Cyber Operations (OPM Code 321)
Work Role Definition
Responsible for gathering evidence on criminal or foreign intelligence entities to mitigate and protect against possible or real-time threats. Conducts collection, processing, and geolocation of systems to exploit, locate, and track targets. Performs network navigation and tactical forensic analysis and executes on-net operations when directed.
Recommended SANS Training & GIAC Certification:
- FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics | Certification: GIAC Certified Forensic Analyst (GCFA)
- FOR528: Ransomware for Incident Responders
- FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response | Certification: GIAC Network Forensic Analyst (GNFA)
- FOR578: Cyber Threat Intelligence | Certification: GIAC Cyber Threat Intelligence (GCTI)
- SEC497: Practical Open Source Intelligence | Certification: GIAC Open Source Intelligence (GOSI)
- SEC560: Enterprise Penetration Testing | Certification: GIAC Penetration Tester (GPEN)
- SEC565: Red Team Operations and Adversary Emulation | Certification: GIAC Red Team Professional (GRTP)
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking | Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- SEC556: IoT Penetration Testing
- SEC467: Social Engineering for Security Professionals
- SEC573: Automating Information Security with Python | Certification: GIAC Python Coder (GPYC)
- FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics | Certification: GIAC Certified Forensic Analyst (GCFA)
Cyber Operations Planning (OPM Code 332)
Work Role Definition
Responsible for developing cybersecurity operations plans; participating in targeting selection, validation, and synchronization; and enabling integration during the execution of cyber actions.
Recommended SANS Training & GIAC Certification:
- SEC565: Red Team Operations and Adversary Emulation | Certification: GIAC Red Team Professional (GRTP)
- SEC560: Enterprise Penetration Testing | Certification: GIAC Penetration Tester (GPEN)
- SEC542: Web App Penetration Testing and Ethical Hacking | Certification: GIAC Web Application Penetration Tester (GWAPT)
- SEC588: Cloud Penetration Testing | Certification: GIAC Cloud Penetration Tester (GCPN)
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking | Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection
- SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses | Certification: GIAC Defending Advanced Threats (GDAT)
- SEC467: Social Engineering for Security Professionals
- SEC556: IoT Penetration Testing
- SEC565: Red Team Operations and Adversary Emulation | Certification: GIAC Red Team Professional (GRTP)
Exploitation Analysis (OPM Code 121)
Work Role Definition
Responsible for identifying access and intelligence collection gaps that can be satisfied through cyber collection and/or preparation activities. Leverages all authorized resources and analytic techniques to penetrate targeted networks.
Recommended SANS Training & GIAC Certification:
- SEC560: Enterprise Penetration Testing | Certification: GIAC Penetration Tester (GPEN)
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking | Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- SEC760: Advanced Exploit Development for Penetration Testers
- SEC661: ARM Exploit Development
- SEC542: Web App Penetration Testing and Ethical Hacking | Certification: GIAC Web Application Penetration Tester (GWAPT)
- SEC560: Enterprise Penetration Testing | Certification: GIAC Penetration Tester (GPEN)
Mission Assessment (OPM Code 112)
Work Role Definition
Responsible for developing assessment plans and performance measures; conducting strategic and operational effectiveness assessments for cyber events; determining whether systems perform as expected; and providing input to the determination of operational effectiveness.
Recommended SANS Training & GIAC Certification:
Partner Integration Planning (OPM Code 333)
Work Role Definition
Responsible for advancing cooperation across organizational or national borders between cyber operations partners. Provides guidance, resources, and collaboration to develop best practices and facilitate organizational support for achieving objectives in integrated cyber actions.
Recommended SANS Training & GIAC Certification:
SEC565: Red Team Operations and Adversary Emulation | Certification: GIAC Red Team Professional (GRTP)
SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection
SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses | Certification: GIAC Defending Advanced Threats (GDAT)
FOR578: Cyber Threat Intelligence | Certification: GIAC Cyber Threat Intelligence (GCTI)
Target Analysis (OPM Code 131)
Work Role Definition
Responsible for conducting target development at the system, component, and entity levels. Builds and maintains electronic target folders to include inputs from environment preparation and/or internal or external intelligence sources. Coordinates with partner target working groups and intelligence community members, and presents candidate targets for vetting and validation. Assesses and reports on damage resulting from the application of military force and coordinates federal support as required.
Recommended SANS Training & GIAC Certification:
- FOR578: Cyber Threat Intelligence | Certification: GIAC Cyber Threat Intelligence (GCTI)
- SEC560: Enterprise Penetration Testing | Certification: GIAC Penetration Tester (GPEN)
- SEC542: Web App Penetration Testing and Ethical Hacking | Certification: GIAC Web Application Penetration Tester (GWAPT)
- SEC565: Red Team Operations and Adversary Emulation | Certification: GIAC Red Team Professional (GRTP)
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking | Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- SEC760: Advanced Exploit Development for Penetration Testers
- SEC661: ARM Exploit Development
- SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses | Certification: GIAC Defending Advanced Threats (GDAT)
- SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection
- FOR578: Cyber Threat Intelligence | Certification: GIAC Cyber Threat Intelligence (GCTI)
Target Network Analysis (OPM Code 132)
Work Role Definition
Responsible for conducting advanced analysis of collection and open-source data to ensure target continuity; profiling targets and their activities; and developing techniques to gain target information. Determines how targets communicate, move, operate, and live based on knowledge of target technologies, digital networks, and applications.
Recommended SANS Training & GIAC Certification:
- SEC497: Practical Open Source Intelligence | Certification: GIAC Open Source Intelligence (GOSI)
- SEC560: Enterprise Penetration Testing | Certification: GIAC Penetration Tester (GPEN)
- SEC565: Red Team Operations and Adversary Emulation | Certification: GIAC Red Team Professional (GRTP)
- SEC760: Advanced Exploit Development for Penetration Testers
- SEC497: Practical Open Source Intelligence | Certification: GIAC Open Source Intelligence (GOSI)
