Communications Security (COMSEC) Management (OPM Code 723)
Work Role Definition
Responsible for managing the Communications Security (COMSEC) resources of an organization.
Recommended SANS Training & GIAC Certification:
Cybersecurity Policy and Planning (OPM Code 752)
Work Role Definition
Responsible for developing and maintaining cybersecurity plans, strategy, and policy to support and align with organizational cybersecurity initiatives and regulatory compliance.
Recommended SANS Training & GIAC Certification:
Cybersecurity Workforce Management (OPM Code 751)
Work Role Definition
Responsible for developing cybersecurity workforce plans, assessments, strategies, and guidance, including cybersecurity-related staff training, education, and hiring processes. Makes adjustments in response to or in anticipation of changes to cybersecurity-related policy, technology, and staffing needs and requirements. Authors mandated workforce planning strategies to maintain compliance with legislation, regulation, and policy.
Recommended SANS Training & GIAC Certification:
- LDR512: Security Leadership Essentials for Managers | Certification: GIAC Security Leadership (GSLC)
- LDR514: Security Strategic Planning, Policy, and Leadership | Certification: GIAC Strategic Planning, Policy, and Leadership (GSTRT)
- LDR521: Security Culture for Leaders
- LDR553: Cyber Incident Management
- LDR512: Security Leadership Essentials for Managers | Certification: GIAC Security Leadership (GSLC)
Cybersecurity Curriculum Development (OPM Code 711)
Work Role Definition
Responsible for developing, planning, coordinating, and evaluating cybersecurity awareness, training, or education content, methods, and techniques based on instructional needs and requirements.
Recommended SANS Training & GIAC Certification:
- SEC401: Security Essentials: Network, Endpoint, and Cloud | Certification: GIAC Security Essentials (GSEC)
- LDR433: Managing Human Risk | Certification: SANS Security Awareness Professional (SSAP)
- LDR521: Security Culture for Leaders
- SEC504: Hacker Tools, Techniques, and Incident Handling | Certification: GIAC Certified Incident Handler (GCIH)
- SEC401: Security Essentials: Network, Endpoint, and Cloud | Certification: GIAC Security Essentials (GSEC)
Cybersecurity Instruction (OPM Code 712)
Work Role Definition
Responsible for developing and conducting cybersecurity awareness, training, or education.
Recommended SANS Training & GIAC Certification:
- SEC401: Security Essentials: Network, Endpoint, and Cloud | Certification: GIAC Security Essentials (GSEC)
- SEC504: Hacker Tools, Techniques, and Incident Handling | Certification: GIAC Certified Incident Handler (GCIH)
- SEC501: Advanced Security Essentials - Enterprise Defender | Certification: GIAC Certified Enterprise Defender (GCED)
- SEC402: Cybersecurity Writing: Hack the Reader
- SEC403: Secrets to Successful Cybersecurity Presentation
- SEC401: Security Essentials: Network, Endpoint, and Cloud | Certification: GIAC Security Essentials (GSEC)
Cybersecurity Legal Advice (OPM Code 731)
Work Role Definition
Responsible for providing cybersecurity legal advice and recommendations, including monitoring related legislation and regulations.
Recommended SANS Training & GIAC Certification:
Executive Cybersecurity Leadership (OPM Code 901)
Work Role Definition
Responsible for establishing vision and direction for an organization's cybersecurity operations and resources and their impact on digital and physical spaces. Possesses authority to make and execute decisions that impact an organization broadly, including policy approval and stakeholder engagement.
Recommended SANS Training & GIAC Certification:
- LDR419: Performing a Cyber Risk Assessment
- LDR512: Security Leadership Essentials for Managers | Certification: GIAC Security Leadership (GSLC)
- LDR514: Security Strategic Planning, Policy, and Leadership | Certification: GIAC Strategic Planning, Policy, and Leadership (GSTRT)
- LDR521: Security Culture for Leaders
- LDR553: Cyber Incident Management
- LDR419: Performing a Cyber Risk Assessment
- LDR419: Performing a Cyber Risk Assessment
Privacy Compliance (OPM Code 732)
Work Role Definition
Responsible for developing and overseeing an organization’s privacy compliance program and staff, including establishing and managing privacy-related governance, policy, and incident response needs.
Recommended SANS Training & GIAC Certification:
- SEC301: Introduction to Cyber Security | Certification: GIAC Information Security Fundamentals (GISF)
- LDR512: Security Leadership Essentials for Managers | Certification: GIAC Security Leadership (GSLC)
- ICS456: Essentials for NERC Critical Infrastructure Protection | Certification: GIAC Critical Infrastructure Protection (GCIP)
- SEC504: Hacker Tools, Techniques, and Incident Handling | Certification: GIAC Certified Incident Handler (GCIH)
- SEC301: Introduction to Cyber Security | Certification: GIAC Information Security Fundamentals (GISF)
Product Support Management (OPM Code 803)
Work Role Definition
Responsible for planning, estimating costs, budgeting, developing, implementing, and managing product support strategies in order to field and maintain the readiness and operational capability of systems and components.
Recommended SANS Training & GIAC Certification:
Program Management (OPM Code 801)
Work Role Definition
Responsible for leading, coordinating, and the overall success of a defined program. Includes communicating about the program and ensuring alignment with agency or organizational priorities.
Recommended SANS Training & GIAC Certification:
- LDR512: Security Leadership Essentials for Managers | Certification: GIAC Security Leadership (GSLC)
- LDR514: Security Strategic Planning, Policy, and Leadership | Certification: GIAC Strategic Planning, Policy, and Leadership (GSTRT)
- LDR520: Cloud Security for Leaders
- LDR521: Security Culture for Leaders
- LDR512: Security Leadership Essentials for Managers | Certification: GIAC Security Leadership (GSLC)
Secure Project Management (OPM Code 802)
Work Role Definition
Responsible for overseeing and directly managing technology projects. Ensures cybersecurity is built into projects to protect the organization’s critical infrastructure and assets, reduce risk, and meet organizational goals. Tracks and communicates project status and demonstrates project value to the organization.
Recommended SANS Training & GIAC Certification:
- LDR512: Security Leadership Essentials for Managers | Certification: GIAC Security Leadership (GSLC)
- LDR525: Managing Cybersecurity Initiatives and Effective Communication | Certification: GIAC Certified Project Manager (GCPM)
- LDR514: Security Strategic Planning, Policy, and Leadership | Certification: GIAC Strategic Planning, Policy, and Leadership (GSTRT)
- LDR520: Cloud Security for Leaders
- LDR521: Security Culture for Leaders
- LDR512: Security Leadership Essentials for Managers | Certification: GIAC Security Leadership (GSLC)
Security Control Assessment (OPM Code 612)
Work Role Definition
Responsible for conducting independent comprehensive assessments of management, operational, and technical security controls and control enhancements employed within or inherited by a system to determine their overall effectiveness.
Recommended SANS Training & GIAC Certification:
- SEC460: Enterprise and Cloud | Threat and Vulnerability Assessment | Certification: GIAC Enterprise Vulnerability Assessor (GEVA)
- AUD507: Auditing Systems, Applications, and the Cloud | Certification: GIAC Systems and Network Auditor (GSNA)
- SEC560: Enterprise Penetration Testing | Certification: GIAC Penetration Tester (GPEN)
- SEC542: Web App Penetration Testing and Ethical Hacking | Certification: GIAC Web Application Penetration Tester (GWAPT)
- SEC588: Cloud Penetration Testing | Certification: GIAC Cloud Penetration Tester (GCPN)
- SEC401: Security Essentials - Network, Endpoint, and Cloud | Certification: GIAC Security Essentials (GSEC)
- SEC510: Public Cloud Security: AWS, Azure, and GCP | Certification: GIAC Public Cloud Security (GPCS)
- SEC566: Implementing and Auditing Security Frameworks and Controls | Certification: GIAC Critical Controls Certification (GCCC)
- LDR516: Managing Security Vulnerabilities: Enterprise and Cloud
- SEC460: Enterprise and Cloud | Threat and Vulnerability Assessment | Certification: GIAC Enterprise Vulnerability Assessor (GEVA)
Systems Authorization (OPM Code 611)
Work Role Definition
Responsible for managing the cybersecurity of a program, organization, system, or enclave.
Recommended SANS Training & GIAC Certification:
- SEC301: Introduction to Cyber Security | Certification: GIAC Information Security Fundamentals (GISF)
- LDR512: Security Leadership Essentials for Managers | Certification: GIAC Security Leadership (GSLC)
- LDR415: A Practical Introduction to Cyber Security Risk Management
- SEC402: Cybersecurity Writing: Hack the Reader
- SEC403: Secrets to Successful Cybersecurity Presentation
- SEC301: Introduction to Cyber Security | Certification: GIAC Information Security Fundamentals (GISF)
Systems Security Management (OPM Code 722)
Work Role Definition
Responsible for managing the cybersecurity of a program, organization, system, or enclave.
Recommended SANS Training & GIAC Certification:
- LDR419: Performing a Cyber Risk Assessment
- LDR512: Security Leadership Essentials for Managers | Certification: GIAC Security Leadership (GSLC)
- LDR514: Security Strategic Planning, Policy, and Leadership | Certification: GIAC Strategic Planning, Policy, and Leadership (GSTRT)
- LDR520: Cloud Security for Leaders
- LDR521: Security Culture for Leaders
- LDR553: Cyber Incident Management
- LDR551: Building and Leading Security Operations Centers | Certification: GIAC Security Operations Manager (GSOM)
- SEC504: Hacker Tools, Techniques, and Incident Handling | Certification: GIAC Certified Incident Handler (GCIH)
- SEC488: Cloud Security Essentials | Certification: GIAC Cloud Security Essentials (GCLD)
Technology Portfolio Management (OPM Code 804)
Work Role Definition
Manages a portfolio of IT capabilities that align with the overall needs of mission and business enterprise priorities.
Recommended SANS Training & GIAC Certification:
- LDR512: Security Leadership Essentials for Managers | Certification: GIAC Security Leadership (GSLC)
- SEC401: Security Essentials: Network, Endpoint, and Cloud | Certification: GIAC Security Essentials (GSEC)
- SEC504: Hacker Tools, Techniques, and Incident Handling | Certification: GIAC Certified Incident Handler (GCIH)
- LDR512: Security Leadership Essentials for Managers | Certification: GIAC Security Leadership (GSLC)
Technology Program Auditing (OPM Code 805)
Work Role Definition
Responsible for conducting evaluations of technology programs or their individual components to determine compliance with published standards.
Recommended SANS Training & GIAC Certification:
- AUD507: Auditing Systems, Applications, and the Cloud | Certification: GIAC Systems and Network Auditor (GSNA)
- SEC460: Enterprise and Cloud | Threat and Vulnerability Assessment | Certification: GIAC Enterprise Vulnerability Assessor (GEVA)
- SEC402: Cybersecurity Writing: Hack the Reader
- SEC403: Secrets to Successful Cybersecurity Presentation
- AUD507: Auditing Systems, Applications, and the Cloud | Certification: GIAC Systems and Network Auditor (GSNA)
