Cyber Defense Analysis Specialty Area Qualification Matrix *

Associated Work Roles

  • Cyber Defense Analyst (511)

Note: This page presents the qualification requirements at the Specialty Area level, a summary category one level above work roles. Until the qualification requirements for the Work Roles are released, please refer to the Specialty Area qualification table below for information. This table will be updated to reflect the specific Work Role requirements when the information is available.

Specialty Area Framework Category: Protect and Defend

Specialty Areas responsible for identifying, analyzing, and mitigating threats to internal information technology (IT) systems or networks.

Cyber Defense Analysis Description

Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the enterprise network in order to protect information, information systems, and networks from threats.

Example Job/Billet Titles

  • CNDSP Analyst
  • CNDSP Manager
  • CPT CND Manager
  • CPT Interactive Operator
  • CPT Systems Architect
  • Cyber Security Analyst
  • Incident Analyst

Master Tasks and KSAs

Detailed information on the Tasks and Knowledge, Skills and Abilities (KSAs) associated with each Navy Specialty Area can be found in the Master Task & KSA List spreadsheet on the NAVIFOR website (requires credentials/CAC to access) or on the DoD Cyber Exchange website.

Initial Training

Initial training qualification for a specialty area is generally met by a High School diploma or equivalent and completion of Navy "A" school (for Navy enlisted).

Minimum Credential Requirement

You must meet one of the education, training, or certification requirements in the Qualifications Table below. See “Understanding Qualifications” on the Qualifications Table for more information on the order of precedence for the minimum credential requirement.

Qualifying Degrees

The Qualifications Table below includes college degrees in the Education section. For example, "Bachelor degree from accredited University." To view a list of degree programs that are acceptable for this Specialty Area, click List of Qualifying Degrees below or the Information icon in the Qualifications Table.

Worksheet View

Click the button to toggle in and out of the worksheet view for the qualifications table. Turning the worksheet view on will allow you to mark requirements and qualifications for your proficiency level, and then print a printer-friendly version of the matrix worksheet.

Note: The Qualification Matrix information on this page will be in a different order when printed to reduce the number of pages needed.

View Proficiency Level(s)

Qualifications Table

All qualifications have not been met.
 
Basic Intermediate Advanced
Associate Degree from accredited University Bachelor Degree from accredited University Graduate Degree from accredited University
OR
 
CYBR1005 Security Essentials CYBR1005 Security Essentials Hunt Methodologies Course (HMC)
Hunt Methodologies Course (HMC) CYBR1100 Network Traffic Analysis Intermediate Cyber Core (ICC)
Intermediate Cyber Core (ICC) Hunt Methodologies Course (HMC)  
NEC 746A Information Systems Technician (IAT II) Intermediate Cyber Core (ICC)  
NEC H09A CANES AN/USQ-208(V) System Administrator/Maintainer NEC 742A Network Security Vulnerability Technician  
NEC H10A Basic Cyber Analyst/Operator NEC H08A Advanced Network Analyst  
NEC H13A Navy Interactive ON-NET Operator NEC H10A Basic Cyber Analyst/Operator  
  NEC H13A Navy Interactive ON-NET Operator  
OR
AND
 
JQR (Computer Network Defense Intelligence Analysis - watch) JQR (Threat) NAVEDTRA 43350 (Malware)
JQR (Intrusion Detection Analyst - Sensor OPS) NAVEDTRA 43355-1 - Watchstation 303 - Navy Networks With privileged access- NAVEDTRA 43469 Watchstation 303 - Information Assurance Technician Level III
NAVEDTRA 43355-1 - Watchstation 301 - Navy Networks NAVEDTRA 43355-1 - Watchstation 304 - Navy Networks  
With privileged access- NAVEDTRA 43469 Watchstation 301 - Information Assurance Technician Level I NAVEDTRA 43355-1 - Watchstation 305 - Navy Networks  
  NAVEDTRA 43469 Watchstation 301 - Information Assurance Technician Level I  
  With privileged access- NAVEDTRA 43469 Watchstation 302 - Information Assurance Technician Level II  

Note: The Qualification Matrix information on this page will be in a different order when printed to reduce the number of pages needed.

*If you have recommendations for degrees, qualifications, NECs or credentials for this matrix, direct them to NAVIFOR. Questions and recommendations regarding the Cyber IT/CSWF model, matrix, policies, implementation guidelines, and compliance should be directed to: Navy_CSWF_Program_Helpline@navy.mil

This is an official U.S. Navy websiteUpdated: August 31, 2020
TOP

Basic

Foundational understanding of computer systems and related cybersecurity software and hardware components. Ability to apply simple concepts and routine processes with frequent and specific guidance. Ability to perform successfully in routine, structured situations, or more complex situations with supervision.

Intermediate

Working knowledge and application of Information Security and security operational characteristics for a variety of computer platforms, networks, software applications, and Operating Systems. Extensive knowledge of basic concepts and processes and experience applying these with only periodic high-level guidance. Ability to perform successfully in non-routine and sometimes complicated situations.

Advanced

Application and mastery of Information Security, plans, and functions; responsible for the management of complex projects, and initiatives with large scope. An in-depth understanding of complex concepts and processes, and experience applying these with little or no guidance. Ability to provide guidance to others and to perform successfully in complex, unstructured situations.

Click link to go to GIAC Certified Incident Handler (GCIH) COOL Snapshot page.

The Global Information Assurance Certification (GIAC), Certified Incident Handler (GCIH) is an intermediate skill level credential for professionals responsible for handling and responding to incidents. The GCIH certifies the ability to detect, respond to, and resolve computer security incidents using a wide range of essential security skills. GCIHs know how to manage security incidents by understanding common attack techniques, vectors and tools, as well as defend against and respond to such attacks when they occur. There are no prerequisites for this certification. Candidates must pass a written exam.

Click link to go to GIAC Certified Intrusion Analyst (GCIA) COOL Snapshot page.

The Global Information Assurance Certification (GIAC), Certified Intrusion Analyst (GCIA) is an advanced skill level credential that demonstrates a professional’s knowledge, skills, and abilities to configure and monitor intrusion detection systems, and to read, interpret, and analyze network traffic and related log files. There are no prerequisites for the GCIA certification. Candidates must pass a written exam.

Click link to go to GIAC Certified Forensics Analyst (GCFA) COOL Snapshot page.

The Global Information Assurance Certification (GIAC), Certified Forensic Analyst (GCFA) is an advanced skill level credential for professionals working in the information security, computer forensics, and incident response fields. It certifies that candidates have the skills required to collect and analyze data from Windows and Linux computer systems. And, it demonstrates their ability to conduct formal incident investigations and handle advanced incident handling scenarios, including internal and external data breach intrusions, advanced persistent threats, anti-forensic techniques used by attackers, and complex digital forensic cases. There are no prerequisites for this certification.  Candidates must pass a written exam.

Click link to go to CERT - Certified Computer Security Incident Handler (CSIH) COOL Snapshot page.

The CERT-Certified Computer Security Incident Handler (CSIH) certification program is targeted to computer network incident handling professionals, computer security incident response team (CSIRT) members and technical staff, system and network administrators with incident handling experience, incident handling trainers and educators, and cyber security technical staff. One or more years of experience in incident handling and/or equivalent security-related experience.

Click link to go to Certified Ethical Hacker (CEH) COOL Snapshot page.

The International Council of Electronic Commerce Consultants (EC-Council), Certified Ethical Hacker (CEH) program certifies professionals who are responsible for securing (or testing the security of) computer networks from a vendor-neutral perspective. A Certified Ethical Hacker understands how to look for the weaknesses and vulnerabilities in networks and/or computer systems, and, lawfully and at the request of an organization, uses the same tools as a malicious hacker. The CEH is appropriate for security officers, auditors, security professionals, site administrators, and others who may be concerned about the integrity of their organizations network infrastructure. Candidates must pass a written exam.