Cybersecurity Defense Analysis (CDA)
Cyber Defense Analyst (OPM 511)
Work Role Definition
Uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purposes of mitigating threats.
Recommended SANS Training & GIAC Certification:
- SEC401: Security Essentials: Network, Endpoint, and Cloud | Certification: GIAC Security Essentials (GSEC)
- SEC450: Blue Team Fundamentals: Security Operations and Analysis | Certification: GIAC Security Operations Certified (GSOC)
- SEC504: Hacker Tools, Techniques, and Incident Handling | Certification: GIAC Certified Incident Handler (GCIH)
- SEC501: Advanced Security Essentials - Enterprise Defender | Certification: GIAC Certified Enterprise Defender (GCED)
- SEC503: Network Monitoring and Threat Detection In-Depth | Certification: GIAC Certified Intrusion Analyst (GCIA)
- SEC511: Continuous Monitoring and Security Operations | Certification: GIAC Continuous Monitoring Certification (GMON)
- SEC573: Automating Information Security with Python | Certification: GIAC Python Coder (GPYC)
- SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection | Certification: GIAC Cloud Threat Detection (GCTD)
- SEC586: Security Automation with PowerShell
- FOR578: Cyber Threat Intelligence | Certification: GIAC Cyber Threat Intelligence (GCTI)
Cybersecurity Defense Infrastructure Support (OPM 521)
Cyber Defense Infrastructure Support Specialist
Work Role Definition:
Tests, implements, deploys, maintains, and administers the infrastructure hardware and software.
Recommended SANS Training & GIAC Certification
- SEC401: Security Essentials: Network, Endpoint, and Cloud | Certification: GIAC Security Essentials (GSEC)
- SEC450: Blue Team Fundamentals: Security Operations and Analysis | Certification: GIAC Security Operations Certified (GSOC)
- SEC501: Advanced Security Essentials - Enterprise Defender | Certification: GIAC Certified Enterprise Defender (GCED)
- SEC511: Continuous Monitoring and Security Operations | Certification: GIAC Continuous Monitoring Certification (GMON)
- SEC586: Security Automation with PowerShell
Incident Response (CIR)
Cyber Defense Incident Responder
Work Role Definition:
Investigates, analyzes, and responds to cyber incidents within the network environment or enclave.
Recommended SANS Training & GIAC Certification
- SEC504: Hacker Tools, Techniques, and Incident Handling
- FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response | Certification: GIAC Network Forensic Analyst (GNFA)
- FOR509: Enterprise Cloud Forensics and Incident Response | Certification: GIAC Cloud Forensics Responder (GCFR)
- FOR608: Enterprise-Class Incident Response & Threat Hunting
- FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques | Certification: GIAC Reverse Engineering Malware (GREM)
- FOR518: Mac and iOS Forensic Analysis and Incident Response | Certification: GIAC iOS and macOS Examiner (GIME)
- FOR528: Ransomware for Incident Responders
- FOR578: Cyber Threat Intelligence | Certification: GIAC Cyber Threat Intelligence (GCTI)
- FOR710: Reverse-Engineering Malware: Advanced Code Analysis
- ICS515: ICS Visibility, Detection, and Response | Certification: GIAC Response and Industrial Defense (GRID)
- SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection
- SEC586: Security Automation with PowerShell
Vulnerability Assessment and Management (VAM)
Vulnerability Analyst (OPM 541)
Work Role Definition:
Performs assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities.
Recommended SANS Training & GIAC Certification
- SEC542: Web App Penetration Testing and Ethical Hacking | Certification: GIAC Web Application Penetration Tester (GWAPT)
- SEC588: Cloud Penetration Testing | Certification: GIAC Cloud Penetration Tester (GCPN)
- SEC560: Enterprise Penetration Testing | Certification: GIAC Penetration Tester (GPEN)
- SEC556: IoT Penetration Testing
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking | Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- LDR516: Building and Leading Vulnerability Management Programs
Pen Tester (OPM 541)
Work Role Definition:
This expert finds security vulnerabilities in target systems, networks, and applications in order to help enterprises improve their security. By identifying which flaws can be exploited to cause business risk, the pen tester provides crucial insights into the most pressing issues and suggests how to prioritize security resources.
Recommended SANS Training & GIAC Certification
- SEC560: Enterprise Penetration Testing | Certification: GIAC Penetration Tester (GPEN)
- SEC542: Web App Penetration Testing and Ethical Hacking | Certification: GIAC Web Application Penetration Tester (GWAPT)
- SEC556: IoT Penetration Testing
- SEC588: Cloud Penetration Testing | Certification: GIAC Cloud Penetration Tester (GCPN)
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking | Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- SEC467: Social Engineering for Security Professionals
Adversary Emulation Specialist / Red Teamer (OPM 541)
Work Role Definition:
A security expert who emulates how an adversary operates using TTPs (Tactics, Techniques & Procedures). The goal is to improve how resilient the organization is versus these adversary techniques in order to prevent, detect, and respond accordingly.
Recommended SANS Training & GIAC Certification
- SEC565: Red Team Operations and Adversary Emulation
- SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses | Certification: GIAC Defending Advanced Threats (GDAT)
- SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection
- SEC670: Red Team Operations - Developing Custom Tools for Windows
- SEC504: Hacker Tools, Techniques, and Incident Handling | Certification: GIAC Certified Incident Handler (GCIH)
- SEC556: IoT Penetration Testing
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking | Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- SEC760: Advanced Exploit Development for Penetration Testers