
Knowledge of security concepts in operating systems (e.g., Linux, Unix.) Skill in analyzing traffic to identify network devices. Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection). Knowledge of host-based security products and how those products affect exploitation and reduce vulnerability.

Knowledge of website types, administration, functions, and content management system (CMS). Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.). Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.). Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection). Skill in conducting application vulnerability assessments.Ībility to identify systemic security issues based on the analysis of vulnerability and configuration data. Skill in using network analysis tools to identify vulnerabilities. Skill in the use of penetration testing tools and techniques. Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems. Knowledge of penetration testing principles, tools, and techniques. Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump). Knowledge of ethical hacking principles and techniques. Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities. Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). Knowledge of application vulnerabilities. Knowledge of specific operational impacts of cybersecurity lapses. Knowledge of cyber threats and vulnerabilities. (e.g., phishing, baiting, tailgating, etc.).

Skill in the use of social engineering techniques. Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks). Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). Knowledge of cybersecurity and privacy principles.
