Target Analyst Reporter

The Target Analyst Reporter (TAR) provides synthesized products to customers by researching, analyzing, and reporting intelligence via appropriate reporting vehicles in response to customer requirements and IAW missions of SIGINT, cybersecurity, and cyberspace operations. They prioritize, assess, evaluate, and report information obtained from SIGINT collection, cyber surveillance, and reconnaissance operations sources. The TAR enhances reporting with collateral information as required, maintains awareness of internal and external customer requirements, and collaborates with other collectors and analysts to refine collection and reporting requirements. The TAR shares target-related information and provides feedback to customers as appropriate. The TAR develops working aids and provides database updates on target activity to enhance and build target knowledge and improve collection. The TAR performs quality control and product-release functions.

Tasks

The concrete work activities defined for this role in the DCWF v5.1 spreadsheet. Core tasks are required for the role; additional tasks are associated but not mandatory.

• T2001 additional Accurately characterize targets.
• T2081 additional Classify documents in accordance with classification guidelines.
• T2087 additional Collaborate with intelligence analysts/targeting organizations involved in related areas.
• T2089 additional Collaborate with other customer, Intelligence and targeting organizations involved in related cyber areas.
• T2101 additional Identify and conduct analysis of target communications to identify information essential to support operations.
• T2134 additional Conduct target research and analysis.
• T2183 additional Coordinate with other organizations to deconflict reporting.
• T2195 additional Maintain awareness of internal and external cyber organization structures, strengths, and employments of staffing and technology.
• T2236 additional Determine if information meets reporting requirements.
• T2243 additional Determine what technologies are used by a given target.
• T2356 additional Engage customers to understand customers’ intelligence needs and wants.
• T2400 additional Examine intercept-related metadata and content with an understanding of targeting significance.
• T2427 additional Gather information about networks through traditional and alternative techniques, (e.g., social network analysis, call-chaining, traffic analysis.)
• T2429 additional Generate requests for information.
• T2434 additional Identify threat tactics, and methodologies.
• T2441 additional Identify and evaluate threat critical capabilities, requirements, and vulnerabilities.
• T2459A additional Identify cyber intelligence gaps and shortfalls.
• T2515 additional Initiate requests to guide tasking and assist with collection management.
• T2542 additional Maintain awareness of advancements in hardware and software technologies (e.g., attend training or conferences, reading) and their potential implications.
• T2568 additional Make recommendations to guide collection in support of customer requirements.
• T2608 additional Monitor target networks to provide indications and warning of target communications changes or processing failures.
• T2621 additional Provide SME and support to planning/developmental forums and working groups as appropriate.
• T2628A additional Provide subject matter expertise to development of exercises.
• T2715 additional Produce reports based on intelligence information using appropriate formats for dissemination.
• T2719 additional Profile targets and their activities.
• T2770 additional Provide time sensitive targeting support.
• T2779 additional Review appropriate information sources to determine validity and relevance of information gathered.
• T2781 additional Reconstruct networks in diagram or report format.
• T2798 additional Research communications trends in emerging technologies (in computer and telephony networks, satellite, cable, and wireless) in both open and classified sources.
• T2818 additional Sanitize and minimize information to protect sources and methods.
• T2840 additional Support identification and documentation of collateral effects.
• T2893 additional Assess, document, and apply a target's motivation and/or frame of reference to facilitate analysis, targeting and collection opportunities.
• T2894 additional Collaborate across internal and/or external organizational lines to enhance collection, analysis and dissemination.
• T2897 additional Conduct analysis of target communications to identify essential information in support of organization objectives.
• T2902 additional Evaluate and interpret metadata to look for patterns, anomalies, or events, thereby optimizing targeting, analysis and processing.
• T2904 additional Identify cyber threat tactics and methodologies.
• T2905 additional Identify target communications within the global network.
• T2906 additional Maintain awareness of target communication tools, techniques, and the characteristics of target communication networks (e.g., capacity, functionality, paths, critical nodes) and their potential implications for targeting, collection, and analysis.
• T2909 additional Provide feedback to collection managers to enhance future collection and analysis.
• T2912 additional Perform or support technical network analysis and mapping.
• T2919 additional Perform social network analysis and document as appropriate.
• T2922 additional Tip critical or time-sensitive information to appropriate customers.
• T8010 additional Apply analytic techniques to validate information or data in reporting.
• T8011 additional Apply and/or develop analytic techniques to provide better intelligence.
• T8013 additional Apply customer requirements to the analysis process.
• T8022 additional Assist in the mitigation of collection gaps.
• T8023 additional Assist planners in the development of courses of action
• T8038 additional Conduct pre and post publication actions
• T8063 additional Develop analytical techniques to gain more target information.
• T8065 additional Develop and maintain target profiles using appropriate corporate tools and databases (e.g. Target associations, activities, communication infrastructures, etc.).
• T8081 additional Document and disseminate analytic findings.
• T8090 additional Enable targeting offices to find new sources of collection.
• T8100 additional Evaluate the strengths and weaknesses of the intelligence source.
• T8101 additional Evaluate threat critical capabilities, requirements, and vulnerabilities.
• T8108 additional Identify and facilitate partner relationships to enhance mission capabilities
• T8128 additional Lead work role working groups/planning and development forums
• T8137 additional Manipulate information in mission relevant databases (e.g., converting data, generating reports).
• T8138 additional Mitigate collection gaps
• T8145 additional Perform network analysis to support new or continued collection.
• T8149 additional Perform quality review and provide feedback on the materials delivered on which analysis and reporting is conducted.
• T8155 additional Prioritize reporting based on SIGINT reporting instructions or other mission reporting priorities.
• T8157 additional Produce digital network intelligence against specific named target sets.
• T8173 additional Provide intel target recommendations which meet leadership objectives.
• T8176 additional Provide SME support for the development and implementation of exercises.
• T8191 additional Select, build, and develop query strategies against appropriate collection databases.
• T8203 additional Understand hacker TTPs and methodologies.
• T8204 additional Understand network components and their functionality to enable analysis and target development.
• T8205 additional Understand technologies used by a given target
• T8213 additional Verify and validate that network graphics are accurate and comply with reporting policy.

Knowledge, Skills, and Abilities

KSA statements define what a person filling this role knows or can do. "Knowledge" is what they must know, "Skill" is what they can perform, and "Ability" is a durable capacity they bring to the work.

• A244 ability additional Ability to determine the validity of technology trend data.
• A3001 ability additional Ability to accurately and completely source all data used in intelligence, assessment and/or planning products.
• A3002 ability additional Ability to focus research efforts to meet the customer’s decision-making needs.
• A3020 ability additional Ability to clearly articulate intelligence requirements into well-formulated research questions and requests for information.
• A3021 ability additional Ability to collaborate effectively with others.
• A3022 ability additional Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
• A3039 ability additional Ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.
• A3043 ability additional Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products.
• A3044 ability additional Ability to exercise judgment when policies are not well-defined.
• A3047 ability additional Ability to function effectively in a dynamic, fast-paced environment.
• A3048 ability additional Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—in order to leverage analytical and technical expertise.
• A3052 ability additional Ability to identify intelligence gaps.
• A3073 ability additional Ability to recognize and mitigate cognitive biases which may affect analysis.
• A3074 ability additional Ability to recognize and mitigate deception in reporting and analysis.
• A3077 ability additional Ability to think critically.
• A3081 ability additional Ability to utilize multiple intelligence sources across all intelligence disciplines.
• A4148 ability additional Ability to review processed target language materials for accuracy and completeness.
• K0296 knowledge additional Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise.
• K0912 knowledge additional Knowledge of collection management processes, capabilities, and limitations.
• K0915 knowledge additional Knowledge of front-end collection systems, including traffic collection, filtering, and selection.
• K1036 knowledge additional Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed.
• K1056 knowledge additional Knowledge of operations security.
• K3078 knowledge additional Knowledge of target methods and procedures.
• K3095 knowledge additional Knowledge of internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering).
• K3106 knowledge additional Knowledge of a wide range of basic communications media concepts and terminology (e.g., computer and telephone networks, satellite, cable, wireless).
• K3113 knowledge additional Knowledge of target intelligence gathering and operational preparation techniques and life cycles.
• K3117 knowledge additional Knowledge of all-source reporting and dissemination procedures.
• K3129 knowledge additional Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.).
• K3137 knowledge additional Knowledge of basic malicious activity concepts (e.g., foot printing, scanning and enumeration).
• K3146 knowledge additional Knowledge of both internal and external customers and partner organizations, including information needs, objectives, structure, capabilities, etc.
• K3154 knowledge additional Knowledge of classification and control markings standards, policies and procedures.
• K3158 knowledge additional Knowledge of cyber operation objectives, policies, and legalities.
• K3166 knowledge additional Knowledge of collection searching/analyzing techniques and tools for chat/buddy list, emerging technologies, VOIP, Media Over IP, VPN, VSAT/wireless, web mail and cookies.
• K3172 knowledge additional Knowledge of collection sources including conventional and non-conventional sources.
• K3174 knowledge additional Knowledge of the intelligence requirements development and request for information processes.
• K3179 knowledge additional Knowledge of common networking devices and their configurations.
• K3181 knowledge additional Knowledge of common reporting databases and tools.
• K3219 knowledge additional Knowledge of cyber operations.
• K3225 knowledge additional Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).
• K3237 knowledge additional Knowledge of denial and deception techniques.
• K3242 knowledge additional Knowledge of document classification procedures, policy, resources, and personnel.
• K3262 knowledge additional Knowledge of evolving/emerging communications technologies.
• K3288 knowledge additional Knowledge of how converged technologies impact cyber operations (e.g., digital, telephony, wireless).
• K3291 knowledge additional Knowledge of how internet applications work (SMTP email, web-based email, chat clients, VOIP).
• K3292 knowledge additional Knowledge of how modern digital and telephony networks impact cyber operations.
• K3293 knowledge additional Knowledge of how modern wireless communications systems impact cyber operations.
• K3296 knowledge additional Knowledge of how to collect, view, and identify essential information on targets of interest from metadata (e.g., email, http).
• K3298 knowledge additional Knowledge of how to extract, analyze, and use metadata.
• K3324 knowledge additional Knowledge of information and collateral intelligence sources.
• K3338 knowledge additional Knowledge of intelligence reporting principles, policies, procedures, and vehicles, including report formats, reportability criteria (requirements and priorities), dissemination practices, and legal authorities and restrictions.
• K3346 knowledge additional Knowledge of Internet and routing protocols.
• K3382 knowledge additional Knowledge of methods to integrate and summarize information from any potential sources.
• K3386 knowledge additional Knowledge of midpoint collection (process, objectives, organization, targets, etc.).
• K3407 knowledge additional Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).
• K3418 knowledge additional Knowledge of organization and/or partner collection systems, capabilities, and processes (e.g., collection and protocol processors).
• K3441 knowledge additional Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.
• K3450 knowledge additional Knowledge of principles and practices related to target development such as target knowledge, associations, communication systems, and infrastructure.
• K3505 knowledge additional Knowledge of strategies and tools for target research.
• K3534 knowledge additional Knowledge of target, including related current events, communication profile, actors, and history (language, culture) and/or frame of reference.
• K3542 knowledge additional Knowledge of the basic structure, architecture, and design of converged applications.
• K3564 knowledge additional Knowledge of the data flow from collection origin to repositories and tools.
• K3582 knowledge additional Knowledge of the intelligence frameworks, processes, and related systems.
• K3595 knowledge additional Knowledge of the organization, roles and responsibilities of higher, lower and adjacent sub-elements.
• K3603 knowledge additional Knowledge of the principal methods, procedures, and techniques of gathering information and producing intelligence.
• K3608 knowledge additional Knowledge of the purpose and contribution of target templates.
• K3616 knowledge additional Knowledge of the structure, architecture, and design of modern digital and telephony networks.
• K3617 knowledge additional Knowledge of the structure, architecture, and design of modern wireless communications systems.
• K3627 knowledge additional Knowledge of cryptologic capabilities, limitations, and contributions to cyber operations.
• K4072 knowledge additional Knowledge of collection systems, capabilities, and processes.
• K4073 knowledge additional Knowledge of the feedback cycle in collection processes.
• K4078 knowledge additional Knowledge of target or threat cyber actors and procedures.
• K4079 knowledge additional Knowledge of basic cyber operations activity concepts (e.g., foot printing, scanning and enumeration, penetration testing, white/black listing).
• K4085 knowledge additional Knowledge of approved intelligence dissemination processes.
• K4086 knowledge additional Knowledge of relevant laws, regulations, and policies.
• K4088 knowledge additional Knowledge of target communication profiles and their key elements (e.g., target associations, activities, communication infrastructure).
• K4089 knowledge additional Knowledge of target communication tools and techniques.
• K4090 knowledge additional Knowledge of the characteristics of targeted communication networks (e.g., capacity, functionality, paths, critical nodes).
• K4094 knowledge additional Knowledge of networking and internet communications fundamentals (i.e. devices, device configuration, hardware, software, applications, ports/protocols, addressing, network architecture and infrastructure, routing, operating systems, etc.).
• K4095 knowledge additional Knowledge of concepts related to websites (e.g., web servers/pages, hosting, DNS, registration, web languages such as HTML).
• K4097 knowledge additional Knowledge of network security implementations (e.g., host-based IDS, IPS, access control lists), including their function and placement in a network.
• K4099 knowledge additional Knowledge of customer information needs.
• K4106 knowledge additional Knowledge of analytic tools and techniques.
• K4113 knowledge additional Knowledge of the request for information process.
• K4165 knowledge additional Knowledge of obfuscation techniques (e.g., TOR/Onion/anonymizers, VPN/VPS, encryption).
• K4166 knowledge additional Knowledge of computer programming concepts, including computer languages, programming, testing, debugging, and file types.
• K4396 knowledge additional Knowledge of basic cloud based technologies and concepts.
• K4421 knowledge additional Knowledge of Critical Intelligence Communication (CRITIC) identification and reporting process.
• K4423 knowledge additional Knowledge of cryptologic and SIGINT reporting and dissemination procedures.
• K4460 knowledge additional Knowledge of how and when to request assistance from the Cryptanalysis and Signals Analysis and/or CNO.
• K4470 knowledge additional Knowledge of intelligence sources and their characteristics.
• K4491 knowledge additional Knowledge of methods, tools, sources, and techniques used to research, integrate and summarize information pertaining to target.
• K4523 knowledge additional Knowledge of quality review process and procedures.
• K4570 knowledge additional Knowledge of the overall mission of the Cyber Mission Forces (CMF).
• K4578 knowledge additional Knowledge of the specific missions for CMF (i.e., Cyber Mission Teams (CMT), National Mission Teams (NMT), Combat Support Team (CST), National Support Team (NST), Cyber Protection Team (CPT).
• K4582 knowledge additional Knowledge of the U.S. SIGINT System (USSS) authorities, responsibilities, and contributions to the cyberspace operations mission.
• S3664 skill additional Skill in identifying how a target communicates.
• S3667 skill additional Skill in analyzing a target's communication networks.
• S3678 skill additional Skill in analyzing traffic to identify network devices.
• S3689 skill additional Skill in applying various analytical methods, tools, and techniques (e.g., competing hypotheses; chain of reasoning; scenario methods; denial and deception detection; high impact-low probability; network/association or link analysis; Bayesian, Delphi, and Pattern analyses).
• S3692 skill additional Skill in assessing the applicability of available analytical tools to various situations.
• S3708 skill additional Skill in conducting social network analysis, buddy list analysis, and/or cookie analysis.
• S3765 skill additional Skill in disseminating items of highest intelligence value in a timely manner.
• S3771 skill additional Skill in evaluating data sources for relevance, reliability, and objectivity.
• S3772 skill additional Skill in evaluating information for reliability, validity, and relevance.
• S3773 skill additional Skill in evaluating information to recognize relevance, priority, etc.
• S3774 skill additional Skill in evaluating accesses for intelligence value.
• S3778 skill additional Skill in exploiting/querying organizational and/or partner collection databases.
• S3787 skill additional Skill in identifying a target’s communications networks.
• S3797 skill additional Skill in identifying leads for target development.
• S3803 skill additional Skill in identifying, locating, and tracking targets via geospatial analysis techniques
• S3812 skill additional Skill in interpreting metadata and content as applied by collection systems.
• S3822 skill additional Skill in managing client relationships, including determining client needs/requirements, managing client expectations, and demonstrating commitment to delivering quality results.
• S3828 skill additional Skill in navigating network visualization software.
• S3863 skill additional Skill in recognizing midpoint opportunities and essential information.
• S3864 skill additional Skill in recognizing relevance of information.
• S3865 skill additional Skill in recognizing significant changes in a target’s communication patterns.
• S3867 skill additional Skill in recognizing technical information that may be used for leads to enable remote operations (data includes users, passwords, email addresses, IP ranges of the target, frequency in DNI behavior, mail servers, domain servers, SMTP header information).
• S3867A skill additional Skill in recognizing technical information that may be used for target development including intelligence development.
• S3873 skill additional Skill in researching essential information.
• S3885 skill additional Skill in fusion analysis
• S3890 skill additional Skill in synthesizing, analyzing, and prioritizing meaning across data sets.
• S3908 skill additional Skill in using research methods including multiple, different sources to reconstruct a target network.
• S3915 skill additional Skill in using geospatial data and applying geospatial resources.
• S3923 skill additional Skill in using non-attributable networks.
• S3951 skill additional Skill in writing about facts and ideas in a clear, convincing, and organized manner.
• S4118 skill additional Skill in identifying a target's network characteristics.
• S4121 skill additional Skill in assessing a target's frame of reference (e.g., motivation, technical capability, organizational structure, sensitivities).
• S4123 skill additional Skill in conducting research using all available sources.
• S4125 skill additional Skill in complying with the legal restrictions for targeted information.
• S4128 skill additional Skill in developing intelligence reports.
• S4129 skill additional Skill in evaluating and interpreting metadata.
• S4134 skill additional Skill in identifying intelligence gaps and limitations.
• S4141 skill additional Skill in providing analysis on target-related matters (e.g., language, cultural, communications).
• S4160 skill additional Skill in interpreting traceroute results, as they apply to network analysis and reconstruction.
• S4612 skill additional Skill in conducting deriviative classification IAW organization standards/Policy
• S4613 skill additional Skill in conducting quality review of serialized reports and reporting for time-sensitive USCYBERCOM operations.
• S4619 skill additional Skill in developing and maintaining target profiles.
• S4625 skill additional Skill in drafting serialized reports to support time-sensitive USCYBERCOM operations.
• S4626 skill additional Skill in drafting serialized reports to the quality level meeting release standards.
• S4629 skill additional Skill in executing post publication processes IAW organization standards/Policy
• S4651 skill additional Skill in providing feedback to enhance future collection and analysis.
• S4656 skill additional Skill in recognizing exploitation opportunities.
• S4657 skill additional Skill in recognizing targeting opportunities and essential information.
• S4662 skill additional Skill in releasing serialized and time-sensitive reports

Other roles in this element