Cyber Operator

Conducts collection, processing, and/or geolocation of systems to exploit, locate, and/or track targets of interest. Performs network navigation, tactical forensic analysis, and, when directed, executes on-net operations.

Below are the Knowledge, Skills, Abilities and Tasks identified as being required to perform this work role.

Knowledge of computer networking concepts and protocols, and network security methodologies.
Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
K0003Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
K0004Knowledge of cybersecurity and privacy principles.
K0005Knowledge of cyber threats and vulnerabilities.
K0006Knowledge of specific operational impacts of cybersecurity lapses.
K0009Knowledge of application vulnerabilities.
K0021Knowledge of data backup and recovery.
K0051Knowledge of low-level computer languages (e.g., assembly languages).
K0109Knowledge of physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).
K0142Knowledge of collection management processes, capabilities, and limitations.
K0224Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems.
K0363Knowledge of auditing and logging procedures (including server-based logging).
K0372Knowledge of programming concepts (e.g., levels, structures, compiled vs. interpreted languages).
K0373Knowledge of basic software applications (e.g., data storage and backup, database applications) and the types of vulnerabilities that have been found in those applications.
K0375Knowledge of wireless applications vulnerabilities.
K0379Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc.
K0403Knowledge of cryptologic capabilities, limitations, and contributions to cyber operations.
K0406Knowledge of current software and methodologies for active defense and system hardening.
K0420Knowledge of database theory.
K0423Knowledge of deconfliction reporting to include external organization interaction.
K0427Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP).
K0428Knowledge of encryption algorithms and tools for wireless local area networks (WLANs).
K0429Knowledge of enterprise-wide information management.
K0430Knowledge of evasion strategies and techniques.
K0433Knowledge of forensic implications of operating system structure and operations.
K0438Knowledge of mobile cellular communications architecture (e.g., LTE, CDMA, GSM/EDGE and UMTS/HSPA).
K0440Knowledge of host-based security products and how those products affect exploitation and reduce vulnerability.
K0452Knowledge of implementing Unix and Windows systems that provide radius authentication and logging, DNS, mail, web service, FTP server, DHCP, firewall, and SNMP.
K0468Knowledge of internal and external partner reporting.
K0480Knowledge of malware.
K0481Knowledge of methods and techniques used to detect various exploitation activities.
K0485Knowledge of network administration.
K0486Knowledge of network construction and topology.
K0516Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.
K0528Knowledge of satellite-based communication systems.
K0530Knowledge of security hardware and software options, including the network artifacts they induce and their effects on exploitation.
K0531Knowledge of security implications of software configurations.
K0536Knowledge of structure, approach, and strategy of exploitation tools (e.g., sniffers, keyloggers) and techniques (e.g., gaining backdoor access, collecting/exfiltrating data, conducting vulnerability analysis of other systems in the network).
K0560Knowledge of the basic structure, architecture, and design of modern communication networks.
K0565Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.
K0573Knowledge of the fundamentals of digital forensics to extract actionable intelligence.
K0608Knowledge of Unix/Linux and Windows operating systems structures and internals (e.g., process management, directory structure, installed applications).
K0609Knowledge of virtual machine technologies.
S0062Skill in analyzing memory dumps to extract information.
S0095Skill in identifying common encoding techniques (e.g., Exclusive Disjunction [XOR], American Standard Code for Information Interchange [ASCII], Unicode, Base64, Uuencode, Uniform Resource Locator [URL] encode).
S0097Skill in applying security controls.
S0099WITHDRAWN: Skill in determining how a security system should work and how changes in conditions, operations, or the environment will affect these outcomes. (See S0027)
S0100Skill in utilizing or developing learning activities (e.g., scenarios, instructional games, interactive exercises).
S0182Skill in analyzing target communications internals and externals collected from wireless LANs.
S0183Skill in analyzing terminal or environment collection data.
S0190Skill in assessing current tools to identify needed improvements.
S0192Skill in auditing firewalls, perimeters, routers, and intrusion detection systems.
S0202Skill in data mining techniques (e.g., searching file systems) and analysis.
S0206Skill in determining installed patches on various operating systems and identifying patch signatures.
S0221Skill in extracting information from packet captures.
S0236Skill in identifying the devices that work at each level of protocol models.
S0242Skill in interpreting vulnerability scanner results to identify vulnerabilities.
S0243Skill in knowledge management, including technical documentation techniques (e.g., Wiki page).
S0252Skill in processing collected data for follow-on analysis.
S0255Skill in providing real-time, actionable geolocation information utilizing target infrastructures.
S0257Skill in reading, interpreting, writing, modifying, and executing simple scripts (e.g., PERL, VBS) on Windows and Unix systems (e.g., those that perform tasks like parsing large data files, automating manual tasks, and fetching/processing remote data).
S0266Skill in relevant programming languages (e.g., C++, Python, etc.).
S0267Skill in remote command line and Graphic User Interface (GUI) tool usage.
S0270Skill in reverse engineering (e.g., hex editing, binary packaging utilities, debugging, and strings analysis) to identify function and ownership of remote tools.
S0275Skill in server administration.
S0276Skill in survey, collection, and analysis of wireless LAN metadata.
S0281Skill in technical writing.
S0282Skill in testing and evaluating tools for implementation.
S0293Skill in using tools, techniques, and procedures to remotely exploit and establish persistence on a target.
S0295Skill in using various open source data collection tools (online trade, DNS, mail, etc.).
S0298Skill in verifying the integrity of all files. (e.g., checksums, Exclusive OR, secure hashes, check constraints, etc.).
S0299Skill in wireless network target analysis, templating, and geolocation.
S0363Skill to analyze and assess internal and external partner reporting.
T0566Analyze internal operational architecture, tools, and procedures for ways to improve performance.
T0567Analyze target operational architecture for ways to gain access.
T0598Collaborate with development organizations to create and deploy the tools needed to achieve objectives.
T0609Conduct access enabling of wireless computer and digital networks.
T0610Conduct collection and processing of wireless computer and digital networks.
T0612Conduct exploitation of wireless computer and digital networks.
T0616Conduct network scouting and vulnerability analyses of systems within a network.
T0618Conduct on-net activities to control and exfiltrate data from deployed technologies.
T0619Conduct on-net and off-net activities to control, and exfiltrate data from deployed, automated technologies.
T0620Conduct open source data collection via various online tools.
T0623Conduct survey of computer and digital networks.
T0643Deploy tools to a target and utilize them once deployed (e.g., backdoors, sniffers).
T0644Detect exploits against targeted networks and hosts and react accordingly.
T0664Develop new techniques for gaining and keeping access to target systems.
T0677Edit or execute simple scripts (e.g., Perl, VBScript) on Windows and UNIX systems.
T0696Exploit network devices, security devices, and/or terminals or environments using various methods or tools.
T0697Facilitate access enabling by physical and/or wireless means.
T0724Identify potential points of strength and vulnerability within a network.
T0740Maintain situational awareness and functionality of organic operational infrastructure.
T0756Operate and maintain automated systems for gaining and maintaining access to target systems.
T0768Conduct cyber activities to degrade/remove information resident in computers and computer networks.
T0774Process exfiltrated data for analysis and/or dissemination to customers.
T0796Provide real-time actionable geolocation information.
T0804Record information collection and/or environment preparation activities against targets during operations designed to achieve cyber effects.
T0828Test and evaluate locally developed tools for operational use.
T0829Test internal developed tools and techniques against target tools.