Protection and Defense
PD-WRL-001

Defensive Cybersecurity

Responsible for analyzing data collected from various cybersecurity defense tools to mitigate risks.

  • T0020: Develop content for cyber defense tools
  • T0164: Perform cyber defense trend analysis and reporting
  • T0292: Recommend computing environment vulnerability corrections
  • T0299: Identify network mapping and operating system (OS) fingerprinting activities
  • T1020: Determine the operational and safety impacts of cybersecurity lapses
  • T1021: Review cyber defense service provider reporting structure
  • T1084: Identify anomalous network activity
  • T1085: Identify potential threats to network resources
  • T1112: Validate network alerts
  • T1119: Recommend vulnerability remediation strategies
  • T1176: Determine if cybersecurity-enabled products reduce identified risk to acceptable levels
  • T1177: Determine if security control technologies reduce identified risk to acceptable levels
  • T1241: Document cybersecurity incidents
  • T1242: Escalate incidents that may cause ongoing and immediate impact to the environment
  • T1254: Determine the effectiveness of an observed attack
  • T1266: Recommend risk mitigation strategies
  • T1278: Recommend system modifications
  • T1290: Communicate daily network event and activity reports
  • T1299: Determine causes of network alerts
  • T1347: Detect cybersecurity attacks and intrusions
  • T1348: Distinguish between benign and potentially malicious cybersecurity attacks and intrusions
  • T1349: Communicate cybersecurity attacks and intrusions alerts
  • T1350: Perform continuous monitoring of system activity
  • T1351: Determine impact of malicious activity on systems and information
  • T1384: Establish intrusion set procedures
  • T1385: Identify network traffic anomalies
  • T1386: Analyze network traffic anomalies
  • T1387: Validate intrusion detection system alerts
  • T1388: Isolate malware
  • T1389: Remove malware
  • T1390: Identify network device applications and operating systems
  • T1391: Reconstruct malicious attacks
  • T1406: Construct cyber defense network tool signatures
  • T1428: Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cybersecurity incidents
  • T1539: Analyze organizational cybersecurity posture trends
  • T1540: Develop organizational cybersecurity posture trend reports
  • T1541: Develop system security posture trend reports
  • T1548: Determine adequacy of access controls
  • T1582: Maintain currency of cyber defense threat conditions
  • T1583: Determine effectiveness of system implementation and testing processes
  • T1603: Recommend threat and vulnerability risk mitigation strategies
  • T1615: Advise stakeholders on vulnerability compliance
  • T1616: Resolve computer security incidents
  • T1618: Advise stakeholders on disaster recovery, contingency, and continuity of operations plans
  • K0018: Knowledge of encryption algorithms
  • K0068: Knowledge of programming language structures and logic
  • K0674: Knowledge of computer networking protocols
  • K0675: Knowledge of risk management processes
  • K0676: Knowledge of cybersecurity laws and regulations
  • K0677: Knowledge of cybersecurity policies and procedures
  • K0678: Knowledge of privacy laws and regulations
  • K0679: Knowledge of privacy policies and procedures
  • K0680: Knowledge of cybersecurity principles and practices
  • K0681: Knowledge of privacy principles and practices
  • K0682: Knowledge of cybersecurity threats
  • K0683: Knowledge of cybersecurity vulnerabilities
  • K0684: Knowledge of cybersecurity threat characteristics
  • K0685: Knowledge of access control principles and practices
  • K0686: Knowledge of authentication and authorization tools and techniques
  • K0689: Knowledge of network infrastructure principles and practices
  • K0691: Knowledge of cyber defense tools and techniques
  • K0692: Knowledge of vulnerability assessment tools and techniques
  • K0694: Knowledge of computer algorithm capabilities and applications
  • K0698: Knowledge of cryptographic key management principles and practices
  • K0707: Knowledge of database systems and software
  • K0710: Knowledge of enterprise cybersecurity architecture principles and practices
  • K0716: Knowledge of host access control (HAC) systems and software
  • K0717: Knowledge of network access control (NAC) systems and software
  • K0718: Knowledge of network communications principles and practices
  • K0723: Knowledge of vulnerability data sources
  • K0724: Knowledge of incident response principles and practices
  • K0725: Knowledge of incident response tools and techniques
  • K0726: Knowledge of incident handling tools and techniques
  • K0728: Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices
  • K0729: Knowledge of non-repudiation principles and practices
  • K0730: Knowledge of cyber safety principles and practices
  • K0731: Knowledge of systems security engineering (SSE) principles and practices
  • K0732: Knowledge of intrusion detection tools and techniques
  • K0736: Knowledge of information technology (IT) security principles and practices
  • K0742: Knowledge of identity and access management (IAM) principles and practices
  • K0743: Knowledge of new and emerging technologies
  • K0744: Knowledge of operating system (OS) systems and software
  • K0746: Knowledge of policy-based access controls
  • K0747: Knowledge of Risk Adaptive (Adaptable) Access Controls (RAdAC)
  • K0749: Knowledge of process engineering principles and practices
  • K0751: Knowledge of system threats
  • K0752: Knowledge of system vulnerabilities
  • K0756: Knowledge of security management principles and practices
  • K0757: Knowledge of system design tools and techniques
  • K0758: Knowledge of server administration principles and practices
  • K0759: Knowledge of client and server architecture
  • K0765: Knowledge of software engineering principles and practices
  • K0766: Knowledge of data asset management principles and practices
  • K0770: Knowledge of system administration principles and practices
  • K0772: Knowledge of systems testing and evaluation tools and techniques
  • K0773: Knowledge of telecommunications principles and practices
  • K0778: Knowledge of enterprise information technology (IT) architecture principles and practices
  • K0779: Knowledge of systems engineering processes
  • K0781: Knowledge of virtual private network (VPN) systems and software
  • K0783: Knowledge of network attack characteristics
  • K0784: Knowledge of insider threat laws and regulations
  • K0785: Knowledge of insider threat tools and techniques
  • K0788: Knowledge of adversarial tactics principles and practices
  • K0789: Knowledge of adversarial tactics tools and techniques
  • K0790: Knowledge of adversarial tactics policies and procedures
  • K0791: Knowledge of defense-in-depth principles and practices
  • K0792: Knowledge of network configurations
  • K0793: Knowledge of file extensions
  • K0805: Knowledge of command-line tools and techniques
  • K0812: Knowledge of digital communication systems and software
  • K0813: Knowledge of interpreted and compiled programming language characteristics
  • K0815: Knowledge of intelligence collection management processes
  • K0816: Knowledge of front-end intelligence collection systems and software
  • K0829: Knowledge of account creation policies and procedures
  • K0830: Knowledge of password policies and procedures
  • K0831: Knowledge of network attack vectors
  • K0832: Knowledge of cyberattack characteristics
  • K0833: Knowledge of cyberattack actor characteristics
  • K0837: Knowledge of hardening tools and techniques
  • K0840: Knowledge of hardware reverse engineering tools and techniques
  • K0842: Knowledge of software reverse engineering tools and techniques
  • K0844: Knowledge of cyber attack stages
  • K0845: Knowledge of cyber intrusion activity phases
  • K0848: Knowledge of network systems management principles and practices
  • K0849: Knowledge of network systems management tools and techniques
  • K0851: Knowledge of reverse engineering principles and practices
  • K0859: Knowledge of encryption tools and techniques
  • K0860: Knowledge of malware signature principles and practices
  • K0861: Knowledge of network port capabilities and applications
  • K0870: Knowledge of enterprise architecture (EA) reference models and frameworks
  • K0871: Knowledge of enterprise architecture (EA) principles and practices
  • K0877: Knowledge of application firewall principles and practices
  • K0878: Knowledge of network firewall principles and practices
  • K0879: Knowledge of industry cybersecurity models and frameworks
  • K0880: Knowledge of access control models and frameworks
  • K0891: Knowledge of the Open Systems Interconnect (OSI) reference model
  • K0892: Knowledge of cyber defense laws and regulations
  • K0915: Knowledge of network architecture principles and practices
  • K0917: Knowledge of Personally Identifiable Information (PII) data security standards and best practices
  • K0918: Knowledge of Payment Card Industry (PCI) data security standards and best practices
  • K0919: Knowledge of Personal Health Information (PHI) data security standards and best practices
  • K0924: Knowledge of network analysis tools and techniques
  • K0928: Knowledge of systems engineering principles and practices
  • K0937: Knowledge of countermeasure design principles and practices
  • K0938: Knowledge of network mapping principles and practices
  • K0939: Knowledge of packet-level analysis tools and techniques
  • K0940: Knowledge of subnet tools and techniques
  • K0942: Knowledge of cryptology principles and practices
  • K0947: Knowledge of computer engineering principles and practices
  • K0948: Knowledge of embedded systems and software
  • K0950: Knowledge of Intrusion Detection System (IDS) tools and techniques
  • K0951: Knowledge of Intrusion Prevention System (IPS) tools and techniques
  • K0955: Knowledge of penetration testing principles and practices
  • K0956: Knowledge of penetration testing tools and techniques
  • K0962: Knowledge of targeting laws and regulations
  • K0963: Knowledge of exploitation laws and regulations
  • K0969: Knowledge of cyber-attack tools and techniques
  • K0983: Knowledge of computer networking principles and practices
  • K1014: Knowledge of network security principles and practices
  • K1079: Knowledge of web application security risks
  • K1089: Knowledge of protocol analyzer tools and techniques
  • K1108: Knowledge of traceroute tools and techniques
  • K1131: Knowledge of cyber defense monitoring tools
  • K1132: Knowledge of cyber defense system analysis tools
  • K1144: Knowledge of data correlation tools and techniques
  • K1168: Knowledge of intrusion set tools and techniques
  • K1176: Knowledge of network topologies
  • K1181: Knowledge of organizational cybersecurity incident response plans
  • K1193: Knowledge of packet analysis tools and techniques
  • S0156: Skill in performing packet-level analysis
  • S0483: Skill in identifying software communications vulnerabilities
  • S0490: Skill in recreating network topologies
  • S0509: Skill in evaluating security products
  • S0543: Skill in scanning for vulnerabilities
  • S0544: Skill in recognizing vulnerabilities
  • S0566: Skill in developing signatures
  • S0567: Skill in deploying signatures
  • S0572: Skill in detecting host- and network-based intrusions
  • S0574: Skill in developing security system controls
  • S0578: Skill in evaluating security designs
  • S0593: Skill in handling incidents
  • S0600: Skill in collecting relevant data from a variety of sources
  • S0614: Skill in categorizing types of vulnerabilities
  • S0627: Skill in reading signatures
  • S0651: Skill in performing malware analysis
  • S0667: Skill in assessing security controls
  • S0688: Skill in performing network data analysis
  • S0712: Skill in evaluating data source quality
  • S0722: Skill in interpreting traceroute results
  • S0755: Skill in reconstructing a network
  • S0809: Skill in utilizing cyber defense service provider information
  • S0838: Skill in identifying anomalous activities
  • S0839: Skill in identifying exploited system weaknesses
  • S0840: Skill in identifying misuse activities
  • S0846: Skill in monitoring system activity
  • S0854: Skill in performing data analysis
  • S0857: Skill in performing dynamic analysis
  • S0859: Skill in performing event correlation
  • S0863: Skill in performing incident analysis
  • S0866: Skill in performing log file analysis
  • S0867: Skill in performing malicious activity analysis
  • S0869: Skill in performing metadata analysis
  • S0872: Skill in performing network data flow analysis
  • S0873: Skill in performing network traffic analysis
  • S0874: Skill in performing network traffic analysis
  • S0875: Skill in performing network traffic packet analysis
  • S0885: Skill in performing system activity analysis
  • S0892: Skill in performing trend analysis