Threat Analysis (TWA)
Warnings Analyst (OPM 141)
Work Role Definition
Develops unique cyber indicators to maintain constant awareness of the status of the highly dynamic operating environment. Collects, processes, analyzes, and disseminates cyber warning assessments.
Recommended SANS Training & GIAC Certification:
- FOR578: Cyber Threat Intelligence | Certification: GIAC Cyber Threat Intelligence (GCTI)
- SEC504: Hacker Tools, Techniques, and Incident Handling | Certification: GIAC Certified Incident Handler (GCIH)
Exploitation Analysis (EXP)
Exploitation Analyst
Work Role Definition:
Collaborates to identify access and collection gaps that can be satisfied through cyber collection and/or preparation activities. Leverages all authorized resources and analytic techniques to penetrate targeted networks.
Recommended SANS Training & GIAC Certification
- SEC560: Enterprise Penetration Testing | Certification: GIAC Penetration Tester (GPEN)
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking | Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- SEC760: Advanced Exploit Development for Penetration Testers
- SEC542: Web App Penetration Testing and Ethical Hacking | Certification: GIAC Web Application Penetration Tester (GWAPT)
All-Source Analysis (ASA)
All-Source Analyst (OPM 111)
Work Role Definition
Analyzes data/information from one or multiple sources to conduct preparation of the environment, respond to requests for information, and submit intelligence collection and production requirements in support of planning and operations.
Recommended SANS Training & GIAC Certification
- FOR578: Cyber Threat Intelligence | Certification: GIAC Cyber Threat Intelligence (GCTI)
- SEC504: Hacker Tools, Techniques, and Incident Handling | Certification: GIAC Certified Incident Handler (GCIH)
Mission Assessment Specialist (OPM 112)
Work Role Definition
Develops assessment plans and measures of performance/effectiveness. Conducts strategic and operational effectiveness assessments as required for cyber events. Determines whether systems performed as expected and provides input to the determination of operational effectiveness.
Recommended SANS Training & GIAC Certification:
- FOR578: Cyber Threat Intelligence| Certification: GIAC Cyber Threat Intelligence (GCTI)
- SEC560: Enterprise Penetration Testing | Certification: GIAC Penetration Tester (GPEN)
- SEC504: Hacker Tools, Techniques, and Incident Handling | Certification: GIAC Certified Incident Handler (GCIH)
Targets (TGT)
Target Developer (OPM 131)
Work Role Definition:
Performs target system analysis, builds and/or maintains electronic target folders to include inputs from environment preparation, and/or internal or external intelligence sources. Coordinates with partner target activities and intelligence organizations, and presents candidate targets for vetting and validation.
Recommended SANS Training & GIAC Certification:
SEC560: Enterprise Penetration Testing | Certification: GIAC Penetration Tester (GPEN)
SEC542: Web App Penetration Testing and Ethical Hacking | Certification: GIAC Web Application Penetration Tester (GWAPT)
SEC565: Red Team Operations and Adversary Emulation
SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking | Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
SEC760: Advanced Exploit Development for Penetration Testers
SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses | Certification: GIAC Defending Advanced Threats (GDAT)
SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection
Target Analyst
Work Role Definition:
Conducts advanced analysis of collection and open-source data to ensure target continuity; to profile targets and their activities; and develop techniques to gain more target information. Determines how targets communicate, move, operate and live based on knowledge of target technologies, digital networks and the applications on them.
Recommended SANS Training & GIAC Certification:
- FOR578: Cyber Threat Intelligence | Certification: GIAC Cyber Threat Intelligence (GCTI)
- SEC504: Hacker Tools, Techniques, and Incident Handling | Certification: GIAC Certified Incident Handler (GCIH)
Language Analysis (LNG)
Language Analyst
Work Role Definition
Applies language and culture expertise with target/threat and technical knowledge to process, analyze, and/or disseminate intelligence information derived from language, voice and/or graphic material. Creates, and maintains language specific databases and working aids to support cyber action execution and ensure critical knowledge sharing. Provides subject matter expertise in foreign language-intensive or interdisciplinary projects.