Cyber Defense Infrastructure Support Specialist

Tests, implements, deploys, maintains, and administers the infrastructure hardware and software.

Tasks

The concrete work activities defined for this role in the DCWF v5.1 spreadsheet. Core tasks are required for the role; additional tasks are associated but not mandatory.

• T2772 additional Build, install, configure, and test dedicated cyber defense hardware.
• T393B additional Coordinate with system administrators to create cyber defense tools, test bed(s), and test and evaluate applications, hardware infrastructure, rules/signatures, access controls, and configurations of platforms managed by service provider(s).
• T471 additional Coordinate with Cyber Defense Analysts to manage and administer the updating of rules and signatures (e.g., intrusion detection/protection systems, anti-virus, and content blacklists) for specialized cyber defense applications.
• T481A additional Create, edit, and manage network access control lists on specialized cyber defense systems (e.g., firewalls and intrusion prevention systems).
• T5090 additional Assist in assessing the impact of implementing and sustaining a dedicated cyber defense infrastructure.
• T643A additional Identify potential conflicts with implementation of any cyber defense tools(e.g., tool and signature testing and optimization).
• T654B additional Implement risk assessment and authorization requirements per the Risk Management Framework (RMF) process for dedicated cyber defense systems within the enterprise, and document and maintain records for them.
• T769 additional Perform system administration on specialized cyber defense applications and systems (e.g., anti-virus, audit and remediation) or Virtual Private Network (VPN) devices, to include installation, configuration, maintenance, backup and restoration.
• T960 additional Assist in identifying, prioritizing, and coordinating the protection of critical cyber defense infrastructure and key resources.

Knowledge, Skills, and Abilities

KSA statements define what a person filling this role knows or can do. "Knowledge" is what they must know, "Skill" is what they can perform, and "Ability" is a durable capacity they bring to the work.

• K0049 knowledge core Knowledge of host/network access control mechanisms (e.g., access control list).
• K0061 knowledge core Knowledge of incident response and handling methodologies.
• K0063 knowledge core Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• K0148 knowledge core Knowledge of Virtual Private Network (VPN) security.
• K0150 knowledge core Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.
• K059A knowledge core Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.
• K081A knowledge core Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
• K087A knowledge core Knowledge of network traffic analysis (tools, methodologies, processes).
• K092B knowledge core Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol (TCP), Internet Protocol (IP), Open System Interconnection Model (OSI)).
• K0984 knowledge core Knowledge of cyber defense policies, procedures, and regulations.
• K1012A knowledge core Knowledge of test procedures, principles, and methodologies (e.g., Capabilities and Maturity Model Integration (CMMI)).
• K1072 knowledge core Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth, Zero Trust).
• S6700 skill core Skill in troubleshooting and diagnosing cyber defense infrastructure anomalies and work through resolution.
• A6918 ability additional Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments.
• A6919 ability additional Ability to determine the best cloud deployment model for the appropriate operating environment.
• K0029 knowledge additional Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools.
• K0093 knowledge additional Knowledge of packet-level analysis.
• K0900 knowledge additional Knowledge of web filtering technologies.
• K1074A knowledge additional Knowledge of transmission records (e.g., Bluetooth, Radio Frequency Identification (RFID), Infrared Networking (IR), Wireless Fidelity (Wi-Fi). paging, cellular, satellite dishes, Voice over Internet Protocol (VoIP)), and jamming techniques that enable transmission of undesirable information, or prevent installed systems from operating correctly.
• K1125 knowledge additional Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration.
• K3143 knowledge additional Knowledge of basic system, network, and OS hardening techniques.
• K6210 knowledge additional Knowledge of cloud service models and possible limitations for an incident response.
• S0157 skill additional Skill in recovering failed systems/servers.
• S227 skill additional Skill in tuning sensors.
• S229 skill additional Skill in using incident handling methodologies.
• S237 skill additional Skill in using Virtual Private Network (VPN) devices and encryption.
• S6670 skill additional Skill in system, network, and OS hardening techniques.
• S6942 skill additional Skill in designing or implementing cloud computing deployment models.
• S6945 skill additional Skill in migrating workloads to, from, and among the different cloud computing service models.
• S893 skill additional Skill in securing network communications.
• S896 skill additional Skill in protecting a network against malware.

EWU courses that develop this role

Capture-the-Flag challenges that exercise this role

NCAE CyberGames scoreboard errors for this role

• NCAE-7aabdb11ec DNS EXT FWD / failure: Can't contact DNS Server on IP
• NCAE-79daa735d3 Postgres Access / failure: An error was encountered while trying to connect to the database
• NCAE-b364740c09 DNS EXT REV / failure: Can't contact DNS Server on IP
• NCAE-9b363f6139 DNS INT FWD / failure: Can't contact DNS Server on INT_IP
• NCAE-7f0bb3106d DNS INT REV / failure: Can't contact DNS Server on INT_IP
• NCAE-5c25d301a6 WWW SSL / failure: Failed to connect to host
• NCAE-53a9f9da43 WWW Port 80 / failure: Failed to connect to server, is port 80 open?
• NCAE-eeb5e4e8f3 SMB Login / failure: SMB operation failed: [Errno 111] Connection refused
• NCAE-efd6404d3c SMB Read / failure: SMB operation failed: [Errno 111] Connection refused
• NCAE-600767ba09 SMB Write / failure: SMB operation failed: [Errno 111] Connection refused
• NCAE-ff23c10a65 WWW SSL / timeout: Timeout
• NCAE-ed9f4ee89c SMB Read / partial: SMB operation failed: Failed to get attributes for addict_with_a_pen.data on files: Unable to open remote file object
• NCAE-a35a20c717 DNS EXT REV / partial: Connected to IP:53, no useful content though...
• NCAE-5e1da0ed9d SSH Login / failure: Failed to connect to host: IP
• NCAE-4b7774940b SMB Login / failure: SMB operation failed: [Errno 113] Host is unreachable
• NCAE-b9e0ec08d1 SMB Write / failure: SMB operation failed: [Errno 113] Host is unreachable
• NCAE-1c78c96e24 SMB Read / failure: SMB operation failed: [Errno 113] Host is unreachable
• NCAE-14d2aca40b WWW SSL / failure: [SSL] record layer failure (_ssl.c:1010)
• NCAE-93ded42199 SMB Read / partial: 22 files have incorrect content
• NCAE-cb9ddf3665 DNS INT REV / partial: Connected to INT_IP:53, no useful content though...
• NCAE-a159d521db DNS INT FWD / partial: Connected to INT_IP:53, no useful content though...
• NCAE-8bce253742 WWW SSL / failure: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] ssl/tls alert handshake failure (_ssl.c:1010)
• NCAE-989ad067ad WWW SSL / failure: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1010)
• NCAE-a86494638e WWW SSL / failure: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1010)
• NCAE-4dc6feb4c8 SMB Read / failure: SMB connection failed: protocol error
• NCAE-2ec02e1cd0 SMB Login / failure: SMB connection failed: protocol error
• NCAE-7aef47fca9 SMB Write / failure: SMB connection failed: protocol error
• NCAE-6874759148 SMB Read / partial: SMB operation failed: Failed to get attributes for cottonwood.data on files: Unable to open remote file object
• NCAE-935f9d5213 SMB Read / partial: SMB operation failed: Failed to retrieve before_you_start_your_day.data on files: Unable to open file
• NCAE-c1a43a09d2 DNS EXT FWD / partial: Failed to lookup: ns1.team15.ncaecybergames.org, files.team15.ncaecybergames.org, shell.team15.ncaecybergames.org

Other roles in this element