Cybersecurity Defense Analysis (CDA)
- Work Role Definition
Uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purposes of mitigating threats.
Recommended SANS Training & GIAC Certification:- SEC401: Security Essentials: Network, Endpoint, and Cloud
- Certification: GIAC Security Essentials (GSEC)
- Certification: GIAC Security Essentials (GSEC)
- SEC450: Blue Team Fundamentals: Security Operations and Analysis
- Certification: GIAC Security Operations Certified (GSOC)
- Certification: GIAC Security Operations Certified (GSOC)
- SEC504: Hacker Tools, Techniques, and Incident Handling
- SEC501: Advanced Security Essentials - Enterprise Defender
- Certification: GIAC Certified Enterprise Defender (GCED)
- Certification: GIAC Certified Enterprise Defender (GCED)
- SEC503: Network Monitoring and Threat Detection In-Depth
- Certification: GIAC Certified Intrusion Analyst (GCIA)
- Certification: GIAC Certified Intrusion Analyst (GCIA)
- SEC511: Continuous Monitoring and Security Operations
- Certification: GIAC Continuous Monitoring Certification (GMON)
- Certification: GIAC Continuous Monitoring Certification (GMON)
- SEC573: Automating Information Security with Python
- Certification: GIAC Python Coder (GPYC)
- Certification: GIAC Python Coder (GPYC)
- SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection
- SEC586: Security Automation with PowerShell
- FOR578: Cyber Threat Intelligence
- Certification: GIAC Cyber Threat Intelligence (GCTI)
- Certification: GIAC Cyber Threat Intelligence (GCTI)
- SEC401: Security Essentials: Network, Endpoint, and Cloud
Cybersecurity Defense Infrastructure Support (OPM 521)
-
Work Role Definition:
Tests, implements, deploys, maintains, and administers the infrastructure hardware and software.
Recommended SANS Training & GIAC Certification- SEC401: Security Essentials: Network, Endpoint, and Cloud
- Certification: GIAC Security Essentials (GSEC)
- Certification: GIAC Security Essentials (GSEC)
- SEC450: Blue Team Fundamentals: Security Operations and Analysis
- Certification: GIAC Security Operations Certified (GSOC)
- Certification: GIAC Security Operations Certified (GSOC)
- SEC501: Advanced Security Essentials - Enterprise Defender
- Certification: GIAC Certified Enterprise Defender (GCED)
- Certification: GIAC Certified Enterprise Defender (GCED)
- SEC511: Continuous Monitoring and Security Operations
- Certification: GIAC Continuous Monitoring Certification (GMON)
- Certification: GIAC Continuous Monitoring Certification (GMON)
- SEC586: Security Automation with PowerShell
- SEC460: Enterprise and Cloud | Threat and Vulnerability Assessment
- Certification: GIAC Enterprise Vulnerability Assessor (GEVA)
- SEC401: Security Essentials: Network, Endpoint, and Cloud
Incident Response (CIR)
-
Work Role Definition:
Investigates, analyzes, and responds to cyber incidents within the network environment or enclave.
Recommended SANS Training & GIAC Certification- SEC504: Hacker Tools, Techniques, and Incident Handling
- Certification: GIAC Certified Incident Handler (GCIH)
- Certification: GIAC Certified Incident Handler (GCIH)
- FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
- Certification: GIAC Certified Forensic Analyst (GCFA)
- Certification: GIAC Certified Forensic Analyst (GCFA)
- FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
- Certification: GIAC Network Forensic Analyst (GNFA)
- Certification: GIAC Network Forensic Analyst (GNFA)
- FOR509: Enterprise Cloud Forensics and Incident Response
- Certification: GIAC Cloud Forensics Responder (GCFR)
- Certification: GIAC Cloud Forensics Responder (GCFR)
- FOR608: Enterprise-Class Incident Response & Threat Hunting
- FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
- Certification: GIAC Reverse Engineering Malware (GREM)
- Certification: GIAC Reverse Engineering Malware (GREM)
- FOR518: Mac and iOS Forensic Analysis and Incident Response
- Certification: GIAC iOS and macOS Examiner (GIME)
- Certification: GIAC iOS and macOS Examiner (GIME)
- FOR528: Ransomware for Incident Responders
- FOR578: Cyber Threat Intelligence
- Certification: GIAC Cyber Threat Intelligence (GCTI)
- Certification: GIAC Cyber Threat Intelligence (GCTI)
- FOR710: Reverse-Engineering Malware: Advanced Code Analysis
- ICS515: ICS Visibility, Detection, and Response
- Certification: GIAC Response and Industrial Defense (GRID)
- Certification: GIAC Response and Industrial Defense (GRID)
- SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection
- SEC586: Security Automation with PowerShell
- SEC504: Hacker Tools, Techniques, and Incident Handling
Vulnerability Assessment and Management (VAM)
-
Work Role Definition:
Performs assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities.
Recommended SANS Training & GIAC Certification
- SEC460: Enterprise and Cloud | Threat and Vulnerability Assessment
- Certification: GIAC Enterprise Vulnerability Assessor (GEVA)
- Certification: GIAC Enterprise Vulnerability Assessor (GEVA)
- SEC542: Web App Penetration Testing and Ethical Hacking
- Certification: GIAC Web Application Penetration Tester (GWAPT)
- Certification: GIAC Web Application Penetration Tester (GWAPT)
- SEC588: Cloud Penetration Testing
- Certification: GIAC Cloud Penetration Tester (GCPN)
- Certification: GIAC Cloud Penetration Tester (GCPN)
- SEC560: Enterprise Penetration Testing
- Certification: GIAC Penetration Tester (GPEN)
- Certification: GIAC Penetration Tester (GPEN)
- SEC556: IoT Penetration Testing
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
- Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- MGT516: Managing Security Vulnerabilities: Enterprise and Cloud
- SEC460: Enterprise and Cloud | Threat and Vulnerability Assessment
-
Work Role Definition:
This expert finds security vulnerabilities in target systems, networks, and applications in order to help enterprises improve their security. By identifying which flaws can be exploited to cause business risk, the pen tester provides crucial insights into the most pressing issues and suggests how to prioritize security resources
Recommended SANS Training & GIAC Certification
- SEC560: Enterprise Penetration Testing
- Certification: GIAC Penetration Tester (GPEN)
- Certification: GIAC Penetration Tester (GPEN)
- SEC542: Web App Penetration Testing and Ethical Hacking
- Certification: GIAC Web Application Penetration Tester (GWAPT)
- Certification: GIAC Web Application Penetration Tester (GWAPT)
- SEC556: IoT Penetration Testing
- SEC588: Cloud Penetration Testing
- Certification: GIAC Cloud Penetration Tester (GCPN)
- Certification: GIAC Cloud Penetration Tester (GCPN)
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
- Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- SEC467: Social Engineering for Security Professionals
- SEC560: Enterprise Penetration Testing
-
Work Role Definition:
A security expert who emulates how an adversary operates using TTPs (Tactics, Techniques & Procedures). The goal is to improve how resilient the organization is versus these adversary techniques in order to prevent, detect, and respond accordingly.
Recommended SANS Training & GIAC Certification
- SEC565: Red Team Operations and Adversary Emulation
- SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses
- Certification: GIAC Defending Advanced Threats (GDAT)
- Certification: GIAC Defending Advanced Threats (GDAT)
- SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection
- SEC670: Red Team Operations - Developing Custom Tools for Windows
- SEC504: Hacker Tools, Techniques, and Incident Handling
- Certification: GIAC Certified Incident Handler (GCIH)
- Certification: GIAC Certified Incident Handler (GCIH)
- SEC556: IoT Penetration Testing
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
- Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- SEC760: Advanced Exploit Development for Penetration Testers
- SEC565: Red Team Operations and Adversary Emulation