Attention: CISA Learning is now available! If you are an EXTERNAL (non-CISA) user access the new system using this url: CISA Learning. The Federal Virtual Training Environment (FedVTE) has been permanently decommissioned and replaced by CISA Learning. Please reference the CISA Learning page for the latest information. Please note: CISA Users (staff and contractors) should access CISA Learning through the internal site. You should have received an email on December 4, 2024, titled “CISA Learning is LIVE!” with more information.

CE-WRL-001

Cyberspace Operations

Responsible for gathering evidence on criminal or foreign intelligence entities to mitigate and protect against possible or real-time threats. Conducts collection, processing, and geolocation of systems to exploit, locate, and track targets. Performs network navigation and tactical forensic analysis and executes on-net operations when directed.

Task statements

T0796: Provide real-time actionable geolocation information
T1020: Determine the operational and safety impacts of cybersecurity lapses
T1034: Prepare deconfliction report
T1035: Determine how threat activity groups employ encryption to support their operations
T1039: Identify network artifacts from hardware and software options
T1040: Identify impact of network artifacts on exploitation
T1041: Determine impact of software configurations
T1575: Adapt software to new hardware
T1576: Upgrade software interfaces
T1577: Improve software performance
T1633: Identify target operational architecture vulnerabilities
T1663: Identify potential avenues of access in digital technologies
T1664: Access wireless computer and digital networks
T1665: Process intelligence collection data
T1666: Exploit wireless computer and digital networks
T1668: Conduct network scouting
T1669: Analyze system vulnerabilities within a network
T1670: Conduct on-net activities
T1671: Exfiltrate data from deployed technologies
T1672: Conduct off-net activities
T1673: Exfiltrate data from automated technologies
T1674: Perform open source data collection
T1676: Survey computer and digital networks
T1691: Detect exploits against targeted networks and hosts
T1692: Counter exploits against targeted networks and hosts
T1709: Develop new techniques for accessing target systems
T1734: Exploit network devices and terminals
T1747: Identify system vulnerabilities within a network
T1759: Maintain situational awareness of organic operational infrastructure
T1760: Maintain functionality of organic operational infrastructure
T1774: Gain and maintain access to target systems
T1781: Degrade or remove data from networks and computers
T1784: Process exfiltrated data
T1803: Document information collection and environment activities
T1829: Evaluate locally developed tools
T1830: Test internally developed software

Knowledge statements

K0018: Knowledge of encryption algorithms
K0375: Knowledge of wireless applications vulnerabilities
K0480: Knowledge of malware
K0635: Knowledge of decryption
K0636: Knowledge of decryption tools and techniques
K0637: Knowledge of data repositories
K0656: Knowledge of network collection tools and techniques
K0657: Knowledge of network collection policies and procedures
K0674: Knowledge of computer networking protocols
K0675: Knowledge of risk management processes
K0676: Knowledge of cybersecurity laws and regulations
K0677: Knowledge of cybersecurity policies and procedures
K0678: Knowledge of privacy laws and regulations
K0679: Knowledge of privacy policies and procedures
K0680: Knowledge of cybersecurity principles and practices
K0681: Knowledge of privacy principles and practices
K0682: Knowledge of cybersecurity threats
K0683: Knowledge of cybersecurity vulnerabilities
K0684: Knowledge of cybersecurity threat characteristics
K0688: Knowledge of common application vulnerabilities
K0689: Knowledge of network infrastructure principles and practices
K0695: Knowledge of programming principles and practices
K0697: Knowledge of encryption algorithm capabilities and applications
K0698: Knowledge of cryptographic key management principles and practices
K0701: Knowledge of data backup and recovery policies and procedures
K0702: Knowledge of data warehousing principles and practices
K0703: Knowledge of data mining principles and practices
K0712: Knowledge of Local Area Networks (LAN)
K0713: Knowledge of Wide Area Networks (WAN)
K0718: Knowledge of network communications principles and practices
K0738: Knowledge of low-level programming languages
K0744: Knowledge of operating system (OS) systems and software
K0751: Knowledge of system threats
K0752: Knowledge of system vulnerabilities
K0759: Knowledge of client and server architecture
K0770: Knowledge of system administration principles and practices
K0773: Knowledge of telecommunications principles and practices
K0775: Knowledge of information management tools and techniques
K0786: Knowledge of physical computer components
K0787: Knowledge of computer peripherals
K0792: Knowledge of network configurations
K0806: Knowledge of machine virtualization tools and techniques
K0810: Knowledge of deployable forensics principles and practices
K0812: Knowledge of digital communication systems and software
K0815: Knowledge of intelligence collection management processes
K0837: Knowledge of hardening tools and techniques
K0858: Knowledge of virtual machine detection tools and techniques
K0915: Knowledge of network architecture principles and practices
K0923: Knowledge of operating system structures and internals
K0925: Knowledge of wireless communication tools and techniques
K0926: Knowledge of signal jamming tools and techniques
K0942: Knowledge of cryptology principles and practices
K0953: Knowledge of data mining tools and techniques
K0970: Knowledge of auditing policies and procedures
K0971: Knowledge of logging policies and procedures
K0975: Knowledge of software application vulnerabilities
K0983: Knowledge of computer networking principles and practices
K0988: Knowledge of active defense tools and techniques
K0991: Knowledge of database administration principles and practices
K0992: Knowledge of database maintenance principles and practices
K0993: Knowledge of deconfliction processes
K0998: Knowledge of Wireless Local Area Network (WLAN) tools and techniques
K0999: Knowledge of information management principles and practices
K1000: Knowledge of evasion principles and practices
K1001: Knowledge of evasion tools and techniques
K1014: Knowledge of network security principles and practices
K1015: Knowledge of network topology principles and practices
K1023: Knowledge of network exploitation tools and techniques
K1024: Knowledge of partnership policies and procedures
K1032: Knowledge of satellite-based communication systems and software
K1049: Knowledge of routing protocols
K1055: Knowledge of digital forensics principles and practices
K1069: Knowledge of virtual machine tools and technologies
K1085: Knowledge of exploitation tools and techniques
K1088: Knowledge of knowledge management tools and techniques
K1102: Knowledge of remote command line tools and techniques
K1103: Knowledge of Graphic User Interface (GUI) tools and techniques

Skill statements

S0182: Skill in analyzing target communications internals and externals collected from wireless LANs
S0208: Skill in determining the physical location of network devices
S0221: Skill in extracting information from packet captures
S0252: Skill in processing collected data for follow-on analysis
S0378: Skill in decrypting information
S0442: Skill in collecting network data
S0472: Skill in developing virtual machines
S0473: Skill in maintaining virtual machines
S0491: Skill in processing digital forensic data
S0497: Skill in developing client organization profiles
S0506: Skill in identifying customer information needs
S0508: Skill in managing enterprise-wide information
S0509: Skill in evaluating security products
S0519: Skill in detecting exploitation activities
S0523: Skill in constructing networks
S0531: Skill in assessing security hardware and software
S0532: Skill in analyzing software configurations
S0558: Skill in developing algorithms
S0559: Skill in performing data structure analysis
S0579: Skill in preparing reports
S0586: Skill in administering databases
S0599: Skill in performing memory dump analysis
S0650: Skill in writing scripts
S0673: Skill in translating operational requirements into security controls
S0690: Skill in performing midpoint collection data analysis
S0694: Skill in auditing network devices
S0700: Skill in mining data
S0701: Skill in performing data mining analysis
S0704: Skill in performing target analysis
S0705: Skill in installing patches
S0706: Skill in identifying patch signatures
S0710: Skill in evaluating metadata
S0711: Skill in interpreting metadata
S0715: Skill in generating operation plans
S0723: Skill in interpreting vulnerability scanner results
S0724: Skill in managing client relationships
S0735: Skill in programming
S0738: Skill in performing reverse engineering of software
S0741: Skill in administering servers
S0743: Skill in identifying network anomalies
S0744: Skill in performing technical writing
S0745: Skill in testing tools for implementation
S0746: Skill in evaluating tools for implementation
S0754: Skill in establishing persistence
S0757: Skill in verifying the integrity of files
S0758: Skill in performing wireless network analysis
S0778: Skill in evaluating operational environments
S0779: Skill in determining information requirements
S0791: Skill in presenting to an audience
S0803: Skill in performing partner analysis
S0837: Skill in executing computer scripts to automate tasks
S0854: Skill in performing data analysis

Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)