Cybersecurity Analysis | Nice Framework

Threat Analysis (TWA)

Threat Analysis identifies and assesses the capabilities and activities of cybersecurity criminals or foreign intelligence entities; produces findings to help initialize or support law enforcement and counterintelligence investigations or activities

Work Role Definition
Develops unique cyber indicators to maintain constant awareness of the status of the highly dynamic operating environment. Collects, processes, analyzes, and disseminates cyber warning assessments.

Recommended SANS Training & GIAC Certification:
- FOR578: Cyber Threat Intelligence
  - Certification: GIAC Cyber Threat Intelligence (GCTI)
- SEC504: Hacker Tools, Techniques, and Incident Handling
  - Certification: GIAC Certified Incident Handler (GCIH)

Exploitation Analysis (EXP)

Exploitation Analysis analyzes collected information to identify vulnerabilities and potential for exploitation.

Work Role Definition:

Collaborates to identify access and collection gaps that can be satisfied through cyber collection and/or preparation activities. Leverages all authorized resources and analytic techniques to penetrate targeted networks.

Recommended SANS Training & GIAC Certification
- SEC560: Enterprise Penetration Testing
  - Certification: GIAC Penetration Tester (GPEN)
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
  - Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- SEC760: Advanced Exploit Development for Penetration Testers
- SEC661: ARM Exploit Development
- SEC542: Web App Penetration Testing and Ethical Hacking
  - Certification: GIAC Web Application Penetration Tester (GWAPT)

All-Source Analysis (ASA)

All-Source Analysis analyzes threat information from multiple sources, disciplines, and agencies across the Intelligence Community. Synthesizes and places intelligence information in context; draws insights about the possible implications.

Work Role Definition
Analyzes data/information from one or multiple sources to conduct preparation of the environment, respond to requests for information, and submit intelligence collection and production requirements in support of planning and operations.

Recommended SANS Training & GIAC Certification
- FOR578: Cyber Threat Intelligence
  - Certification: GIAC Cyber Threat Intelligence (GCTI)
- SEC504: Hacker Tools, Techniques, and Incident Handling
  - Certification: GIAC Certified Incident Handler (GCIH)
Work Role Definition
Develops assessment plans and measures of performance/effectiveness. Conducts strategic and operational effectiveness assessments as required for cyber events. Determines whether systems performed as expected and provides input to the determination of operational effectiveness.

Recommended SANS Training & GIAC Certification:
- FOR578: Cyber Threat Intelligence
  - Certification: GIAC Cyber Threat Intelligence (GCTI)
- SEC560: Enterprise Penetration Testing
- SEC504: Hacker Tools, Techniques, and Incident Handling
  - Certification: GIAC Certified Incident Handler (GCIH)

Targets (TGT)

Targets applies current knowledge of one or more regions, countries, non-state entities, and/or technologies.

Work Role Definition:

Performs target system analysis, builds and/or maintains electronic target folders to include inputs from environment preparation, and/or internal or external intelligence sources. Coordinates with partner target activities and intelligence organizations, and presents candidate targets for vetting and validation.

Recommended SANS Training & GIAC Certification:
- SEC560: Enterprise Penetration Testing
  - Certification: GIAC Penetration Tester (GPEN)
- SEC542: Web App Penetration Testing and Ethical Hacking
  - Certification: GIAC Web Application Penetration Tester (GWAPT)
- SEC565: Red Team Operations and Adversary Emulation
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
  - Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- SEC760: Advanced Exploit Development for Penetration Testers
- SEC661: ARM Exploit Development
- SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses
  - Certification: GIAC Defending Advanced Threats (GDAT)
- SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection
Work Role Definition:
Conducts advanced analysis of collection and open-source data to ensure target continuity; to profile targets and their activities; and develop techniques to gain more target information. Determines how targets communicate, move, operate and live based on knowledge of target technologies, digital networks and the applications on them.

Recommended SANS Training & GIAC Certification:
- FOR578: Cyber Threat Intelligence
  - Certification: GIAC Cyber Threat Intelligence (GCTI)
- SEC504: Hacker Tools, Techniques, and Incident Handling
  - Certification: GIAC Certified Incident Handler (GCIH)

Language Analysis (LNG)

Language Analysis applies language, cultural, and technical expertise to support information collection, analysis, and other cybersecurity activities.

Work Role Definition

Applies language and culture expertise with target/threat and technical knowledge to process, analyze, and/or disseminate intelligence information derived from language, voice and/or graphic material. Creates, and maintains language specific databases and working aids to support cyber action execution and ensure critical knowledge sharing. Provides subject matter expertise in foreign language-intensive or interdisciplinary projects.

Train and Certify

Manage Your Team

Security Awareness

Resources

Get Involved

About

Analyze

Threat Analysis (TWA)

Exploitation Analysis (EXP)

All-Source Analysis (ASA)

Targets (TGT)

Language Analysis (LNG)