PD-WRL-006
Threat Analysis OPM Code: 141

Protects against, identifies, and analyzes risks to technology systems or networks. Includes investigation of cybersecurity events or crimes related to technology systems and networks.

Responsible for collecting, processing, analyzing, and disseminating cybersecurity threat assessments. Develops cybersecurity indicators to maintain awareness of the status of the highly dynamic operating environment.

Code Description Work Roles
T0569 Answer requests for information 1
T0685 Evaluate threat decision-making processes 1
T0698 Facilitate continuously updated intelligence, surveillance, and visualization input to common operational picture managers 1
T0707 Generate requests for information 1
T0718 Identify intelligence gaps and shortfalls 1
T0751 Monitor open source websites for hostile content directed towards organizational or partner interests 1
T0845 Identify cyber threat tactics and methodologies 1
T1020 Determine the operational and safety impacts of cybersecurity lapses 37
T1035 Determine how threat activity groups employ encryption to support their operations 1
T1053 Identify and characterize intrusion activities against a victim or target 1
T1054 Scope analysis reports to various audiences that accounts for data sharing classification restrictions 6
T1055 Determine if priority information requirements are satisfied 3
T1640 Determine effectiveness of intelligence collection operations 1
T1641 Recommend adjustments to intelligence collection strategies 1
T1643 Develop common operational pictures 1
T1644 Develop cyber operations indicators 1
T1645 Coordinate all-source collection activities 1
T1646 Validate all-source collection requirements and plans 1
T1647 Develop priority information requirements 1
T1651 Prepare threat and target briefings 1
T1652 Prepare threat and target situational updates 1
T1686 Identify intelligence requirements 1
T1762 Modify collection requirements 1
T1763 Determine effectiveness of collection requirements 1
T1765 Monitor changes to designated cyber operations warning problem sets 1
T1766 Prepare change reports for designated cyber operations warning problem sets 1
T1767 Monitor threat activities 1
T1768 Prepare threat activity reports 1
T1770 Report on adversarial activities that fulfill priority information requirements 1
T1772 Identify indications and warnings of target communication changes or processing failures 1
T1775 Prepare cyber operations intelligence reports 1
T1776 Prepare indications and warnings intelligence reports 1
T1792 Assess effectiveness of intelligence production 1
T1793 Assess effectiveness of intelligence reporting 1
T1798 Provide intelligence analysis and support 1
T1799 Notify appropriate personnel of imminent hostile intentions or activities 2
T1804 Prepare network intrusion reports 1
T1835 Determine if intelligence requirements and collection plans are accurate and up-to-date 1
Code Description Work Roles
K0018 Knowledge of encryption algorithms 10
K0480 Knowledge of malware 1
K0655 Knowledge of intelligence fusion 2
K0658 Knowledge of cognitive biases 2
K0674 Knowledge of computer networking protocols 40
K0675 Knowledge of risk management processes 41
K0676 Knowledge of cybersecurity laws and regulations 41
K0677 Knowledge of cybersecurity policies and procedures 41
K0678 Knowledge of privacy laws and regulations 41
K0679 Knowledge of privacy policies and procedures 41
K0680 Knowledge of cybersecurity principles and practices 40
K0681 Knowledge of privacy principles and practices 40
K0682 Knowledge of cybersecurity threats 40
K0683 Knowledge of cybersecurity vulnerabilities 40
K0684 Knowledge of cybersecurity threat characteristics 40
K0689 Knowledge of network infrastructure principles and practices 9
K0690 Knowledge of requirements analysis principles and practices 6
K0697 Knowledge of encryption algorithm capabilities and applications 3
K0718 Knowledge of network communications principles and practices 10
K0719 Knowledge of human-computer interaction (HCI) principles and practices 4
K0751 Knowledge of system threats 40
K0752 Knowledge of system vulnerabilities 40
K0766 Knowledge of data asset management principles and practices 5
K0773 Knowledge of telecommunications principles and practices 14
K0786 Knowledge of physical computer components 4
K0787 Knowledge of computer peripherals 4
K0788 Knowledge of adversarial tactics principles and practices 3
K0789 Knowledge of adversarial tactics tools and techniques 3
K0790 Knowledge of adversarial tactics policies and procedures 3
K0792 Knowledge of network configurations 9
K0806 Knowledge of machine virtualization tools and techniques 6
K0812 Knowledge of digital communication systems and software 9
K0818 Knowledge of new and emerging cybersecurity risks 6
K0825 Knowledge of threat vector characteristics 6
K0831 Knowledge of network attack vectors 8
K0844 Knowledge of cyberattack stages 4
K0845 Knowledge of cyber intrusion activity phases 4
K0857 Knowledge of malware analysis tools and techniques 4
K0858 Knowledge of virtual machine detection tools and techniques 6
K0865 Knowledge of data classification standards and best practices 18
K0866 Knowledge of data classification tools and techniques 18
K0915 Knowledge of network architecture principles and practices 21
K0916 Knowledge of malware analysis principles and practices 4
K0925 Knowledge of wireless communication tools and techniques 6
K0926 Knowledge of signal jamming tools and techniques 6
K0934 Knowledge of data classification policies and procedures 18
K0960 Knowledge of content management system (CMS) capabilities and applications 1
K0969 Knowledge of cyber-attack tools and techniques 7
K0983 Knowledge of computer networking principles and practices 39
K0984 Knowledge of web security principles and practices 1
K0989 Knowledge of intelligence information repositories 1
K0990 Knowledge of cyber operations principles and practices 8
K0994 Knowledge of denial and deception tools and techniques 1
K1002 Knowledge of supervisory control and data acquisition (SCADA) systems and software 1
K1005 Knowledge of intelligence collection capabilities and applications 1
K1007 Knowledge of intelligence requirements tasking systems and software 1
K1008 Knowledge of intelligence support activities 1
K1009 Knowledge of threat intelligence principles and practices 1
K1010 Knowledge of intelligence policies and procedures 1
K1011 Knowledge of network addressing principles and practices 1
K1014 Knowledge of network security principles and practices 40
K1019 Knowledge of operations security (OPSEC) principles and practices 2
K1025 Knowledge of decision-making policies and procedures 2
K1028 Knowledge of target development principles and practices 1
K1035 Knowledge of target research tools and techniques 1
K1049 Knowledge of routing protocols 3
K1059 Knowledge of request for information processes 1
K1066 Knowledge of threat behaviors 1
K1067 Knowledge of target behaviors 1
K1068 Knowledge of threat systems and software 1
K1069 Knowledge of virtual machine tools and technologies 6
K1100 Knowledge of analytical tools and techniques 4
K1101 Knowledge of analytics 3
K1109 Knowledge of virtual collaborative workspace tools and techniques 2
K1113 Knowledge of blue force tracking 1
K1197 Knowledge of priority intelligence requirements 2
Code Description Work Roles
S0111 Skill in interfacing with customers 4
S0194 Skill in conducting non-attributable research 1
S0385 Skill in communicating complex concepts 9
S0430 Skill in collaborating with others 9
S0433 Skill in creating analytics 1
S0434 Skill in extrapolating from incomplete data sets 1
S0435 Skill in analyzing large data sets 2
S0436 Skill in creating target intelligence products 2
S0438 Skill in functioning effectively in a dynamic, fast-paced environment 3
S0443 Skill in mitigating cognitive biases 2
S0444 Skill in mitigating deception in reporting and analysis 1
S0446 Skill in mimicking threat actors 1
S0472 Skill in developing virtual machines 6
S0473 Skill in maintaining virtual machines 5
S0494 Skill in performing operational environment analysis 1
S0505 Skill in performing intrusion data analysis 1
S0506 Skill in identifying customer information needs 3
S0509 Skill in evaluating security products 5
S0511 Skill in establishing priorities 3
S0512 Skill in extracting metadata 1
S0514 Skill in preparing operational environments 1
S0516 Skill in performing threat emulation tactics 1
S0517 Skill in anticipating threats 1
S0535 Skill in performing threat factor analysis 1
S0537 Skill in designing wireless communications systems 2
S0540 Skill in identifying network threats 3
S0555 Skill in performing capabilities analysis 5
S0556 Skill in performing requirements analysis 5
S0579 Skill in preparing reports 11
S0600 Skill in collecting relevant data from a variety of sources 4
S0633 Skill in developing position qualification requirements 2
S0673 Skill in translating operational requirements into security controls 8
S0696 Skill in conducting deep web research 1
S0702 Skill in defining an operational environment 1
S0704 Skill in performing target analysis 2
S0709 Skill in developing analytics 3
S0712 Skill in evaluating data source quality 7
S0713 Skill in evaluating information quality 5
S0718 Skill in identifying cybersecurity threats 1
S0719 Skill in identifying intelligence gaps 2
S0724 Skill in managing client relationships 3
S0728 Skill in preparing briefings 6
S0748 Skill in querying data 2
S0751 Skill in conducting open-source searches 1
S0756 Skill in incorporating feedback 4
S0765 Skill in converting intelligence requirements into intelligence production tasks 1
S0777 Skill in developing collection strategies 2
S0779 Skill in determining information requirements 1
S0791 Skill in presenting to an audience 9
S0869 Skill in performing metadata analysis 2
S0876 Skill in performing nodal analysis 1