Defensive Cybersecurity (OPM Code 511)
Work Role Definition
Responsible for analyzing data collected from various cybersecurity defense tools to mitigate risks.
Recommended SANS Training & GIAC Certification:
- SEC401: Security Essentials: Network, Endpoint, and Cloud | Certification: GIAC Security Essentials (GSEC)
- SEC450: Blue Team Fundamentals: Security Operations and Analysis | Certification: GIAC Security Operations Certified (GSOC)
- SEC504: Hacker Tools, Techniques, and Incident Handling | Certification: GIAC Certified Incident Handler (GCIH)
- SEC501: Advanced Security Essentials - Enterprise Defender | Certification: GIAC Certified Enterprise Defender (GCED)
- SEC503: Network Monitoring and Threat Detection In-Depth | Certification: GIAC Certified Intrusion Analyst (GCIA)
- SEC511: Continuous Monitoring and Security Operations | Certification: GIAC Continuous Monitoring Certification (GMON)
- SEC573: Automating Information Security with Python | Certification: GIAC Python Coder (GPYC)
- SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection | GIAC Cloud Threat Detection (GCTD)
- SEC598: Security Automation for Offense, Defense and Cloud
- FOR578: Cyber Threat Intelligence | Certification: GIAC Cyber Threat Intelligence (GCTI)
Digital Forensics (OPM Code 212)
Work Role Definition
Responsible for analyzing digital evidence from computer security incidents to derive useful information in support of system and network vulnerability mitigation.
Recommended SANS Training & GIAC Certification:
- FOR500: Windows Forensic Analysis | Certification: GIAC Certified Forensic Examiner (GCFE)
- FOR498: Battlefield Forensics & Data Acquisition | Certification: GIAC Battlefield Forensics and Acquisition (GBFA)
- FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics | Certification: GIAC Certified Forensic Analyst (GCFA)
- FOR509: Enterprise Cloud Forensics and Incident Response | Certification: GIAC Cloud Forensics Responder (GCFR)
- FOR528: Ransomware for Incident Responders
- FOR589: Cybercrime Intelligence
- FOR608: Enterprise-Class Incident Response & Threat Hunting | Certification: GIAC Enterprise Incident Response (GEIR)
- FOR518: Mac and iOS Forensic Analysis and Incident Response | Certification: GIAC iOS and macOS Examiner (GIME)
- FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response | Certification: GIAC Network Forensic Analyst (GNFA)
- FOR585: Smartphone Forensic Analysis In-Depth | Certification: GIAC Advanced Smartphone Forensics (GASF)
- FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques | Certification: GIAC Reverse Engineering Malware (GREM)
- FOR710: Reverse-Engineering Malware: Advanced Code Analysis
- SEC573: Automating Information Security with Python | Certification: GIAC Python Coder (GPYC)
Incident Response (OPM Code 531)
Work Role Definition
Responsible for investigating, analyzing, and responding to network cybersecurity incidents.
Recommended SANS Training & GIAC Certification:
- SEC504: Hacker Tools, Techniques, and Incident Handling | Certification: GIAC Certified Incident Handler (GCIH)
- FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics | Certification: GIAC Certified Forensic Analyst (GCFA)
- FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response | Certification: GIAC Network Forensic Analyst (GNFA)
- FOR509: Enterprise Cloud Forensics and Incident Response | Certification: GIAC Cloud Forensics Responder (GCFR)
- FOR528: Ransomware for Incident Responders
- FOR589: Cybercrime Intelligence
- FOR608: Enterprise-Class Incident Response & Threat Hunting
- FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques | Certification: GIAC Reverse Engineering Malware (GREM)
- FOR518: Mac and iOS Forensic Analysis and Incident Response | Certification: GIAC iOS and macOS Examiner (GIME)
- FOR528: Ransomware for Incident Responders
- FOR578: Cyber Threat Intelligence | Certification: GIAC Cyber Threat Intelligence (GCTI)
- FOR710: Reverse-Engineering Malware: Advanced Code Analysis
- ICS515: ICS Visibility, Detection, and Response | Certification: GIAC Response and Industrial Defense (GRID)
- SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection | GIAC Cloud Threat Detection (GCTD)
Infrastructure Support (OPM Code 521)
Work Role Definition
Responsible for testing, implementing, deploying, maintaining, and administering infrastructure hardware and software for cybersecurity.
Recommended SANS Training & GIAC Certification:
- SEC401: Security Essentials: Network, Endpoint, and Cloud | Certification: GIAC Security Essentials (GSEC)
- SEC450: Blue Team Fundamentals: Security Operations and Analysis | Certification: GIAC Security Operations Certified (GSOC)
- SEC501: Advanced Security Essentials - Enterprise Defender | Certification: GIAC Certified Enterprise Defender (GCED)
- SEC511: Continuous Monitoring and Security Operations | Certification: GIAC Continuous Monitoring Certification (GMON)
Insider Threat Analysis (OPM Code TBD)
Work Role Definition
Responsible for identifying and assessing the capabilities and activities of cybersecurity insider threats; produces findings to help initialize and support law enforcement and counterintelligence activities and investigations.
Recommended SANS Training & GIAC Certification:
- SEC504: Hacker Tools, Techniques, and Incident Handling | Certification: GIAC Certified Incident Handler (GCIH)
- FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics | Certification: GIAC Certified Forensic Analyst (GCFA)
- FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response | Certification: GIAC Network Forensic Analyst (GNFA)
- FOR509: Enterprise Cloud Forensics and Incident Response | Certification: GIAC Cloud Forensics Responder (GCFR)
- FOR608: Enterprise-Class Incident Response & Threat Hunting
- FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques | Certification: GIAC Reverse Engineering Malware (GREM)
- FOR518: Mac and iOS Forensic Analysis and Incident Response | Certification: GIAC iOS and macOS Examiner (GIME)
- FOR528: Ransomware for Incident Responders
- FOR578: Cyber Threat Intelligence | Certification: GIAC Cyber Threat Intelligence (GCTI)
- FOR710: Reverse-Engineering Malware: Advanced Code Analysis
- ICS515: ICS Visibility, Detection, and Response | Certification: GIAC Response and Industrial Defense (GRID)
- SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection | GIAC Cloud Threat Detection (GCTD)
Threat Analysis (OPM Code 141)
Work Role Definition
Responsible for collecting, processing, analyzing, and disseminating cybersecurity threat assessments. Develops cybersecurity indicators to maintain awareness of the status of the highly dynamic operating environment.
Recommended SANS Training & GIAC Certification:
Vulnerability Analysis (OPM Code 541)
Work Role Definition
Responsible for assessing systems and networks to identify deviations from acceptable configurations, enclave policy, or local policy. Measure effectiveness of defense-in-depth architecture against known vulnerabilities.
Recommended SANS Training & GIAC Certification:
- SEC542: Web App Penetration Testing and Ethical Hacking | Certification: GIAC Web Application Penetration Tester (GWAPT)
- SEC588: Cloud Penetration Testing | Certification: GIAC Cloud Penetration Tester (GCPN)
- SEC560: Enterprise Penetration Testing | Certification: GIAC Penetration Tester (GPEN)
- SEC556: IoT Penetration Testing
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking | Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- LDR516: Building and Leading Vulnerability Management Programs™
Pen Tester
Work Role Definition
This expert finds security vulnerabilities in target systems, networks, and applications in order to help enterprises improve their security. By identifying which flaws can be exploited to cause business risk, the pen tester provides crucial insights into the most pressing issues and suggests how to prioritize security resources.
Recommended SANS Training & GIAC Certification:
- SEC560: Enterprise Penetration Testing | Certification: GIAC Penetration Tester (GPEN)
- SEC542: Web App Penetration Testing and Ethical Hacking | Certification: GIAC Web Application Penetration Tester (GWAPT)
- SEC556: IoT Penetration Testing
- SEC588: Cloud Penetration Testing | Certification: GIAC Cloud Penetration Tester (GCPN)
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking | Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
Adversary Emulation Specialist / Red Teamer
Work Role Definition
A security expert who emulates how an adversary operates using TTPs (Tactics, Techniques & Procedures). The goal is to improve how resilient the organization is versus these adversary techniques in order to prevent, detect, and respond accordingly.
Recommended SANS Training & GIAC Certification:
- SEC565: Red Team Operations and Adversary Emulation | Certification: GIAC Red Team Professional (GRTP)
- SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses | Certification: GIAC Defending Advanced Threats (GDAT)
- SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection
- SEC670: Red Team Operations - Developing Custom Tools for Windows
- SEC504: Hacker Tools, Techniques, and Incident Handling | Certification: GIAC Certified Incident Handler (GCIH)
- SEC556: IoT Penetration Testing
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking | Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- SEC760: Advanced Exploit Development for Penetration Testers
