Cybersecurity Architecture (OPM Code 652)
Work Role Definition
Responsible for ensuring that security requirements are adequately addressed in all aspects of enterprise architecture, including reference models, segment and solution architectures, and the resulting systems that protect and support organizational mission and business processes.
Recommended SANS Training & GIAC Certification:- SEC488: Cloud Security Essentials | Certification: GIAC Cloud Security Essentials (GCLD)
- SEC511: Continuous Monitoring and Security Operations | Certification: GIAC Continuous Monitoring Certification (GMON)
- SEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise | Certification: GIAC Defensible Security Architecture (GDSA)
- SEC510: Public Cloud Security: AWS, Azure, and GCP | Certification: GIAC Public Cloud Security (GPCS)
Enterprise Architecture (OPM Code 651)
Work Role Definition
Responsible for developing and maintaining business, systems, and information processes to support enterprise mission needs. Develops technology rules and requirements that describe baseline and target architectures.
Recommended SANS Training & GIAC Certification:- SEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise | Certification: GIAC Defensible Security Architecture (GDSA)
- SEC510: Public Cloud Security: AWS, Azure, and GCP | Certification: GIAC Public Cloud Security (GPCS)
- SEC540: Cloud Security and DevSecOps Automation | Certification: GIAC Cloud Security Automation (GCSA)
Secure Software Development (OPM Code 632)
Work Role Definition
Responsible for developing, creating, modifying, and maintaining computer applications, software, or specialized utility programs.
Recommended SANS Training & GIAC Certification:- SEC540: Cloud Security and DevSecOps Automation | Certification: GIAC Cloud Security Automation (GCSA)
- SEC522: Application Security: Securing Web Apps, APIs, and Microservices | Certification: GIAC Certified Web Application Defender (GWEB)
- SEC542: Web App Penetration Testing and Ethical Hacking | Certification: GIAC Web Application Penetration Tester (GWAPT)
Secure Systems Development (OPM Code 631)
Work Role Definition
Responsible for the secure design, development, and testing of systems and the evaluation of system security throughout the systems development life cycle.
Recommended SANS Training & GIAC Certification:
- SEC540: Cloud Security and DevSecOps Automation | Certification: GIAC Cloud Security Automation (GCSA)
- SEC522: Application Security: Securing Web Apps, APIs, and Microservices | Certification: GIAC Certified Web Application Defender (GWEB)
- SEC542: Web App Penetration Testing and Ethical Hacking | Certification: GIAC Web Application Penetration Tester (GWAPT)
- SEC510: Public Cloud Security: AWS, Azure, and GCP | Certification: GIAC Public Cloud Security (GPCS)
Software Security Assessment (OPM Code 622)
Work Role Definition
Responsible for analyzing the security of new or existing computer applications, software, or specialized utility programs and delivering actionable results.
Recommended SANS Training & GIAC Certification:
- SEC510: Public Cloud Security: AWS, Azure, and GCP | Certification: GIAC Public Cloud Security (GPCS)
- SEC522: Application Security: Securing Web Apps, APIs, and Microservices | Certification: GIAC Certified Web Application Defender (GWEB)
- SEC542: Web App Penetration Testing and Ethical Hacking | Certification: GIAC Web Application Penetration Tester (GWAPT)
Systems Requirement Planning (OPM Code 641)
Work Role Definition
Responsible for consulting with internal and external customers to evaluate and translate functional requirements and integrating security policies into technical solutions.
Recommended SANS Training & GIA:
- LDR512: Security Leadership Essentials for Managers | Certification: GIAC Security Leadership (GSLC)
- SEC540: Cloud Security and DevSecOps Automation | Certification: GIAC Cloud Security Automation (GCSA)
- SEC522: Application Security: Securing Web Apps, APIs, and Microservices | Certification: GIAC Certified Web Application Defender (GWEB)
- SEC510: Public Cloud Security: AWS, Azure, and GCP | Certification: GIAC Public Cloud Security (GPCS)
- SEC673: Advanced Information Security Automation with Python
Systems Testing and Evaluation (OPM Code 671)
Work Role Definition
Responsible for planning, preparing, and executing system tests; evaluating test results against specifications and requirements; and reporting test results and findings.
Recommended SANS Training & GIA:
- SEC460: Enterprise and Cloud | Threat and Vulnerability Assessment | Certification: GIAC Enterprise Vulnerability Assessor (GEVA)
- SEC568: Combating Supple Chain Attacks with Product Security Testing
- SEC560: Enterprise Penetration Testing | Certification: GIAC Penetration Tester (GPEN)
- SEC542: Web App Penetration Testing and Ethical Hacking | Certification: GIAC Web Application Penetration Tester (GWAPT)
- SEC556: IoT Penetration Testing
- SEC598: Security Automation for Offense, Defense and Cloud
- AUD507: Auditing Systems, Applications, and the Cloud | Certification: GIAC Systems and Network Auditor (GSNA)
- SEC402: Cybersecurity Writing: Hack the Reader
- SEC403: Secrets to Successful Cybersecurity Presentation
Technology Research and Development (OPM Code 422)
Work Role Definition
Examines data from multiple disparate sources with the goal of providing new insight. Designs and implements custom algorithms, flow processes and layouts for complex, enterprise-scale data sets used for modeling, data mining, and research purposes.
Recommended SANS Training & GIAC Certification:
- SEC401: Security Essentials: Network, Endpoint, and Cloud | Certification: GIAC Security Essentials (GSEC)
- SEC573: Automating Information Security with Python | Certification: GIAC Python Coder (GPYC)
- FOR578: Cyber Threat Intelligence | Certification: GIAC Cyber Threat Intelligence (GCTI)
- SEC595: AI, Applied Data Science, and Machine Learning for Cybersecurity Professionals | Certification: GIAC Machine Learning Engineer (GMLE)
- SEC598: Security Automation for Offense, Defense, and Cloud
- SEC673: Advanced Information Security Automation with Python
