OG-WRL-007
Executive Cybersecurity Leadership OPM Code: 901

Provides leadership, management, direction, and advocacy so the organization may effectively manage cybersecurity-related risks to the enterprise and conduct cybersecurity work.

Responsible for establishing vision and direction for an organization's cybersecurity operations and resources and their impact on digital and physical spaces. Possesses authority to make and execute decisions that impact an organization broadly, including policy approval and stakeholder engagement.

Code Description Work Roles
T0006 Advocate organization's official position in legal and legislative proceedings 2
T1020 Determine the operational and safety impacts of cybersecurity lapses 37
T1036 Integrate leadership priorities 6
T1038 Integrate organization objectives in intelligence collection 6
T1054 Scope analysis reports to various audiences that accounts for data sharing classification restrictions 6
T1055 Determine if priority information requirements are satisfied 3
T1056 Acquire resources to support cybersecurity program goals and objectives 4
T1057 Conduct an effective enterprise continuity of operations program 3
T1059 Perform cost/benefit analyses of cybersecurity programs, policies, processes, systems, and elements 5
T1060 Advise senior management on organizational cybersecurity efforts 5
T1088 Communicate the value of cybersecurity to organizational stakeholders 4
T1145 Develop strategic plans 3
T1146 Maintain strategic plans 3
T1221 Disseminate incident and other Computer Network Defense (CND) information 2
T1226 Align cybersecurity priorities with organizational security strategy 2
T1227 Manage cybersecurity budget, staffing, and contracting 8
T1234 Develop Computer Network Defense (CND) guidance for organizational stakeholders 2
T1238 Determine the effectiveness of enterprise cybersecurity safeguards 2
T1307 Develop cybersecurity policy recommendations 2
T1308 Coordinate cybersecurity policy review and approval processes 2
T1310 Implement protective or corrective measures when a cybersecurity incident or vulnerability is discovered 3
T1335 Promote cybersecurity awareness to management 6
T1336 Verify the inclusion of sound cybersecurity principles in the organization's vision and goals 6
T1342 Oversee policy standards and implementation strategy development 2
T1354 Identify system cybersecurity requirements 4
T1355 Determine if vulnerability remediation plans are in place 3
T1356 Develop vulnerability remediation plans 3
T1376 Develop critical infrastructure protection policies and procedures 2
T1377 Implement critical infrastructure protection policies and procedures 2
T1450 Allocate and distribute human capital assets 2
T1476 Promote awareness of cybersecurity policy and strategy among management 6
T1518 Develop organizational cybersecurity strategy 3
T1543 Develop cybersecurity policies and procedures 3
T1586 Conduct cybersecurity risk assessments 3
T1779 Coordinate strategic planning efforts with internal and external partners 1
T1862 Establish cybersecurity risk assessment processes 2
T1906 Establish a cybersecurity risk management program 1
Code Description Work Roles
K0498 Knowledge of operational planning processes 6
K0644 Knowledge of cybersecurity operation policies and procedures 5
K0674 Knowledge of computer networking protocols 40
K0675 Knowledge of risk management processes 41
K0676 Knowledge of cybersecurity laws and regulations 41
K0677 Knowledge of cybersecurity policies and procedures 41
K0678 Knowledge of privacy laws and regulations 41
K0679 Knowledge of privacy policies and procedures 41
K0680 Knowledge of cybersecurity principles and practices 40
K0681 Knowledge of privacy principles and practices 40
K0682 Knowledge of cybersecurity threats 40
K0683 Knowledge of cybersecurity vulnerabilities 40
K0684 Knowledge of cybersecurity threat characteristics 40
K0688 Knowledge of common application vulnerabilities 5
K0689 Knowledge of network infrastructure principles and practices 9
K0728 Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices 20
K0729 Knowledge of non-repudiation principles and practices 20
K0730 Knowledge of cyber safety principles and practices 20
K0743 Knowledge of new and emerging technologies 15
K0751 Knowledge of system threats 40
K0752 Knowledge of system vulnerabilities 40
K0783 Knowledge of network attack characteristics 7
K0784 Knowledge of insider threat laws and regulations 7
K0785 Knowledge of insider threat tools and techniques 7
K0800 Knowledge of evidence admissibility laws and regulations 7
K0818 Knowledge of new and emerging cybersecurity risks 6
K0819 Knowledge of import and export control laws and regulations 8
K0820 Knowledge of supply chain risks 18
K0821 Knowledge of federal agency roles and responsibilities 9
K0825 Knowledge of threat vector characteristics 6
K0831 Knowledge of network attack vectors 8
K0839 Knowledge of critical infrastructure systems and software 13
K0892 Knowledge of cyber defense laws and regulations 13
K0936 Knowledge of network hardware threats and vulnerabilities 3
K0983 Knowledge of computer networking principles and practices 39
K0990 Knowledge of cyber operations principles and practices 8
K1014 Knowledge of network security principles and practices 40
K1025 Knowledge of decision-making policies and procedures 2
K1079 Knowledge of web application security risks 13
K1083 Knowledge of cybersecurity competitions 3
K1180 Knowledge of organizational cybersecurity goals and objectives 11
K1183 Knowledge of organizational cybersecurity policies and procedures 6
K1188 Knowledge of organizational policies and procedures 4
K1209 Knowledge of risk mitigation principles and practices 4
K1225 Knowledge of system life cycles 2
Code Description Work Roles
S0111 Skill in interfacing with customers 4
S0406 Skill in developing policy plans 5
S0414 Skill in evaluating laws 4
S0415 Skill in evaluating regulations 4
S0416 Skill in evaluating policies 4
S0431 Skill in applying critical thinking 5
S0506 Skill in identifying customer information needs 3
S0511 Skill in establishing priorities 3
S0564 Skill in creating system security policies 2
S0610 Skill in communicating effectively 7
S0686 Skill in performing risk assessments 12
S0707 Skill in developing comprehensive cyber operations assessment programs 1
S0708 Skill in executing comprehensive cyber operations assessment programs 1
S0799 Skill in anticipating new security threats 1
S0800 Skill in analyzing organizational patterns and relationships 4
S0807 Skill in solving problems 9
S0821 Skill in collaborating with internal and external stakeholders 9
S0826 Skill in communicating with external organizations 2