Cybersecurity Defense Analysis (CDA)
Cybersecurity Defense Analysis uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.
Cyber Defense Analyst (OPM 511)
Work Role DefinitionUses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purposes of mitigating threats.
Recommended SANS Training & GIAC Certification:- SEC401: Security Essentials: Network, Endpoint, and Cloud
- Certification: GIAC Security Essentials (GSEC)
- Certification: GIAC Security Essentials (GSEC)
- SEC450: Blue Team Fundamentals: Security Operations and Analysis
- Certification: GIAC Security Operations Certified (GSOC)
- Certification: GIAC Security Operations Certified (GSOC)
- SEC504: Hacker Tools, Techniques, and Incident Handling
- SEC501: Advanced Security Essentials - Enterprise Defender
- Certification: GIAC Certified Enterprise Defender (GCED)
- Certification: GIAC Certified Enterprise Defender (GCED)
- SEC503: Network Monitoring and Threat Detection In-Depth
- Certification: GIAC Certified Intrusion Analyst (GCIA)
- Certification: GIAC Certified Intrusion Analyst (GCIA)
- SEC511: Continuous Monitoring and Security Operations
- Certification: GIAC Continuous Monitoring Certification (GMON)
- Certification: GIAC Continuous Monitoring Certification (GMON)
- SEC573: Automating Information Security with Python
- Certification: GIAC Python Coder (GPYC)
- Certification: GIAC Python Coder (GPYC)
- SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection
- SEC586: Security Automation with PowerShell
- FOR578: Cyber Threat Intelligence
- Certification: GIAC Cyber Threat Intelligence (GCTI)
- Certification: GIAC Cyber Threat Intelligence (GCTI)
- SEC401: Security Essentials: Network, Endpoint, and Cloud
Cybersecurity Defense Infrastructure Support (OPM 521)
Cybersecurity Defense Infrastructure Support tests, implements, deploys, maintains, reviews, and administers the infrastructure hardware and software that are required to effectively manage the computer network defense service provider network and resources. Monitors network to actively remediate unauthorized activities.
Cyber Defense Infrastructure Support Specialist
Work Role Definition:
Tests, implements, deploys, maintains, and administers the infrastructure hardware and software.
Recommended SANS Training & GIAC Certification- SEC401: Security Essentials: Network, Endpoint, and Cloud
- Certification: GIAC Security Essentials (GSEC)
- Certification: GIAC Security Essentials (GSEC)
- SEC450: Blue Team Fundamentals: Security Operations and Analysis
- Certification: GIAC Security Operations Certified (GSOC)
- Certification: GIAC Security Operations Certified (GSOC)
- SEC501: Advanced Security Essentials - Enterprise Defender
- Certification: GIAC Certified Enterprise Defender (GCED)
- Certification: GIAC Certified Enterprise Defender (GCED)
- SEC511: Continuous Monitoring and Security Operations
- Certification: GIAC Continuous Monitoring Certification (GMON)
- Certification: GIAC Continuous Monitoring Certification (GMON)
- SEC586: Security Automation with PowerShell
- SEC460: Enterprise and Cloud | Threat and Vulnerability Assessment
- Certification: GIAC Enterprise Vulnerability Assessor (GEVA)
- SEC401: Security Essentials: Network, Endpoint, and Cloud
Incident Response (CIR)
Incident Response responds to crises or urgent situations within the pertinent domain to mitigate immediate and potential threats. Uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of life, preservation of property, and information security. Investigates and analyzes all relevant response activities.
Cyber Defense Incident Responder
Work Role Definition:
Investigates, analyzes, and responds to cyber incidents within the network environment or enclave.
Recommended SANS Training & GIAC Certification- SEC504: Hacker Tools, Techniques, and Incident Handling
- Certification: GIAC Certified Incident Handler (GCIH)
- Certification: GIAC Certified Incident Handler (GCIH)
- FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
- Certification: GIAC Certified Forensic Analyst (GCFA)
- Certification: GIAC Certified Forensic Analyst (GCFA)
- FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
- Certification: GIAC Network Forensic Analyst (GNFA)
- Certification: GIAC Network Forensic Analyst (GNFA)
- FOR509: Enterprise Cloud Forensics and Incident Response
- Certification: GIAC Cloud Forensics Responder (GCFR)
- Certification: GIAC Cloud Forensics Responder (GCFR)
- FOR608: Enterprise-Class Incident Response & Threat Hunting
- FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
- Certification: GIAC Reverse Engineering Malware (GREM)
- Certification: GIAC Reverse Engineering Malware (GREM)
- FOR518: Mac and iOS Forensic Analysis and Incident Response
- Certification: GIAC iOS and macOS Examiner (GIME)
- Certification: GIAC iOS and macOS Examiner (GIME)
- FOR528: Ransomware for Incident Responders
- FOR578: Cyber Threat Intelligence
- Certification: GIAC Cyber Threat Intelligence (GCTI)
- Certification: GIAC Cyber Threat Intelligence (GCTI)
- FOR710: Reverse-Engineering Malware: Advanced Code Analysis
- ICS515: ICS Visibility, Detection, and Response
- Certification: GIAC Response and Industrial Defense (GRID)
- Certification: GIAC Response and Industrial Defense (GRID)
- SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection
- SEC586: Security Automation with PowerShell
- SEC504: Hacker Tools, Techniques, and Incident Handling
Vulnerability Assessment and Management (VAM)
Vulnerability Assessment and Management conducts assessments of threats and vulnerabilities; determines deviations from acceptable configurations, enterprise or local policy; assesses the level of risk; and develops and/or recommends appropriate mitigation countermeasures in operational and nonoperational situations.
Vulnerability Analyst (OPM 541)
Work Role Definition:
Performs assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities.
Recommended SANS Training & GIAC Certification
- SEC460: Enterprise and Cloud | Threat and Vulnerability Assessment
- Certification: GIAC Enterprise Vulnerability Assessor (GEVA)
- Certification: GIAC Enterprise Vulnerability Assessor (GEVA)
- SEC542: Web App Penetration Testing and Ethical Hacking
- Certification: GIAC Web Application Penetration Tester (GWAPT)
- Certification: GIAC Web Application Penetration Tester (GWAPT)
- SEC588: Cloud Penetration Testing
- Certification: GIAC Cloud Penetration Tester (GCPN)
- Certification: GIAC Cloud Penetration Tester (GCPN)
- SEC560: Enterprise Penetration Testing
- Certification: GIAC Penetration Tester (GPEN)
- Certification: GIAC Penetration Tester (GPEN)
- SEC556: IoT Penetration Testing
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
- Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- MGT516: Managing Security Vulnerabilities: Enterprise and Cloud
- SEC460: Enterprise and Cloud | Threat and Vulnerability Assessment
Pen Tester (OPM 541)
Work Role Definition:
This expert finds security vulnerabilities in target systems, networks, and applications in order to help enterprises improve their security. By identifying which flaws can be exploited to cause business risk, the pen tester provides crucial insights into the most pressing issues and suggests how to prioritize security resources
Recommended SANS Training & GIAC Certification
- SEC560: Enterprise Penetration Testing
- Certification: GIAC Penetration Tester (GPEN)
- Certification: GIAC Penetration Tester (GPEN)
- SEC542: Web App Penetration Testing and Ethical Hacking
- Certification: GIAC Web Application Penetration Tester (GWAPT)
- Certification: GIAC Web Application Penetration Tester (GWAPT)
- SEC556: IoT Penetration Testing
- SEC588: Cloud Penetration Testing
- Certification: GIAC Cloud Penetration Tester (GCPN)
- Certification: GIAC Cloud Penetration Tester (GCPN)
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
- Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- SEC467: Social Engineering for Security Professionals
- SEC560: Enterprise Penetration Testing
Adversary Emulation Specialist / Red Teamer (OPM 541)
Work Role Definition:
A security expert who emulates how an adversary operates using TTPs (Tactics, Techniques & Procedures). The goal is to improve how resilient the organization is versus these adversary techniques in order to prevent, detect, and respond accordingly.
Recommended SANS Training & GIAC Certification
- SEC565: Red Team Operations and Adversary Emulation
- SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses
- Certification: GIAC Defending Advanced Threats (GDAT)
- Certification: GIAC Defending Advanced Threats (GDAT)
- SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection
- SEC670: Red Team Operations - Developing Custom Tools for Windows
- SEC504: Hacker Tools, Techniques, and Incident Handling
- Certification: GIAC Certified Incident Handler (GCIH)
- Certification: GIAC Certified Incident Handler (GCIH)
- SEC556: IoT Penetration Testing
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
- Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- SEC760: Advanced Exploit Development for Penetration Testers
- SEC565: Red Team Operations and Adversary Emulation