise-level/Agency-level policies. |
Skill |
7074 | Skill in performing strategic-level analysis to develop Enterprise Data Management (EDM) strategies. |
Skill |
7083 | Ability to understand technology, management, and leadership issues related to organization processes and problem solving. |
Ability |
7110 | Ability to understand technology, management, and leadership issues related to organization processes and problem solving. |
Ability |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
1018 | Ensure all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals. |
Task |
2558 | Maintain relationships with internal and external partners involved in cyber planning or related areas. |
Task |
3146 | Knowledge of both internal and external customers and partner organizations, including information needs, objectives, structure, capabilities, etc. |
Knowledge |
3356 | Knowledge of organization policies and planning concepts for partnering with internal and/or external organizations. |
Knowledge |
559C | Oversee the evaluation of contracts to ensure compliance with funding, legal, and program requirements. |
Task |
6250 | Knowledge of Workforce Framework, work roles, and associated tasks, knowledge, skills, and abilities. |
Knowledge |
6290 | Knowledge of how to leverage government research and development centers, think tanks, academic research, and industry systems. |
Knowledge |
942 | Knowledge of the organization’s core business/mission processes. |
Knowledge |
Builds, manages, and operationalizes data pipelines.
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
28 | Knowledge of data administration and data standardization policies and standards. |
Knowledge |
31 | Knowledge of data mining and data warehousing principles. |
Knowledge |
32 | Knowledge of database management systems, query languages, table relationships, and views. |
Knowledge |
104 | Knowledge of query languages such as SQL (structured query language). |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
179B | Skill in establishing data security controls. |
Skill |
186 | Skill in developing data dictionaries. |
Skill |
400A | Implement data management standards, requirements, and specifications. |
Task |
520B | Develop and implement data mining and data warehousing programs. |
Task |
543 | Develop secure code and error handling. |
Task |
702 | Manage the compilation, cataloging, caching, distribution, and retrieval of data. |
Task |
764 | Perform secure programming and identify potential flaws in codes to mitigate vulnerabilities. |
Task |
858B | Record and manage test data. |
Task |
1128 | Knowledge of Java-based database access application programming interface (API) (e.g., Java Database Connectivity [JDBC]). |
Knowledge |
1128A | Knowledge of database access application programming interfaces (APIs) (e.g., Java Database Connectivity [JDBC]). |
Knowledge |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
3722 | Skill in data mining techniques (e.g., searching file systems) and analysis. |
Skill |
5550 | Program custom algorithms. |
Task |
5841 | Advise higher level leadership on critical data management issues. |
Task |
5844 | Apply data acquisition, cleaning, transformation, and ingestion best practices for machine learning data conduits. |
Task |
5846 | Assess and address the limitations of methods to deliver data. |
Task |
5850 | Assist integrated project teams to identify, curate, and manage data. |
Task |
5852 | Build automated data management conduits. |
Task |
5857 | Comply with data classification and handling requirements through access control and security best practices. |
Task |
5899 | Manipulate and clean large, disparate datasets for bulk analysis to identify connections. |
Task |
6060 | Ability to collect, verify, and validate test data. |
Ability |
6300 | Knowledge of how to utilize Hadoop, Java, Python, SQL, Hive, and PIG to explore data. |
Knowledge |
6470 | Read, interpret, write, modify, and execute simple scripts (e.g., PERL, VBS) on Windows and UNIX systems (e.g., those that perform tasks such as: parsing large data files, automating manual tasks, and fetching/processing remote data). |
Task |
6520 | Skill in data pre-processing (e.g., imputation, dimensionality reduction, normalization, transformation, extraction, filtering, smoothing). |
Skill |
6610 | Skill in performing format conversions to create a standard representation of the data. |
Skill |
6690 | Skill in transformation analytics (e.g., aggregation, enrichment, processing). |
Skill |
6730 | Skill in using data mapping tools. |
Skill |
6760 | Skill in writing scripts using R, Python, PIG, HIVE, SQL, etc. |
Skill |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
7017 | Knowledge of data operations (DataOps) processes and best practices. |
Knowledge |
7019 | Knowledge of data security roles and responsibilities. |
Knowledge |
7029 | Knowledge of how to collect, store, and monitor data. |
Knowledge |
7062 | Skill in developing and maintaining automation scripts. |
Skill |
7066 | Skill in identifying data acquisition, collection, and curation risks. |
Skill |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
1034A | Knowledge of Personally Identifiable Information (PII) data security standards. |
Knowledge |
1034C | Knowledge of Personal Health Information (PHI) data security standards. |
Knowledge |
520A | Implement data mining and data warehousing applications. |
Task |
5854 | Collaborate with appropriate personnel to address Personal Health Information (PHI), Personally Identifiable Information (PII), and other data privacy and data resusability concerns for AI solutions. |
Task |
5896 | Maintain current knowledge of advancements in DoD AI Ethical Principles and Responsible AI. |
Task |
7010 | Knowledge of container orchestration and resource management platforms. |
Knowledge |
7020 | Knowledge of DoD AI Ethical Principles (e.g., responsible, equitable, traceable, reliable, and governable). |
Knowledge |
7025 | Knowledge of how AI solutions integrate with cloud or other IT infrastructure. |
Knowledge |
7028 | Knowledge of how to automate development, testing, security, and deployment of AI/machine learning-enabled software to the DoD. |
Knowledge |
7036 | Knowledge of laws, regulations, and policies related to AI, data security/privacy, and use of publicly procured data for government. |
Knowledge |
942 | Knowledge of the organization’s core business/mission processes. |
Knowledge |
Uncovers and explains actionable insights from data by combining scientific method, math and statistics, specialized…
KSAT ID | Description | KSAT |
---|---|---|
21A | Knowledge of statistical/machine learning algorithms. |
Knowledge |
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
75A | Knowledge of mathematics, including logarithms, trigonometry, linear algebra, calculus, statistics, and operational analysis. |
Knowledge |
102 | Knowledge of programming language structures and logic. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
166 | Skill in conducting queries and developing algorithms to analyze data structures. |
Skill |
172 | Skill in creating and utilizing mathematical or statistical models. |
Skill |
1120 | Ability to interpret and incorporate data from multiple tool sources. |
Ability |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
3080 | Ability to use and understand complex mathematical concepts (e.g., discrete math). |
Ability |
3756 | Skill in developing or recommending analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists. |
Skill |
5030 | Analyze data sources to provide actionable recommendations. |
Task |
5120 | Conduct hypothesis testing using statistical processes. |
Task |
5550 | Program custom algorithms. |
Task |
5640 | Utilize technical documentation or resources to implement a new mathematical, data science, or computer science method. |
Task |
5853 | Build predictive, prescriptive, or descriptive models in collaboration with stakeholders. |
Task |
5906 | Plan and conduct complex analytical, mathematical, and statistical research that informs operational requirements. |
Task |
5907 | Plan, coordinate, and execute complex studies using advanced data modeling techniques and procedures, data trend analysis, and data algorithms. |
Task |
5924 | Train and evaluate machine learning models. |
Task |
5927 | Write and document reproducible code. |
Task |
6050 | Ability to build complex data structures and high-level programming languages. |
Ability |
6060 | Ability to collect, verify, and validate test data. |
Ability |
6120 | Ability to dissect a problem and examine the interrelationships between data that may appear unrelated. |
Ability |
6490 | Skill in assessing the predictive power and subsequent generalizability of a model. |
Skill |
6570 | Skill in identifying hidden patterns or relationships. |
Skill |
6651 | Skill in Regression Analysis (e.g., Hierarchical Stepwise, Generalized Linear Model, Ordinary Least Squares, Tree-Based Methods, Logistic). |
Skill |
6750 | Skill in using outlier identification and removal techniques. |
Skill |
6760 | Skill in writing scripts using R, Python, PIG, HIVE, SQL, etc. |
Skill |
6790A | Utilize open source languages, as appropriate, and apply quantitative techniques (e.g., descriptive and inferential statistics, sampling, experimental design, parametric and non-parametric tests of difference, ordinary least squares regression, general line). |
Task |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
7002 | Assist integrated project teams identify, curate, and manage test data. |
Task |
7029 | Knowledge of how to collect, store, and monitor data. |
Knowledge |
7071 | Skill in labeling data to make it more discoverable and understandable. |
Skill |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
1034A | Knowledge of Personally Identifiable Information (PII) data security standards. |
Knowledge |
1034C | Knowledge of Personal Health Information (PHI) data security standards. |
Knowledge |
35 | Knowledge of digital rights management. |
Knowledge |
506 | Design, develop, and modify software systems, using scientific analysis and mathematical models to predict and measure outcome and consequences of design. |
Task |
5854 | Collaborate with appropriate personnel to address Personal Health Information (PHI), Personally Identifiable Information (PII), and other data privacy and data resusability concerns for AI solutions. |
Task |
5884 | Evaluate energy implications (graphical processing unit, tensor processing unit, etc.) when designing AI solutions. |
Task |
5896 | Maintain current knowledge of advancements in DoD AI Ethical Principles and Responsible AI. |
Task |
5907 | Plan, coordinate, and execute complex studies using advanced data modeling techniques and procedures, data trend analysis, and data algorithms. |
Task |
6290 | Knowledge of how to leverage government research and development centers, think tanks, academic research, and industry systems. |
Knowledge |
6651 | Skill in Regression Analysis (e.g., Hierarchical Stepwise, Generalized Linear Model, Ordinary Least Squares, Tree-Based Methods, Logistic). |
Skill |
7020 | Knowledge of DoD AI Ethical Principles (e.g., responsible, equitable, traceable, reliable, and governable). |
Knowledge |
7036 | Knowledge of laws, regulations, and policies related to AI, data security/privacy, and use of publicly procured data for government. |
Knowledge |
7078 | Skill in using deep learning approaches to build machine learning models. |
Skill |
942 | Knowledge of the organization’s core business/mission processes. |
Knowledge |
Develops and maintains plans, policies, and processes for data management, data governance, security, quality, accessibility,…
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
28 | Knowledge of data administration and data standardization policies and standards. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
186 | Skill in developing data dictionaries. |
Skill |
400A | Implement data management standards, requirements, and specifications. |
Task |
400 | Analyze and define data requirements and specifications. |
Task |
702 | Manage the compilation, cataloging, caching, distribution, and retrieval of data. |
Task |
918 | Ability to prepare and deliver education and awareness briefings to ensure that systems, network, and data users are aware of and adhere to systems security policies and procedures. |
Ability |
1034A | Knowledge of Personally Identifiable Information (PII) data security standards. |
Knowledge |
1034C | Knowledge of Personal Health Information (PHI) data security standards. |
Knowledge |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
5080 | Assess the validity of source data and subsequent findings. |
Task |
5380A | Review feedback on customer satisfaction and internal service performance to foster continual improvement. |
Task |
5850 | Assist integrated project teams to identify, curate, and manage data. |
Task |
5854 | Collaborate with appropriate personnel to address Personal Health Information (PHI), Personally Identifiable Information (PII), and other data privacy and data resusability concerns for AI solutions. |
Task |
5855 | Collaborate with data owners to establish data quality rules and definitions. |
Task |
5864 | Create data catalogs and dictionaries. |
Task |
5865 | Create metrics that characterize the usability, timeliness, completeness, and accuracy of data for multiple users to reference and use. |
Task |
5888 | Identify and document customer requirements when on-boarding new data assets. |
Task |
5897 | Manage compliance with data classification and handling requirements. |
Task |
5911 | Recommend data collection, integration, and retention requirements. |
Task |
6060 | Ability to collect, verify, and validate test data. |
Ability |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6915A | Skill in communicating with all levels of the organization, including senior/mid-level executives, and operational-level personnel (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience). |
Skill |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
7018 | Knowledge of data protection standards and frameworks to prevent unauthorized access to data, and safeguard against unauthorized disclosure of data. |
Knowledge |
7019 | Knowledge of data security roles and responsibilities. |
Knowledge |
7029 | Knowledge of how to collect, store, and monitor data. |
Knowledge |
7036 | Knowledge of laws, regulations, and policies related to AI, data security/privacy, and use of publicly procured data for government. |
Knowledge |
7040 | Knowledge of Personal Health Information (PHI), Personally Identifiable Information (PII), and other data privacy and data reusability considerations for AI solutions. |
Knowledge |
7071 | Skill in labeling data to make it more discoverable and understandable. |
Skill |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
296 | Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise. |
Knowledge |
466A | Consult with customers and key stakeholders to evaluate functional requirements for AI and data applications. |
Task |
5896 | Maintain current knowledge of advancements in DoD AI Ethical Principles and Responsible AI. |
Task |
6650 | Skill in developing machine understandable semantic ontologies. |
Skill |
7020 | Knowledge of DoD AI Ethical Principles (e.g., responsible, equitable, traceable, reliable, and governable). |
Knowledge |
7035 | Knowledge of key decision-support needs and questions to drive prioritization of data efforts. |
Knowledge |
942 | Knowledge of the organization’s core business/mission processes. |
Knowledge |
Administers databases and/or data management systems that allow for the storage, query, and utilization of…
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
28 | Knowledge of data administration and data standardization policies and standards. |
Knowledge |
29 | Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools. |
Knowledge |
32 | Knowledge of database management systems, query languages, table relationships, and views. |
Knowledge |
79 | Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]). |
Knowledge |
98 | Knowledge of policy-based and risk adaptive access controls. |
Knowledge |
104 | Knowledge of query languages such as SQL (structured query language). |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
137 | Knowledge of the characteristics of physical and virtual data storage media. |
Knowledge |
179B | Skill in establishing data security controls. |
Skill |
208 | Skill in maintaining databases. |
Skill |
213 | Skill in optimizing database performance. |
Skill |
401 | Analyze and plan for anticipated changes in data capacity requirements. |
Task |
664A | Install and configure database management systems and software. |
Task |
684 | Maintain database management systems software. |
Task |
712 | Monitor and maintain databases to ensure optimal performance. |
Task |
740 | Perform backup and recovery of databases to ensure data integrity. |
Task |
815 | Provide recommendations on new database technologies and architectures. |
Task |
910 | Knowledge of database theory. |
Knowledge |
952 | Knowledge of emerging security issues, risks, and vulnerabilities. |
Knowledge |
1123A | Knowledge of current and emerging data encryption (e.g., Column and Tablespace Encryption, file and disk encryption) security features in databases, including built-in cryptographic key management features. |
Knowledge |
1128A | Knowledge of database access application programming interfaces (APIs) (e.g., Java Database Connectivity [JDBC]). |
Knowledge |
1154 | Performs configuration management, problem management, capacity management, and financial management for databases and data management systems. |
Task |
1155 | Supports incident management, service level management, change management, release management, continuity management, and availability management for databases and data management systems. |
Task |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
5890 | Identify data consolidation opportunities across database systems, including data sharing and access between business lines. |
Task |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
7029 | Knowledge of how to collect, store, and monitor data. |
Knowledge |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
1034A | Knowledge of Personally Identifiable Information (PII) data security standards. |
Knowledge |
1034C | Knowledge of Personal Health Information (PHI) data security standards. |
Knowledge |
1124A | Knowledge of current and emerging data remediation security features in databases. |
Knowledge |
31 | Knowledge of data mining and data warehousing principles. |
Knowledge |
520A | Implement data mining and data warehousing applications. |
Task |
6945 | Skill in migrating workloads to, from, and among the different cloud computing service models. |
Skill |
7036 | Knowledge of laws, regulations, and policies related to AI, data security/privacy, and use of publicly procured data for government. |
Knowledge |
942 | Knowledge of the organization’s core business/mission processes. |
Knowledge |
Selects/Deploys/Maintains the set of Continuous Integration/Continuous Deployment (CI/CD) tools and processes used by the development…
KSAT ID | Description | KSAT |
---|---|---|
3C | Skill in recognizing vulnerabilities in information and/or data systems. |
Skill |
3B | Skill in conducting vulnerability scans and recognizing vulnerabilities in information systems and networks. |
Skill |
4 | Ability to identify systemic security issues based on the analysis of vulnerability and configuration data. |
Ability |
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
34 | Knowledge of database systems. |
Knowledge |
58 | Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
130 | Knowledge of systems testing and evaluation methods. |
Knowledge |
130A | Knowledge of systems security testing and evaluation methods. |
Knowledge |
142A | Knowledge of the operations and processes for incident, problem, and event management. |
Knowledge |
144 | Knowledge of the systems engineering process. |
Knowledge |
190 | Skill in developing operations-based testing scenarios. |
Skill |
238A | Skill in writing code in a currently supported programming language (e.g., Java, C++). |
Skill |
412A | Analyze the results of software, hardware, or interoperability testing. |
Task |
420 | Apply security policies to meet security objectives of the system. |
Task |
421a | Apply security architecture principles to meet organization’s confidentiality, integrity, and availability requirements. |
Task |
452 | Conduct functional and connectivity testing to ensure continuing operability. |
Task |
559B | Analyze and report system security posture trends. |
Task |
568 | Employ secure configuration management processes. |
Task |
572 | Ensure application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment. |
Task |
576 | Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level. |
Task |
653B | Implement security measures to mitigate or remediate vulnerabilities and security deficiencies, and provide justification for acceptance of residual risk. |
Task |
661A | Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation. |
Task |
708A | Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative. |
Task |
726 | Oversee and make recommendations regarding configuration management. |
Task |
729A | Verify minimum security requirements are in place for all applications. |
Task |
754 | Perform cybersecurity testing of developed applications and/or systems. |
Task |
880A | Work with stakeholders to resolve computer security incidents and vulnerability compliance. |
Task |
1037A | Knowledge of information technology (IT) risk management policies, requirements, and procedures. |
Knowledge |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
2054 | Assess the effectiveness of security controls. |
Task |
3030 | Ability to conduct vulnerability scans and recognize vulnerabilities in security systems. |
Ability |
3822 | Skill in managing client relationships, including determining client needs/requirements, managing client expectations, and demonstrating commitment to delivering quality results. |
Skill |
5940 | Work with designers and developers thru out the design, development and testing process. |
Task |
5939 | Choose and deploy the appropriate automated application security testing tools. |
Task |
5941 | Utilize tools and techniques like risk assessment, threat modeling, and cybersecurity to detect and analyze the threats. |
Task |
5942 | Work with Security Engineers to ensure that all security threats are dealt with during the development phase. |
Task |
5943 | Work with Automation tools are used to identify the vulnerabilities. |
Task |
5944 | Identify and implement tooling for controlling the steps in a continuous integration (CI) and continuous deployment (CD) pipeline. |
Task |
5945 | Develop and implement automatic test tools in a CI/CD pipeline, which could include Static Application Security Test (SAST) tools, Dynamic Application Security Test (DAST) tools, Unit Test tools, Static Code Analysis (SCA) tools, etc. |
Task |
5946 | Develop code within a CI/CD Pipeline. |
Task |
5947 | Select appropriate language and coding standards for software application for appropriate Continuous Integration/Continuous Deployment (CI/CD) framework. |
Task |
5948 | Apply testing activities, understands fault vs. failures, conduct basic test planning, develop test selection or adequacy criteria, crafts test documentation, ensures test coverages, and conducts automated testing. |
Task |
5950 | Develop and deploy software using continuous integration methods, processes, and tools, including test case writing against completion criteria (for each release, capability, micro-service, or component), build automation, and build processes. |
Task |
5953 | Provide DevSecOps guidance to leadership. |
Task |
5955 | Work closely with development teams to provide and support the environment needed to deliver an organization’s services. |
Task |
6090 | Ability to develop curriculum for use within a virtual environment. |
Ability |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
7087 | Knowledge of programming languages. |
Knowledge |
7088 | Knowledge of continuous integration/continuous deployment (CI/CD) processes and pipeline tools. |
Knowledge |
7089 | Knowledge of portable, extensible, open source platform for managing containerized workloads and services. |
Knowledge |
7090 | Knowledge of cloud hosting providers. |
Knowledge |
7091 | Knowledge of threat modeling, risk assessment techniques, code reviews, current best practices and the latest cybersecurity threats. |
Knowledge |
7092 | Knowledge of how security impacts each development phase and the services. |
Knowledge |
7093 | Knowledge of a Continuous Integration/Continuous Deployment (CI/CD) environment and processes. |
Knowledge |
7094 | Knowledge of the steps for release to higher levels of integration testing, certification activities, and/or operations using testbeds, modeling and simulation to synchronize software releases with the development of an operations environment(s) to ensure compatibility. |
Knowledge |
7095 | Knowledge of every stage in the software project lifecycle, from initial design and build to rollout and maintenance. |
Knowledge |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
1040A | Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure. |
Knowledge |
1139A | Knowledge of implementing enterprise key escrow systems to support data-at-rest encryption. |
Knowledge |
1141A | Knowledge of an organization’s information classification program and procedures for information compromise. |
Knowledge |
21 | Knowledge of computer algorithms. |
Knowledge |
220 | Skill in systems integration testing. |
Skill |
225A | Skill in the use of penetration testing tools and techniques, including specialized tools for non-traditional systems and networks (e.g., control systems). |
Skill |
25B | Knowledge of encryption algorithms. |
Knowledge |
27A | Knowledge of cryptology. |
Knowledge |
3642 | Knowledge of various types of computer architectures. |
Knowledge |
5050 | Assess all the configuration management (change configuration/release management) processes. |
Task |
571 | Ensure all systems security operations and maintenance activities are properly documented and updated as necessary. |
Task |
5949 | Transition embedded and non-embedded software developed and sustained using traditional software methods into a DevSecOps environment. |
Task |
5951 | Select and implement telemetry within the CI/CD pipeline and Ops software to support metrics and problem discovery and resolution. |
Task |
5954 | Build test interfaces and perform complex integration. |
Task |
6240 | Knowledge of critical protocols (e.g., IPSEC, AES, GRE, IKE). |
Knowledge |
717A | Assess and monitor cybersecurity related to system implementation and testing practices. |
Task |
75B | Knowledge of statistics. |
Knowledge |
765 | Perform security reviews, identify gaps in security architecture, and develop a security risk management plan. |
Task |
795 | Properly document all systems security implementation, operations and maintenance activities and update as necessary. |
Task |
806A | Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities. |
Task |
809 | Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials). |
Task |
876 | Verify and update security documentation reflecting the application/system security design features. |
Task |
938A | Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans. |
Task |
94 | Knowledge of parallel and distributed computing concepts. |
Knowledge |
The DNEA analyzes intercepted intelligence information for metadata and content. They use this data to…
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
4396 | Knowledge of basic cloud-based technologies and concepts. |
Knowledge |
4399 | Knowledge of basic Embedded Systems concepts. |
Knowledge |
4401 | Knowledge of basic reconnaissance activity concepts and techniques (foot printing, scanning and enumeration). |
Knowledge |
4420 | Knowledge of Critical Intelligence Communication (CRITIC) identification and reporting process. |
Knowledge |
4423 | Knowledge of cryptologic and SIGINT reporting and dissemination procedures. |
Knowledge |
4428 | Knowledge of cybersecurity concepts and principles. |
Knowledge |
4431 | Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media). |
Knowledge |
4460 | Knowledge of how and when to request assistance from the Cryptanalysis and Signals Analysis and/or CNO. |
Knowledge |
4470 | Knowledge of intelligence sources and their characteristics. |
Knowledge |
4490 | Knowledge of methods, tools, sources, and techniques used to research, integrate and summarize all-source information pertaining to target. |
Knowledge |
4523 | Knowledge of quality review process and procedures. |
Knowledge |
4533 | Knowledge of SIGINT laws and directives. |
Knowledge |
4539 | Knowledge of structured response frameworks (e.g. MITRE ATT&CK, Lockheed Martin Kill Chain, Diamond Model). |
Knowledge |
4570 | Knowledge of the overall mission of the Cyber Mission Forces (CMF). |
Knowledge |
4578 | Knowledge of the specific missions for CMF (i.e., Cyber Mission Teams (CMT), National Mission Teams (NMT), Combat Support Team (CST), National Support Team (NST), Cyber Protection Team (CPT). |
Knowledge |
4582 | Knowledge of the U.S. Cryptologic Systems authorities, responsibilities, and contributions to the cyberspace operations mission. |
Knowledge |
4601 | Skill in analyzing endpoint collection data. |
Skill |
4620 | Skill in developing and maintaining target profiles. |
Skill |
4631 | Skill in geolocating targets. |
Skill |
4643 | Skill in operational use of raw collection databases. |
Skill |
4645 | Skill in performing data fusion from all-source intelligence for geospatial analysis. |
Skill |
4646 | Skill in performing data fusion from all-source intelligence for network analysis and reconstruction (e.g., Single Table Inheritance (STIs), network maps). |
Skill |
4647 | Skill in performing data fusion from all-source intelligence. |
Skill |
4651 | Skill in providing feedback to enhance future collection and analysis. |
Skill |
4656 | Skill in recognizing exploitation opportunities. |
Skill |
4659 | Skill in recognizing the value of survey data. |
Skill |
4667 | Skill in selector normalization. |
Skill |
4669 | Skill in targeting (e.g., selectors). |
Skill |
8011 | Apply and/or develop analytic techniques to provide better intelligence. |
Task |
8013 | Apply customer requirements to the analysis process. |
Task |
8023 | Assist planners in the development of courses of action |
Task |
8063 | Develop analytical techniques to gain more target information. |
Task |
8064 | Develop and lead exercises |
Task |
8065 | Develop and maintain target profiles using appropriate corporate tools and databases (e.g. Target associations, activities, communication infrastructures, etc.). |
Task |
8081 | Document and disseminate analytic findings. |
Task |
8090 | Enable targeting offices to find new sources of collection. |
Task |
8100 | Evaluate the strengths and weaknesses of the intelligence source. |
Task |
8101 | Evaluate threat critical capabilities, requirements, and vulnerabilities. |
Task |
8102 | Facilitate collaboration with customers, Intelligence and targeting organizations involved in related cyber areas. |
Task |
8108 | Identify and facilitate partner relationships to enhance mission capabilities |
Task |
8128 | Lead work role working groups/planning and development forums |
Task |
8137 | Manipulate information in mission relevant databases (e.g., converting data, generating reports). |
Task |
8138 | Mitigate collection gaps |
Task |
8145 | Perform network analysis to support new or continued collection. |
Task |
8157 | Produce digital network intelligence against specific named target sets. |
Task |
8164 | Provide expertise in support of operational effects generated through cyber activities. |
Task |
8173 | Provide intel target recommendations which meet leadership objectives. |
Task |
8191 | Select, build, and develop query strategies against appropriate collection databases. |
Task |
8205 | Understand technologies used by a given target |
Task |
8206 | Understand TTPs and methodologies to enable access ops or access vector opportunities. |
Task |
Develops and maintains business, systems, and information processes to support enterprise mission needs; develops information…
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
38 | Knowledge of organization’s enterprise information security architecture system. |
Knowledge |
68A | Ability to build architectures and frameworks. |
Ability |
79 | Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]). |
Knowledge |
82A | Knowledge of network design processes, to include understanding of security objectives, operational objectives, and tradeoffs. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
141A | Knowledge of the enterprise information technology (IT) architectural concepts and patterns to include baseline and target architectures. |
Knowledge |
143A | Knowledge of integrating the organization’s goals and objectives into the architecture. |
Knowledge |
144 | Knowledge of the systems engineering process. |
Knowledge |
413A | Analyze user needs and requirements to plan architecture. |
Task |
569A | Document and update as necessary all definition and architecture activities. |
Task |
579 | Ensure acquired or developed system(s) and architecture(s) are consistent with organization’s cybersecurity architecture guidelines. |
Task |
780A | Plan implementation strategy to ensure enterprise components can be integrated and aligned. |
Task |
1072 | Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). |
Knowledge |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
1037B | Knowledge of program protection planning to include information technology (IT) supply chain security/risk management policies, anti-tampering techniques, and requirements. |
Knowledge |
1038B | Knowledge of local specialized system requirements (e.g., critical infrastructure/control systems that may not use standard information technology [IT]) for safety, performance, and reliability). |
Knowledge |
1073 | Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools. |
Knowledge |
108A | Knowledge of the DoD implementation of the Risk Management Framework (RMF) to include processes. |
Knowledge |
109A | Knowledge of configuration management techniques. |
Knowledge |
110 | Knowledge of key concepts in security management (e.g., Release Management, Patch Management). |
Knowledge |
111 | Knowledge of security system design tools, methods, and techniques. |
Knowledge |
1130 | Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions). |
Knowledge |
1133 | Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]). |
Knowledge |
1136A | Knowledge of use cases related to collaboration and content synchronization across platforms (e.g., Mobile, PC, Cloud). |
Knowledge |
113A | Knowledge of N-tiered typologies including server and client operating systems. |
Knowledge |
1141A | Knowledge of an organization’s information classification program and procedures for information compromise. |
Knowledge |
1142 | Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model). |
Knowledge |
1147A | Develop data management capabilities (e.g., cloud based, centralized cryptographic key management) to include support to the mobile workforce. |
Task |
119 | Knowledge of software engineering. |
Knowledge |
130 | Knowledge of systems testing and evaluation methods. |
Knowledge |
132A | Ability to execute technology integration processes. |
Ability |
133 | Knowledge of key telecommunications concepts (e.g., Routing Algorithms, Fiber Optics Systems Link Budgeting, Add/Drop Multiplexers). |
Knowledge |
155 | Skill in applying and incorporating information technologies into proposed solutions. |
Skill |
180 | Skill in designing the integration of hardware and software solutions. |
Skill |
183 | Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes. |
Skill |
183A | Knowledge in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes. |
Knowledge |
2014 | Analyze candidate architectures, allocate security services, and select security mechanisms. |
Task |
224 | Skill in design modeling and building use cases (e.g., unified modeling language). |
Skill |
2390 | Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements contained in acquisition documents. |
Task |
2887 | Write detailed functional specifications that document the architecture development process. |
Task |
3153 | Knowledge of circuit analysis. |
Knowledge |
3246 | Knowledge of confidentiality, integrity, and availability requirements. |
Knowledge |
3307 | Knowledge of cybersecurity-enabled software products. |
Knowledge |
34 | Knowledge of database systems. |
Knowledge |
3642 | Knowledge of various types of computer architectures. |
Knowledge |
40 | Knowledge of organization’s evaluation and validation requirements. |
Knowledge |
42 | Knowledge of electrical engineering as applied to computer architecture, including circuit boards, processors, chips, and associated computer hardware. |
Knowledge |
43A | Knowledge of embedded systems. |
Knowledge |
46A | Knowledge of system fault tolerance methodologies. |
Knowledge |
483A | Captures and integrates essential system capabilities or business functions required for partial or full system restoration after a catastrophic failure event. |
Task |
484 | Define appropriate levels of system availability based on critical system functions and ensure system requirements identify appropriate disaster recovery and continuity of operations requirements to include any appropriate fail-over/alternate site requirements, backup requirements, and material supportability requirements for system recover/restoration. |
Task |
502B | Develop enterprise architecture required to meet user needs. |
Task |
51 | Knowledge of how system components are installed, integrated, and optimized. |
Knowledge |
53A | Knowledge of security risk assessments and authorization per Risk Management Framework processes. |
Knowledge |
602 | Evaluate factors such as reporting formats required, cost constraints, and need for security restrictions to determine hardware configuration. |
Task |
6030 | Ability to apply an organization’s goals and objectives to develop and maintain architecture. |
Ability |
6150 | Ability to optimize systems to meet enterprise performance requirements. |
Ability |
62 | Knowledge of industry-standard and organizationally accepted analysis principles and methods. |
Knowledge |
63 | Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). |
Knowledge |
631 | Identify and prioritize critical business functions in collaboration with organizational stakeholders. |
Task |
6330 | Knowledge of multi-level/security cross domain solutions. |
Knowledge |
65A | Knowledge of Information Theory (e.g., source coding, channel coding, algorithm complexity theory, and data compression). |
Knowledge |
6680 | Skill in the use of design methods. |
Skill |
6918 | Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments. |
Ability |
6942 | Skill in designing or implementing cloud computing deployment models. |
Skill |
6945 | Skill in migrating workloads to, from, and among the different cloud computing service models. |
Skill |
69A | Knowledge of risk management processes and requirements per the Risk Management Framework (RMF). |
Knowledge |
70A | Knowledge of cybersecurity methods, such as firewalls, demilitarized zones, and encryption. |
Knowledge |
765A | Integrate results regarding the identification of gaps in security architecture. |
Task |
797 | Provide advice on project costs, design concepts, or design changes. |
Task |
809 | Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials). |
Task |
81A | Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. |
Knowledge |
864A | Translate proposed capabilities into technical requirements. |
Task |
90 | Knowledge of operating systems. |
Knowledge |
92 | Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]). |
Knowledge |
94 | Knowledge of parallel and distributed computing concepts. |
Knowledge |
993A | Ability to apply the methods, standards, and approaches for describing, analyzing, and documenting an organization’s enterprise information technology (IT) architecture (e.g., Open Group Architecture Framework [TOGAF], Department of Defense Architecture Framework [DoDAF], Federal Enterprise Architecture Framework [FEAF]). |
Ability |
994A | Document how the implementation of a new system or new interface between systems impacts the current and target environment including but not limited to security posture. |
Task |
996B | Integrate key management functions as related to cyberspace. |
Task |
Executes decision-making authorities and establishes vision and direction for an organization’s cyber and cyber-related policies,…
KSAT ID | Description | KSAT |
---|---|---|
10 | Knowledge of application vulnerabilities. |
Knowledge |
15A | Knowledge of capabilities, applications, and potential vulnerabilities of network equipment including hubs, routers, switches, bridges, servers, transmission media, and related hardware. |
Knowledge |
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
105 | Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
150 | Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities. |
Knowledge |
173 | Skill in creating policies that reflect system security objectives. |
Skill |
321A | Knowledge of industry technologies and how differences affect exploitation/vulnerabilities. |
Knowledge |
391 | Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk. |
Task |
392 | Acquire necessary resources, including financial resources, to conduct an effective enterprise continuity of operations program. |
Task |
395 | Advise senior management (e.g., CIO) on risk levels and security posture. |
Task |
396 | Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, and systems, and elements. |
Task |
424B | Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities. |
Task |
445 | Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders. |
Task |
475 | Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance. |
Task |
492A | Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization’s strategic plan. |
Task |
524 | Develop and maintain strategic plans. |
Task |
542A | Develop mitigation strategies to address cost, schedule, performance, and security risks. |
Task |
599 | Evaluate contracts to ensure compliance with funding, legal, and program requirements. |
Task |
600 | Evaluate cost benefit, economic, and risk analysis in decision making process. |
Task |
674 | Interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information. |
Task |
679 | Lead and align information technology (IT) security priorities with the security strategy. |
Task |
680A | Lead and oversee budget, staffing, and contracting. |
Task |
680 | Lead and oversee information security budget, staffing, and contracting. |
Task |
711 | Monitor and evaluate the effectiveness of the enterprise’s cybersecurity safeguards to ensure they provide the intended level of protection. |
Task |
737B | Perform an information security risk assessment. |
Task |
797 | Provide advice on project costs, design concepts, or design changes. |
Task |
801 | Provide enterprise cybersecurity and supply chain risk management guidance for development of the Continuity of Operations Plans. |
Task |
801A | Provide enterprise cybersecurity and supply chain risk management guidance. |
Task |
807 | Provide input on security requirements to be included in statements of work and other appropriate procurement documents. |
Task |
810 | Provide leadership and direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities. |
Task |
848 | Recommend policy and coordinate review and approval. |
Task |
852 | Supervise or manage protective or corrective measures when an cybersecurity incident or vulnerability is discovered. |
Task |
919 | Promote awareness of security issues among management and ensure sound security principles are reflected in the organization’s vision and goals. |
Task |
947 | Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies. |
Task |
952 | Knowledge of emerging security issues, risks, and vulnerabilities. |
Knowledge |
962 | Identify security requirements specific to an information technology (IT) system in all phases of the System Life Cycle. |
Task |
963 | Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc. |
Task |
979 | Knowledge of supply chain risk management standards, processes, and practices. |
Knowledge |
1004A | Knowledge of information technology (IT) acquisition/procurement requirements. |
Knowledge |
1018 | Ensure all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals. |
Task |
1041 | Define and/or implement policies and procedures to ensure protection of critical infrastructure as appropriate. |
Task |
1061A | Knowledge of the acquisition/procurement life cycle process. |
Knowledge |
1125 | Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration. |
Knowledge |
1148B | Ensure supply chain, system, network, performance, and cyber security requirements are included in contract language and delivered. |
Task |
1148 | Develop contract language to ensure supply chain, system, network, and operational security are met. |
Task |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
2090 | Collaborate with other internal and external partner organizations on target access and operational issues. |
Task |
2091 | Collaborate with other team members or partner organizations to develop a diverse program of information materials (e.g., web pages, briefings, print materials). |
Task |
2416 | Facilitate interactions between internal and external partner decision makers to synchronize and integrate courses of action in support of objectives. |
Task |
2558 | Maintain relationships with internal and external partners involved in cyber planning or related areas. |
Task |
2624 | Conduct long-range, strategic planning efforts with internal and external partners in cyber activities. |
Task |
2823 | Serve as a liaison with external partners. |
Task |
2839 | Supervise and assign work to programmers, designers, technologists and technicians and other engineering and scientific personnel. |
Task |
2894 | Collaborate across internal and/or external organizational lines to enhance collection, analysis and dissemination. |
Task |
3011 | Ability to apply critical reading/thinking skills. |
Ability |
3044 | Ability to exercise judgment when policies are not well-defined. |
Ability |
3057 | Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives. |
Ability |
3076 | Ability to tailor technical and planning information to a customer’s level of understanding. |
Ability |
3077 | Ability to think critically. |
Ability |
3994 | Ability to coordinate, collaborate and disseminate information to subordinate, lateral and higher-level organizations. |
Ability |
5170 | Coordinate with organizational manpower stakeholders to ensure appropriate allocation and distribution of human capital assets. |
Task |
5560 | Promote awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization’s mission, vision, and goals. |
Task |
5767 | Collaborate on cyber privacy and security policies and procedures. |
Task |
5768 | Collaborate with cyber security personnel on the security risk assessment process to address privacy compliance and risk mitigation. |
Task |
5820 | Appoint and guide a team of IT security experts. |
Task |
5825 | Collaborate with key stakeholders to establish a cybersecurity risk management program |
Task |
6100 | Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities. |
Ability |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6915 | Skill in communicating with all levels of management including Board members (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience). |
Skill |
6920 | Ability to ensure information security management processes are integrated with strategic and operational planning processes. |
Ability |
6921 | Ability to ensure that senior officials within the organization provide information security for the information and systems that support the operations and assets under their control. |
Ability |
6922 | Ability to prioritize and allocate cybersecurity resources correctly and efficiently. |
Ability |
6923 | Ability to relate strategy, business, and technology in the context of organizational dynamics. |
Ability |
6925 | Ability to understand the basic concepts and issues related to cyber and its organizational impact. |
Ability |
6926 | Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list). |
Knowledge |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
6947 | Skill to anticipate new security threats. |
Skill |
6948 | Skill to remain aware of evolving technical infrastructures. |
Skill |
6949 | Skill to use critical thinking to analyze organizational patterns and relationships. |
Skill |
7110 | Ability to understand technology, management, and leadership issues related to organization processes and problem solving. |
Ability |
Additional KSATs:
KSAT ID | Description | KSAT |
---|---|---|
1004 | Knowledge of critical information technology (IT) procurement requirements. |
Knowledge |
2058 | Assist and advise inter-agency partners in identifying and developing best practices for facilitating operational support to achievement of organization objectives. |
Task |
2328 | Develop, maintain, and assess cyber cooperation security agreements with external partners. |
Task |
2443 | Identify and manage security cooperation priorities with external partners. |
Task |
325 | Knowledge of secure acquisitions (e.g., relevant Contracting Officer’s Technical Representative [COTR] duties, secure procurement, supply chain risk management). |
Knowledge |
398 | Advocate organization’s official position in legal and legislative proceedings. |
Task |
5763 | Act as, or work with, counsel relating to business partner contracts. |
Task |
6160 | Ability to oversee the development and update of the lifecycle cost estimate. |
Ability |
6930 | Knowledge of cyber competitions as a way of developing skills by providing hands-on experience in simulated, real-world situations. |
Knowledge |
706 | Manage the publishing of Computer Network Defense guidance (e.g., TCNOs, Concept of Operations, Net Analyst Reports, NTSM, MTOs) for the enterprise constituency. |
Task |
949 | Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements. |
Task |
954 | Knowledge of import/export control regulations and responsible agencies for the purposes of reducing supply chain risk. |
Knowledge |
955B | Review and approve a supply chain security/risk management policy. |
Task |
965 | Knowledge of organization’s risk tolerance and/or risk management approach. |
Knowledge |
Collaborates to identify access and collection gaps that can be satisfied through cyber collection and/or…
KSAT ID | Description | KSAT |
---|---|---|
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
264 | Knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage). |
Knowledge |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
2194 | Create comprehensive exploitation strategies that identify exploitable technical or operational vulnerabilities. |
Task |
2400 | Examine intercept-related metadata and content with an understanding of targeting significance. |
Task |
2718 | Profile network or system administrators and their activities. |
Task |
3021 | Ability to collaborate effectively with others. |
Ability |
3022 | Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means. |
Ability |
3095 | Knowledge of internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering). |
Knowledge |
3103A | Ability to identify/describe target vulnerability. |
Ability |
3103 | Ability to identify/describe techniques/methods for conducting technical exploitation of the target. |
Ability |
3106 | Knowledge of a wide range of basic communications media concepts and terminology (e.g., computer and telephone networks, satellite, cable, wireless). |
Knowledge |
3107 | Knowledge of a wide range of concepts associated with websites (e.g., website types, administration, functions, software systems, etc.). |
Knowledge |
3129 | Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.). |
Knowledge |
3137 | Knowledge of basic malicious activity concepts (e.g., foot printing, scanning and enumeration). |
Knowledge |
3179 | Knowledge of common networking devices and their configurations. |
Knowledge |
3191 | Knowledge of concepts for operating systems (e.g., Linux, Unix). |
Knowledge |
3225 | Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media). |
Knowledge |
3289 | Knowledge of how hubs, switches, routers work together in the design of a network. |
Knowledge |
3291 | Knowledge of how internet applications work (SMTP email, web-based email, chat clients, VOIP). |
Knowledge |
3346 | Knowledge of Internet and routing protocols. |
Knowledge |
3407 | Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection). |
Knowledge |
3410 | Knowledge of network topology. |
Knowledge |
3513 | Knowledge of system administration concepts for Unix/Linux and/or Windows operating systems. |
Knowledge |
3543 | Knowledge of the basic structure, architecture, and design of modern communication networks. |
Knowledge |
3801 | Skill in identifying the devices that work at each level of protocol models. |
Skill |