•    Employment
  •    Academia
  •    Research
    • NICE Framework
    • CAE Program

Independent/Directed Study/Research

Topics

  1. Courses focused on emerging technologies and their security relevant issues or new Tools, Techniques and Methods related to IA/Cyber Defense
  2. Taxonomy
  3. Explain when vulnerabilities must be disclosed.
  4. Tools and techniques for identifying vulnerabilities
  5. Input-Based Vulnerabilities
  6. Function-Specific Input Vulnerabilities
  7. Shared Hosting Vulnerabilities
  8. Understanding of the families of attacks (differential, man-in-the-middle, linear, etc.)
  9. Hashing and Signatures
  10. Modes and appropriate uses
  11. Classical Cryptanalysis (a la Konheim)
  12. Identity-based Cryptography
  13. Digital Signatures
  14. Virtual Private Networks
  15. Quantum Key Cryptography
  16. Anonymity and Pseudonymity
  17. Server-Side Controls
  18. Client-Side Controls
  19. Attacking Application Logic
  20. Recent Attack Trends
  21. Flaw Hypothesis Methodology
  22. Other methodologies (e.g., OSSTMM)
  23. Identifying flaws from documentation
  24. Understanding families of attacks
  25. Attack Surface Discovery
  26. Testing Methodologies
  27. Secure Installation
  28. File system maintenance (isolation of sensitive data)
  29. User/Group/File Management
  30. Password Standards and Requirements
  31. Shutting Down Unnecessary/Unneeded Services
  32. Closing Unnecessary/Unneeded Ports
  33. Patch Management/Software Updates
  34. Privilege States
  35. Processes & Threads, Process/Thread Management
  36. Memory Management, Virtual Memory
  37. Inter-process Communications
  38. Concurrency and Synchronization, Deadlocks
  39. Input / Output
  40. Real-time operating systems/security issues
  41. Race Conditions
  42. Advanced Network Security Topics
  43. Threat modeling
  44. Software Assurance Maturity Model
  45. Role of Project/Program Management
  46. Role of Process Management
  47. Development Processes and Paradigms
  48. Developmental Threats
  49. Vectors
  50. NIST Risk Management Framework (SP800-37)
  51. Root causes of vulnerabilities
  52. Digital Investigations

Outcomes

  1. Evaluate security mechanisms based on cryptography
  2. Fraudulent Financial Reporting

KSA-T

Below are the Knowledge, Skills, Abilities and Tasks (KSA-T) identified as being required to perform this work role.
Learn More about the KAS-T's.

  • Knowledge
  • Skills
  • Abilities
  • Tasks
ID DESCRIPTION
K0059 Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
K0235 Knowledge of how to leverage research and development centers, think tanks, academic research, and industry systems.
K0277 Knowledge of current and emerging data encryption (e.g., Column and Tablespace Encryption, file and disk encryption) security features in databases (e.g. built-in cryptographic key management features).
K0009 Knowledge of application vulnerabilities.
K00013 Knowledge of cyber defense and vulnerability assessment tools and their capabilities. 
K0161 Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
K0070 Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
K0089 Knowledge of systems diagnostic tools and fault identification techniques.
K0105 Knowledge of web services (e.g., service-oriented architecture, Simple Object Access Protocol, and web service description language).
K0019 Knowledge of cryptography and cryptographic key management concepts
K0308 Knowledge of cryptology.
K0004 Knowledge of cybersecurity and privacy principles.
K0044 Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
K0106 Knowledge of what constitutes a network attack and a network attack??s relationship to both threats and vulnerabilities.
K0143 Knowledge of front-end collection systems, including traffic collection, filtering, and selection.
K0119 Knowledge of hacking methodologies.
K0177 Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
K0206 Knowledge of ethical hacking principles and techniques.
K0342 Knowledge of penetration testing principles, tools, and techniques.
K0604 Knowledge of threat and/or target systems.
K0430 Knowledge of evasion strategies and techniques.
K0572 Knowledge of the functions and capabilities of internal teams that emulate threat activities to benefit the organization.
K0268 Knowledge of forensic footprint identification.
K0310 Knowledge of hacking methodologies.
K0122 Knowledge of investigative implications of hardware, Operating Systems, and network technologies.
K0167 Knowledge of system administration, network, and operating system hardening techniques.
K0224 Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems.
K0332 Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
K0301 Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
K0344 Knowledge of an organization??s threat environment.
K0178 Knowledge of secure software deployment methodologies, tools, and practices.
K0039 Knowledge of cybersecurity and privacy principles and methods that apply to software development.
K0081 Knowledge of software development models (e.g., Waterfall Model, Spiral Model).
K0153 Knowledge of software quality assurance process.
K0154 Knowledge of supply chain risk management standards, processes, and practices.
K0160 Knowledge of the common attack vectors on the network layer.
K0048 Knowledge of Risk Management Framework (RMF) requirements.
K0002 Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
K0343 Knowledge of root cause analysis techniques.
ID DESCRIPTION
ID DESCRIPTION
A0001 Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
A0093 Ability to identify/describe techniques/methods for conducting technical exploitation of the target.
A0092 Ability to identify/describe target vulnerability.
A0086 Ability to expand network access by conducting target analysis and collection to identify targets of interest.
ID DESCRIPTION