Operate and Maintain

Installs, configures, tests, operates, maintains, and manages networks and their firewalls, including hardware (e.g., hubs, bridges, switches, multiplexers, routers, cables, proxy servers, and protective distributor systems) and software that permit the sharing and transmission of all spectrum transmissions of information to support the security of information and information systems.

Below are the roles for this Specialty Area. Click each role to see the KSAs (Knowledge, Skills, and Abilities) and Tasks.

  • A0052: Ability to operate network equipment including hubs, routers, switches, bridges, servers, transmission media, and related hardware.
  • A0055: Ability to operate common network tools (e.g., ping, traceroute, nslookup).
  • A0058: Ability to execute OS command line (e.g., ipconfig, netstat, dir, nbtstat).
  • A0059: Ability to operate the organization's LAN/WAN pathways.
  • A0062: Ability to monitor measures or indicators of system performance and availability.
  • A0063: Ability to operate different electronic communication systems and methods (e.g., e-mail, VOIP, IM, web forums, Direct Video Broadcasts).
  • A0065: Ability to monitor traffic flows across the network.
  • A0159: Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute). 
  • K0001: Knowledge of computer networking concepts and protocols, and network security methodologies. 
  • K0002: Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). 
  • K0003: Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. 
  • K0004: Knowledge of cybersecurity and privacy principles. 
  • K0005: Knowledge of cyber threats and vulnerabilities. 
  • K0006: Knowledge of specific operational impacts of cybersecurity lapses. 
  • K0010: Knowledge of communication methods, principles, and concepts that support the network infrastructure. 
  • K0011: Knowledge of capabilities and applications of network equipment including routers, switches, bridges, servers, transmission media, and related hardware. 
  • K0029: Knowledge of organization's Local and Wide Area Network connections. 
  • K0038: Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
  • K0049: Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption). 
  • K0050: Knowledge of local area and wide area networking principles and concepts including bandwidth management. 
  • K0053: Knowledge of measures or indicators of system performance and availability.
  • K0061: Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • K0071: Knowledge of remote access technology concepts.
  • K0076: Knowledge of server administration and systems engineering theories, concepts, and methods.
  • K0093: Knowledge of telecommunications concepts (e.g., Communications channel, Systems Link Budgeting, Spectral efficiency, Multiplexing). 
  • K0104: Knowledge of Virtual Private Network (VPN) security.
  • K0108: Knowledge of concepts, terminology, and operations of a wide range of communications media (computer and telephone networks, satellite, fiber, wireless). 
  • K0111: Knowledge of network tools (e.g., ping, traceroute, nslookup) 
  • K0113: Knowledge of different types of network communication (e.g., LAN, WAN, MAN, WLAN, WWAN).
  • K0135: Knowledge of web filtering technologies.
  • K0136: Knowledge of the capabilities of different electronic communication systems and methods (e.g., e-mail, VOIP, IM, web forums, Direct Video Broadcasts).
  • K0137: Knowledge of the range of existing networks (e.g., PBX, LANs, WANs, WIFI, SCADA).
  • K0138: Knowledge of Wi-Fi.
  • K0159: Knowledge of Voice over IP (VoIP).
  • K0160: Knowledge of the common attack vectors on the network layer.
  • K0179: Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). 
  • K0180: Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools. 
  • K0200: Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
  • K0201: Knowledge of symmetric key rotation techniques and concepts.
  • K0203: Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
  • K0260: Knowledge of Personally Identifiable Information (PII) data security standards. 
  • K0261: Knowledge of Payment Card Industry (PCI) data security standards. 
  • K0262: Knowledge of Personal Health Information (PHI) data security standards. 
  • K0274: Knowledge of transmission records (e.g., Bluetooth, Radio Frequency Identification (RFID), Infrared Networking (IR), Wireless Fidelity (Wi-Fi). paging, cellular, satellite dishes, Voice over Internet Protocol (VoIP)), and jamming techniques that enable transmission of undesirable information, or prevent installed systems from operating correctly.
  • K0287: Knowledge of an organization's information classification program and procedures for information compromise. 
  • K0332: Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • K0622: Knowledge of controls related to the use, processing, storage, and transmission of data. 
  • S0004: Skill in analyzing network traffic capacity and performance characteristics.
  • S0035: Skill in establishing a routing schema.
  • S0040: Skill in implementing, maintaining, and improving established network security practices.
  • S0041: Skill in installing, configuring, and troubleshooting LAN and WAN components such as routers, hubs, and switches.
  • S0056: Skill in using network management tools to analyze network traffic patterns (e.g., simple network management protocol).
  • S0077: Skill in securing network communications.
  • S0079: Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters). 
  • S0084: Skill in configuring and utilizing network protection components (e.g., Firewalls, VPNs, network intrusion detection systems).
  • S0150: Skill in implementing and testing network infrastructure contingency and recovery plans.
  • S0162: Skill in sub-netting.
  • S0170: Skill in configuring and utilizing computer protection components (e.g., hardware firewalls, servers, routers, as appropriate).
  • T0035: Configure and optimize network hubs, routers, and switches (e.g., higher-level protocols, tunneling).
  • T0065: Develop and implement network backup and recovery procedures.
  • T0081: Diagnose network connectivity problem.
  • T0121: Implement new system design procedures, test procedures, and quality standards.
  • T0125: Install and maintain network infrastructure device operating system software (e.g., IOS, firmware).
  • T0126: Install or replace network hubs, routers, and switches.
  • T0129: Integrate new systems into existing network architecture.
  • T0153: Monitor network capacity and performance.
  • T0160: Patch network vulnerabilities to ensure that information is safeguarded against outside parties.
  • T0200: Provide feedback on network requirements, including network architecture and infrastructure.
  • T0232: Test and maintain network infrastructure including software and hardware devices.
  • Capability Indicators for Network Operations Specialist
    Category Entry Intermediate Advanced
    Credentials/Certifications
    • Recommended: Not essential but may be beneficial
    • Example Types: N/A
    • Example Topics: Certifications addressing managing, maintaining, troubleshooting, installing, configuring basic network infrastructure; vendor certifications
    • Recommended: Not essential but may be beneficial
    • Example Types: N/A
    • Example Topics: Vendor certifications; Certifications addressing system security, network infrastructure, access control, cryptography, assessments and audits, and organizational security
    • Recommended: Yes
    • Example Topics: Certifications addressing system security, network infrastructure, access control, cryptography, assessments and audits, and organizational security
    Continuous Learning
    • Recommended: Yes
    • Examples: 40 hours annually (may include shadowing)
    • Recommended: Yes
    • Examples: 40 hours annually (may include virtual learning—workshops, training, webinars)
    • Recommended: Yes
    • Examples: 40 hours annually (may include virtual learning—workshops, training, webinars; role rotations)
    Education
    • Recommended: N/A
    • Example Types: N/A
    • Example Topics: N/A
    • Recommended: Not essential but may be beneficial
    • Example Types: Associate's (certifications addressing information systems security, advanced systems management may substitute for education)
    • Example Topics: Computer science, cybersecurity, information technology, software engineering, information systems, and computer engineering
    • Recommended: Yes
    • Example Types: Bachelor's, Master's, Ph.D. (certifications addressing the following topics may substitute for education: analysis, assessment, control, mitigation, and management of risk within a federal management and acquisition framework that contain personal data; identification, implementation, and integration management, acquisition and administrative risk methodologies for securing critical and sensitive information infrastructures)
    • Example Topics: Computer science, cybersecurity, information technology, software engineering, information systems, and computer engineering
    Experiential Learning
    • Recommended: Yes
    • Examples: 0-3 years of experience in information security
    • Recommended: Yes
    • Examples: 4-9 years of experience in information security and/or automated digital network systems (ADNS)
    • Recommended: Yes
    • Examples: 7-10+ years of experience, experience directly performing configurations and security implementation on LAN and WAN equipment
    Training
    • Recommended: Yes
    • Example Types: N/A
    • Example Topics: Strategic satellite communications systems, operating system functionality, OSI networking model, hardware components, and client and server relationships
    • Recommended: Yes
    • Example Types: N/A
    • Example Topics: Classroom or distributed learning with access to virtually emulated or physical devices, transmission systems, frequency management, support communications, replacement program system operations, strategic satellite communications systems, cyber operations, network operations and technology, business acumen and knowledge of customer/operational requirements, broad understanding of operating system functionality, OSI networking model, hardware components, client/server relationships, and the interrelationship of multiple disparate IT systems
    • Recommended: Yes
    • Example Types: N/A
    • Example Topics: Classroom or distributed learning with access to virtually emulated or physical devices, self or instructor-led training in the areas of LAN, WAN architectures and network security, transmission systems, frequency management, support communications, replacement program system operations, strategic satellite communications systems, cyber operations, network operations and technology, business acumen and knowledge of customer/operational requirements, broad understanding of operating system functionality, OSI networking model, hardware components, client/server relationships, and the interrelationship of multiple disparate IT systems