• Cyber Ops Planner

    Work Role ID: CO-OPL-002
    Develops detailed plans for the conduct or support of the applicable range of cyber operations through collaboration with other planners, operators and/or analysts. Participates in targeting selection, validation, synchronization, and enables integration during the execution of cyber actions.
    Category: Collect and Operate
    Specialty Area: Cyber Operational Planning

Abilities

  • A0013: Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
  • A0066: Ability to accurately and completely source all data used in intelligence, assessment and/or planning products.
  • A0067: Ability to adjust to and operate in a diverse, unpredictable, challenging, and fast-paced work environment.
  • A0068: Ability to apply approved planning development and staffing processes.
  • A0070: Ability to apply critical reading/thinking skills.
  • A0074: Ability to collaborate effectively with others.
  • A0077: Ability to coordinate cyber operations with other organization functions or support activities.
  • A0081: Ability to develop or recommend planning solutions to problems and situations for which no precedent exists.
  • A0082: Ability to effectively collaborate via virtual teams.
  • A0085: Ability to exercise judgment when policies are not well-defined.
  • A0089: Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—to leverage analytical and technical expertise.
  • A0090: Ability to identify external partners with common cyber operations interests.
  • A0094: Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives.
  • A0096: Ability to interpret and understand complex and rapidly evolving concepts.
  • A0098: Ability to participate as a member of planning teams, coordination groups, and task forces as necessary.
  • A0105: Ability to tailor technical and planning information to a customer’s level of understanding.

Knowledge

  • K0001: Knowledge of computer networking concepts and protocols, and network security methodologies. 
  • K0002: Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). 
  • K0003: Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. 
  • K0004: Knowledge of cybersecurity and privacy principles. 
  • K0005: Knowledge of cyber threats and vulnerabilities. 
  • K0006: Knowledge of specific operational impacts of cybersecurity lapses. 
  • K0036: Knowledge of human-computer interaction principles.
  • K0108: Knowledge of concepts, terminology, and operations of a wide range of communications media (computer and telephone networks, satellite, fiber, wireless). 
  • K0109: Knowledge of physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage). 
  • K0347: Knowledge and understanding of operational design.
  • K0349: Knowledge of website types, administration, functions, and content management system (CMS). 
  • K0350: Knowledge of accepted organization planning systems.
  • K0352: Knowledge of forms of intelligence support needs, topics, and focus areas. 
  • K0362: Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.).
  • K0377: Knowledge of classification and control markings standards, policies and procedures. 
  • K0379: Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc.
  • K0392: Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.).
  • K0395: Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.).
  • K0399: Knowledge of crisis action planning and time sensitive planning procedures.
  • K0400: Knowledge of crisis action planning for cyber operations.
  • K0403: Knowledge of cryptologic capabilities, limitations, and contributions to cyber operations.
  • K0408: Knowledge of cyber actions (i.e. cyber defense, information gathering, environment preparation, cyber-attack) principles, capabilities, limitations, and effects.
  • K0411: Knowledge of cyber laws and legal considerations and their effect on cyber planning.
  • K0414: Knowledge of cyber operations support or enabling processes.
  • K0417: Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).
  • K0422: Knowledge of deconfliction processes and procedures.
  • K0431: Knowledge of evolving/emerging communications technologies.
  • K0432: Knowledge of existing, emerging, and long-range issues related to cyber operations strategy, policy, and organization.
  • K0435: Knowledge of fundamental cyber concepts, principles, limitations, and effects.
  • K0436: Knowledge of fundamental cyber operations concepts, terminology/lexicon (i.e., environment preparation, cyber-attack, cyber defense), principles, capabilities, limitations, and effects.
  • K0444: Knowledge of how Internet applications work (SMTP email, web-based email, chat clients, VOIP).
  • K0445: Knowledge of how modern digital and telephony networks impact cyber operations.
  • K0446: Knowledge of how modern wireless communications systems impact cyber operations.
  • K0455: Knowledge of information security concepts, facilitating technologies and methods.
  • K0464: Knowledge of intelligence support to planning, execution, and assessment.
  • K0465: Knowledge of internal and external partner cyber operations capabilities and tools.
  • K0471: Knowledge of Internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering).
  • K0480: Knowledge of malware.
  • K0494: Knowledge of objectives, situation, operational environment, and the status and disposition of internal and external partner collection capabilities available to support planning.
  • K0497: Knowledge of operational effectiveness assessment.
  • K0499: Knowledge of operations security.
  • K0501: Knowledge of organization cyber operations programs, strategies, and resources.
  • K0502: Knowledge of organization decision support tools and/or methods.
  • K0504: Knowledge of organization issues, objectives, and operations in cyber as well as regulations and policy directives governing cyber operations.
  • K0506: Knowledge of organization objectives, leadership priorities, and decision-making risks.
  • K0507: Knowledge of organization or partner exploitation of digital networks.
  • K0508: Knowledge of organization policies and planning concepts for partnering with internal and/or external organizations.
  • K0511: Knowledge of organizational hierarchy and cyber decision-making processes.
  • K0512: Knowledge of organizational planning concepts.
  • K0514: Knowledge of organizational structures and associated intelligence capabilities.
  • K0516: Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.
  • K0518: Knowledge of planning activity initiation.
  • K0519: Knowledge of planning timelines adaptive, crisis action, and time-sensitive planning.
  • K0525: Knowledge of required intelligence planning products associated with cyber operational planning.
  • K0534: Knowledge of staff management, assignment, and allocation processes.
  • K0538: Knowledge of target and threat organization structures, critical capabilities, and critical vulnerabilities
  • K0556: Knowledge of telecommunications fundamentals.
  • K0560: Knowledge of the basic structure, architecture, and design of modern communication networks.
  • K0561: Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).
  • K0565: Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.
  • K0566: Knowledge of the critical information requirements and how they're used in planning.
  • K0572: Knowledge of the functions and capabilities of internal teams that emulate threat activities to benefit the organization.
  • K0576: Knowledge of the information environment.
  • K0582: Knowledge of the organizational planning and staffing process.
  • K0585: Knowledge of the organizational structure as it pertains to full spectrum cyber operations, including the functions, responsibilities, and interrelationships among distinct internal elements.
  • K0586: Knowledge of the outputs of course of action and exercise analysis.
  • K0589: Knowledge of the process used to assess the performance and impact of operations.
  • K0590: Knowledge of the processes to synchronize operational assessment procedures with the critical information requirement process.
  • K0593: Knowledge of the range of cyber operations and their underlying intelligence support needs, topics, and focus areas.
  • K0594: Knowledge of the relationships between end states, objectives, effects, lines of operation, etc.
  • K0597: Knowledge of the role of network operations in supporting and facilitating other organization operations.
  • K0598: Knowledge of the structure and intent of organization specific plans, guidance and authorizations.
  • K0599: Knowledge of the structure, architecture, and design of modern digital and telephony networks.
  • K0603: Knowledge of the ways in which targets or threats use the Internet.
  • K0610: Knowledge of virtualization products (VMware, Virtual PC).
  • K0612: Knowledge of what constitutes a “threat” to a network.
  • K0614: Knowledge of wireless technologies (e.g., cellular, satellite, GSM) to include the basic structure, architecture, and design of modern wireless communications systems.

Skills

  • S0176: Skill in administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures.
  • S0185: Skill in applying analytical methods typically employed to support planning and to justify recommended strategies and courses of action.
  • S0186: Skill in applying crisis planning procedures.
  • S0209: Skill in developing and executing comprehensive cyber operations assessment programs for assessing and validating operational performance characteristics.
  • S0213: Skill in documenting and communicating complex technical and programmatic information.
  • S0218: Skill in evaluating information for reliability, validity, and relevance.
  • S0249: Skill in preparing and presenting briefings.
  • S0250: Skill in preparing plans and related correspondence.
  • S0273: Skill in reviewing and editing plans.
  • S0296: Skill in utilizing feedback to improve processes, products, and services.
  • S0297: Skill in utilizing virtual collaborative workspaces and/or tools (e.g., IWS, VTCs, chat rooms, SharePoint).
  • S0309: Skill to anticipate key target or threat activities which are likely to prompt a leadership decision.
  • S0312: Skill to apply the process used to assess the performance and impact of cyber operations.
  • S0322: Skill to craft indicators of operational progress/success.
  • S0326: Skill to distinguish between notional and actual resources and their applicability to the plan under development.
  • S0333: Skill to graphically depict decision support materials containing intelligence and partner capability estimates.
  • S0349: Skill to synchronize operational assessment procedures with the critical information requirement process.
  • S0360: Skill to analyze and assess internal and external partner cyber operations capabilities and tools. 

Tasks

  • T0563: Provide input to the analysis, design, development or acquisition of capabilities used for meeting objectives.
  • T0571: Apply expertise in policy and processes to facilitate the development, negotiation, and internal staffing of plans and/or memorandums of agreement.
  • T0579: Assess target vulnerabilities and/or operational capabilities to determine course of action.
  • T0581: Assist and advise interagency partners in identifying and developing best practices for facilitating operational support to achievement of organization objectives.
  • T0592: Provide input to the identification of cyber-related success criteria.
  • T0622: Develop, review and implement all levels of planning guidance in support of cyber operations.
  • T0627: Contribute to crisis action planning for cyber operations.
  • T0628: Contribute to the development of the organization's decision support tools if necessary.
  • T0635: Coordinate with intelligence and cyber defense partners to obtain relevant essential information.
  • T0640: Use intelligence estimates to counter potential target actions.
  • T0648: Determine indicators (e.g., measures of effectiveness) that are best suited to specific cyber operation objectives.
  • T0654: Develop and maintain deliberate and/or crisis plans.
  • T0655: Develop and review specific cyber operations guidance for integration into broader planning activities.
  • T0658: Develop cyber operations plans and guidance to ensure that execution and resource allocation decisions align with organization objectives.
  • T0665: Develop or participate in the development of standards for providing, requesting, and/or obtaining support from external partners to synchronize cyber operations.
  • T0667: Develop potential courses of action.
  • T0670: Develop, implement, and recommend changes to appropriate planning procedures and policies.
  • T0672: Devise, document, and validate cyber operation strategy and planning documents.
  • T0679: Ensure operational planning efforts are effectively transitioned to current operations.
  • T0680: Ensure that intelligence planning activities are integrated and synchronized with operational planning timelines.
  • T0690: Evaluate intelligence estimates to support the planning cycle.
  • T0699: Facilitate interactions between internal and external partner decision makers to synchronize and integrate courses of action in support of objectives.
  • T0703: Gather and analyze data (e.g., measures of effectiveness) to determine effectiveness, and provide reporting for follow-on activities.
  • T0704: Incorporate cyber operations and communications security support plans into organization objectives.
  • T0719: Identify cyber intelligence gaps and shortfalls for cyber operational planning.
  • T0732: Integrate cyber planning/targeting efforts with other organizations.
  • T0733: Interpret environment preparations assessments to determine a course of action.
  • T0734: Issue requests for information.
  • T0739: Maintain relationships with internal and external partners involved in cyber planning or related areas.
  • T0741: Maintain situational awareness of cyber-related intelligence requirements and associated tasking.
  • T0742: Maintain situational awareness of partner capabilities and activities.
  • T0743: Maintain situational awareness to determine if changes to the operating environment require review of the plan.
  • T0747: Monitor and evaluate integrated cyber operations to identify opportunities to meet organization objectives.
  • T0763: Conduct long-range, strategic planning efforts with internal and external partners in cyber activities.
  • T0764: Provide subject matter expertise to planning efforts with internal and external cyber operations partners.
  • T0772: Prepare for and provide subject matter expertise to exercises.
  • T0787: Provide input for the development and refinement of the cyber operations objectives, priorities, strategies, plans, and programs.
  • T0791: Provide input to the administrative and logistical elements of an operational support plan.
  • T0795: Provide planning support between internal and external partners.
  • T0801: Recommend refinement, adaption, termination, and execution of operational plans as appropriate.
  • T0813: Review, approve, prioritize, and submit operational requirements for research, development, and/or acquisition of cyber capabilities.
  • T0823: Submit or respond to requests for deconfliction of cyber operations.
  • T0836: Document lessons learned that convey the results of events and/or exercises.

Capability Indicators

Capability Indicators for Cyber Ops Planner
Category Entry Intermediate Advanced
Credentials/Certifications
  • Recommended: Not essential but may be beneficial
  • Example Types: N/A
  • Example Topics: Certifications addressing new attack vectors (emphasis on cloud computing technology, mobile platforms, and tablet computers), new vulnerabilities, existing threats to operating environments, managing, maintaining, troubleshooting, installing, configuring basic network infrastructure
  • Recommended: Yes
  • Example Types: N/A
  • Example Topics: Certifications addressing system security, network infrastructure, access control, cryptography, assessments and audits, organizational security
  • Recommended: Yes
  • Example Topics: Certifications addressing security and risk management, asset security, security engineering, communications and network security, identity and access management, security assessment and testing, security operations, software development security
Continuous Learning
  • Recommended: Yes
  • Examples: 40 hours annually (may include mentoring, shadowing, conferences, webinars, or rotations)
  • Recommended: Yes
  • Examples: 40 hours annually (may include mentoring, shadowing, conferences, webinars, or rotations)
  • Recommended: Yes
  • Examples: 40 hours annually (may include mentoring, shadowing, conferences, webinars, or rotations)
Education
  • Recommended: Not essential but may be beneficial
  • Example Types: Associates
  • Example Topics: N/A
  • Recommended: Yes
  • Example Types: Bachelor's
  • Example Topics: N/A
  • Recommended: Yes
  • Example Types: Master's
  • Example Topics: N/A
Experiential Learning
  • Recommended: N/A
  • Examples: N/A
  • Recommended: N/A
  • Examples: N/A
  • Recommended: N/A
  • Examples: N/A
Training
  • Recommended: Not essential but may be beneficial
  • Example Types: N/A
  • Example Topics: Joint cyber analysis, joint advanced cyber warfare, cyber network operations
  • Recommended: Yes
  • Example Types: N/A
  • Example Topics: Advanced cyber warfare, network attack, cyber operations, information security, troubleshooting, information systems, business process, risk management, SQL, Unix
  • Recommended: Yes
  • Example Types: N/A
  • Example Topics: Advanced cyber warfare, network attacks, cyber operations, information security, troubleshooting, information systems, business process, risk management, SQL, Unix