Executive Cyber Leader

Work Role ID: 901  |  Workforce Element: Cyber Enablers (Support) Leadership

What does this work role do? Executes decision-making authorities and establishes vision and direction for an organization’s cyber and cyber-related policies, resources, and/or operations, while maintaining responsibility for risk-related decisions affecting mission success.

CORE KSATs
KSAT ID Description KSAT
22 * Knowledge of computer networking concepts and protocols, and network security methodologies. Knowledge
108 * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). Knowledge
1157 * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. Knowledge
1158 * Knowledge of cybersecurity principles. Knowledge
1159 * Knowledge of cyber threats and vulnerabilities. Knowledge
6900 * Knowledge of specific operational impacts of cybersecurity lapses. Knowledge
6935 * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). Knowledge
6938 * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. Knowledge
ADDITIONAL KSATs
KSAT ID Description KSAT
10 Knowledge of application vulnerabilities. Knowledge
15A Knowledge of capabilities, applications, and potential vulnerabilities of network equipment including hubs, routers, switches, bridges, servers, transmission media, and related hardware. Knowledge
105 Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). Knowledge
150 Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities. Knowledge
173 Skill in creating policies that reflect system security objectives. Skill
321A Knowledge of industry technologies and how differences affect exploitation/vulnerabilities. Knowledge
325 Knowledge of secure acquisitions (e.g., relevant Contracting Officer’s Technical Representative [COTR] duties, secure procurement, supply chain risk management). Knowledge
391 Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk. Task
392 Acquire necessary resources, including financial resources, to conduct an effective enterprise continuity of operations program. Task
395 Advise senior management (e.g., CIO) on risk levels and security posture. Task
396 Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, and systems, and elements. Task
398 Advocate organization’s official position in legal and legislative proceedings. Task
424B Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities. Task
445 Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders. Task
475 Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance. Task
492A Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization’s strategic plan. Task
524 Develop and maintain strategic plans. Task
542A Develop mitigation strategies to address cost, schedule, performance, and security risks. Task
559 Evaluate contracts to ensure compliance with funding, legal, and program requirements. Task
599 Evaluate contracts to ensure compliance with funding, legal, and program requirements. Task
600 Evaluate cost benefit, economic, and risk analysis in decision making process. Task
674 Interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information. Task
679 Lead and align information technology (IT) security priorities with the security strategy. Task
680 Lead and oversee information security budget, staffing, and contracting. Task
680A Lead and oversee budget, staffing, and contracting. Task
706 Manage the publishing of Computer Network Defense guidance (e.g., TCNOs, Concept of Operations, Net Analyst Reports, NTSM, MTOs) for the enterprise constituency. Task
711 Monitor and evaluate the effectiveness of the enterprise’s cybersecurity safeguards to ensure they provide the intended level of protection. Task
737B Perform an information security risk assessment. Task
797 Provide advice on project costs, design concepts, or design changes. Task
801A Provide enterprise cybersecurity and supply chain risk management guidance. Task
801 Provide enterprise cybersecurity and supply chain risk management guidance for development of the Continuity of Operations Plans. Task
807 Provide input on security requirements to be included in statements of work and other appropriate procurement documents. Task
810 Provide leadership and direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities. Task
848 Recommend policy and coordinate review and approval. Task
852 Supervise or manage protective or corrective measures when an cybersecurity incident or vulnerability is discovered. Task
919 Promote awareness of security issues among management and ensure sound security principles are reflected in the organization’s vision and goals. Task
947 Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies. Task
949 Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements. Task
952 Knowledge of emerging security issues, risks, and vulnerabilities. Knowledge
954 Knowledge of import/export control regulations and responsible agencies for the purposes of reducing supply chain risk. Knowledge
955B Review and approve a supply chain security/risk management policy. Task
962 Identify security requirements specific to an information technology (IT) system in all phases of the System Life Cycle. Task
963 Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc. Task
965 Knowledge of organization’s risk tolerance and/or risk management approach. Knowledge
979 Knowledge of supply chain risk management standards, processes, and practices. Knowledge
1004 Knowledge of critical information technology (IT) procurement requirements. Knowledge
1004A Knowledge of information technology (IT) acquisition/procurement requirements. Knowledge
1018 Ensure all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals. Task
1041 Define and/or implement policies and procedures to ensure protection of critical infrastructure as appropriate. Task
1061A Knowledge of the acquisition/procurement life cycle process. Knowledge
1125 Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration. Knowledge
1148 Develop contract language to ensure supply chain, system, network, and operational security are met. Task
1148B Ensure supply chain, system, network, performance, and cyber security requirements are included in contract language and delivered. Task
2058 Assist and advise inter-agency partners in identifying and developing best practices for facilitating operational support to achievement of organization objectives. Task
2090 Collaborate with other internal and external partner organizations on target access and operational issues. Task
2091 Collaborate with other team members or partner organizations to develop a diverse program of information materials (e.g., web pages, briefings, print materials). Task
2328 Develop, maintain, and assess cyber cooperation security agreements with external partners. Task
2416 Facilitate interactions between internal and external partner decision makers to synchronize and integrate courses of action in support of objectives. Task
2443 Identify and manage security cooperation priorities with external partners. Task
2558 Maintain relationships with internal and external partners involved in cyber planning or related areas. Task
2624 Conduct long-range, strategic planning efforts with internal and external partners in cyber activities. Task
2823 Serve as a liaison with external partners. Task
2839 Supervise and assign work to programmers, designers, technologists and technicians and other engineering and scientific personnel. Task
2894 Collaborate across internal and/or external organizational lines to enhance collection, analysis and dissemination. Task
3011 Ability to apply critical reading/thinking skills. Ability
3044 Ability to exercise judgment when policies are not well-defined. Ability
3057 Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives. Ability
3076 Ability to tailor technical and planning information to a customer’s level of understanding. Ability
3077 Ability to think critically. Ability
3994 Ability to coordinate, collaborate and disseminate information to subordinate, lateral and higher-level organizations. Ability
5170 Coordinate with organizational manpower stakeholders to ensure appropriate allocation and distribution of human capital assets. Task
5560 Promote awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization’s mission, vision, and goals. Task
5763 Act as, or work with, counsel relating to business partner contracts. Task
5767 Collaborate on cyber privacy and security policies and procedures. Task
5768 Collaborate with cyber security personnel on the security risk assessment process to address privacy compliance and risk mitigation. Task
5820 Appoint and guide a team of IT security experts. Task
5825 Collaborate with key stakeholders to establish a cybersecurity risk management program Task
6100 Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities. Ability
6160 Ability to oversee the development and update of the lifecycle cost estimate. Ability
6915 Skill in communicating with all levels of management including Board members (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience). Skill
6920 Ability to ensure information security management processes are integrated with strategic and operational planning processes. Ability
6921 Ability to ensure that senior officials within the organization provide information security for the information and systems that support the operations and assets under their control. Ability
6922 Ability to prioritize and allocate cybersecurity resources correctly and efficiently. Ability
6923 Ability to relate strategy, business, and technology in the context of organizational dynamics. Ability
6925 Ability to understand the basic concepts and issues related to cyber and its organizational impact. Ability
6926 Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list). Knowledge
6930 Knowledge of cyber competitions as a way of developing skills by providing hands-on experience in simulated, real-world situations. Knowledge
6947 Skill to anticipate new security threats. Skill
6948 Skill to remain aware of evolving technical infrastructures. Skill
6949 Skill to use critical thinking to analyze organizational patterns and relationships. Skill
7083 Ability to understand technology, management, and leadership issues related to organization processes and problem solving. Ability