Threat Analysis (TWA)
- Work Role Definition
Develops unique cyber indicators to maintain constant awareness of the status of the highly dynamic operating environment. Collects, processes, analyzes, and disseminates cyber warning assessments.
Recommended SANS Training & GIAC Certification:- FOR578: Cyber Threat Intelligence
- Certification: GIAC Cyber Threat Intelligence (GCTI)
- Certification: GIAC Cyber Threat Intelligence (GCTI)
- SEC504: Hacker Tools, Techniques, and Incident Handling
- Certification: GIAC Certified Incident Handler (GCIH)
- FOR578: Cyber Threat Intelligence
Exploitation Analysis (EXP)
-
Work Role Definition:
Collaborates to identify access and collection gaps that can be satisfied through cyber collection and/or preparation activities. Leverages all authorized resources and analytic techniques to penetrate targeted networks.
Recommended SANS Training & GIAC Certification
- SEC560: Enterprise Penetration Testing
- Certification: GIAC Penetration Tester (GPEN)
- Certification: GIAC Penetration Tester (GPEN)
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
- Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- SEC760: Advanced Exploit Development for Penetration Testers
- SEC661: ARM Exploit Development
- SEC542: Web App Penetration Testing and Ethical Hacking
- Certification: GIAC Web Application Penetration Tester (GWAPT)
- SEC560: Enterprise Penetration Testing
All-Source Analysis (ASA)
-
Work Role Definition
Analyzes data/information from one or multiple sources to conduct preparation of the environment, respond to requests for information, and submit intelligence collection and production requirements in support of planning and operations.
Recommended SANS Training & GIAC Certification- FOR578: Cyber Threat Intelligence
- Certification: GIAC Cyber Threat Intelligence (GCTI)
- Certification: GIAC Cyber Threat Intelligence (GCTI)
- SEC504: Hacker Tools, Techniques, and Incident Handling
- Certification: GIAC Certified Incident Handler (GCIH)
- FOR578: Cyber Threat Intelligence
- Work Role Definition
Develops assessment plans and measures of performance/effectiveness. Conducts strategic and operational effectiveness assessments as required for cyber events. Determines whether systems performed as expected and provides input to the determination of operational effectiveness.
Recommended SANS Training & GIAC Certification:- FOR578: Cyber Threat Intelligence
- Certification: GIAC Cyber Threat Intelligence (GCTI)
- Certification: GIAC Cyber Threat Intelligence (GCTI)
SEC560: Enterprise Penetration Testing
- Certification: GIAC Penetration Tester (GPEN)
- SEC504: Hacker Tools, Techniques, and Incident Handling
- Certification: GIAC Certified Incident Handler (GCIH)
- FOR578: Cyber Threat Intelligence
Targets (TGT)
-
Work Role Definition:
Performs target system analysis, builds and/or maintains electronic target folders to include inputs from environment preparation, and/or internal or external intelligence sources. Coordinates with partner target activities and intelligence organizations, and presents candidate targets for vetting and validation.
Recommended SANS Training & GIAC Certification:- SEC560: Enterprise Penetration Testing
- Certification: GIAC Penetration Tester (GPEN)
- Certification: GIAC Penetration Tester (GPEN)
- SEC542: Web App Penetration Testing and Ethical Hacking
- Certification: GIAC Web Application Penetration Tester (GWAPT)
- Certification: GIAC Web Application Penetration Tester (GWAPT)
- SEC565: Red Team Operations and Adversary Emulation
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
- Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- SEC760: Advanced Exploit Development for Penetration Testers
- SEC661: ARM Exploit Development
- SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses
- Certification: GIAC Defending Advanced Threats (GDAT)
- Certification: GIAC Defending Advanced Threats (GDAT)
- SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection
- SEC560: Enterprise Penetration Testing
-
Work Role Definition:
Conducts advanced analysis of collection and open-source data to ensure target continuity; to profile targets and their activities; and develop techniques to gain more target information. Determines how targets communicate, move, operate and live based on knowledge of target technologies, digital networks and the applications on them.
Recommended SANS Training & GIAC Certification:- FOR578: Cyber Threat Intelligence
- Certification: GIAC Cyber Threat Intelligence (GCTI)
- Certification: GIAC Cyber Threat Intelligence (GCTI)
- SEC504: Hacker Tools, Techniques, and Incident Handling
- Certification: GIAC Certified Incident Handler (GCIH)
- FOR578: Cyber Threat Intelligence
Language Analysis (LNG)
-
Work Role Definition
Applies language and culture expertise with target/threat and technical knowledge to process, analyze, and/or disseminate intelligence information derived from language, voice and/or graphic material. Creates, and maintains language specific databases and working aids to support cyber action execution and ensure critical knowledge sharing. Provides subject matter expertise in foreign language-intensive or interdisciplinary projects.