Collection Operations (CLP)
All Source-Collection Manager
Work Role Definition
Identifies collection authorities and environment; incorporates priority information requirements into collection management; develops concepts to meet leadership's intent. Determines capabilities of available collection assets, identifies new collection capabilities; and constructs and disseminates collection plans. Monitors execution of tasked collection to ensure effective execution of the collection plan.
Recommended SANS Training & GIAC Certification:
- FOR578: Cyber Threat Intelligence | Certification: GIAC Cyber Threat Intelligence (GCTI)
- FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics | Certification: GIAC Certified Forensic Analyst (GCFA)
All Source-Collection Requirements Evaluation Manager
Work Role Definition
Evaluates collection operations and develops effects-based collection requirements strategies using available sources and methods to improve collection. Develops, processes, validates, and coordinates submission of collection requirements. Evaluates performance of collection assets and collection operations.
Recommended SANS Training & GIAC Certification:
- FOR578: Cyber Threat Intelligence | Certification: GIAC Cyber Threat Intelligence (GCTI)
- FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics | Certification: GIAC Certified Forensic Analyst (GCFA)
Cyber Operational Planning (OPL)
Cyber Intel Planner (OPM 331)
Work Role Definition:
Develops detailed intelligence plans to satisfy cyber operations requirements. Collaborates with cyber operations planners to identify, validate, and levy requirements for collection and analysis. Participates in targeting selection, validation, synchronization, and execution of cyber actions. Synchronizes intelligence activities to support organization objectives in cyberspace.
Recommended SANS Training & GIAC Certification
- FOR578: Cyber Threat Intelligence | Certification: GIAC Cyber Threat Intelligence (GCTI)
- SEC504: Hacker Tools, Techniques, and Incident Handling | Certification: GIAC Certified Incident Handler (GCIH)
Cyber Operations Planner (OPM 332)
Work Role Definition:
Develops detailed plans for the conduct or support of the applicable range of cyber operations through collaboration with other planners, operators and/or analysts. Participates in targeting selection, validation, synchronization, and enables integration during the execution of cyber actions.
Recommended SANS Training & GIAC Certification
- SEC565: Red Team Operations and Adversary Emulation | Certification: GIAC Red Team Professional (GRTP)
- SEC560: Enterprise Penetration Testing | Certification: GIAC Penetration Tester (GPEN)
- SEC542: Web App Penetration Testing and Ethical Hacking | Certification: GIAC Web Application Penetration Tester (GWAPT)
- SEC588: Cloud Penetration Testing | Certification: GIAC Cloud Penetration Tester (GCPN)
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking | Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- SEC699: Advanced Purple Teaming - Adversary Emulation & Detection Engineering
- SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses | Certification: GIAC Defending Advanced Threats (GDAT)
- SEC467: Social Engineering for Security Professionals
- SEC556: IoT Penetration Testing
Partner Integration Planner
Work Role Definition:
Works to advance cooperation across organizational or national borders between cyber operations partners. Aids the integration of partner cyber teams by providing guidance, resources, and collaboration to develop best practices and facilitate organizational support for achieving objectives in integrated cyber actions.
Recommended SANS Training & GIAC Certification
- SEC565: Red Team Operations and Adversary Emulation | GIAC Red Team Professional (GRTP)
- SEC699: Advanced Purple Teaming - Adversary Emulation & Detection Engineering
- SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses | Certification: GIAC Defending Advanced Threats (GDAT)
- FOR578: Cyber Threat Intelligence | Certification: GIAC Cyber Threat Intelligence (GCTI)
Cyber Operations (OPS)
Cyber Operator
Work Role Definition
Conducts collection, processing, and/or geolocation of systems in order to exploit, locate, and/or track targets of interest. Performs network navigation, tactical forensic analysis, and, when directed, executing on-net operations.
Recommended SANS Training & GIAC Certification
- FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics | Certification: GIAC Certified Forensic Analyst (GCFA)
- FOR528: Ransomware for Incident Responders
- FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response | Certification: GIAC Network Forensic Analyst (GNFA)
- FOR578: Cyber Threat Intelligence | Certification: GIAC Cyber Threat Intelligence (GCTI)
- SEC560: Enterprise Penetration Testing | Certification: GIAC Penetration Tester (GPEN)
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking | Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- SEC556: IoT Penetration Testing
- SEC467: Social Engineering for Security Professionals
- SEC573: Automating Information Security with Python | Certification: GIAC Python Coder (GPYC)