Cyber Security Defense | Nice Framework

Cybersecurity Defense Analysis (CDA)

Cybersecurity Defense Analysis uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.

Work Role Definition
Uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purposes of mitigating threats.

Recommended SANS Training & GIAC Certification:
- SEC401: Security Essentials: Network, Endpoint, and Cloud
  - Certification: GIAC Security Essentials (GSEC)
- SEC450: Blue Team Fundamentals: Security Operations and Analysis
  - Certification: GIAC Security Operations Certified (GSOC)
- SEC504: Hacker Tools, Techniques, and Incident Handling
  - Certification: GIAC Certified Incident Handler (GCIH)
- SEC501: Advanced Security Essentials - Enterprise Defender
  - Certification: GIAC Certified Enterprise Defender (GCED)
- SEC503: Network Monitoring and Threat Detection In-Depth
  - Certification: GIAC Certified Intrusion Analyst (GCIA)
- SEC511: Continuous Monitoring and Security Operations
  - Certification: GIAC Continuous Monitoring Certification (GMON)
- SEC573: Automating Information Security with Python
  - Certification: GIAC Python Coder (GPYC)
- SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection
- SEC586: Security Automation with PowerShell
- FOR578: Cyber Threat Intelligence
  - Certification: GIAC Cyber Threat Intelligence (GCTI)

Cybersecurity Defense Infrastructure Support (OPM 521)

Cybersecurity Defense Infrastructure Support tests, implements, deploys, maintains, reviews, and administers the infrastructure hardware and software that are required to effectively manage the computer network defense service provider network and resources. Monitors network to actively remediate unauthorized activities.

Work Role Definition:

Tests, implements, deploys, maintains, and administers the infrastructure hardware and software.

Recommended SANS Training & GIAC Certification
- SEC401: Security Essentials: Network, Endpoint, and Cloud
  - Certification: GIAC Security Essentials (GSEC)
- SEC450: Blue Team Fundamentals: Security Operations and Analysis
  - Certification: GIAC Security Operations Certified (GSOC)
- SEC501: Advanced Security Essentials - Enterprise Defender
  - Certification: GIAC Certified Enterprise Defender (GCED)
- SEC511: Continuous Monitoring and Security Operations
  - Certification: GIAC Continuous Monitoring Certification (GMON)
- SEC586: Security Automation with PowerShell
- SEC460: Enterprise and Cloud | Threat and Vulnerability Assessment
  - Certification: GIAC Enterprise Vulnerability Assessor (GEVA)

Incident Response (CIR)

Incident Response responds to crises or urgent situations within the pertinent domain to mitigate immediate and potential threats. Uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of life, preservation of property, and information security. Investigates and analyzes all relevant response activities.

Work Role Definition:
Investigates, analyzes, and responds to cyber incidents within the network environment or enclave.

Recommended SANS Training & GIAC Certification
- SEC504: Hacker Tools, Techniques, and Incident Handling
  - Certification: GIAC Certified Incident Handler (GCIH)
- FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
  - Certification: GIAC Certified Forensic Analyst (GCFA)
- FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
  - Certification: GIAC Network Forensic Analyst (GNFA)
- FOR509: Enterprise Cloud Forensics and Incident Response
  - Certification: GIAC Cloud Forensics Responder (GCFR)
- FOR608: Enterprise-Class Incident Response & Threat Hunting
- FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
  - Certification: GIAC Reverse Engineering Malware (GREM)
- FOR518: Mac and iOS Forensic Analysis and Incident Response
  - Certification: GIAC iOS and macOS Examiner (GIME)
- FOR528: Ransomware for Incident Responders
- FOR578: Cyber Threat Intelligence
  - Certification: GIAC Cyber Threat Intelligence (GCTI)
- FOR710: Reverse-Engineering Malware: Advanced Code Analysis
- ICS515: ICS Visibility, Detection, and Response
  - Certification: GIAC Response and Industrial Defense (GRID)
- SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection
- SEC586: Security Automation with PowerShell

Vulnerability Assessment and Management (VAM)

Vulnerability Assessment and Management conducts assessments of threats and vulnerabilities; determines deviations from acceptable configurations, enterprise or local policy; assesses the level of risk; and develops and/or recommends appropriate mitigation countermeasures in operational and nonoperational situations.

Work Role Definition:

Performs assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities.

Recommended SANS Training & GIAC Certification
- SEC460: Enterprise and Cloud | Threat and Vulnerability Assessment
  - Certification: GIAC Enterprise Vulnerability Assessor (GEVA)
- SEC542: Web App Penetration Testing and Ethical Hacking
  - Certification: GIAC Web Application Penetration Tester (GWAPT)
- SEC588: Cloud Penetration Testing
  - Certification: GIAC Cloud Penetration Tester (GCPN)
- SEC560: Enterprise Penetration Testing
  - Certification: GIAC Penetration Tester (GPEN)
- SEC556: IoT Penetration Testing
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
  - Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- MGT516: Managing Security Vulnerabilities: Enterprise and Cloud
Work Role Definition:

This expert finds security vulnerabilities in target systems, networks, and applications in order to help enterprises improve their security. By identifying which flaws can be exploited to cause business risk, the pen tester provides crucial insights into the most pressing issues and suggests how to prioritize security resources

Recommended SANS Training & GIAC Certification
- SEC560: Enterprise Penetration Testing
  - Certification: GIAC Penetration Tester (GPEN)
- SEC542: Web App Penetration Testing and Ethical Hacking
  - Certification: GIAC Web Application Penetration Tester (GWAPT)
- SEC556: IoT Penetration Testing
- SEC588: Cloud Penetration Testing
  - Certification: GIAC Cloud Penetration Tester (GCPN)
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
  - Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- SEC467: Social Engineering for Security Professionals
Work Role Definition:

A security expert who emulates how an adversary operates using TTPs (Tactics, Techniques & Procedures). The goal is to improve how resilient the organization is versus these adversary techniques in order to prevent, detect, and respond accordingly.

Recommended SANS Training & GIAC Certification
- SEC565: Red Team Operations and Adversary Emulation
- SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses
  - Certification: GIAC Defending Advanced Threats (GDAT)
- SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection
- SEC670: Red Team Operations - Developing Custom Tools for Windows
- SEC504: Hacker Tools, Techniques, and Incident Handling
  - Certification: GIAC Certified Incident Handler (GCIH)
- SEC556: IoT Penetration Testing
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
  - Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- SEC760: Advanced Exploit Development for Penetration Testers

Train and Certify

Manage Your Team

Security Awareness

Resources

Get Involved

About

Protect and Defend

Cybersecurity Defense Analysis (CDA)

Cybersecurity Defense Infrastructure Support (OPM 521)

Incident Response (CIR)

Vulnerability Assessment and Management (VAM)