AN-TGT-002 Target Network Analyst

Performs highly-specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.

Applies current knowledge of one or more regions, countries, non-state entities, and/or technologies.

Conducts advanced analysis of collection and open-source data to ensure target continuity; to profile targets and their activities; and develop techniques to gain more target information. Determines how targets communicate, move, operate and live based on knowledge of target technologies, digital networks, and the applications on them.

Knowledges 45

Code Description Work Roles
K0001 Knowledge of computer networking concepts and protocols, and network security methodologies. 52
K0002 Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). 52
K0003 Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. 52
K0004 Knowledge of cybersecurity and privacy principles. 52
K0005 Knowledge of cyber threats and vulnerabilities. 52
K0006 Knowledge of specific operational impacts of cybersecurity lapses. 52
K0108 Knowledge of concepts, terminology, and operations of a wide range of communications media (computer and telephone networks, satellite, fiber, wireless). 11
K0109 Knowledge of physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage). 15
K0177 Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). 12
K0349 Knowledge of website types, administration, functions, and content management system (CMS). 8
K0362 Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.). 9
K0379 Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc. 7
K0389 Knowledge of collection sources including conventional and non-conventional sources. 1
K0392 Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.). 9
K0395 Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.). 10
K0403 Knowledge of cryptologic capabilities, limitations, and contributions to cyber operations. 5
K0413 Knowledge of cyber operation objectives, policies, and legalities. 3
K0424 Knowledge of denial and deception techniques. 1
K0431 Knowledge of evolving/emerging communications technologies. 11
K0436 Knowledge of fundamental cyber operations concepts, terminology/lexicon (i.e., environment preparation, cyber-attack, cyber defense), principles, capabilities, limitations, and effects. 8
K0439 Knowledge of governing authorities for targeting. 2
K0440 Knowledge of host-based security products and how those products affect exploitation and reduce vulnerability. 8
K0442 Knowledge of how converged technologies impact cyber operations (e.g., digital, telephony, wireless). 1
K0444 Knowledge of how Internet applications work (SMTP email, web-based email, chat clients, VOIP). 11
K0445 Knowledge of how modern digital and telephony networks impact cyber operations. 9
K0449 Knowledge of how to extract, analyze, and use metadata. 7
K0462 Knowledge of intelligence reporting principles, policies, procedures, and vehicles, including report formats, reportability criteria (requirements and priorities), dissemination practices, and legal authorities and restrictions. 2
K0471 Knowledge of Internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering). 9
K0472 Knowledge of intrusion detection systems and signature development. 1
K0473 Knowledge of intrusion sets. 3
K0479 Knowledge of malware analysis and characteristics. 2
K0483 Knowledge of methods to integrate and summarize information from any potential sources. 1
K0487 Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection). 4
K0499 Knowledge of operations security. 8
K0500 Knowledge of organization and/or partner collection systems, capabilities, and processes (e.g., collection and protocol processors). 1
K0516 Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc. 10
K0520 Knowledge of principles and practices related to target development such as target knowledge, associations, communication systems, and infrastructure. 2
K0544 Knowledge of target intelligence gathering and operational preparation techniques and life cycles. 2
K0547 Knowledge of target methods and procedures. 2
K0550 Knowledge of target, including related current events, communication profile, actors, and history (language, culture) and/or frame of reference. 2
K0559 Knowledge of the basic structure, architecture, and design of converged applications. 2
K0567 Knowledge of the data flow from collection origin to repositories and tools. 2
K0592 Knowledge of the purpose and contribution of target templates. 1
K0599 Knowledge of the structure, architecture, and design of modern digital and telephony networks. 5
K0600 Knowledge of the structure, architecture, and design of modern wireless communications systems. 2

Skills 36

Code Description Work Roles
S0177 Skill in analyzing a target's communication networks. 2
S0178 Skill in analyzing essential network data (e.g., router configuration files, routing protocols). 1
S0181 Skill in analyzing midpoint collection data. 1
S0183 Skill in analyzing terminal or environment collection data. 2
S0187 Skill in applying various analytical methods, tools, and techniques (e.g., competing hypotheses; chain of reasoning; scenario methods; denial and deception detection; high impact-low probability; network/association or link analysis; Bayesian, Delphi, and Pattern analyses). 3
S0191 Skill in assessing the applicability of available analytical tools to various situations. 1
S0194 Skill in conducting non-attributable research. 5
S0196 Skill in conducting research using deep web. 3
S0197 Skill in conducting social network analysis, buddy list analysis, and/or cookie analysis. 1
S0203 Skill in defining and characterizing all pertinent aspects of the operational environment. 6
S0205 Skill in determining appropriate targeting options through the evaluation of available capabilities against desired effects. 2
S0208 Skill in determining the physical location of network devices. 2
S0217 Skill in evaluating data sources for relevance, reliability, and objectivity. 2
S0219 Skill in evaluating information to recognize relevance, priority, etc. 1
S0220 Skill in exploiting/querying organizational and/or partner collection databases. 1
S0222 Skill in fusion analysis 2
S0225 Skill in identifying a target’s communications networks. 1
S0228 Skill in identifying critical target elements, to include critical target elements for the cyber domain. 4
S0229 Skill in identifying cyber threats which may jeopardize organization and/or partner interests. 5
S0231 Skill in identifying how a target communicates. 1
S0234 Skill in identifying leads for target development. 2
S0244 Skill in managing client relationships, including determining client needs/requirements, managing client expectations, and demonstrating commitment to delivering quality results. 3
S0246 Skill in number normalization. 1
S0248 Skill in performing target system analysis. 3
S0256 Skill in providing understanding of target or threat systems through the identification and link analysis of physical, functional, or behavioral relationships. 5
S0259 Skill in recognizing denial and deception techniques of the target. 2
S0261 Skill in recognizing relevance of information. 1
S0262 Skill in recognizing significant changes in a target’s communication patterns. 2
S0263 Skill in recognizing technical information that may be used for leads for metadata analysis. 1
S0268 Skill in researching essential information. 1
S0274 Skill in reviewing and editing target materials. 2
S0277 Skill in synthesizing, analyzing, and prioritizing meaning across data sets. 2
S0280 Skill in target network anomaly identification (e.g., intrusions, dataflow or processing, target implementation of new technologies). 2
S0287 Skill in using geospatial data and applying geospatial resources. 2
S0291 Skill in using research methods including multiple, different sources to reconstruct a target network. 1
S0301 Skill in writing about facts and ideas in a clear, convincing, and organized manner. 2

Abilities 14

Code Description Work Roles
A0013 Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means. 14
A0066 Ability to accurately and completely source all data used in intelligence, assessment and/or planning products. 12
A0073 Ability to clearly articulate intelligence requirements into well-formulated research questions and requests for information. 2
A0080 Ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists. 6
A0084 Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products. 7
A0085 Ability to exercise judgment when policies are not well-defined. 9
A0087 Ability to focus research efforts to meet the customer’s decision-making needs. 6
A0088 Ability to function effectively in a dynamic, fast-paced environment. 7
A0089 Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—to leverage analytical and technical expertise. 13
A0091 Ability to identify intelligence gaps. 6
A0101 Ability to recognize and mitigate cognitive biases which may affect analysis. 6
A0102 Ability to recognize and mitigate deception in reporting and analysis. 5
A0106 Ability to think critically. 9
A0109 Ability to utilize multiple intelligence sources across all intelligence disciplines. 6

Tasks 24

Code Description Work Roles
T0582 Provide expertise to course of action development. 5
T0595 Classify documents in accordance with classification guidelines. 1
T0599 Collaborate with other customer, Intelligence and targeting organizations involved in related cyber areas. 2
T0767 Perform content and/or metadata analysis to meet organization objectives. 1
T0606 Compile, integrate, and/or interpret all-source data for intelligence or vulnerability value with respect to specific targets. 2
T0607 Identify and conduct analysis of target communications to identify information essential to support operations. 1
T0617 Conduct nodal analysis. 5
T0621 Conduct quality control to determine validity and relevance of information gathered about networks. 1
T0624 Conduct target research and analysis. 3
T0650 Determine what technologies are used by a given target. 3
T0653 Apply analytic techniques to gain more target information. 1
T0692 Generate and evaluate the effectiveness of network analysis strategies. 1
T0706 Gather information about networks through traditional and alternative techniques, (e.g., social network analysis, call-chaining, traffic analysis.) 1
T0707 Generate requests for information. 5
T0710 Identify and evaluate threat critical capabilities, requirements, and vulnerabilities. 3
T0715 Identify collection gaps and potential collection strategies against targets. 2
T0722 Identify network components and their functionality to enable analysis and target development. 1
T0745 Make recommendations to guide collection in support of customer requirements. 2
T0765 Provide subject matter expertise to development of exercises. 1
T0778 Profile targets and their activities. 1
T0797 Provide target recommendations which meet leadership objectives. 4
T0802 Review appropriate information sources to determine validity and relevance of information gathered. 2
T0803 Reconstruct networks in diagram or report format. 1
T0807 Research communications trends in emerging technologies (in computer and telephony networks, satellite, cable, and wireless) in both open and classified sources. 1