Protect and Defend

Tests, implements, deploys, maintains, reviews, and administers the infrastructure hardware and software that are required to effectively manage the computer network defense service provider network and resources. Monitors network to actively remediate unauthorized activities.

Below are the roles for this Specialty Area. Click each role to see the KSAs (Knowledge, Skills, and Abilities) and Tasks.

  • A0123: Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). 
  • K0001: Knowledge of computer networking concepts and protocols, and network security methodologies. 
  • K0002: Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). 
  • K0003: Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. 
  • K0004: Knowledge of cybersecurity and privacy principles. 
  • K0005: Knowledge of cyber threats and vulnerabilities. 
  • K0006: Knowledge of specific operational impacts of cybersecurity lapses. 
  • K0021: Knowledge of data backup and recovery. 
  • K0033: Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists). 
  • K0042: Knowledge of incident response and handling methodologies. 
  • K0044: Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). 
  • K0058: Knowledge of network traffic analysis methods. 
  • K0061: Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • K0062: Knowledge of packet-level analysis.
  • K0104: Knowledge of Virtual Private Network (VPN) security.
  • K0106: Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities. 
  • K0135: Knowledge of web filtering technologies.
  • K0157: Knowledge of cyber defense and information security policies, procedures, and regulations. 
  • K0179: Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). 
  • K0205: Knowledge of basic system, network, and OS hardening techniques.
  • K0258: Knowledge of test procedures, principles, and methodologies (e.g., Capabilities and Maturity Model Integration (CMMI)).
  • K0274: Knowledge of transmission records (e.g., Bluetooth, Radio Frequency Identification (RFID), Infrared Networking (IR), Wireless Fidelity (Wi-Fi). paging, cellular, satellite dishes, Voice over Internet Protocol (VoIP)), and jamming techniques that enable transmission of undesirable information, or prevent installed systems from operating correctly.
  • K0324: Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.
  • K0332: Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • K0334: Knowledge of network traffic analysis (tools, methodologies, processes).
  • S0007: Skill in applying host/network access controls (e.g., access control list).
  • S0053: Skill in tuning sensors.
  • S0054: Skill in using incident handling methodologies.
  • S0059: Skill in using Virtual Private Network (VPN) devices and encryption.
  • S0077: Skill in securing network communications.
  • S0079: Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters). 
  • S0121: Skill in system, network, and OS hardening techniques. (e.g., remove unnecessary services, password policies, network segmentation, enable logging, least privilege, etc.). 
  • S0124: Skill in troubleshooting and diagnosing cyber defense infrastructure anomalies and work through resolution.
  • S0367: Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). 
  • T0042: Coordinate with Cyber Defense Analysts to manage and administer the updating of rules and signatures (e.g., intrusion detection/protection systems, antivirus, and content blacklists) for specialized cyber defense applications.
  • T0180: Perform system administration on specialized cyber defense applications and systems (e.g., antivirus, audit and remediation) or Virtual Private Network (VPN) devices, to include installation, configuration, maintenance, backup, and restoration.
  • T0261: Assist in identifying, prioritizing, and coordinating the protection of critical cyber defense infrastructure and key resources.
  • T0335: Build, install, configure, and test dedicated cyber defense hardware.
  • T0348: Assist in assessing the impact of implementing and sustaining a dedicated cyber defense infrastructure.
  • T0420: Administer test bed(s), and test and evaluate applications, hardware infrastructure, rules/signatures, access controls, and configurations of platforms managed by service provider(s).
  • T0438: Create, edit, and manage network access control lists on specialized cyber defense systems (e.g., firewalls and intrusion prevention systems).
  • T0483: Identify potential conflicts with implementation of any cyber defense tools (e.g., tool and signature testing and optimization).
  • T0486: Implement Risk Management Framework (RMF)/Security Assessment and Authorization (SA&A) requirements for dedicated cyber defense systems within the enterprise, and document and maintain records for them.
  • Capability Indicators for Cyber Defense Infrastructure Support Specialist
    Category Entry Intermediate Advanced
    Credentials/Certifications
    • Recommended: Yes
    • Example Types: N/A
    • Example Topics: Certifications addressing authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, system security, network infrastructure, access control, cryptography, assessments and audits, organizational security
    • Recommended: Yes
    • Example Types: N/A
    • Example Topics: Certifications addressing system security, network infrastructure, access control, cryptography, assessments and audits, organizational security, information security, information systems, network security, information assurance, troubleshooting, security operations, cryptography
    • Recommended: Yes
    • Example Topics: Certifications addressing security and risk management, asset security, security engineering, communications and network security, identity and access management, security assessment and testing, security operations, software development security, information security governance, security program development and management, information security incident management, information security, information systems, network security, information assurance, troubleshooting, security operations, cryptography
    Continuous Learning
    • Recommended: Yes
    • Examples: 40 hours annually (may include participation in annual security conferences)
    • Recommended: Yes
    • Examples: 40 hours annually (may include participation in annual security conferences)
    • Recommended: Yes
    • Examples: 40 hours annually (may include participation in annual security conferences)
    Education
    • Recommended: Not essential but may be beneficial
    • Example Types: Associate's, Bachelor's
    • Example Topics: Computer science, cybersecurity, information technology, software engineering, information systems, computer engineering
    • Recommended: Yes
    • Example Types: Bachelor's
    • Example Topics: Computer science, cybersecurity, information technology, software engineering, information systems, computer engineering
    • Recommended: Yes
    • Example Types: Master's, Ph.D.
    • Example Topics: Computer science, cybersecurity, information technology, software engineering, information systems, computer engineering
    Experiential Learning
    • Recommended: Yes
    • Examples: Network infrastructure, firewalls, IDS/IPS, application proxies, systems administration, network storage, enterprise authentication, backups and data retention, information assurance
    • Recommended: Yes
    • Examples: Network infrastructure, firewalls, IDS/IPS, application proxies, systems administration, network storage, enterprise authentication, backups and data retention, information assurance
    • Recommended: Yes
    • Examples: Network infrastructure, firewalls, IDS/IPS, application proxies, systems administration, network storage, enterprise authentication, backups and data retention
    Training
    • Recommended: Yes
    • Example Types: N/A
    • Example Topics: System administrator, basic cyber analyst/operator training, security essentials, intermediate cyber, hunt methodologies
    • Recommended: Yes
    • Example Types: N/A
    • Example Topics: Network security vulnerability, advanced network analysis, basic cyber analysis/operations, network traffic analysis, Intermediate cyber, hunt methodologies
    • Recommended: Yes
    • Example Types: N/A
    • Example Topics: Industry-standard training (focused in one of the certifications areas listed in the credential/certifications section)