CO-OPS-001 Cyber Operator

Provides specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence.

Performs activities to gather evidence on criminal or foreign intelligence entities to mitigate possible or real-time threats, protect against espionage or insider threats, foreign sabotage, international terrorist activities, or to support other intelligence activities.

Conducts collection, processing, and/or geolocation of systems to exploit, locate, and/or track targets of interest. Performs network navigation, tactical forensic analysis, and, when directed, executes on-net operations.

Knowledges 44

Code Description Work Roles
K0001 Knowledge of computer networking concepts and protocols, and network security methodologies. 52
K0002 Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). 52
K0003 Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. 52
K0004 Knowledge of cybersecurity and privacy principles. 52
K0005 Knowledge of cyber threats and vulnerabilities. 52
K0006 Knowledge of specific operational impacts of cybersecurity lapses. 52
K0009 Knowledge of application vulnerabilities. 6
K0021 Knowledge of data backup and recovery. 9
K0051 Knowledge of low-level computer languages (e.g., assembly languages). 4
K0109 Knowledge of physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage). 15
K0142 Knowledge of collection management processes, capabilities, and limitations. 4
K0224 Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems. 5
K0363 Knowledge of auditing and logging procedures (including server-based logging). 1
K0372 Knowledge of programming concepts (e.g., levels, structures, compiled vs. interpreted languages). 1
K0373 Knowledge of basic software applications (e.g., data storage and backup, database applications) and the types of vulnerabilities that have been found in those applications. 1
K0375 Knowledge of wireless applications vulnerabilities. 1
K0379 Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc. 7
K0403 Knowledge of cryptologic capabilities, limitations, and contributions to cyber operations. 5
K0406 Knowledge of current software and methodologies for active defense and system hardening. 1
K0420 Knowledge of database theory. 4
K0423 Knowledge of deconfliction reporting to include external organization interaction. 1
K0428 Knowledge of encryption algorithms and tools for wireless local area networks (WLANs). 1
K0427 Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP). 8
K0429 Knowledge of enterprise-wide information management. 1
K0430 Knowledge of evasion strategies and techniques. 2
K0433 Knowledge of forensic implications of operating system structure and operations. 1
K0438 Knowledge of mobile cellular communications architecture (e.g., LTE, CDMA, GSM/EDGE and UMTS/HSPA). 1
K0440 Knowledge of host-based security products and how those products affect exploitation and reduce vulnerability. 8
K0452 Knowledge of implementing Unix and Windows systems that provide radius authentication and logging, DNS, mail, web service, FTP server, DHCP, firewall, and SNMP. 1
K0468 Knowledge of internal and external partner reporting. 1
K0481 Knowledge of methods and techniques used to detect various exploitation activities. 1
K0485 Knowledge of network administration. 1
K0486 Knowledge of network construction and topology. 1
K0480 Knowledge of malware. 8
K0516 Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc. 10
K0528 Knowledge of satellite-based communication systems. 1
K0530 Knowledge of security hardware and software options, including the network artifacts they induce and their effects on exploitation. 1
K0531 Knowledge of security implications of software configurations. 1
K0536 Knowledge of structure, approach, and strategy of exploitation tools (e.g., sniffers, keyloggers) and techniques (e.g., gaining backdoor access, collecting/exfiltrating data, conducting vulnerability analysis of other systems in the network). 1
K0560 Knowledge of the basic structure, architecture, and design of modern communication networks. 10
K0565 Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications. 11
K0573 Knowledge of the fundamentals of digital forensics to extract actionable intelligence. 1
K0608 Knowledge of Unix/Linux and Windows operating systems structures and internals (e.g., process management, directory structure, installed applications). 2
K0609 Knowledge of virtual machine technologies. 1

Skills 26

Code Description Work Roles
S0062 Skill in analyzing memory dumps to extract information. 3
S0183 Skill in analyzing terminal or environment collection data. 2
S0236 Skill in identifying the devices that work at each level of protocol models. 3
S0182 Skill in analyzing target communications internals and externals collected from wireless LANs. 1
S0190 Skill in assessing current tools to identify needed improvements. 1
S0192 Skill in auditing firewalls, perimeters, routers, and intrusion detection systems. 1
S0202 Skill in data mining techniques (e.g., searching file systems) and analysis. 2
S0206 Skill in determining installed patches on various operating systems and identifying patch signatures. 1
S0221 Skill in extracting information from packet captures. 1
S0242 Skill in interpreting vulnerability scanner results to identify vulnerabilities. 2
S0243 Skill in knowledge management, including technical documentation techniques (e.g., Wiki page). 2
S0252 Skill in processing collected data for follow-on analysis. 2
S0255 Skill in providing real-time, actionable geolocation information utilizing target infrastructures. 1
S0257 Skill in reading, interpreting, writing, modifying, and executing simple scripts (e.g., PERL, VBS) on Windows and Unix systems (e.g., those that perform tasks like parsing large data files, automating manual tasks, and fetching/processing remote data). 1
S0266 Skill in relevant programming languages (e.g., C++, Python, etc.). 1
S0267 Skill in remote command line and Graphic User Interface (GUI) tool usage. 1
S0270 Skill in reverse engineering (e.g., hex editing, binary packaging utilities, debugging, and strings analysis) to identify function and ownership of remote tools. 2
S0275 Skill in server administration. 1
S0276 Skill in survey, collection, and analysis of wireless LAN metadata. 1
S0281 Skill in technical writing. 3
S0282 Skill in testing and evaluating tools for implementation. 1
S0293 Skill in using tools, techniques, and procedures to remotely exploit and establish persistence on a target. 2
S0295 Skill in using various open source data collection tools (online trade, DNS, mail, etc.). 1
S0298 Skill in verifying the integrity of all files. (e.g., checksums, Exclusive OR, secure hashes, check constraints, etc.). 1
S0299 Skill in wireless network target analysis, templating, and geolocation. 1
S0363 Skill to analyze and assess internal and external partner reporting. 1

Abilities 4

Code Description Work Roles
A0095 Ability to interpret and translate customer requirements into operational action. 2
A0097 Ability to monitor system operations and react to events in response to triggers and/or observation of trends or unusual activity. 1
A0099 Ability to perform network collection tactics, techniques, and procedures to include decryption capabilities/tools. 1
A0100 Ability to perform wireless collection procedures to include decryption capabilities/tools. 1

Tasks 26

Code Description Work Roles
T0566 Analyze internal operational architecture, tools, and procedures for ways to improve performance. 1
T0567 Analyze target operational architecture for ways to gain access. 1
T0598 Collaborate with development organizations to create and deploy the tools needed to achieve objectives. 1
T0609 Conduct access enabling of wireless computer and digital networks. 1
T0610 Conduct collection and processing of wireless computer and digital networks. 1
T0612 Conduct exploitation of wireless computer and digital networks. 1
T0616 Conduct network scouting and vulnerability analyses of systems within a network. 1
T0618 Conduct on-net activities to control and exfiltrate data from deployed technologies. 1
T0619 Conduct on-net and off-net activities to control, and exfiltrate data from deployed, automated technologies. 1
T0620 Conduct open source data collection via various online tools. 1
T0623 Conduct survey of computer and digital networks. 1
T0643 Deploy tools to a target and utilize them once deployed (e.g., backdoors, sniffers). 1
T0644 Detect exploits against targeted networks and hosts and react accordingly. 1
T0664 Develop new techniques for gaining and keeping access to target systems. 1
T0677 Edit or execute simple scripts (e.g., Perl, VBScript) on Windows and UNIX systems. 1
T0696 Exploit network devices, security devices, and/or terminals or environments using various methods or tools. 1
T0697 Facilitate access enabling by physical and/or wireless means. 1
T0724 Identify potential points of strength and vulnerability within a network. 1
T0740 Maintain situational awareness and functionality of organic operational infrastructure. 1
T0756 Operate and maintain automated systems for gaining and maintaining access to target systems. 1
T0768 Conduct cyber activities to degrade/remove information resident in computers and computer networks. 1
T0774 Process exfiltrated data for analysis and/or dissemination to customers. 1
T0796 Provide real-time actionable geolocation information. 1
T0804 Record information collection and/or environment preparation activities against targets during operations designed to achieve cyber effects. 1
T0828 Test and evaluate locally developed tools for operational use. 1
T0829 Test internal developed tools and techniques against target tools. 1