| 10 |
Knowledge of application vulnerabilities. |
Knowledge |
| 15A |
Knowledge of capabilities, applications, and potential vulnerabilities of network equipment including hubs, routers, switches, bridges, servers, transmission media, and related hardware. |
Knowledge |
| 105 |
Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). |
Knowledge |
| 150 |
Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities. |
Knowledge |
| 173 |
Skill in creating policies that reflect system security objectives. |
Skill |
| 321A |
Knowledge of industry technologies and how differences affect exploitation/vulnerabilities. |
Knowledge |
| 325 |
Knowledge of secure acquisitions (e.g., relevant Contracting Officer’s Technical Representative [COTR] duties, secure procurement, supply chain risk management). |
Knowledge |
| 391 |
Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk. |
Task |
| 392 |
Acquire necessary resources, including financial resources, to conduct an effective enterprise continuity of operations program. |
Task |
| 395 |
Advise senior management (e.g., CIO) on risk levels and security posture. |
Task |
| 396 |
Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, and systems, and elements. |
Task |
| 398 |
Advocate organization’s official position in legal and legislative proceedings. |
Task |
| 424B |
Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities. |
Task |
| 445 |
Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders. |
Task |
| 475 |
Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance. |
Task |
| 492A |
Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization’s strategic plan. |
Task |
| 524 |
Develop and maintain strategic plans. |
Task |
| 542A |
Develop mitigation strategies to address cost, schedule, performance, and security risks. |
Task |
| 559 |
Evaluate contracts to ensure compliance with funding, legal, and program requirements. |
Task |
| 599 |
Evaluate contracts to ensure compliance with funding, legal, and program requirements. |
Task |
| 600 |
Evaluate cost benefit, economic, and risk analysis in decision making process. |
Task |
| 674 |
Interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information. |
Task |
| 679 |
Lead and align information technology (IT) security priorities with the security strategy. |
Task |
| 680 |
Lead and oversee information security budget, staffing, and contracting. |
Task |
| 680A |
Lead and oversee budget, staffing, and contracting. |
Task |
| 706 |
Manage the publishing of Computer Network Defense guidance (e.g., TCNOs, Concept of Operations, Net Analyst Reports, NTSM, MTOs) for the enterprise constituency. |
Task |
| 711 |
Monitor and evaluate the effectiveness of the enterprise’s cybersecurity safeguards to ensure they provide the intended level of protection. |
Task |
| 737B |
Perform an information security risk assessment. |
Task |
| 797 |
Provide advice on project costs, design concepts, or design changes. |
Task |
| 801A |
Provide enterprise cybersecurity and supply chain risk management guidance. |
Task |
| 801 |
Provide enterprise cybersecurity and supply chain risk management guidance for development of the Continuity of Operations Plans. |
Task |
| 807 |
Provide input on security requirements to be included in statements of work and other appropriate procurement documents. |
Task |
| 810 |
Provide leadership and direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities. |
Task |
| 848 |
Recommend policy and coordinate review and approval. |
Task |
| 852 |
Supervise or manage protective or corrective measures when an cybersecurity incident or vulnerability is discovered. |
Task |
| 919 |
Promote awareness of security issues among management and ensure sound security principles are reflected in the organization’s vision and goals. |
Task |
| 947 |
Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies. |
Task |
| 949 |
Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements. |
Task |
| 952 |
Knowledge of emerging security issues, risks, and vulnerabilities. |
Knowledge |
| 954 |
Knowledge of import/export control regulations and responsible agencies for the purposes of reducing supply chain risk. |
Knowledge |
| 955B |
Review and approve a supply chain security/risk management policy. |
Task |
| 962 |
Identify security requirements specific to an information technology (IT) system in all phases of the System Life Cycle. |
Task |
| 963 |
Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc. |
Task |
| 965 |
Knowledge of organization’s risk tolerance and/or risk management approach. |
Knowledge |
| 979 |
Knowledge of supply chain risk management standards, processes, and practices. |
Knowledge |
| 1004 |
Knowledge of critical information technology (IT) procurement requirements. |
Knowledge |
| 1004A |
Knowledge of information technology (IT) acquisition/procurement requirements. |
Knowledge |
| 1018 |
Ensure all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals. |
Task |
| 1041 |
Define and/or implement policies and procedures to ensure protection of critical infrastructure as appropriate. |
Task |
| 1061A |
Knowledge of the acquisition/procurement life cycle process. |
Knowledge |
| 1125 |
Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration. |
Knowledge |
| 1148 |
Develop contract language to ensure supply chain, system, network, and operational security are met. |
Task |
| 1148B |
Ensure supply chain, system, network, performance, and cyber security requirements are included in contract language and delivered. |
Task |
| 2058 |
Assist and advise inter-agency partners in identifying and developing best practices for facilitating operational support to achievement of organization objectives. |
Task |
| 2090 |
Collaborate with other internal and external partner organizations on target access and operational issues. |
Task |
| 2091 |
Collaborate with other team members or partner organizations to develop a diverse program of information materials (e.g., web pages, briefings, print materials). |
Task |
| 2328 |
Develop, maintain, and assess cyber cooperation security agreements with external partners. |
Task |
| 2416 |
Facilitate interactions between internal and external partner decision makers to synchronize and integrate courses of action in support of objectives. |
Task |
| 2443 |
Identify and manage security cooperation priorities with external partners. |
Task |
| 2558 |
Maintain relationships with internal and external partners involved in cyber planning or related areas. |
Task |
| 2624 |
Conduct long-range, strategic planning efforts with internal and external partners in cyber activities. |
Task |
| 2823 |
Serve as a liaison with external partners. |
Task |
| 2839 |
Supervise and assign work to programmers, designers, technologists and technicians and other engineering and scientific personnel. |
Task |
| 2894 |
Collaborate across internal and/or external organizational lines to enhance collection, analysis and dissemination. |
Task |
| 3011 |
Ability to apply critical reading/thinking skills. |
Ability |
| 3044 |
Ability to exercise judgment when policies are not well-defined. |
Ability |
| 3057 |
Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives. |
Ability |
| 3076 |
Ability to tailor technical and planning information to a customer’s level of understanding. |
Ability |
| 3077 |
Ability to think critically. |
Ability |
| 3994 |
Ability to coordinate, collaborate and disseminate information to subordinate, lateral and higher-level organizations. |
Ability |
| 5170 |
Coordinate with organizational manpower stakeholders to ensure appropriate allocation and distribution of human capital assets. |
Task |
| 5560 |
Promote awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization’s mission, vision, and goals. |
Task |
| 5763 |
Act as, or work with, counsel relating to business partner contracts. |
Task |
| 5767 |
Collaborate on cyber privacy and security policies and procedures. |
Task |
| 5768 |
Collaborate with cyber security personnel on the security risk assessment process to address privacy compliance and risk mitigation. |
Task |
| 5820 |
Appoint and guide a team of IT security experts. |
Task |
| 5825 |
Collaborate with key stakeholders to establish a cybersecurity risk management program |
Task |
| 6100 |
Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities. |
Ability |
| 6160 |
Ability to oversee the development and update of the lifecycle cost estimate. |
Ability |
| 6915 |
Skill in communicating with all levels of management including Board members (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience). |
Skill |
| 6920 |
Ability to ensure information security management processes are integrated with strategic and operational planning processes. |
Ability |
| 6921 |
Ability to ensure that senior officials within the organization provide information security for the information and systems that support the operations and assets under their control. |
Ability |
| 6922 |
Ability to prioritize and allocate cybersecurity resources correctly and efficiently. |
Ability |
| 6923 |
Ability to relate strategy, business, and technology in the context of organizational dynamics. |
Ability |
| 6925 |
Ability to understand the basic concepts and issues related to cyber and its organizational impact. |
Ability |
| 6926 |
Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list). |
Knowledge |
| 6930 |
Knowledge of cyber competitions as a way of developing skills by providing hands-on experience in simulated, real-world situations. |
Knowledge |
| 6947 |
Skill to anticipate new security threats. |
Skill |
| 6948 |
Skill to remain aware of evolving technical infrastructures. |
Skill |
| 6949 |
Skill to use critical thinking to analyze organizational patterns and relationships. |
Skill |
| 7083 |
Ability to understand technology, management, and leadership issues related to organization processes and problem solving. |
Ability |
