Collection Operations (CLP)
All Source-Collection Manager
Work Role DefinitionIdentifies collection authorities and environment; incorporates priority information requirements into collection management; develops concepts to meet leadership's intent. Determines capabilities of available collection assets, identifies new collection capabilities; and constructs and disseminates collection plans. Monitors execution of tasked collection to ensure effective execution of the collection plan.
Recommended SANS Training & GIAC Certification:- FOR578: Cyber Threat Intelligence
- Certification: GIAC Cyber Threat Intelligence (GCTI)
- Certification: GIAC Cyber Threat Intelligence (GCTI)
- FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
- Certification: GIAC Certified Forensic Analyst (GCFA)
- FOR578: Cyber Threat Intelligence
All Source-Collection Requirements Evaluation Manager
Work Role DefinitionEvaluates collection operations and develops effects-based collection requirements strategies using available sources and methods to improve collection. Develops, processes, validates, and coordinates submission of collection requirements. Evaluates performance of collection assets and collection operations.
Recommended SANS Training & GIAC Certification:- FOR578: Cyber Threat Intelligence
- Certification: GIAC Cyber Threat Intelligence (GCTI)
- Certification: GIAC Cyber Threat Intelligence (GCTI)
- FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
- Certification: GIAC Certified Forensic Analyst (GCFA)
- FOR578: Cyber Threat Intelligence
Cyber Operational Planning (OPL)
Cyber Intel Planner (OPM 331)
Work Role Definition:
Recommended SANS Training & GIAC Certification
Develops detailed intelligence plans to satisfy cyber operations requirements. Collaborates with cyber operations planners to identify, validate, and levy requirements for collection and analysis. Participates in targeting selection, validation, synchronization, and execution of cyber actions. Synchronizes intelligence activities to support organization objectives in cyberspace.- FOR578: Cyber Threat Intelligence
- Certification: GIAC Cyber Threat Intelligence (GCTI)
- Certification: GIAC Cyber Threat Intelligence (GCTI)
- SEC504: Hacker Tools, Techniques, and Incident Handling
- Certification: GIAC Certified Incident Handler (GCIH)
- FOR578: Cyber Threat Intelligence
Cyber Operations Planner (OPM 332)
Work Role Definition:
Develops detailed plans for the conduct or support of the applicable range of cyber operations through collaboration with other planners, operators and/or analysts. Participates in targeting selection, validation, synchronization, and enables integration during the execution of cyber actions.
Recommended SANS Training & GIAC Certification- SEC565: Red Team Operations and Adversary Emulation
- SEC560: Enterprise Penetration Testing
- Certification: GIAC Penetration Tester (GPEN)
- Certification: GIAC Penetration Tester (GPEN)
- SEC542: Web App Penetration Testing and Ethical Hacking
- Certification: GIAC Web Application Penetration Tester (GWAPT)
- Certification: GIAC Web Application Penetration Tester (GWAPT)
- SEC588: Cloud Penetration Testing
- Certification: GIAC Cloud Penetration Tester (GCPN)
- Certification: GIAC Cloud Penetration Tester (GCPN)
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
- Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection
- SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses
- Certification: GIAC Defending Advanced Threats (GDAT)
- Certification: GIAC Defending Advanced Threats (GDAT)
- SEC467: Social Engineering for Security Professionals
- SEC556: IoT Penetration Testing
- SEC565: Red Team Operations and Adversary Emulation
Partner Integration Planner
Work Role Definition:
Works to advance cooperation across organizational or national borders between cyber operations partners. Aids the integration of partner cyber teams by providing guidance, resources, and collaboration to develop best practices and facilitate organizational support for achieving objectives in integrated cyber actions.
Recommended SANS Training & GIAC Certification- SEC565: Red Team Operations and Adversary Emulation
- SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection
- SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses
- Certification: GIAC Defending Advanced Threats (GDAT)
- Certification: GIAC Defending Advanced Threats (GDAT)
- FOR578: Cyber Threat Intelligence
- Certification: GIAC Cyber Threat Intelligence (GCTI)
- SEC565: Red Team Operations and Adversary Emulation
Cyber Operations (OPS)
Cyber Operator
Work Role Definition
Conducts collection, processing, and/or geolocation of systems in order to exploit, locate, and/or track targets of interest. Performs network navigation, tactical forensic analysis, and, when directed, executing on-net operations.
Recommended SANS Training & GIAC Certification- FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
- Certification: GIAC Certified Forensic Analyst (GCFA)
- Certification: GIAC Certified Forensic Analyst (GCFA)
- FOR528: Ransomware for Incident Responders
- FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
- Certification: GIAC Network Forensic Analyst (GNFA)
- Certification: GIAC Network Forensic Analyst (GNFA)
- FOR578: Cyber Threat Intelligence
- Certification: GIAC Cyber Threat Intelligence (GCTI)
- Certification: GIAC Cyber Threat Intelligence (GCTI)
- SEC560: Enterprise Penetration Testing
- Certification: GIAC Penetration Tester (GPEN)
- Certification: GIAC Penetration Tester (GPEN)
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
- Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- SEC556: IoT Penetration Testing
- SEC467: Social Engineering for Security Professionals
- SEC573: Automating Information Security with Python
- Certification: GIAC Python Coder (GPYC)
- FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics