2
Events Played
Forensic Fox
@forensicfox
Blue-team player moonlighting in red-team CTFs. Memory forensics is the real game.
Links
GitHub
Discord: forensicfox#9001
Teams
- Packet Garden Captain
Career stats
1
Podium Finishes
900
Career Points
5
Career Solves
3
Career First Bloods
#3
Best Finish
Red Wire CTF 2025
Best Event
100%
Consistency Rating
Performance stats
Derived from imported solve data; metrics without source data are hidden.
5
Total Solves
900
Total Points
100%
Solve Rate
22.1 hr
Average Solve Time
27.0 hr
Median Solve Time
3
First Bloods
5
Unique Solves
4
Late-Game Solves
Competition stats
2
Competition entries
5
Challenge solves
900
Points from recorded solves
Category breakdown
| Category | Solves | Points |
|---|---|---|
| Forensics | 3 | 750 |
| Misc | 2 | 150 |
NICE/NIST framework stats
8
Task solves across 5 mapped items
7
Knowledge solves across 4 mapped items
1
Skill solve across 1 mapped item
Work role alignment & specialty area coverage
Derived from NICE TKSAs mapped to your solved challenges. Expand a specialty area to see which challenge categories contributed, then expand a work role to see the specific Tasks, Knowledge, and Skills you demonstrated.
PROTECTION and DEFENSE
45%
INVESTIGATION
29%
OVERSIGHT and GOVERNANCE
17%
DESIGN and DEVELOPMENT
7%
IMPLEMENTATION and OPERATION
2%
PROTECTION and DEFENSE 4 roles · 26 challenge hits 45%
Digital Forensics PD-WRL-002 9/182
Demonstrated — 9
Not yet demonstrated — 173
TASK
Perform file signature analysis
TASK
Perform data comparison against established database
TASK
Perform real-time forensic analysis (e.g., using Helix in conjunction with LiveView)
TASK
Perform timeline analysis
TASK
Perform static media analysis
TASK
Perform tier 1, 2, and 3 malware analysis
TASK
Perform Windows registry analysis
TASK
Determine the operational and safety impacts of cybersecurity lapses
TASK
Set up a forensic workstation
TASK
Identify anomalous network activity
TASK
Determine best methods for identifying the perpetrator(s) of a network intrusion
TASK
Identify intrusions
TASK
Document what is known about intrusions
TASK
Identify vulnerabilities
TASK
Recommend vulnerability remediation strategies
TASK
Create forensically sound duplicates of evidence
TASK
Decrypt seized data
TASK
Create technical summary of findings reports
TASK
Determine if digital media chain or custody processes meet Federal Rules of Evidence requirements
TASK
Determine relevance of recovered data
TASK
Identify digital evidence for analysis
TASK
Perform dynamic analysis on drives
TASK
Perform real-time cyber defense incident handling
TASK
Prepare digital media for imaging
TASK
Capture network traffic associated with malicious activities
TASK
Process digital evidence
TASK
Document digital evidence
TASK
Mitigate potential cyber defense incidents
TASK
Advise law enforcement personnel as technical expert
TASK
Scan digital media for viruses
TASK
Mount a drive image
TASK
Utilize deployable forensics toolkit
TASK
Validate intrusion detection system alerts
TASK
Correlate threat assessment data
TASK
Process forensic images
TASK
Perform file and registry monitoring on running systems
TASK
Enter digital media information into tracking databases
TASK
Correlate incident data
TASK
Prepare cyber defense toolkits
TASK
Preserve digital evidence
TASK
Recover information from forensic data sources
TASK
Prepare cyber defense reports
KNOWLEDGE
Knowledge of encryption algorithms
KNOWLEDGE
Knowledge of decryption
KNOWLEDGE
Knowledge of decryption tools and techniques
KNOWLEDGE
Knowledge of data repositories
KNOWLEDGE
Knowledge of computer networking protocols
KNOWLEDGE
Knowledge of risk management processes
KNOWLEDGE
Knowledge of cybersecurity laws and regulations
KNOWLEDGE
Knowledge of cybersecurity policies and procedures
KNOWLEDGE
Knowledge of privacy laws and regulations
KNOWLEDGE
Knowledge of privacy policies and procedures
KNOWLEDGE
Knowledge of cybersecurity principles and practices
KNOWLEDGE
Knowledge of privacy principles and practices
KNOWLEDGE
Knowledge of cybersecurity threats
KNOWLEDGE
Knowledge of cybersecurity vulnerabilities
KNOWLEDGE
Knowledge of cybersecurity threat characteristics
KNOWLEDGE
Knowledge of encryption algorithm capabilities and applications
KNOWLEDGE
Knowledge of data backup and recovery policies and procedures
KNOWLEDGE
Knowledge of enterprise cybersecurity architecture principles and practices
KNOWLEDGE
Knowledge of incident handling tools and techniques
KNOWLEDGE
Knowledge of operating system (OS) systems and software
KNOWLEDGE
Knowledge of system threats
KNOWLEDGE
Knowledge of system vulnerabilities
KNOWLEDGE
Knowledge of client and server architecture
KNOWLEDGE
Knowledge of server diagnostic tools and techniques
KNOWLEDGE
Knowledge of Fault Detection and Diagnostics (FDD) tools and techniques
KNOWLEDGE
Knowledge of system administration principles and practices
KNOWLEDGE
Knowledge of enterprise information technology (IT) architecture principles and practices
KNOWLEDGE
Knowledge of physical computer components
KNOWLEDGE
Knowledge of computer peripherals
KNOWLEDGE
Knowledge of defense-in-depth principles and practices
KNOWLEDGE
Knowledge of file extensions
KNOWLEDGE
Knowledge of file system implementation principles and practices
KNOWLEDGE
Knowledge of digital evidence seizure policies and procedures
KNOWLEDGE
Knowledge of digital evidence preservation policies and procedures
KNOWLEDGE
Knowledge of ethical hacking tools and techniques
KNOWLEDGE
Knowledge of evidence admissibility laws and regulations
KNOWLEDGE
Knowledge of chain of custody policies and procedures
KNOWLEDGE
Knowledge of persistent data principles and practices
KNOWLEDGE
Knowledge of machine virtualization tools and techniques
KNOWLEDGE
Knowledge of web mail tools and techniques
KNOWLEDGE
Knowledge of system file characteristics
KNOWLEDGE
Knowledge of deployable forensics principles and practices
KNOWLEDGE
Knowledge of digital communication systems and software
KNOWLEDGE
Knowledge of event correlation tools and techniques
KNOWLEDGE
Knowledge of hardening tools and techniques
KNOWLEDGE
Knowledge of hardware reverse engineering tools and techniques
KNOWLEDGE
Knowledge of software reverse engineering tools and techniques
KNOWLEDGE
Knowledge of data carving tools and techniques
KNOWLEDGE
Knowledge of reverse engineering principles and practices
KNOWLEDGE
Knowledge of anti-forensics tools and techniques
KNOWLEDGE
Knowledge of forensics lab design principles and practices
KNOWLEDGE
Knowledge of forensics lab design systems and software
KNOWLEDGE
Knowledge of debugging tools and techniques
KNOWLEDGE
Knowledge of filename extension abuse
KNOWLEDGE
Knowledge of malware analysis tools and techniques
KNOWLEDGE
Knowledge of virtual machine detection tools and techniques
KNOWLEDGE
Knowledge of encryption tools and techniques
KNOWLEDGE
Knowledge of enterprise architecture (EA) reference models and frameworks
KNOWLEDGE
Knowledge of enterprise architecture (EA) principles and practices
KNOWLEDGE
Knowledge of cyber defense laws and regulations
KNOWLEDGE
Knowledge of binary analysis tools and techniques
KNOWLEDGE
Knowledge of network architecture principles and practices
KNOWLEDGE
Knowledge of malware analysis principles and practices
KNOWLEDGE
Knowledge of operating system structures and internals
KNOWLEDGE
Knowledge of packet-level analysis tools and techniques
KNOWLEDGE
Knowledge of operational design principles and practices
KNOWLEDGE
Knowledge of targeting laws and regulations
KNOWLEDGE
Knowledge of exploitation laws and regulations
KNOWLEDGE
Knowledge of intelligence collection management tools and techniques
KNOWLEDGE
Knowledge of information searching tools and techniques
KNOWLEDGE
Knowledge of intelligence collection sources
KNOWLEDGE
Knowledge of computer networking principles and practices
KNOWLEDGE
Knowledge of reporting policies and procedures
KNOWLEDGE
Knowledge of network security principles and practices
KNOWLEDGE
Knowledge of code obfuscation tools and techniques
KNOWLEDGE
Knowledge of digital forensics principles and practices
KNOWLEDGE
Knowledge of virtual machine tools and technologies
KNOWLEDGE
Knowledge of web application security risks
KNOWLEDGE
Knowledge of media forensics
KNOWLEDGE
Knowledge of digital forensics tools and techniques
KNOWLEDGE
Knowledge of Chain of Custody (CoC) processes and procedures
KNOWLEDGE
Knowledge of data integrity principles and practices
KNOWLEDGE
Knowledge of digital evidence cataloging tools and techniques
KNOWLEDGE
Knowledge of digital evidence extraction tools and techniques
KNOWLEDGE
Knowledge of digital evidence handling principles and practices
KNOWLEDGE
Knowledge of digital evidence packaging tools and techniques
KNOWLEDGE
Knowledge of digital evidence preservation tools and techniques
KNOWLEDGE
Knowledge of forensic image processing tools and techniques
KNOWLEDGE
Knowledge of network monitoring tools and techniques
KNOWLEDGE
Knowledge of packet analysis tools and techniques
SKILL
Skill in performing packet-level analysis
SKILL
Skill in decrypting information
SKILL
Skill in developing virtual machines
SKILL
Skill in maintaining virtual machines
SKILL
Skill in finding system files
SKILL
Skill in recognizing digital forensics data
SKILL
Skill in identifying filename extension abuse
SKILL
Skill in processing digital forensic data
SKILL
Skill in performing intelligence collection analysis
SKILL
Skill in developing network infrastructure contingency and recovery plans
SKILL
Skill in testing network infrastructure contingency and recovery plans
SKILL
Skill in preparing reports
SKILL
Skill in preserving digital evidence integrity
SKILL
Skill in identifying forensics data in diverse media
SKILL
Skill in extracting forensics data in diverse media
SKILL
Skill in storing digital evidence
SKILL
Skill in manipulating operating system components
SKILL
Skill in collecting digital evidence
SKILL
Skill in processing digital evidence
SKILL
Skill in transporting digital evidence
SKILL
Skill in disassembling Personal Computers (PCs)
SKILL
Skill in performing digital forensics analysis
SKILL
Skill in performing binary analysis
SKILL
Skill in implementing one-way hash functions
SKILL
Skill in performing source code analysis
SKILL
Skill in performing volatile data analysis
SKILL
Skill in interpreting debugger results
SKILL
Skill in performing malware analysis
SKILL
Skill in performing bit-level analysis
SKILL
Skill in creating digital evidence copies
SKILL
Skill in implementing network infrastructure contingency and recovery plans
SKILL
Skill in administering operating systems
SKILL
Skill in collaborating with internal and external stakeholders
SKILL
Skill in performing data analysis
SKILL
Skill in performing digital evidence analysis
SKILL
Skill in performing dynamic analysis
SKILL
Skill in performing file system forensic analysis
SKILL
Skill in performing log file analysis
SKILL
Skill in performing network traffic packet analysis
SKILL
Skill in performing static analysis
SKILL
Skill in performing static malware analysis
Incident Response PD-WRL-003 3/107
Demonstrated — 3
Not yet demonstrated — 104
TASK
Perform cyber defense trend analysis and reporting
TASK
Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness)
TASK
Coordinate incident response functions
TASK
Determine the operational and safety impacts of cybersecurity lapses
TASK
Identify anomalous network activity
TASK
Identify potential threats to network resources
TASK
Resolve cyber defense incidents
TASK
Coordinate technical support to enterprise-wide cybersecurity defense technicians
TASK
Identify vulnerabilities
TASK
Recommend vulnerability remediation strategies
TASK
Perform cyber defense incident triage
TASK
Recommend incident remediation strategies
TASK
Determine the scope, urgency, and impact of cyber defense incidents
TASK
Perform forensically sound image collection
TASK
Recommend mitigation and remediation strategies for enterprise systems
TASK
Perform real-time cyber defense incident handling
TASK
Determine causes of network alerts
TASK
Track cyber defense incidents from initial detection through final resolution
TASK
Document cyber defense incidents from initial detection through final resolution
TASK
Produce incident findings reports
TASK
Communicate incident findings to appropriate constituencies
TASK
Mitigate potential cyber defense incidents
TASK
Advise law enforcement personnel as technical expert
TASK
Correlate threat assessment data
TASK
Prepare after action reviews (AARs)
TASK
Correlate incident data
TASK
Maintain currency of cyber defense threat conditions
TASK
Prepare cyber defense reports
KNOWLEDGE
Knowledge of computer networking protocols
KNOWLEDGE
Knowledge of risk management processes
KNOWLEDGE
Knowledge of cybersecurity laws and regulations
KNOWLEDGE
Knowledge of cybersecurity policies and procedures
KNOWLEDGE
Knowledge of privacy laws and regulations
KNOWLEDGE
Knowledge of privacy policies and procedures
KNOWLEDGE
Knowledge of cybersecurity principles and practices
KNOWLEDGE
Knowledge of privacy principles and practices
KNOWLEDGE
Knowledge of cybersecurity threats
KNOWLEDGE
Knowledge of cybersecurity vulnerabilities
KNOWLEDGE
Knowledge of cybersecurity threat characteristics
KNOWLEDGE
Knowledge of access control principles and practices
KNOWLEDGE
Knowledge of authentication and authorization tools and techniques
KNOWLEDGE
Knowledge of network infrastructure principles and practices
KNOWLEDGE
Knowledge of data backup and recovery policies and procedures
KNOWLEDGE
Knowledge of business continuity and disaster recovery (BCDR) policies and procedures
KNOWLEDGE
Knowledge of enterprise cybersecurity architecture principles and practices
KNOWLEDGE
Knowledge of host access control (HAC) systems and software
KNOWLEDGE
Knowledge of network access control (NAC) systems and software
KNOWLEDGE
Knowledge of network communications principles and practices
KNOWLEDGE
Knowledge of incident handling tools and techniques
KNOWLEDGE
Knowledge of intrusion detection tools and techniques
KNOWLEDGE
Knowledge of policy-based access controls
KNOWLEDGE
Knowledge of Risk Adaptive (Adaptable) Access Controls (RAdAC)
KNOWLEDGE
Knowledge of system threats
KNOWLEDGE
Knowledge of system vulnerabilities
KNOWLEDGE
Knowledge of system administration principles and practices
KNOWLEDGE
Knowledge of enterprise information technology (IT) architecture principles and practices
KNOWLEDGE
Knowledge of network attack characteristics
KNOWLEDGE
Knowledge of defense-in-depth principles and practices
KNOWLEDGE
Knowledge of account creation policies and procedures
KNOWLEDGE
Knowledge of password policies and procedures
KNOWLEDGE
Knowledge of cyberattack characteristics
KNOWLEDGE
Knowledge of cyberattack actor characteristics
KNOWLEDGE
Knowledge of hardening tools and techniques
KNOWLEDGE
Knowledge of cyber attack stages
KNOWLEDGE
Knowledge of cyber intrusion activity phases
KNOWLEDGE
Knowledge of malware analysis tools and techniques
KNOWLEDGE
Knowledge of data classification standards and best practices
KNOWLEDGE
Knowledge of data classification tools and techniques
KNOWLEDGE
Knowledge of enterprise architecture (EA) reference models and frameworks
KNOWLEDGE
Knowledge of enterprise architecture (EA) principles and practices
KNOWLEDGE
Knowledge of the Open Systems Interconnect (OSI) reference model
KNOWLEDGE
Knowledge of cloud service models and frameworks
KNOWLEDGE
Knowledge of network architecture principles and practices
KNOWLEDGE
Knowledge of malware analysis principles and practices
KNOWLEDGE
Knowledge of network analysis tools and techniques
KNOWLEDGE
Knowledge of data classification policies and procedures
KNOWLEDGE
Knowledge of cyber-attack tools and techniques
KNOWLEDGE
Knowledge of computer networking principles and practices
KNOWLEDGE
Knowledge of network security principles and practices
KNOWLEDGE
Knowledge of routing protocols
KNOWLEDGE
Knowledge of web application security risks
SKILL
Skill in securing network communications
SKILL
Skill in performing damage assessments
SKILL
Skill in identifying software communications vulnerabilities
SKILL
Skill in evaluating security products
SKILL
Skill in recognizing vulnerabilities
SKILL
Skill in identifying malware
SKILL
Skill in capturing malware
SKILL
Skill in containing malware
SKILL
Skill in reporting malware
SKILL
Skill in detecting host- and network-based intrusions
SKILL
Skill in preserving digital evidence integrity
SKILL
Skill in collecting digital evidence
SKILL
Skill in processing digital evidence
SKILL
Skill in transporting digital evidence
SKILL
Skill in categorizing types of vulnerabilities
SKILL
Skill in protecting a network against malware
SKILL
Skill in performing malware analysis
SKILL
Skill in performing network data analysis
SKILL
Skill in designing incident responses
SKILL
Skill in performing incident responses
SKILL
Skill in collaborating with internal and external stakeholders
SKILL
Skill in performing data analysis
SKILL
Skill in performing log file analysis
Defensive Cybersecurity PD-WRL-001 2/206
Demonstrated — 2
Not yet demonstrated — 204
TASK
Develop content for cyber defense tools
TASK
Perform cyber defense trend analysis and reporting
TASK
Recommend computing environment vulnerability corrections
TASK
Identify network mapping and operating system (OS) fingerprinting activities
TASK
Determine the operational and safety impacts of cybersecurity lapses
TASK
Review cyber defense service provider reporting structure
TASK
Identify anomalous network activity
TASK
Identify potential threats to network resources
TASK
Validate network alerts
TASK
Recommend vulnerability remediation strategies
TASK
Determine if cybersecurity-enabled products reduce identified risk to acceptable levels
TASK
Determine if security control technologies reduce identified risk to acceptable levels
TASK
Document cybersecurity incidents
TASK
Escalate incidents that may cause ongoing and immediate impact to the environment
TASK
Determine the effectiveness of an observed attack
TASK
Recommend risk mitigation strategies
TASK
Recommend system modifications
TASK
Communicate daily network event and activity reports
TASK
Determine causes of network alerts
TASK
Detect cybersecurity attacks and intrusions
TASK
Distinguish between benign and potentially malicious cybersecurity attacks and intrusions
TASK
Communicate cybersecurity attacks and intrusions alerts
TASK
Perform continuous monitoring of system activity
TASK
Determine impact of malicious activity on systems and information
TASK
Establish intrusion set procedures
TASK
Analyze network traffic anomalies
TASK
Validate intrusion detection system alerts
TASK
Isolate malware
TASK
Remove malware
TASK
Identify network device applications and operating systems
TASK
Reconstruct malicious attacks
TASK
Construct cyber defense network tool signatures
TASK
Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cybersecurity incidents
TASK
Analyze organizational cybersecurity posture trends
TASK
Develop organizational cybersecurity posture trend reports
TASK
Develop system security posture trend reports
TASK
Determine adequacy of access controls
TASK
Maintain currency of cyber defense threat conditions
TASK
Determine effectiveness of system implementation and testing processes
TASK
Recommend threat and vulnerability risk mitigation strategies
TASK
Advise stakeholders on vulnerability compliance
TASK
Resolve computer security incidents
TASK
Advise stakeholders on disaster recovery, contingency, and continuity of operations plans
KNOWLEDGE
Knowledge of encryption algorithms
KNOWLEDGE
Knowledge of programming language structures and logic
KNOWLEDGE
Knowledge of computer networking protocols
KNOWLEDGE
Knowledge of risk management processes
KNOWLEDGE
Knowledge of cybersecurity laws and regulations
KNOWLEDGE
Knowledge of cybersecurity policies and procedures
KNOWLEDGE
Knowledge of privacy laws and regulations
KNOWLEDGE
Knowledge of privacy policies and procedures
KNOWLEDGE
Knowledge of cybersecurity principles and practices
KNOWLEDGE
Knowledge of privacy principles and practices
KNOWLEDGE
Knowledge of cybersecurity threats
KNOWLEDGE
Knowledge of cybersecurity vulnerabilities
KNOWLEDGE
Knowledge of cybersecurity threat characteristics
KNOWLEDGE
Knowledge of access control principles and practices
KNOWLEDGE
Knowledge of authentication and authorization tools and techniques
KNOWLEDGE
Knowledge of network infrastructure principles and practices
KNOWLEDGE
Knowledge of cyber defense tools and techniques
KNOWLEDGE
Knowledge of vulnerability assessment tools and techniques
KNOWLEDGE
Knowledge of computer algorithm capabilities and applications
KNOWLEDGE
Knowledge of cryptographic key management principles and practices
KNOWLEDGE
Knowledge of database systems and software
KNOWLEDGE
Knowledge of enterprise cybersecurity architecture principles and practices
KNOWLEDGE
Knowledge of host access control (HAC) systems and software
KNOWLEDGE
Knowledge of network access control (NAC) systems and software
KNOWLEDGE
Knowledge of network communications principles and practices
KNOWLEDGE
Knowledge of vulnerability data sources
KNOWLEDGE
Knowledge of incident handling tools and techniques
KNOWLEDGE
Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices
KNOWLEDGE
Knowledge of non-repudiation principles and practices
KNOWLEDGE
Knowledge of cyber safety principles and practices
KNOWLEDGE
Knowledge of systems security engineering (SSE) principles and practices
KNOWLEDGE
Knowledge of intrusion detection tools and techniques
KNOWLEDGE
Knowledge of information technology (IT) security principles and practices
KNOWLEDGE
Knowledge of identity and access management (IAM) principles and practices
KNOWLEDGE
Knowledge of new and emerging technologies
KNOWLEDGE
Knowledge of operating system (OS) systems and software
KNOWLEDGE
Knowledge of policy-based access controls
KNOWLEDGE
Knowledge of Risk Adaptive (Adaptable) Access Controls (RAdAC)
KNOWLEDGE
Knowledge of process engineering principles and practices
KNOWLEDGE
Knowledge of system threats
KNOWLEDGE
Knowledge of system vulnerabilities
KNOWLEDGE
Knowledge of security management principles and practices
KNOWLEDGE
Knowledge of system design tools and techniques
KNOWLEDGE
Knowledge of server administration principles and practices
KNOWLEDGE
Knowledge of client and server architecture
KNOWLEDGE
Knowledge of software engineering principles and practices
KNOWLEDGE
Knowledge of data asset management principles and practices
KNOWLEDGE
Knowledge of system administration principles and practices
KNOWLEDGE
Knowledge of systems testing and evaluation tools and techniques
KNOWLEDGE
Knowledge of telecommunications principles and practices
KNOWLEDGE
Knowledge of enterprise information technology (IT) architecture principles and practices
KNOWLEDGE
Knowledge of systems engineering processes
KNOWLEDGE
Knowledge of virtual private network (VPN) systems and software
KNOWLEDGE
Knowledge of network attack characteristics
KNOWLEDGE
Knowledge of insider threat laws and regulations
KNOWLEDGE
Knowledge of insider threat tools and techniques
KNOWLEDGE
Knowledge of adversarial tactics principles and practices
KNOWLEDGE
Knowledge of adversarial tactics tools and techniques
KNOWLEDGE
Knowledge of adversarial tactics policies and procedures
KNOWLEDGE
Knowledge of defense-in-depth principles and practices
KNOWLEDGE
Knowledge of network configurations
KNOWLEDGE
Knowledge of file extensions
KNOWLEDGE
Knowledge of command-line tools and techniques
KNOWLEDGE
Knowledge of digital communication systems and software
KNOWLEDGE
Knowledge of interpreted and compiled programming language characteristics
KNOWLEDGE
Knowledge of intelligence collection management processes
KNOWLEDGE
Knowledge of front-end intelligence collection systems and software
KNOWLEDGE
Knowledge of account creation policies and procedures
KNOWLEDGE
Knowledge of password policies and procedures
KNOWLEDGE
Knowledge of network attack vectors
KNOWLEDGE
Knowledge of cyberattack characteristics
KNOWLEDGE
Knowledge of cyberattack actor characteristics
KNOWLEDGE
Knowledge of hardening tools and techniques
KNOWLEDGE
Knowledge of hardware reverse engineering tools and techniques
KNOWLEDGE
Knowledge of software reverse engineering tools and techniques
KNOWLEDGE
Knowledge of cyber attack stages
KNOWLEDGE
Knowledge of cyber intrusion activity phases
KNOWLEDGE
Knowledge of network systems management principles and practices
KNOWLEDGE
Knowledge of network systems management tools and techniques
KNOWLEDGE
Knowledge of reverse engineering principles and practices
KNOWLEDGE
Knowledge of encryption tools and techniques
KNOWLEDGE
Knowledge of malware signature principles and practices
KNOWLEDGE
Knowledge of network port capabilities and applications
KNOWLEDGE
Knowledge of enterprise architecture (EA) reference models and frameworks
KNOWLEDGE
Knowledge of enterprise architecture (EA) principles and practices
KNOWLEDGE
Knowledge of application firewall principles and practices
KNOWLEDGE
Knowledge of network firewall principles and practices
KNOWLEDGE
Knowledge of industry cybersecurity models and frameworks
KNOWLEDGE
Knowledge of access control models and frameworks
KNOWLEDGE
Knowledge of the Open Systems Interconnect (OSI) reference model
KNOWLEDGE
Knowledge of cyber defense laws and regulations
KNOWLEDGE
Knowledge of network architecture principles and practices
KNOWLEDGE
Knowledge of Personally Identifiable Information (PII) data security standards and best practices
KNOWLEDGE
Knowledge of Payment Card Industry (PCI) data security standards and best practices
KNOWLEDGE
Knowledge of Personal Health Information (PHI) data security standards and best practices
KNOWLEDGE
Knowledge of network analysis tools and techniques
KNOWLEDGE
Knowledge of systems engineering principles and practices
KNOWLEDGE
Knowledge of countermeasure design principles and practices
KNOWLEDGE
Knowledge of network mapping principles and practices
KNOWLEDGE
Knowledge of packet-level analysis tools and techniques
KNOWLEDGE
Knowledge of subnet tools and techniques
KNOWLEDGE
Knowledge of cryptology principles and practices
KNOWLEDGE
Knowledge of computer engineering principles and practices
KNOWLEDGE
Knowledge of embedded systems and software
KNOWLEDGE
Knowledge of Intrusion Detection System (IDS) tools and techniques
KNOWLEDGE
Knowledge of Intrusion Prevention System (IPS) tools and techniques
KNOWLEDGE
Knowledge of penetration testing principles and practices
KNOWLEDGE
Knowledge of penetration testing tools and techniques
KNOWLEDGE
Knowledge of targeting laws and regulations
KNOWLEDGE
Knowledge of exploitation laws and regulations
KNOWLEDGE
Knowledge of cyber-attack tools and techniques
KNOWLEDGE
Knowledge of computer networking principles and practices
KNOWLEDGE
Knowledge of network security principles and practices
KNOWLEDGE
Knowledge of web application security risks
KNOWLEDGE
Knowledge of protocol analyzer tools and techniques
KNOWLEDGE
Knowledge of traceroute tools and techniques
KNOWLEDGE
Knowledge of cyber defense monitoring tools
KNOWLEDGE
Knowledge of cyber defense system analysis tools
KNOWLEDGE
Knowledge of data correlation tools and techniques
KNOWLEDGE
Knowledge of intrusion set tools and techniques
KNOWLEDGE
Knowledge of network topologies
KNOWLEDGE
Knowledge of organizational cybersecurity incident response plans
KNOWLEDGE
Knowledge of packet analysis tools and techniques
SKILL
Skill in performing packet-level analysis
SKILL
Skill in identifying software communications vulnerabilities
SKILL
Skill in recreating network topologies
SKILL
Skill in evaluating security products
SKILL
Skill in scanning for vulnerabilities
SKILL
Skill in recognizing vulnerabilities
SKILL
Skill in developing signatures
SKILL
Skill in deploying signatures
SKILL
Skill in detecting host- and network-based intrusions
SKILL
Skill in developing security system controls
SKILL
Skill in evaluating security designs
SKILL
Skill in handling incidents
SKILL
Skill in collecting relevant data from a variety of sources
SKILL
Skill in categorizing types of vulnerabilities
SKILL
Skill in reading signatures
SKILL
Skill in performing malware analysis
SKILL
Skill in assessing security controls
SKILL
Skill in performing network data analysis
SKILL
Skill in evaluating data source quality
SKILL
Skill in interpreting traceroute results
SKILL
Skill in reconstructing a network
SKILL
Skill in utilizing cyber defense service provider information
SKILL
Skill in identifying anomalous activities
SKILL
Skill in identifying exploited system weaknesses
SKILL
Skill in identifying misuse activities
SKILL
Skill in monitoring system activity
SKILL
Skill in performing data analysis
SKILL
Skill in performing dynamic analysis
SKILL
Skill in performing event correlation
SKILL
Skill in performing incident analysis
SKILL
Skill in performing log file analysis
SKILL
Skill in performing malicious activity analysis
SKILL
Skill in performing metadata analysis
SKILL
Skill in performing network data flow analysis
SKILL
Skill in performing network traffic analysis
SKILL
Skill in performing network traffic packet analysis
SKILL
Skill in performing system activity analysis
SKILL
Skill in performing trend analysis
Infrastructure Support PD-WRL-004 2/75
Demonstrated — 2
Not yet demonstrated — 73
TASK
Determine the operational and safety impacts of cybersecurity lapses
TASK
Administer rule and signature updates for specialized cyber defense applications
TASK
Perform system administration on specialized cyber defense applications and systems
TASK
Administer Virtual Private Network (VPN) devices
TASK
Coordinate critical cyber defense infrastructure protection measures
TASK
Prioritize critical cyber defense infrastructure resources
TASK
Build dedicated cyber defense hardware
TASK
Install dedicated cyber defense hardware
TASK
Assess the impact of implementing and sustaining a dedicated cyber defense infrastructure
TASK
Evaluate platforms managed by service providers
TASK
Manage network access control lists on specialized cyber defense systems
TASK
Implement cyber defense tools
TASK
Implement dedicated cyber defense systems
TASK
Document system requirements
KNOWLEDGE
Knowledge of computer networking protocols
KNOWLEDGE
Knowledge of risk management processes
KNOWLEDGE
Knowledge of cybersecurity laws and regulations
KNOWLEDGE
Knowledge of cybersecurity policies and procedures
KNOWLEDGE
Knowledge of privacy laws and regulations
KNOWLEDGE
Knowledge of privacy policies and procedures
KNOWLEDGE
Knowledge of cybersecurity principles and practices
KNOWLEDGE
Knowledge of privacy principles and practices
KNOWLEDGE
Knowledge of cybersecurity threats
KNOWLEDGE
Knowledge of cybersecurity vulnerabilities
KNOWLEDGE
Knowledge of cybersecurity threat characteristics
KNOWLEDGE
Knowledge of access control principles and practices
KNOWLEDGE
Knowledge of authentication and authorization tools and techniques
KNOWLEDGE
Knowledge of data backup and recovery policies and procedures
KNOWLEDGE
Knowledge of enterprise cybersecurity architecture principles and practices
KNOWLEDGE
Knowledge of host access control (HAC) systems and software
KNOWLEDGE
Knowledge of network access control (NAC) systems and software
KNOWLEDGE
Knowledge of incident handling tools and techniques
KNOWLEDGE
Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices
KNOWLEDGE
Knowledge of non-repudiation principles and practices
KNOWLEDGE
Knowledge of cyber safety principles and practices
KNOWLEDGE
Knowledge of Risk Management Framework (RMF) requirements
KNOWLEDGE
Knowledge of policy-based access controls
KNOWLEDGE
Knowledge of Risk Adaptive (Adaptable) Access Controls (RAdAC)
KNOWLEDGE
Knowledge of system threats
KNOWLEDGE
Knowledge of system vulnerabilities
KNOWLEDGE
Knowledge of system administration principles and practices
KNOWLEDGE
Knowledge of enterprise information technology (IT) architecture principles and practices
KNOWLEDGE
Knowledge of virtual private network (VPN) systems and software
KNOWLEDGE
Knowledge of network attack characteristics
KNOWLEDGE
Knowledge of defense-in-depth principles and practices
KNOWLEDGE
Knowledge of network configurations
KNOWLEDGE
Knowledge of web filtering systems and software
KNOWLEDGE
Knowledge of account creation policies and procedures
KNOWLEDGE
Knowledge of password policies and procedures
KNOWLEDGE
Knowledge of hardening tools and techniques
KNOWLEDGE
Knowledge of enterprise architecture (EA) reference models and frameworks
KNOWLEDGE
Knowledge of enterprise architecture (EA) principles and practices
KNOWLEDGE
Knowledge of learning assessment tools and techniques
KNOWLEDGE
Knowledge of the Open Systems Interconnect (OSI) reference model
KNOWLEDGE
Knowledge of network architecture principles and practices
KNOWLEDGE
Knowledge of wireless communication tools and techniques
KNOWLEDGE
Knowledge of signal jamming tools and techniques
KNOWLEDGE
Knowledge of Intrusion Detection System (IDS) tools and techniques
KNOWLEDGE
Knowledge of Intrusion Prevention System (IPS) tools and techniques
KNOWLEDGE
Knowledge of computer networking principles and practices
KNOWLEDGE
Knowledge of network security principles and practices
KNOWLEDGE
Knowledge of security assessment authorization requirements
SKILL
Skill in securing network communications
SKILL
Skill in applying host access controls
SKILL
Skill in applying network access controls
SKILL
Skill in tuning network sensors
SKILL
Skill in handling incidents
SKILL
Skill in encrypting network communications
SKILL
Skill in protecting a network against malware
SKILL
Skill in applying hardening techniques
SKILL
Skill in troubleshooting cyber defense infrastructure anomalies
SKILL
Skill in configuring hardware
SKILL
Skill in testing hardware
INVESTIGATION 2 roles · 17 challenge hits 29%
Digital Evidence Analysis IN-WRL-002 10/175
Demonstrated — 10
TASK
Collect documentary or physical evidence of cyber intrusion incidents, investigations, and operations
Not yet demonstrated — 165
TASK
Perform file signature analysis
TASK
Perform data comparison against established database
TASK
Perform real-time forensic analysis (e.g., using Helix in conjunction with LiveView)
TASK
Perform timeline analysis
TASK
Perform static media analysis
TASK
Perform tier 1, 2, and 3 malware analysis
TASK
Determine data specifications
TASK
Determine data capacity requirements
TASK
Determine best methods for identifying the perpetrator(s) of a network intrusion
TASK
Identify intrusions
TASK
Document what is known about intrusions
TASK
Create forensically sound duplicates of evidence
TASK
Decrypt seized data
TASK
Create technical summary of findings reports
TASK
Determine if digital media chain or custody processes meet Federal Rules of Evidence requirements
TASK
Determine relevance of recovered data
TASK
Identify digital evidence for analysis
TASK
Perform dynamic analysis on drives
TASK
Perform forensically sound image collection
TASK
Prepare digital media for imaging
TASK
Capture network traffic associated with malicious activities
TASK
Process digital evidence
TASK
Document digital evidence
TASK
Produce incident findings reports
TASK
Scan digital media for viruses
TASK
Mount a drive image
TASK
Utilize deployable forensics toolkit
TASK
Process forensic images
TASK
Detect concealed data
TASK
Document original condition of digital evidence
TASK
Recover information from forensic data sources
TASK
Check network connections
TASK
Look for indicators of intrusions
TASK
Identify devices and networks on scene
TASK
Collect devices containing digital evidence
TASK
Identify areas of compromise
TASK
Acquire digital evidence
TASK
Create a digital footprint of raw or physical data
TASK
Process data into readable format
TASK
Prepare data for ingestion into application systems
TASK
Recover deleted or overwritten data files
TASK
Create derivative evidence from findings report
TASK
Serve as subject expert in training fact witnesses for testifying
TASK
Present factual causality to support attribution of criminal activity
TASK
Prepare technical materials for legal proceedings
TASK
Serve as liaison to prosecutors
TASK
Manage forensic laboratory accreditation processes
KNOWLEDGE
Knowledge of decryption tools and techniques
KNOWLEDGE
Knowledge of computer networking protocols
KNOWLEDGE
Knowledge of risk management processes
KNOWLEDGE
Knowledge of cybersecurity laws and regulations
KNOWLEDGE
Knowledge of cybersecurity policies and procedures
KNOWLEDGE
Knowledge of privacy laws and regulations
KNOWLEDGE
Knowledge of privacy policies and procedures
KNOWLEDGE
Knowledge of cybersecurity principles and practices
KNOWLEDGE
Knowledge of privacy principles and practices
KNOWLEDGE
Knowledge of cybersecurity threats
KNOWLEDGE
Knowledge of cybersecurity vulnerabilities
KNOWLEDGE
Knowledge of cybersecurity threat characteristics
KNOWLEDGE
Knowledge of encryption algorithm capabilities and applications
KNOWLEDGE
Knowledge of data backup and recovery policies and procedures
KNOWLEDGE
Knowledge of enterprise cybersecurity architecture principles and practices
KNOWLEDGE
Knowledge of incident handling tools and techniques
KNOWLEDGE
Knowledge of operating system (OS) systems and software
KNOWLEDGE
Knowledge of system threats
KNOWLEDGE
Knowledge of system vulnerabilities
KNOWLEDGE
Knowledge of client and server architecture
KNOWLEDGE
Knowledge of server diagnostic tools and techniques
KNOWLEDGE
Knowledge of system administration principles and practices
KNOWLEDGE
Knowledge of enterprise information technology (IT) architecture principles and practices
KNOWLEDGE
Knowledge of physical computer components
KNOWLEDGE
Knowledge of computer peripherals
KNOWLEDGE
Knowledge of defense-in-depth principles and practices
KNOWLEDGE
Knowledge of file extensions
KNOWLEDGE
Knowledge of file system implementation principles and practices
KNOWLEDGE
Knowledge of digital evidence seizure policies and procedures
KNOWLEDGE
Knowledge of digital evidence preservation policies and procedures
KNOWLEDGE
Knowledge of ethical hacking tools and techniques
KNOWLEDGE
Knowledge of evidence admissibility laws and regulations
KNOWLEDGE
Knowledge of chain of custody policies and procedures
KNOWLEDGE
Knowledge of persistent data principles and practices
KNOWLEDGE
Knowledge of machine virtualization tools and techniques
KNOWLEDGE
Knowledge of system file characteristics
KNOWLEDGE
Knowledge of deployable forensics principles and practices
KNOWLEDGE
Knowledge of digital communication systems and software
KNOWLEDGE
Knowledge of hardening tools and techniques
KNOWLEDGE
Knowledge of hardware reverse engineering tools and techniques
KNOWLEDGE
Knowledge of software reverse engineering tools and techniques
KNOWLEDGE
Knowledge of data carving tools and techniques
KNOWLEDGE
Knowledge of reverse engineering principles and practices
KNOWLEDGE
Knowledge of anti-forensics tools and techniques
KNOWLEDGE
Knowledge of forensics lab design principles and practices
KNOWLEDGE
Knowledge of forensics lab design systems and software
KNOWLEDGE
Knowledge of debugging tools and techniques
KNOWLEDGE
Knowledge of filename extension abuse
KNOWLEDGE
Knowledge of malware analysis tools and techniques
KNOWLEDGE
Knowledge of virtual machine detection tools and techniques
KNOWLEDGE
Knowledge of encryption tools and techniques
KNOWLEDGE
Knowledge of enterprise architecture (EA) reference models and frameworks
KNOWLEDGE
Knowledge of enterprise architecture (EA) principles and practices
KNOWLEDGE
Knowledge of cyber defense laws and regulations
KNOWLEDGE
Knowledge of remote access tools and techniques
KNOWLEDGE
Knowledge of binary analysis tools and techniques
KNOWLEDGE
Knowledge of network architecture principles and practices
KNOWLEDGE
Knowledge of malware analysis principles and practices
KNOWLEDGE
Knowledge of operating system structures and internals
KNOWLEDGE
Knowledge of data concealment tools and techniques
KNOWLEDGE
Knowledge of computer engineering principles and practices
KNOWLEDGE
Knowledge of targeting laws and regulations
KNOWLEDGE
Knowledge of exploitation laws and regulations
KNOWLEDGE
Knowledge of information searching tools and techniques
KNOWLEDGE
Knowledge of computer networking principles and practices
KNOWLEDGE
Knowledge of reporting policies and procedures
KNOWLEDGE
Knowledge of network security principles and practices
KNOWLEDGE
Knowledge of code obfuscation tools and techniques
KNOWLEDGE
Knowledge of digital forensics principles and practices
KNOWLEDGE
Knowledge of virtual machine tools and technologies
KNOWLEDGE
Knowledge of web application security risks
KNOWLEDGE
Knowledge of media forensics
KNOWLEDGE
Knowledge of digital forensics tools and techniques
KNOWLEDGE
Knowledge of Chain of Custody (CoC) processes and procedures
KNOWLEDGE
Knowledge of data encryption practices and principles
KNOWLEDGE
Knowledge of data integrity principles and practices
KNOWLEDGE
Knowledge of digital evidence cataloging tools and techniques
KNOWLEDGE
Knowledge of digital evidence extraction tools and techniques
KNOWLEDGE
Knowledge of digital evidence handling principles and practices
KNOWLEDGE
Knowledge of digital evidence packaging tools and techniques
KNOWLEDGE
Knowledge of digital evidence preservation tools and techniques
KNOWLEDGE
Knowledge of forensic image processing tools and techniques
KNOWLEDGE
Knowledge of network monitoring tools and techniques
KNOWLEDGE
Knowledge of steganography practices and principles
KNOWLEDGE
Knowledge of approved data processing tools and techniques
KNOWLEDGE
Knowledge of data types and characteristics
KNOWLEDGE
Knowledge of predication requirements
KNOWLEDGE
Knowledge of court exhibit processes
KNOWLEDGE
Knowledge of testing and calibration in laboratory environment
SKILL
Skill in performing packet-level analysis
SKILL
Skill in decrypting information
SKILL
Skill in communicating complex concepts
SKILL
Skill in applying critical thinking
SKILL
Skill in developing virtual machines
SKILL
Skill in identifying filename extension abuse
SKILL
Skill in performing intelligence collection analysis
SKILL
Skill in preparing reports
SKILL
Skill in preserving digital evidence integrity
SKILL
Skill in storing digital evidence
SKILL
Skill in manipulating operating system components
SKILL
Skill in collecting digital evidence
SKILL
Skill in processing digital evidence
SKILL
Skill in performing digital forensics analysis
SKILL
Skill in implementing one-way hash functions
SKILL
Skill in performing source code analysis
SKILL
Skill in performing volatile data analysis
SKILL
Skill in interpreting debugger results
SKILL
Skill in performing malware analysis
SKILL
Skill in performing data analysis
SKILL
Skill in performing digital evidence analysis
SKILL
Skill in performing dynamic analysis
SKILL
Skill in performing file system forensic analysis
SKILL
Skill in performing log file analysis
SKILL
Skill in performing static malware analysis
SKILL
Skill in live acquisition
SKILL
Skill in deadbox acquisition
SKILL
Skill in inspecting data for ingestion
SKILL
Skill in interacting with live systems to identify active and historical networks
Cybercrime Investigation IN-WRL-001 1/107
Demonstrated — 1
TASK
Collect documentary or physical evidence of cyber intrusion incidents, investigations, and operations
Not yet demonstrated — 106
TASK
Perform timeline analysis
TASK
Process crime scenes
TASK
Determine best methods for identifying the perpetrator(s) of a network intrusion
TASK
Conduct victim and witness interviews
TASK
Conduct suspect interrogations
TASK
Investigate suspicious activity and alleged digital crimes
TASK
Establish internal and external cross-team relationships
TASK
Conduct analysis of computer network attacks
TASK
Determine if security incidents are indicative of a violation of law that requires specific legal action
TASK
Identify data or intelligence of evidentiary value
TASK
Identify digital evidence for analysis
TASK
Identify elements of proof of cybersecurity crimes
TASK
Document cybersecurity incidents
TASK
Escalate incidents that may cause ongoing and immediate impact to the environment
TASK
Process digital evidence
TASK
Document digital evidence
TASK
Assess the behavior of individual victims, witnesses, or suspects during cybersecurity investigations
TASK
Determine the impact of threats on cybersecurity
TASK
Advise trial counsel as technical expert
TASK
Analyze cybersecurity threats for counter intelligence or criminal activity
TASK
Preserve digital evidence
TASK
Identify responsible parties for intrusions and other crimes
TASK
Prepare investigative reports
TASK
Assess target vulnerabilities and operational capabilities
TASK
Recommend potential courses of action
TASK
Disseminate investigative report findings
TASK
Deconflict investigative activity with other law enforcement agencies
TASK
Determine appropriate jurisdiction for legal action
TASK
Collect physical evidence of cyber intrusion incidents, investigations, and operations
KNOWLEDGE
Knowledge of computer networking protocols
KNOWLEDGE
Knowledge of risk management processes
KNOWLEDGE
Knowledge of cybersecurity laws and regulations
KNOWLEDGE
Knowledge of cybersecurity policies and procedures
KNOWLEDGE
Knowledge of privacy laws and regulations
KNOWLEDGE
Knowledge of privacy policies and procedures
KNOWLEDGE
Knowledge of cybersecurity principles and practices
KNOWLEDGE
Knowledge of privacy principles and practices
KNOWLEDGE
Knowledge of cybersecurity threats
KNOWLEDGE
Knowledge of cybersecurity vulnerabilities
KNOWLEDGE
Knowledge of cybersecurity threat characteristics
KNOWLEDGE
Knowledge of access control principles and practices
KNOWLEDGE
Knowledge of authentication and authorization tools and techniques
KNOWLEDGE
Knowledge of host access control (HAC) systems and software
KNOWLEDGE
Knowledge of network access control (NAC) systems and software
KNOWLEDGE
Knowledge of intrusion detection tools and techniques
KNOWLEDGE
Knowledge of operating system (OS) systems and software
KNOWLEDGE
Knowledge of system threats
KNOWLEDGE
Knowledge of system vulnerabilities
KNOWLEDGE
Knowledge of client and server architecture
KNOWLEDGE
Knowledge of system administration principles and practices
KNOWLEDGE
Knowledge of insider threat laws and regulations
KNOWLEDGE
Knowledge of insider threat tools and techniques
KNOWLEDGE
Knowledge of adversarial tactics principles and practices
KNOWLEDGE
Knowledge of adversarial tactics tools and techniques
KNOWLEDGE
Knowledge of adversarial tactics policies and procedures
KNOWLEDGE
Knowledge of digital evidence seizure policies and procedures
KNOWLEDGE
Knowledge of digital evidence preservation policies and procedures
KNOWLEDGE
Knowledge of evidence admissibility laws and regulations
KNOWLEDGE
Knowledge of chain of custody policies and procedures
KNOWLEDGE
Knowledge of persistent data principles and practices
KNOWLEDGE
Knowledge of federal agency roles and responsibilities
KNOWLEDGE
Knowledge of cyberattack actor characteristics
KNOWLEDGE
Knowledge of hardening tools and techniques
KNOWLEDGE
Knowledge of encryption tools and techniques
KNOWLEDGE
Knowledge of covert communication tools and techniques
KNOWLEDGE
Knowledge of cyber defense laws and regulations
KNOWLEDGE
Knowledge of crisis management protocols
KNOWLEDGE
Knowledge of crisis management processes
KNOWLEDGE
Knowledge of crisis management tools and techniques
KNOWLEDGE
Knowledge of abnormal physical and physiological behaviors
KNOWLEDGE
Knowledge of operating system structures and internals
KNOWLEDGE
Knowledge of targeting laws and regulations
KNOWLEDGE
Knowledge of exploitation laws and regulations
KNOWLEDGE
Knowledge of cyber-attack tools and techniques
KNOWLEDGE
Knowledge of computer networking principles and practices
KNOWLEDGE
Knowledge of network security principles and practices
KNOWLEDGE
Knowledge of web application security risks
KNOWLEDGE
Knowledge of cybersecurity standards and best practices
KNOWLEDGE
Knowledge of digital evidence cataloging tools and techniques
KNOWLEDGE
Knowledge of digital evidence extraction tools and techniques
KNOWLEDGE
Knowledge of digital evidence handling principles and practices
KNOWLEDGE
Knowledge of digital evidence packaging tools and techniques
KNOWLEDGE
Knowledge of digital evidence preservation tools and techniques
KNOWLEDGE
Knowledge of required reporting formats
KNOWLEDGE
Knowledge of human source tasking
KNOWLEDGE
Knowledge of disruption, dismantlement, and deterrence strategies
KNOWLEDGE
Knowledge of obfuscation tools and techniques
SKILL
Skill in navigating the dark web
SKILL
Skill in using the TOR network
SKILL
Skill in examining digital media
SKILL
Skill in identifying anomalous activity
SKILL
Skill in evaluating supplier trustworthiness
SKILL
Skill in evaluating security products
SKILL
Skill in preserving digital evidence integrity
SKILL
Skill in collecting digital evidence
SKILL
Skill in processing digital evidence
SKILL
Skill in transporting digital evidence
SKILL
Skill in performing malware analysis
SKILL
Skill in performing Open Source Intelligence (OSINT) research
SKILL
Skill in solving problems
SKILL
Skill in performing data analysis
SKILL
Skill in performing digital evidence analysis
SKILL
Skill in performing incident analysis
SKILL
Skill in performing log file analysis
SKILL
Skill in performing threat analysis
SKILL
Skill in recognizing behavioral patterns
OVERSIGHT and GOVERNANCE 4 roles · 10 challenge hits 17%
Communications Security (COMSEC) Management OG-WRL-001 2/79
Demonstrated — 2
Not yet demonstrated — 77
TASK
Identify roles and responsibilities for appointed Communications Security (COMSEC) personnel
TASK
Identify Communications Security (COMSEC) incidents
TASK
Report Communications Security (COMSEC) incidents
TASK
Identify in-process accounting requirements for Communications Security (COMSEC)
TASK
Determine the operational and safety impacts of cybersecurity lapses
TASK
Review enterprise information technology (IT) goals and objectives
TASK
Identify critical technology procurement requirements
TASK
Advise senior management on risk levels and security posture
TASK
Perform cost/benefit analyses of cybersecurity programs, policies, processes, systems, and elements
TASK
Advise senior management on organizational cybersecurity efforts
TASK
Communicate the value of cybersecurity to organizational stakeholders
TASK
Develop the enterprise continuity of operations strategy
TASK
Establish the enterprise continuity of operations program
TASK
Determine if security improvement actions are evaluated, validated, and implemented as required
TASK
Establish enterprise information security architecture
TASK
Report cybersecurity incidents
TASK
Implement protective or corrective measures when a cybersecurity incident or vulnerability is discovered
KNOWLEDGE
Knowledge of encryption algorithms
KNOWLEDGE
Knowledge of Communications Security (COMSEC) policies and procedures
KNOWLEDGE
Knowledge of the Communications Security (COMSEC) Material Control System (CMCS)
KNOWLEDGE
Knowledge of types of Communications Security (COMSEC) incidents
KNOWLEDGE
Knowledge of computer networking protocols
KNOWLEDGE
Knowledge of risk management processes
KNOWLEDGE
Knowledge of cybersecurity laws and regulations
KNOWLEDGE
Knowledge of cybersecurity policies and procedures
KNOWLEDGE
Knowledge of privacy laws and regulations
KNOWLEDGE
Knowledge of privacy policies and procedures
KNOWLEDGE
Knowledge of cybersecurity principles and practices
KNOWLEDGE
Knowledge of privacy principles and practices
KNOWLEDGE
Knowledge of cybersecurity threats
KNOWLEDGE
Knowledge of cybersecurity vulnerabilities
KNOWLEDGE
Knowledge of cybersecurity threat characteristics
KNOWLEDGE
Knowledge of business continuity and disaster recovery (BCDR) policies and procedures
KNOWLEDGE
Knowledge of risk management principles and practices
KNOWLEDGE
Knowledge of incident handling tools and techniques
KNOWLEDGE
Knowledge of systems security engineering (SSE) principles and practices
KNOWLEDGE
Knowledge of policy-based access controls
KNOWLEDGE
Knowledge of Risk Adaptive (Adaptable) Access Controls (RAdAC)
KNOWLEDGE
Knowledge of process engineering principles and practices
KNOWLEDGE
Knowledge of system threats
KNOWLEDGE
Knowledge of system vulnerabilities
KNOWLEDGE
Knowledge of server administration principles and practices
KNOWLEDGE
Knowledge of software engineering principles and practices
KNOWLEDGE
Knowledge of system life cycle management principles and practices
KNOWLEDGE
Knowledge of systems engineering processes
KNOWLEDGE
Knowledge of program management principles and practices
KNOWLEDGE
Knowledge of project management principles and practices
KNOWLEDGE
Knowledge of supply chain risk management principles and practices
KNOWLEDGE
Knowledge of technology procurement principles and practices
KNOWLEDGE
Knowledge of hardware reverse engineering tools and techniques
KNOWLEDGE
Knowledge of software reverse engineering tools and techniques
KNOWLEDGE
Knowledge of reverse engineering principles and practices
KNOWLEDGE
Knowledge of data classification standards and best practices
KNOWLEDGE
Knowledge of data classification tools and techniques
KNOWLEDGE
Knowledge of systems engineering principles and practices
KNOWLEDGE
Knowledge of data-at-rest encryption (DARE) standards and best practices
KNOWLEDGE
Knowledge of cryptographic key storage systems and software
KNOWLEDGE
Knowledge of data classification policies and procedures
KNOWLEDGE
Knowledge of computer engineering principles and practices
KNOWLEDGE
Knowledge of computer networking principles and practices
KNOWLEDGE
Knowledge of network security principles and practices
KNOWLEDGE
Knowledge of critical information requirements
KNOWLEDGE
Knowledge of data security controls
KNOWLEDGE
Knowledge of data privacy controls
KNOWLEDGE
Knowledge of mission assurance practices and principles
KNOWLEDGE
Knowledge of organization's security strategy
SKILL
Skill in implementing enterprise key escrow systems
SKILL
Skill in developing security system controls
SKILL
Skill in evaluating security designs
SKILL
Skill in encrypting network communications
SKILL
Skill in auditing technical systems
SKILL
Skill in implementing Public Key Infrastructure (PKI) encryption
SKILL
Skill in implementing digital signatures
SKILL
Skill in identifying possible security violations
SKILL
Skill in performing cost/benefit analysis
SKILL
Skill in performing economic analysis
SKILL
Skill in performing risk analysis
Systems Security Management OG-WRL-014 2/203
Demonstrated — 2
Not yet demonstrated — 201
TASK
Determine special needs of cyber-physical systems
TASK
Determine the operational and safety impacts of cybersecurity lapses
TASK
Review enterprise information technology (IT) goals and objectives
TASK
Identify critical technology procurement requirements
TASK
Determine procurement requirements
TASK
Integrate black-box security testing tools into quality assurance processes
TASK
Acquire resources to support cybersecurity program goals and objectives
TASK
Conduct an effective enterprise continuity of operations program
TASK
Advise senior management on risk levels and security posture
TASK
Perform cost/benefit analyses of cybersecurity programs, policies, processes, systems, and elements
TASK
Advise senior management on organizational cybersecurity efforts
TASK
Advise senior leadership and authorizing official of changes affecting the organization's cybersecurity posture
TASK
Collect and maintain system cybersecurity report data
TASK
Create system cybersecurity reports
TASK
Communicate the value of cybersecurity to organizational stakeholders
TASK
Develop the enterprise continuity of operations strategy
TASK
Establish the enterprise continuity of operations program
TASK
Determine if security improvement actions are evaluated, validated, and implemented as required
TASK
Determine if cybersecurity inspections, tests, and reviews are coordinated for the network environment
TASK
Determine if cybersecurity requirements are integrated into continuity planning
TASK
Determine if security engineering is used when acquiring or developing protection and detection capabilities
TASK
Determine if protection and detection capabilities are consistent with organization-level cybersecurity architecture
TASK
Establish enterprise information security architecture
TASK
Determine if baseline security safeguards are appropriately installed
TASK
Determine implications of new and upgraded technologies to the cybersecurity program
TASK
Disseminate incident and other Computer Network Defense (CND) information
TASK
Determine security requirements for new information technologies
TASK
Determine security requirements for new operational technologies
TASK
Determine impact of noncompliance on organizational risk levels
TASK
Determine impact of noncompliance on effectiveness of the enterprise's cybersecurity program
TASK
Align cybersecurity priorities with organizational security strategy
TASK
Manage cybersecurity budget, staffing, and contracting
TASK
Monitor cybersecurity data sources
TASK
Develop Computer Network Defense (CND) guidance for organizational stakeholders
TASK
Manage threat and target analysis
TASK
Manage the production of threat information
TASK
Determine the effectiveness of enterprise cybersecurity safeguards
TASK
Oversee the cybersecurity training and awareness program
TASK
Establish Security Assessment and Authorization processes
TASK
Develop computer environment cybersecurity plans and requirements
TASK
Develop standard operating procedures for secure network system operations
TASK
Distribute standard operating procedures
TASK
Maintain standard operating procedures
TASK
Advise stakeholders on the development of continuity of operations plans
TASK
Advise on security requirements to be included in statements of work
TASK
Provide cybersecurity awareness and training
TASK
Communicate situational awareness information to leadership
TASK
Report cybersecurity incidents
TASK
Recommend organizational cybersecurity resource allocations
TASK
Develop cybersecurity policy recommendations
TASK
Coordinate cybersecurity policy review and approval processes
TASK
Implement protective or corrective measures when a cybersecurity incident or vulnerability is discovered
TASK
Determine if appropriate threat mitigation actions have been taken
TASK
Manage computing environment system operations
TASK
Promote cybersecurity awareness to management
TASK
Verify the inclusion of sound cybersecurity principles in the organization's vision and goals
TASK
Oversee policy standards and implementation strategy development
TASK
Provide cybersecurity guidance to organizational risk governance processes
TASK
Determine if procurement activities sufficiently address supply chain risks
TASK
Recommend improvements to procurement activities to address cybersecurity requirements
TASK
Identify system cybersecurity requirements
TASK
Determine if vulnerability remediation plans are in place
TASK
Develop vulnerability remediation plans
TASK
Determine if cybersecurity requirements have been successfully implemented
TASK
Determine the effectiveness of organizational cybersecurity policies and procedures
TASK
Support cybersecurity compliance activities
TASK
Determine if acquisitions, procurement, and outsourcing efforts address cybersecurity requirements
TASK
Determine organizational compliance
TASK
Forecast ongoing service demands
TASK
Conduct periodic reviews of security assumptions
TASK
Develop critical infrastructure protection policies and procedures
TASK
Implement critical infrastructure protection policies and procedures
TASK
Promote awareness of cybersecurity policy and strategy among management
TASK
Conduct cybersecurity risk assessments
TASK
Advise stakeholders on enterprise cybersecurity risk management
TASK
Advise stakeholders on supply chain risk management
KNOWLEDGE
Knowledge of encryption algorithms
KNOWLEDGE
Knowledge of technology integration processes
KNOWLEDGE
Knowledge of computer networking protocols
KNOWLEDGE
Knowledge of risk management processes
KNOWLEDGE
Knowledge of cybersecurity laws and regulations
KNOWLEDGE
Knowledge of cybersecurity policies and procedures
KNOWLEDGE
Knowledge of privacy laws and regulations
KNOWLEDGE
Knowledge of privacy policies and procedures
KNOWLEDGE
Knowledge of cybersecurity principles and practices
KNOWLEDGE
Knowledge of privacy principles and practices
KNOWLEDGE
Knowledge of cybersecurity threats
KNOWLEDGE
Knowledge of cybersecurity vulnerabilities
KNOWLEDGE
Knowledge of cybersecurity threat characteristics
KNOWLEDGE
Knowledge of access control principles and practices
KNOWLEDGE
Knowledge of authentication and authorization tools and techniques
KNOWLEDGE
Knowledge of business operations standards and best practices
KNOWLEDGE
Knowledge of data backup and recovery policies and procedures
KNOWLEDGE
Knowledge of business continuity and disaster recovery (BCDR) policies and procedures
KNOWLEDGE
Knowledge of enterprise cybersecurity architecture principles and practices
KNOWLEDGE
Knowledge of host access control (HAC) systems and software
KNOWLEDGE
Knowledge of network access control (NAC) systems and software
KNOWLEDGE
Knowledge of risk management principles and practices
KNOWLEDGE
Knowledge of vulnerability data sources
KNOWLEDGE
Knowledge of incident handling tools and techniques
KNOWLEDGE
Knowledge of analysis standards and best practices
KNOWLEDGE
Knowledge of systems security engineering (SSE) principles and practices
KNOWLEDGE
Knowledge of intrusion detection tools and techniques
KNOWLEDGE
Knowledge of Risk Management Framework (RMF) requirements
KNOWLEDGE
Knowledge of risk management models and frameworks
KNOWLEDGE
Knowledge of information technology (IT) security principles and practices
KNOWLEDGE
Knowledge of system performance indicators
KNOWLEDGE
Knowledge of system availability measures
KNOWLEDGE
Knowledge of new and emerging technologies
KNOWLEDGE
Knowledge of operating system (OS) systems and software
KNOWLEDGE
Knowledge of policy-based access controls
KNOWLEDGE
Knowledge of Risk Adaptive (Adaptable) Access Controls (RAdAC)
KNOWLEDGE
Knowledge of process engineering principles and practices
KNOWLEDGE
Knowledge of system threats
KNOWLEDGE
Knowledge of system vulnerabilities
KNOWLEDGE
Knowledge of resource management principles and practices
KNOWLEDGE
Knowledge of server administration principles and practices
KNOWLEDGE
Knowledge of client and server architecture
KNOWLEDGE
Knowledge of software engineering principles and practices
KNOWLEDGE
Knowledge of system design standards and best practices
KNOWLEDGE
Knowledge of system administration principles and practices
KNOWLEDGE
Knowledge of system life cycle management principles and practices
KNOWLEDGE
Knowledge of enterprise information technology (IT) architecture principles and practices
KNOWLEDGE
Knowledge of systems engineering processes
KNOWLEDGE
Knowledge of network attack characteristics
KNOWLEDGE
Knowledge of defense-in-depth principles and practices
KNOWLEDGE
Knowledge of program management principles and practices
KNOWLEDGE
Knowledge of project management principles and practices
KNOWLEDGE
Knowledge of supply chain risk management principles and practices
KNOWLEDGE
Knowledge of new and emerging cybersecurity risks
KNOWLEDGE
Knowledge of supply chain risks
KNOWLEDGE
Knowledge of risk tolerance principles and practices
KNOWLEDGE
Knowledge of incident response policies and procedures
KNOWLEDGE
Knowledge of incident response roles and responsibilities
KNOWLEDGE
Knowledge of threat vector characteristics
KNOWLEDGE
Knowledge of software quality assurance (SQA) principles and practices
KNOWLEDGE
Knowledge of supply chain risk management standards and best practices
KNOWLEDGE
Knowledge of network attack vectors
KNOWLEDGE
Knowledge of technology procurement principles and practices
KNOWLEDGE
Knowledge of hardening tools and techniques
KNOWLEDGE
Knowledge of supply chain risk management policies and procedures
KNOWLEDGE
Knowledge of critical infrastructure systems and software
KNOWLEDGE
Knowledge of hardware reverse engineering tools and techniques
KNOWLEDGE
Knowledge of software reverse engineering tools and techniques
KNOWLEDGE
Knowledge of network systems management principles and practices
KNOWLEDGE
Knowledge of network systems management tools and techniques
KNOWLEDGE
Knowledge of reverse engineering principles and practices
KNOWLEDGE
Knowledge of encryption tools and techniques
KNOWLEDGE
Knowledge of data classification standards and best practices
KNOWLEDGE
Knowledge of data classification tools and techniques
KNOWLEDGE
Knowledge of enterprise architecture (EA) reference models and frameworks
KNOWLEDGE
Knowledge of enterprise architecture (EA) principles and practices
KNOWLEDGE
Knowledge of application firewall principles and practices
KNOWLEDGE
Knowledge of network firewall principles and practices
KNOWLEDGE
Knowledge of the Open Systems Interconnect (OSI) reference model
KNOWLEDGE
Knowledge of cyber defense laws and regulations
KNOWLEDGE
Knowledge of network architecture principles and practices
KNOWLEDGE
Knowledge of Personally Identifiable Information (PII) data security standards and best practices
KNOWLEDGE
Knowledge of Payment Card Industry (PCI) data security standards and best practices
KNOWLEDGE
Knowledge of Personal Health Information (PHI) data security standards and best practices
KNOWLEDGE
Knowledge of systems engineering principles and practices
KNOWLEDGE
Knowledge of data classification policies and procedures
KNOWLEDGE
Knowledge of computer engineering principles and practices
KNOWLEDGE
Knowledge of penetration testing principles and practices
KNOWLEDGE
Knowledge of penetration testing tools and techniques
KNOWLEDGE
Knowledge of targeting laws and regulations
KNOWLEDGE
Knowledge of exploitation laws and regulations
KNOWLEDGE
Knowledge of computer networking principles and practices
KNOWLEDGE
Knowledge of network security principles and practices
KNOWLEDGE
Knowledge of critical information requirements
KNOWLEDGE
Knowledge of data security controls
KNOWLEDGE
Knowledge of web application security risks
KNOWLEDGE
Knowledge of data privacy controls
KNOWLEDGE
Knowledge of black-box software testing
KNOWLEDGE
Knowledge of cybersecurity engineering
KNOWLEDGE
Knowledge of cybersecurity requirements
KNOWLEDGE
Knowledge of mission assurance practices and principles
KNOWLEDGE
Knowledge of organization's security strategy
KNOWLEDGE
Knowledge of organizational cybersecurity goals and objectives
KNOWLEDGE
Knowledge of organizational cybersecurity policies and procedures
KNOWLEDGE
Knowledge of organizational policies and procedures
KNOWLEDGE
Knowledge of organizational policy and procedures
KNOWLEDGE
Knowledge of risk mitigation principles and practices
KNOWLEDGE
Knowledge of system life cycles
SKILL
Skill in integrating information security requirements in the acquisitions process
SKILL
Skill in implementing software quality control processes
SKILL
Skill in identifying critical infrastructure systems
SKILL
Skill in identifying systems designed without security considerations
SKILL
Skill in evaluating supplier trustworthiness
SKILL
Skill in evaluating security products
SKILL
Skill in creating system security policies
SKILL
Skill in detecting host- and network-based intrusions
SKILL
Skill in developing security system controls
SKILL
Skill in evaluating security designs
SKILL
Skill in applying black-box software testing
SKILL
Skill in interpreting signatures
SKILL
Skill in communicating with external organizations
SKILL
Skill in identifying possible security violations
SKILL
Skill in performing cost/benefit analysis
SKILL
Skill in performing economic analysis
SKILL
Skill in performing risk analysis
Cybersecurity Legal Advice OG-WRL-006 1/59
Demonstrated — 1
Not yet demonstrated — 58
TASK
Advocate organization's official position in legal and legislative proceedings
TASK
Resolve conflicts in laws, regulations, policies, standards, or procedures
TASK
Determine the operational and safety impacts of cybersecurity lapses
TASK
Identify critical technology procurement requirements
TASK
Evaluate organizational cybersecurity policy regulatory compliance
TASK
Evaluate organizational cybersecurity policy alignment with organizational directives
TASK
Determine if contracts comply with funding, legal, and program requirements
TASK
Identify alleged violations of law, regulations, policy, or guidance
TASK
Develop implementation guidelines
TASK
Provide inspectors general, privacy officers, and oversight and compliance with legal analysis and decisions
TASK
Evaluate the impact of legal, regulatory, policy, standard, or procedural changes
TASK
Prepare legal documents
KNOWLEDGE
Knowledge of computer networking protocols
KNOWLEDGE
Knowledge of risk management processes
KNOWLEDGE
Knowledge of cybersecurity laws and regulations
KNOWLEDGE
Knowledge of cybersecurity policies and procedures
KNOWLEDGE
Knowledge of privacy laws and regulations
KNOWLEDGE
Knowledge of privacy policies and procedures
KNOWLEDGE
Knowledge of cybersecurity principles and practices
KNOWLEDGE
Knowledge of privacy principles and practices
KNOWLEDGE
Knowledge of cybersecurity threats
KNOWLEDGE
Knowledge of cybersecurity vulnerabilities
KNOWLEDGE
Knowledge of cybersecurity threat characteristics
KNOWLEDGE
Knowledge of access control principles and practices
KNOWLEDGE
Knowledge of authentication and authorization tools and techniques
KNOWLEDGE
Knowledge of information technology (IT) security principles and practices
KNOWLEDGE
Knowledge of new and emerging technologies
KNOWLEDGE
Knowledge of policy-based access controls
KNOWLEDGE
Knowledge of Risk Adaptive (Adaptable) Access Controls (RAdAC)
KNOWLEDGE
Knowledge of system threats
KNOWLEDGE
Knowledge of system vulnerabilities
KNOWLEDGE
Knowledge of insider threat laws and regulations
KNOWLEDGE
Knowledge of insider threat tools and techniques
KNOWLEDGE
Knowledge of evidence admissibility laws and regulations
KNOWLEDGE
Knowledge of import and export control laws and regulations
KNOWLEDGE
Knowledge of supply chain risks
KNOWLEDGE
Knowledge of federal agency roles and responsibilities
KNOWLEDGE
Knowledge of account creation policies and procedures
KNOWLEDGE
Knowledge of password policies and procedures
KNOWLEDGE
Knowledge of technology procurement principles and practices
KNOWLEDGE
Knowledge of cyber defense laws and regulations
KNOWLEDGE
Knowledge of Payment Card Industry (PCI) data security standards and best practices
KNOWLEDGE
Knowledge of Personal Health Information (PHI) data security standards and best practices
KNOWLEDGE
Knowledge of intelligence data gathering principles and practices
KNOWLEDGE
Knowledge of intelligence data gathering policies and procedures
KNOWLEDGE
Knowledge of foreign disclosure policies and procedures
KNOWLEDGE
Knowledge of computer networking principles and practices
KNOWLEDGE
Knowledge of cyber operations principles and practices
KNOWLEDGE
Knowledge of network security principles and practices
KNOWLEDGE
Knowledge of critical information requirements
KNOWLEDGE
Knowledge of privacy disclosure statement laws and regulations
KNOWLEDGE
Knowledge of cybersecurity standards and best practices
KNOWLEDGE
Knowledge of organizational cybersecurity policies and configurations
SKILL
Skill in evaluating laws
SKILL
Skill in evaluating regulations
SKILL
Skill in evaluating policies
SKILL
Skill in communicating effectively
SKILL
Skill in performing risk assessments
Product Support Management OG-WRL-009 1/113
Demonstrated — 1
Not yet demonstrated — 112
TASK
Resolve conflicts in laws, regulations, policies, standards, or procedures
TASK
Conduct import/export reviews for acquiring systems and software
TASK
Apply standards to identify safety risk and protect cyber-physical functions
TASK
Determine the operational and safety impacts of cybersecurity lapses
TASK
Identify critical technology procurement requirements
TASK
Determine procurement requirements
TASK
Implement intelligence collection requirements
TASK
Recommend development of new applications or modification of existing applications
TASK
Create development plans for new applications or modification of existing applications
TASK
Develop risk, compliance, and assurance monitoring strategies
TASK
Develop risk, compliance, and assurance measurement strategies
TASK
Manage cybersecurity budget, staffing, and contracting
TASK
Identify opportunities for new and improved business process solutions
TASK
Advise stakeholders on the development of continuity of operations plans
TASK
Conduct technology program and project audits
TASK
Determine if procurement activities sufficiently address supply chain risks
TASK
Recommend improvements to procurement activities to address cybersecurity requirements
TASK
Identify supply chain risks for critical system elements
TASK
Document supply chain risks for critical system elements
TASK
Determine if acquisitions, procurement, and outsourcing efforts address cybersecurity requirements
TASK
Develop independent cybersecurity audit processes for application software, networks, and systems
TASK
Implement independent cybersecurity audit processes for application software, networks, and systems
TASK
Oversee independent cybersecurity audits
TASK
Determine if research and design processes and procedures are in compliance with cybersecurity requirements
TASK
Determine if research and design processes and procedures are accurately followed by cybersecurity staff when performing their day-to-day activities
TASK
Develop supply chain, system, network, and operational security contract language
TASK
Determine if technology services are delivered successfully
TASK
Manage customer services
TASK
Define service-level agreements (SLAs)
TASK
Gather customer satisfaction and service performance feedback
TASK
Examine service performance reports for issues and variances
TASK
Initiate corrective actions to service performance issues and variances
TASK
Determine supply chain cybersecurity requirements
TASK
Advise stakeholders on enterprise cybersecurity risk management
TASK
Advise stakeholders on supply chain risk management
TASK
Provide cybersecurity advice on implementation plans, standard operating procedures, maintenance documentation, and maintenance training materials
TASK
Prepare supply chain security reports
TASK
Prepare risk management reports
KNOWLEDGE
Knowledge of operational planning processes
KNOWLEDGE
Knowledge of market research tools and techniques
KNOWLEDGE
Knowledge of pricing structures
KNOWLEDGE
Knowledge of supplier assessment criteria
KNOWLEDGE
Knowledge of trustworthiness principles
KNOWLEDGE
Knowledge of cybersecurity practices in the acquisition process
KNOWLEDGE
Knowledge of computer networking protocols
KNOWLEDGE
Knowledge of risk management processes
KNOWLEDGE
Knowledge of cybersecurity laws and regulations
KNOWLEDGE
Knowledge of cybersecurity policies and procedures
KNOWLEDGE
Knowledge of privacy laws and regulations
KNOWLEDGE
Knowledge of privacy policies and procedures
KNOWLEDGE
Knowledge of cybersecurity principles and practices
KNOWLEDGE
Knowledge of privacy principles and practices
KNOWLEDGE
Knowledge of cybersecurity threats
KNOWLEDGE
Knowledge of cybersecurity vulnerabilities
KNOWLEDGE
Knowledge of cybersecurity threat characteristics
KNOWLEDGE
Knowledge of requirements analysis principles and practices
KNOWLEDGE
Knowledge of risk management principles and practices
KNOWLEDGE
Knowledge of analysis standards and best practices
KNOWLEDGE
Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices
KNOWLEDGE
Knowledge of non-repudiation principles and practices
KNOWLEDGE
Knowledge of cyber safety principles and practices
KNOWLEDGE
Knowledge of Risk Management Framework (RMF) requirements
KNOWLEDGE
Knowledge of risk management models and frameworks
KNOWLEDGE
Knowledge of information technology (IT) security principles and practices
KNOWLEDGE
Knowledge of new and emerging technologies
KNOWLEDGE
Knowledge of system threats
KNOWLEDGE
Knowledge of system vulnerabilities
KNOWLEDGE
Knowledge of resource management principles and practices
KNOWLEDGE
Knowledge of system life cycle management principles and practices
KNOWLEDGE
Knowledge of supply chain risk management principles and practices
KNOWLEDGE
Knowledge of import and export control laws and regulations
KNOWLEDGE
Knowledge of supply chain risks
KNOWLEDGE
Knowledge of federal agency roles and responsibilities
KNOWLEDGE
Knowledge of incident response policies and procedures
KNOWLEDGE
Knowledge of incident response roles and responsibilities
KNOWLEDGE
Knowledge of supply chain risk management standards and best practices
KNOWLEDGE
Knowledge of technology procurement principles and practices
KNOWLEDGE
Knowledge of risk assessment principles and practices
KNOWLEDGE
Knowledge of threat assessment principles and practices
KNOWLEDGE
Knowledge of supply chain risk management policies and procedures
KNOWLEDGE
Knowledge of cloud computing principles and practices
KNOWLEDGE
Knowledge of knowledge management principles and practices
KNOWLEDGE
Knowledge of process improvement principles and practices
KNOWLEDGE
Knowledge of process maturity models and frameworks
KNOWLEDGE
Knowledge of service management principles and practices
KNOWLEDGE
Knowledge of service management standards and best practices
KNOWLEDGE
Knowledge of sustainment principles and practices
KNOWLEDGE
Knowledge of sustainment processes
KNOWLEDGE
Knowledge of risk management policies and procedures
KNOWLEDGE
Knowledge of the acquisition life cycle models and frameworks
KNOWLEDGE
Knowledge of computer networking principles and practices
KNOWLEDGE
Knowledge of network security principles and practices
KNOWLEDGE
Knowledge of cybersecurity requirements
KNOWLEDGE
Knowledge of organizational cybersecurity goals and objectives
KNOWLEDGE
Knowledge of research and design processes and procedures
SKILL
Skill in conducting market research
SKILL
Skill in pricing products
SKILL
Skill in analyzing processes to ensure conformance with procedural requirements
SKILL
Skill in integrating information security requirements in the acquisitions process
SKILL
Skill in implementing software quality control processes
SKILL
Skill in evaluating supplier trustworthiness
SKILL
Skill in performing capabilities analysis
SKILL
Skill in performing requirements analysis
SKILL
Skill in preparing reports
SKILL
Skill in monitoring system performance
SKILL
Skill in configuring systems for performance enhancement
SKILL
Skill in translating operational requirements into security controls
SKILL
Skill in performing administrative planning activities
SKILL
Skill in identifying requirements
SKILL
Skill in managing intelligence collection requirements
SKILL
Skill in collaborating with internal and external stakeholders
SKILL
Skill in performing needs analysis
DESIGN and DEVELOPMENT 1 role · 4 challenge hits 7%
Technology Research and Development DD-WRL-008 2/118
Demonstrated — 2
Not yet demonstrated — 116
TASK
Determine special needs of cyber-physical systems
TASK
Determine the operational and safety impacts of cybersecurity lapses
TASK
Identify critical technology procurement requirements
TASK
Determine impact of software configurations
TASK
Develop cybersecurity risk profiles
TASK
Identify anomalous network activity
TASK
Identify vulnerabilities
TASK
Recommend vulnerability remediation strategies
TASK
Validate data mining and data warehousing programs, processes, and requirements
TASK
Identify system and network capabilities
TASK
Develop cybersecurity capability strategies for custom hardware and software development
TASK
Identify cybersecurity solutions tools and technologies
TASK
Design cybersecurity tools and technologies
TASK
Develop cybersecurity tools and technologies
TASK
Evaluate network infrastructure vulnerabilities
TASK
Recommend network infrastructure enhancements
TASK
Correlate incident data
TASK
Design data management systems
TASK
Troubleshoot prototype design and process issues
TASK
Recommend vulnerability exploitation functional and security-related features
TASK
Recommend vulnerability mitigation functional- and security-related features
TASK
Develop reverse engineering tools
TASK
Determine if hardware and software complies with defined specifications and requirements
KNOWLEDGE
Knowledge of Extensible Markup Language (XML) schemas
KNOWLEDGE
Knowledge of computer networking protocols
KNOWLEDGE
Knowledge of risk management processes
KNOWLEDGE
Knowledge of cybersecurity laws and regulations
KNOWLEDGE
Knowledge of cybersecurity policies and procedures
KNOWLEDGE
Knowledge of privacy laws and regulations
KNOWLEDGE
Knowledge of privacy policies and procedures
KNOWLEDGE
Knowledge of cybersecurity principles and practices
KNOWLEDGE
Knowledge of privacy principles and practices
KNOWLEDGE
Knowledge of cybersecurity threats
KNOWLEDGE
Knowledge of cybersecurity vulnerabilities
KNOWLEDGE
Knowledge of cybersecurity threat characteristics
KNOWLEDGE
Knowledge of common application vulnerabilities
KNOWLEDGE
Knowledge of cryptographic key management principles and practices
KNOWLEDGE
Knowledge of enterprise cybersecurity architecture principles and practices
KNOWLEDGE
Knowledge of network communications principles and practices
KNOWLEDGE
Knowledge of risk management principles and practices
KNOWLEDGE
Knowledge of systems security engineering (SSE) principles and practices
KNOWLEDGE
Knowledge of information technology (IT) security principles and practices
KNOWLEDGE
Knowledge of new and emerging technologies
KNOWLEDGE
Knowledge of process engineering principles and practices
KNOWLEDGE
Knowledge of system threats
KNOWLEDGE
Knowledge of system vulnerabilities
KNOWLEDGE
Knowledge of server administration principles and practices
KNOWLEDGE
Knowledge of software engineering principles and practices
KNOWLEDGE
Knowledge of system life cycle management principles and practices
KNOWLEDGE
Knowledge of telecommunications principles and practices
KNOWLEDGE
Knowledge of enterprise information technology (IT) architecture principles and practices
KNOWLEDGE
Knowledge of systems engineering processes
KNOWLEDGE
Knowledge of hardware maintenance policies and procedures
KNOWLEDGE
Knowledge of defense-in-depth principles and practices
KNOWLEDGE
Knowledge of network configurations
KNOWLEDGE
Knowledge of ethical hacking tools and techniques
KNOWLEDGE
Knowledge of supply chain risk management principles and practices
KNOWLEDGE
Knowledge of digital communication systems and software
KNOWLEDGE
Knowledge of supply chain risks
KNOWLEDGE
Knowledge of supply chain risk management standards and best practices
KNOWLEDGE
Knowledge of technology procurement principles and practices
KNOWLEDGE
Knowledge of supply chain risk management policies and procedures
KNOWLEDGE
Knowledge of critical infrastructure systems and software
KNOWLEDGE
Knowledge of hardware reverse engineering tools and techniques
KNOWLEDGE
Knowledge of middleware software capabilities and applications
KNOWLEDGE
Knowledge of software reverse engineering tools and techniques
KNOWLEDGE
Knowledge of reverse engineering principles and practices
KNOWLEDGE
Knowledge of enterprise architecture (EA) reference models and frameworks
KNOWLEDGE
Knowledge of enterprise architecture (EA) principles and practices
KNOWLEDGE
Knowledge of application firewall principles and practices
KNOWLEDGE
Knowledge of network firewall principles and practices
KNOWLEDGE
Knowledge of ethical hacking principles and practices
KNOWLEDGE
Knowledge of covert communication tools and techniques
KNOWLEDGE
Knowledge of computer architecture principles and practices
KNOWLEDGE
Knowledge of network architecture principles and practices
KNOWLEDGE
Knowledge of operating system structures and internals
KNOWLEDGE
Knowledge of network analysis tools and techniques
KNOWLEDGE
Knowledge of wireless communication tools and techniques
KNOWLEDGE
Knowledge of signal jamming tools and techniques
KNOWLEDGE
Knowledge of systems engineering principles and practices
KNOWLEDGE
Knowledge of network hardware threats and vulnerabilities
KNOWLEDGE
Knowledge of cryptology principles and practices
KNOWLEDGE
Knowledge of computer engineering principles and practices
KNOWLEDGE
Knowledge of penetration testing principles and practices
KNOWLEDGE
Knowledge of penetration testing tools and techniques
KNOWLEDGE
Knowledge of computer networking principles and practices
KNOWLEDGE
Knowledge of network security principles and practices
KNOWLEDGE
Knowledge of operations security (OPSEC) principles and practices
KNOWLEDGE
Knowledge of critical information requirements
KNOWLEDGE
Knowledge of hardware asset management principles and practices
KNOWLEDGE
Knowledge of knowledge management tools and techniques
KNOWLEDGE
Knowledge of mission requirements
KNOWLEDGE
Knowledge of reverse engineering tools and techniques
KNOWLEDGE
Knowledge of software and systems engineering life cycle standards
SKILL
Skill in applying secure coding techniques
SKILL
Skill in communicating complex concepts
SKILL
Skill in creating technical documentation
SKILL
Skill in identifying critical infrastructure systems
SKILL
Skill in identifying systems designed without security considerations
SKILL
Skill in recognizing digital forensics data
SKILL
Skill in identifying forensic digital footprints
SKILL
Skill in performing forensic data analysis
SKILL
Skill in identifying software communications vulnerabilities
SKILL
Skill in analyzing software configurations
SKILL
Skill in scanning for vulnerabilities
SKILL
Skill in recognizing vulnerabilities
SKILL
Skill in applying information technologies into proposed solutions
SKILL
Skill in creating mathematical models
SKILL
Skill in creating statistical models
SKILL
Skill in performing systems engineering
SKILL
Skill in designing technology processes and solutions
SKILL
Skill in integrating technology processes and solutions
SKILL
Skill in optimizing system performance
SKILL
Skill in performing technical writing
SKILL
Skill in solving problems
SKILL
Skill in communicating with internal and external stakeholders
IMPLEMENTATION and OPERATION 1 role · 1 challenge hit 2%
Technical Support IO-WRL-007 1/95
Demonstrated — 1
Not yet demonstrated — 94
TASK
Troubleshoot system hardware and software
TASK
Determine the operational and safety impacts of cybersecurity lapses
TASK
Implement organizational security policies and procedures
TASK
Install network infrastructure device operating system software
TASK
Maintain network infrastructure device operating system software
TASK
Produce cybersecurity instructional materials
TASK
Identify emerging incident trends
TASK
Develop technical training curriculum and resources
TASK
Deliver technical training to customers
TASK
Maintain incident tracking and solution databases
TASK
Prepare trend analysis reports
TASK
Resolve customer-reported system incidents and events
TASK
Recommend enhancements to software and hardware solutions
TASK
Install system hardware, software, and peripheral equipment
TASK
Configure system hardware, software, and peripheral equipment
TASK
Administer system and network user accounts
TASK
Establish system and network rights processes and procedures
TASK
Establish systems and equipment access protocols
TASK
Inventory technology resources
TASK
Monitor client-level computer system performance
TASK
Create client-level computer system performance reports
TASK
Prepare impact reports
TASK
Determine impact of new systems and system interfaces on current and target environments
KNOWLEDGE
Knowledge of standard operating procedures (SOPs)
KNOWLEDGE
Knowledge of computer networking protocols
KNOWLEDGE
Knowledge of risk management processes
KNOWLEDGE
Knowledge of cybersecurity laws and regulations
KNOWLEDGE
Knowledge of cybersecurity policies and procedures
KNOWLEDGE
Knowledge of privacy laws and regulations
KNOWLEDGE
Knowledge of privacy policies and procedures
KNOWLEDGE
Knowledge of cybersecurity principles and practices
KNOWLEDGE
Knowledge of privacy principles and practices
KNOWLEDGE
Knowledge of cybersecurity threats
KNOWLEDGE
Knowledge of cybersecurity vulnerabilities
KNOWLEDGE
Knowledge of cybersecurity threat characteristics
KNOWLEDGE
Knowledge of access control principles and practices
KNOWLEDGE
Knowledge of authentication and authorization tools and techniques
KNOWLEDGE
Knowledge of incident handling tools and techniques
KNOWLEDGE
Knowledge of system performance indicators
KNOWLEDGE
Knowledge of system availability measures
KNOWLEDGE
Knowledge of policy-based access controls
KNOWLEDGE
Knowledge of Risk Adaptive (Adaptable) Access Controls (RAdAC)
KNOWLEDGE
Knowledge of system threats
KNOWLEDGE
Knowledge of system vulnerabilities
KNOWLEDGE
Knowledge of software debugging principles and practices
KNOWLEDGE
Knowledge of system design standards and best practices
KNOWLEDGE
Knowledge of system administration principles and practices
KNOWLEDGE
Knowledge of physical computer components
KNOWLEDGE
Knowledge of computer peripherals
KNOWLEDGE
Knowledge of file extensions
KNOWLEDGE
Knowledge of account creation policies and procedures
KNOWLEDGE
Knowledge of password policies and procedures
KNOWLEDGE
Knowledge of hardening tools and techniques
KNOWLEDGE
Knowledge of cloud computing principles and practices
KNOWLEDGE
Knowledge of knowledge management principles and practices
KNOWLEDGE
Knowledge of data classification standards and best practices
KNOWLEDGE
Knowledge of data classification tools and techniques
KNOWLEDGE
Knowledge of service management principles and practices
KNOWLEDGE
Knowledge of service management standards and best practices
KNOWLEDGE
Knowledge of cloud service models and frameworks
KNOWLEDGE
Knowledge of service desk principles and practices
KNOWLEDGE
Knowledge of remote access tools and techniques
KNOWLEDGE
Knowledge of Personally Identifiable Information (PII) data security standards and best practices
KNOWLEDGE
Knowledge of Payment Card Industry (PCI) data security standards and best practices
KNOWLEDGE
Knowledge of Personal Health Information (PHI) data security standards and best practices
KNOWLEDGE
Knowledge of data classification policies and procedures
KNOWLEDGE
Knowledge of incident, event, and problem management policies and procedures
KNOWLEDGE
Knowledge of incident reporting policies and procedures
KNOWLEDGE
Knowledge of computer networking principles and practices
KNOWLEDGE
Knowledge of network security principles and practices
KNOWLEDGE
Knowledge of software, hardware, and peripheral equipment repair tools and techniques
KNOWLEDGE
Knowledge of asset management policies and procedures
KNOWLEDGE
Knowledge of customer experience principles and practices
KNOWLEDGE
Knowledge of organizational security posture
SKILL
Skill in developing standard operating procedures (SOPs)
SKILL
Skill in maintaining standard operating procedures (SOPs)
SKILL
Skill in providing customer support
SKILL
Skill in operating IT systems
SKILL
Skill in maintaining IT systems
SKILL
Skill in troubleshooting system performance
SKILL
Skill in handling incidents
SKILL
Skill in repairing hardware
SKILL
Skill in repairing system peripherals
SKILL
Skill in troubleshooting client-level problems
SKILL
Skill in configuring network workstations and peripherals
SKILL
Skill in validating network workstations and peripherals
SKILL
Skill in performing administrative planning activities
SKILL
Skill in designing incident responses
SKILL
Skill in performing incident responses
SKILL
Skill in solving problems
SKILL
Skill in managing account access rights
SKILL
Skill in performing cyber defense trend analysis
SKILL
Skill in performing data analysis
SKILL
Skill in performing trend analysis
Recorded solves
Open the challenge or competition name to jump straight into the solve context. Click a header to sort — filtering and sorting happen instantly, no page reload.
| Challenge | Competition | Category | Solved | Writeup | Points |
|---|---|---|---|---|---|
| Blue Smoke | Neon Harbor Invitational | Forensics | May 31, 2026, 11:58 p.m. | No writeup linked | 200 |
| QR Maze | Red Wire CTF 2025 | Misc | Feb. 12, 2026, 5:33 a.m. | No writeup linked | 100 |
| Base64 All The Way Down | Red Wire CTF 2025 | Misc | Feb. 12, 2026, 4:33 a.m. | No writeup linked | 50 |
| Memory Lane | Red Wire CTF 2025 | Forensics | Feb. 12, 2026, 3:33 a.m. | Writeup available | 350 |
| Lost Artifact | Red Wire CTF 2025 | Forensics | Feb. 12, 2026, 2:33 a.m. | No writeup linked | 200 |
Writeups
Memory Lane — Reconstructing Attacker TTPs from a Volatility Dump
Full walkthrough from image acquisition to lateral movement timeline using Volatility 3.
Red Wire CTF 2025 Memory Lane 3 votes 1 comment