Business Continuity

View Related Workshops

FOR JOR ROLES :

K0353

Knowledge of possible circumstances that would result in changing collection management authorities.

K0584

Knowledge of the organizational policies/procedures for temporary transfer of collection authority.

K0021

Knowledge of data backup and recovery.

K0210

Knowledge of data backup and restoration concepts.

K0026

Knowledge of business continuity and disaster recovery continuity of operations plans.

K0032

Knowledge of resiliency and redundancy.

S0201

Skill in creating plans in support of remote operations.

S0186

Skill in applying crisis planning procedures.

S0032

Skill in developing, testing, and implementing network infrastructure contingency and recovery plans.

S0150

Skill in implementing and testing network infrastructure contingency and recovery plans.

Computer Forensics

View Related Workshops

FOR JOR ROLES :

K0449

Knowledge of how to extract, analyze, and use metadata.

K0118

Knowledge of processes for seizing and preserving digital evidence.

K0128

Knowledge of types and collection of persistent data.

K0122

Knowledge of investigative implications of hardware, Operating Systems, and network technologies.

K0132

Knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files.

K0133

Knowledge of types of digital forensics data and how to recognize them.

K0134

Knowledge of deployable forensics.

K0182

Knowledge of data carving tools and techniques (e.g., Foremost).

K0184

Knowledge of anti-forensics tactics, techniques, and procedures.

K0185

Knowledge of forensics lab design configuration and support applications (e.g., VMWare, Wireshark).

K0304

Knowledge of concepts and practices of processing digital forensic data.

K0447

Knowledge of how to collect, view, and identify essential information on targets of interest from metadata (e.g., email, http).

K0017

Knowledge of concepts and practices of processing digital forensic data.

K0433

Knowledge of forensic implications of operating system structure and operations.

K0573

Knowledge of the fundamentals of digital forensics to extract actionable intelligence.

S0120

Skill in reviewing logs to identify evidence of past intrusio

S0047

Skill in preserving evidence integrity according to standard operating procedures or national standards.

S0068

Skill in collecting, processing, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data.

S0065

Skill in identifying and extracting data of forensic interest in diverse media (i.e., media forensics).

S0069

Skill in setting up a forensic workstation.

S0071

Skill in using forensic tool suites (e.g., EnCase, Sleuthkit, FTK).

S0075

Skill in conducting forensic analyses in multiple operating system environments (e.g., mobile device systems).

S0090

Skill in analyzing anomalous code as malicious or benign.

S0091

Skill in analyzing volatile data.

S0133

Skill in processing digital evidence, to include protecting and making legally sound copies of evidence.

Computer Languages

View Related Workshops

FOR JOR ROLES :

K0068

Knowledge of programming language structures and logic.

K0139

Knowledge of interpreted and compiled computer languages.

K0016

Knowledge of computer programming principles

K0051

Knowledge of low-level computer languages (e.g., assembly languages).

K0140

Knowledge of secure coding techniques.

K0236

Knowledge of how to utilize Hadoop, Java, Python, SQL, Hive, and PIG to explore data.

K0529

Knowledge of scripting

K0372

Knowledge of programming concepts (e.g., levels, structures, compiled vs. interpreted languages).

S0060

Skill in writing code in a currently supported programming language (e.g., Java, C++).

S0094

Skill in reading Hexadecimal data.

S0095

Skill in identifying common encoding techniques (e.g., Exclusive Disjunction [XOR], American Standard Code for Information Interchange [ASCII], Unicode, Base64, Uuencode, Uniform Resource Locator [URL] encode).

S0130

Skill in writing scripts using R, Python, PIG, HIVE, SQL, etc.

S0239

Skill in interpreting compiled and interpretive programming languages.

S0257

Skill in reading, interpreting, writing, modifying, and executing simple scripts (e.g., PERL, VBS) on Windows and Unix systems (e.g., those that perform tasks like parsing large data files, automating manual tasks, and fetching/processing remote data).

S0266

Skill in relevant programming languages (e.g., C++, Python, etc.).

Computer Network Defence

View Related Workshops

FOR JOR ROLES :

K0405

Knowledge of current computer-based intrusion sets.

K0412

Knowledge of cyber lexicon/terminology

K0440

Knowledge of host-based security products and how those products affect exploitation and reduce vulnerability.

K0587

Knowledge of the POC’s, databases, tools and applications necessary to establish environment preparation and surveillance products.

K0408

Knowledge of cyber actions (i.e. cyber defense, information gathering, environment preparation, cyber-attack) principles, capabilities, limitations, and effects.

K0507

Knowledge of organization or partner exploitation of digital networks.

K0234

Knowledge of full spectrum cyber capabilities (e.g., defense, attack, exploitation).

K0046

Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.

K0110

Knowledge of adversarial tactics, techniques, and procedures.

K0098

Knowledge of the cyber defense Service Provider reporting structure and processes within one’s own organization.

K0157

Knowledge of cyber defense and information security policies, procedures, and regulations.

K0160

Knowledge of the common attack vectors on the network layer.

K0191

Signature implementation impact for viruses, malware, and attacks.

K0324

Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.

K0473

Knowledge of intrusion sets.

K0530

Knowledge of security hardware and software options, including the network artifacts they induce and their effects on exploitation.

K0493

Knowledge of obfuscation techniques (e.g., TOR/Onion/anonymizers, VPN/VPS, encryption).

S0025

Skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort).

S0129

Skill in using outlier identification and removal techniques.

S0020

Skill in developing and deploying signatures.

S0096

Skill in reading and interpreting signatures (e.g., snort).

S0147

Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).

S0370

Skill to use cyber defense Service Provider reporting structure and processes within one’s own organization.

S0092

Skill in identifying obfuscation techniques.

S0093

Skill in interpreting results of debugger to ascertain tactics, techniques, and procedures.

S0079

Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters).

S0053

Skill in tuning sensors.

S0124

Skill in troubleshooting and diagnosing cyber defense infrastructure anomalies and work through resolution.

S0258

Skill in recognizing and interpreting malicious network activity in traffic.

S0023

Skill in designing security controls based on cybersecurity principles and tenets.

Encryption

View Related Workshops

FOR JOR ROLES :

K0019

Knowledge of cryptography and cryptographic key management concepts

K0308

Knowledge of cryptology.

K0403

Knowledge of cryptologic capabilities, limitations, and contributions to cyber operations.

K0427

Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP).

K0018

Knowledge of encryption algorithms

K0285

Knowledge of implementing enterprise key escrow systems to support data-at-rest encryption.

K0025

Knowledge of digital rights management.

K0277

Knowledge of current and emerging data encryption (e.g., Column and Tablespace Encryption, file and disk encryption) security features in databases (e.g. built-in cryptographic key management features).

K0104

Knowledge of Virtual Private Network (VPN) security.

K0190

Knowledge of encryption methodologies.

K0305

Knowledge of encryption algorithms, stenography, and other forms of data concealment.

K0428

Knowledge of encryption algorithms and tools for wireless local area networks (WLANs).

K0201

Knowledge of symmetric key rotation techniques and concepts.

S0059

Skill in using Virtual Private Network (VPN) devices and encryption.

S0138

Skill in using Public-Key Infrastructure (PKI) encryption and digital signature capabilities into applications (e.g., S/MIME email, SSL traffic).

S0089

Skill in one-way hash functions (e.g., Secure Hash Algorithm [SHA], Message Digest Algorithm [MD5]).

S0298

Skill in verifying the integrity of all files. (e.g., checksums, Exclusive OR, secure hashes, check constraints, etc.).

Threat Analysis

View Related Workshops

FOR JOR ROLES :

K0177

Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).

K0453

Knowledge of indications and warning.

K0474

Knowledge of key cyber threat actors and their equities.

K0475

Knowledge of key factors of the operational environment and threat.

K0480

Knowledge of malware.

K0570

Knowledge of the factors of threat that could impact collection operations.

K0612

Knowledge of what constitutes a �threat to a network.

K0362

Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.).

K0469

Knowledge of internal tactics to anticipate and/or emulate threat capabilities and actions.

K0603

Knowledge of the ways in which targets or threats use the Internet.

K0604

Knowledge of threat and/or target systems.

K0107

Knowledge of Insider Threat investigations, reporting, investigative tools and laws/regulations.

K0144

Knowledge of social dynamics of computer attackers in a global context.

K0244

Knowledge of physical and physiological behaviors that may indicate suspicious or abnormal activity.

K0161

Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).

K0162

Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).

K0297

Knowledge of countermeasure design for identified security risks.

K0183

Knowledge of reverse engineering concepts.

K0188

Knowledge of malware analysis tools (e.g., Oily Debug, Ida Pro).

K0189

Knowledge of malware with virtual machine detection (e.g. virtual aware malware, debugger aware malware, and unpacked malware that looks for VM-related strings in your computer’s display device).

K0254

Knowledge of binary analysis.

K0259

Knowledge of malware analysis concepts and methodologies.

K0368

Knowledge of implants that enable cyber collection and/or preparation activities.

K0430

Knowledge of evasion strategies and techniques.

K0151

Knowledge of current and emerging threats/threat vectors.

K0536

Knowledge of structure, approach, and strategy of exploitation tools (e.g., sniffers, keyloggers) and techniques (e.g., gaining backdoor access, collecting/exfiltrating data, conducting vulnerability analysis of other systems in the network).

K0548

Knowledge of target or threat cyber actors and procedures.

K0607

Knowledge of translation processes and techniques.

S0044

Skill in mimicking threat behaviors.

S0229

Skill in identifying cyber threats which may jeopardize organization and/or partner interests.

S0088

Skill in using binary analysis tools (e.g., Hexedit, command code xxd, hexdump).

S0087

Skill in deep analysis of captured malicious code (e.g., malware forensics).

S0131

Skill in analyzing malware.

S0003

Skill of identifying, capturing, containing, and reporting malware.

S0052

Skill in the use of social engineering techniques. (e.g., phishing, baiting, tailgating, etc.).

S0270

Skill in reverse engineering (e.g., hex editing, binary packaging utilities, debugging, and strings analysis) to identify function and ownership of remote tools.

S0357

Skill to anticipate new security threats.

S0022

Skill in designing countermeasures to identified security risks.

S0341

Skill to monitor threat effects to partner capabilities and maintain a running estimate.

Vulnerabilities Assessment

View Related Workshops

FOR JOR ROLES :

K0005

Knowledge of cyber threats and vulnerabilities.

K0006

Knowledge of specific operational impacts of cybersecurity lapses.

K0392

Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.).

K0013

Knowledge of cyber defense and vulnerability assessment tools and their capabilities.

K0040

Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).

K0070

Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

K0342

Knowledge of penetration testing principles, tools, and techniques.

K0624

Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)

K0538

Knowledge of target and threat organization structures, critical capabilities, and critical vulnerabilities

K0147

Knowledge of emerging security issues, risks, and vulnerabilities.

K0106

Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.

K0301

Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).

K0339

Knowledge of how to use network analysis tools to identify vulnerabilities.

K0119

Knowledge of hacking methodologies.

K0187

Knowledge of file type abuse by adversaries for anomalous behavior.

K0062

Knowledge of packet-level analysis.

K0009

Knowledge of application vulnerabilities.

K0314

Knowledge of industry technologies’ potential cybersecurity vulnerabilities.

K0481

Knowledge of methods and techniques used to detect various exploitation activities.

K0531

Knowledge of security implications of software configurations.

K0574

Knowledge of the impact of language analysis on on-net operator functions.

S0001

Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.

S0009

Skill in assessing the robustness of security systems and designs.

S0036

Skill in evaluating the adequacy of security designs.

S0057

Skill in using protocol analyzers.

S0078

Skill in recognizing and categorizing types of vulnerabilities and associated attacks.

S0156

Skill in performing packet-level analysis.

S0167

Skill in recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning).

S0051

Skill in the use of penetration testing tools and techniques.

S0081

Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.).

S0199

Skill in creating and extracting important information from packet captures.

S0269

Skill in researching vulnerabilities and exploits utilized in traffic.

S0046

Skill in performing packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).

S0221

Skill in extracting information from packet captures.

S0242

Skill in interpreting vulnerability scanner results to identify vulnerabilities.

VULNERABILITY ASSESSMENT ANALYST

Business Continuity

Computer Forensics

Computer Languages

Computer Network Defence

Encryption

Threat Analysis

Vulnerabilities Assessment