Operate and Maintain

Addresses problems; installs, configures, troubleshoots, and provides maintenance and training in response to customer requirements or inquiries (e.g., tiered-level customer support). Typically provides initial incident information to the Incident Response (IR) Specialty.

Below are the roles for this Specialty Area. Click each role to see the KSAs (Knowledge, Skills, and Abilities) and Tasks.

  • A0025: Ability to accurately define incidents, problems, and events in the trouble ticketing system.
  • A0034: Ability to develop, update, and/or maintain standard operating procedures (SOPs).
  • A0122: Ability to design capabilities to find solutions to less common and more complex system problems. 
  • K0001: Knowledge of computer networking concepts and protocols, and network security methodologies. 
  • K0002: Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). 
  • K0003: Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. 
  • K0004: Knowledge of cybersecurity and privacy principles. 
  • K0005: Knowledge of cyber threats and vulnerabilities. 
  • K0006: Knowledge of specific operational impacts of cybersecurity lapses. 
  • K0053: Knowledge of measures or indicators of system performance and availability.
  • K0088: Knowledge of systems administration concepts.
  • K0109: Knowledge of physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage). 
  • K0114: Knowledge of electronic devices (e.g., computer systems/components, access control devices, digital cameras, digital scanners, electronic organizers, hard drives, memory cards, modems, network components, networked appliances, networked home control devices, printers, removable storage devices, telephones, copiers, facsimile machines, etc.). 
  • K0116: Knowledge of file extensions (e.g., .dll, .bat, .zip, .pcap, .gzip).
  • K0194: Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration. 
  • K0224: Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems. 
  • K0237: Knowledge of industry best practices for service desk.
  • K0242: Knowledge of organizational security policies.
  • K0247: Knowledge of remote access processes, tools, and capabilities related to customer support.
  • K0260: Knowledge of Personally Identifiable Information (PII) data security standards. 
  • K0261: Knowledge of Payment Card Industry (PCI) data security standards. 
  • K0262: Knowledge of Personal Health Information (PHI) data security standards. 
  • K0287: Knowledge of an organization's information classification program and procedures for information compromise. 
  • K0292: Knowledge of the operations and processes for incident, problem, and event management.
  • K0294: Knowledge of IT system operation, maintenance, and security needed to keep equipment functioning properly.
  • K0302: Knowledge of the basic operation of computers.
  • K0317: Knowledge of procedures used for documenting and querying reported incidents, problems, and events.
  • K0330: Knowledge of successful capabilities to identify the solutions to less common and more complex system problems.
  • S0039: Skill in identifying possible causes of degradation of system performance or availability and initiating actions needed to mitigate this degradation.
  • S0058: Skill in using the appropriate tools for repairing software, hardware, and peripheral equipment of a system.
  • S0142: Skill in conducting research for troubleshooting novel client-level problems.
  • S0159: Skill in configuring and validating network workstations and peripherals in accordance with approved standards and/or specifications.
  • S0365: Skill to design incident response for cloud service models. 
  • T0125: Install and maintain network infrastructure device operating system software (e.g., IOS, firmware).
  • T0237: Troubleshoot system hardware and software.
  • T0308: Analyze incident data for emerging trends.
  • T0315: Develop and deliver technical training to educate others or meet customer needs.
  • T0331: Maintain incident tracking and solution database.
  • T0468: Diagnose and resolve customer reported system incidents, problems, and events.
  • T0482: Make recommendations based on trend analysis for enhancements to software and hardware solutions to enhance customer experience.
  • T0491: Install and configure hardware, software, and peripheral equipment for system users in accordance with organizational standards.
  • T0494: Administer accounts, network rights, and access to systems and equipment.
  • T0496: Perform asset management/inventory of information technology (IT) resources.
  • T0502: Monitor and report client-level computer system performance.
  • T0530: Develop a trend analysis and impact report.
  • Capability Indicators for Technical Support Specialist
    Category Entry Intermediate Advanced
    Credentials/Certifications
    • Recommended: Not essential but may be beneficial
    • Example Types: N/A
    • Example Topics: Certifications addressing network infrastructure, mobile device integration, hardware evaluation, operating systems, technical support, managing, maintaining, troubleshooting, installing, configuring basic network infrastructure, authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and desktop hardware, software, and configurations
    • Recommended: Yes
    • Example Types: N/A
    • Example Topics: Certifications addressing access control theory, alternate network mapping techniques, authentication and password management, common types of attacks, contingency planning, critical security controls, concepts, crypto fundamentals, defense-in-depth, DNS, firewalls, honeypots, ICMP, incident handling fundamentals, intrusion detection overview, IP packets, IPS overview, IPv6, legal aspects of incident handling, Mitnick-Shimomura attack, network addressing, network fundamentals, network mapping and scanning, network protocol, policy framework, protecting data at rest, PKI, reading packets, risk management, securing server services, SIEM/Log management, steganography overview, TCP, UDP, virtual private networks, viruses and malicious code, vulnerability management overview, vulnerability scanning, web application security, auditing and forensics, network security overview, permissions and user rights, security templates and group policy, service packs, hotfixes and backups, active directory and group policy overview, wireless security, authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and desktop hardware, software, and configurations
    • Recommended: Yes
    • Example Topics: Certifications addressing network types, network media, switching fundamentals, TCP/IP, IP addressing and routing, WAN technologies, operating and configuring IOS devices, and managing network environments, system security, network infrastructure, access control, cryptography, assessments and audits, organizational security, focus on new attack vectors (emphasis on cloud computing technology, mobile platforms and tablet computers), new vulnerabilities, existing threats to operating environments, security and risk management, asset security, security engineering, communications and network security, identity and access management, security assessment and testing, security operations, software development security, enterprise security, risk management and incident response, research and analysis, integration of computing, communications and business disciplines as well as technical integration of enterprise components, and desktop hardware, software, and configurations
    Continuous Learning
    • Recommended: Not essential but may be beneficial
    • Examples: 40 hours annually (may include formal training, conferences, rotations, developing publications)
    • Recommended: Yes
    • Examples: 40 hours annually (may include formal training, conferences, rotations, developing publications)
    • Recommended: Yes
    • Examples: 40 hours annually (may include role rotations)
    Education
    • Recommended: Not essential but may be beneficial
    • Example Types: Associate's (certifications addressing information systems security may substitute for education)
    • Example Topics: Computer science, cybersecurity, information technology, software engineering, information systems, and computer engineering
    • Recommended: Not essential but may be beneficial
    • Example Types: Bachelor's (certifications addressing risk analysis may substitute for education)
    • Example Topics: Computer science, cybersecurity, information technology, software engineering, information systems, and computer engineering
    • Recommended: Not essential but may be beneficial
    • Example Types: Master's (certifications addressing risk analysis may substitute for education)
    • Example Topics: Computer science, cybersecurity, information technology, software engineering, information systems, and computer engineering
    Experiential Learning
    • Recommended: Not essential but may be beneficial
    • Examples: Experience in information assurance
    • Recommended: Not essential but may be beneficial
    • Examples: Experience in information assurance and networks
    • Recommended: Yes
    • Examples: 7+ years of experience directly performing configurations and security implementations on LAN and WAN equipment
    Training
    • Recommended: Not essential but may be beneficial
    • Example Types: N/A
    • Example Topics: Information assurance technician
    • Recommended: Not essential but may be beneficial
    • Example Types: N/A
    • Example Topics: System administrator, security essentials
    • Recommended: Yes
    • Example Types: N/A
    • Example Topics: Self- or instructor-led training in LAN, WAN architectures and network security, advanced network analysis