Cybersecurity Competency

From Ian Loe Academy Wiki
Revision as of 14:20, 23 November 2022 by Ila admin (talk | contribs) (Protected "Cybersecurity Competency" ([Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite)))
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Background

Competency Framework

As cybersecurity threats for the enterprise is evolving rapidly, we need to develop a competency framework to evaluate staffing and for pipeline development.

This competency framework can be used to develop customised training programmes for individuals (or teams) and also for evaluation of skills for promotion considerations.

Principle Considerations

Key points when creating this framework

  • Enable focused development to build deep capabilities
  • Relevant to business needs
  • Set skills expectations for job-grade

Competency Mapping

Role Categories

As the cybersecurity domain is very wide and most organisations may not have specialist in every type of skills, the mapping will be categorised to 4 main types of roles:

  • CISO
  • Cybersecurity Specialist
  • Governance, Risk, Compliance
  • Cybersecurity Engineers

Competency Areas

The skill areas for each competency can be viewed as such:

Cybersecurity Operations Cybersecurity Consulting Cybersecurity Governance Cybersecurity Engineering
Incident Response Cyber Risk Assessment Strategy Development Adversary Simulation
Digital Forensics Cybersecurity Design Policies Development Social Engineering
Malware Analysis Cyber Programme Mgmt Audit & Compliance Penetration Testing
Cyber Threat Intelligence Cyber Tech Assessment Software Development
Cyber Threat Analysis
SOC Operations

Level of Competency

The level of competency can be categorised into 5 levels:

Level Description Test Question
L1 Understanding Can you explain the subject ?
L2 Application Tell me how you would apply this knowledge?
L3 Analysis How would you perform root-case analysis related issues?
L4 Synthesis How would you apply lessons learned to re-design the approach?
L5 Evaluation How would you assess the effectiveness of your applied strategy?

Roles

CISO

CISO is a job which requires broad knowledge across cybersecurity domains, and deep competencies in areas of consulting and governance, to support the business leaders.

Job Description You will oversee the security posture of the organisation. You will be responsible for maintaining the cybersecurity policies, standards and procedures for the organisation and driving cybersecurity compliance. You will be key in driving the security awareness of the organisation and oversee all cybersecurity incidents.
Responsibilities
  • Build out expertise in the cybersecurity domains
  • Promote cybersecurity awareness across the organisation
  • Own the tools and initiatives for cybersecurity operations.
  • Optimize cybersecurity budget to get the best defence within budget
  • You will identify needs, weaknesses, risks and build the roadmap to address them and bring the cybersecurity posture to the next level.
  • Close out all cybersecurity audit findings promptly.
Relevant Areas
Grade Competencies
Assistant 2 X L2

2 X L3

1 X L4

Deputy 3 X L2

2 X L3

1 X L4

Senior 5 X L2

4 X L3

1 X L4

Cybersecurity Operations Cybersecurity Consulting Cybersecurity Governance Cybersecurity Engineering
Incident Response Cyber Risk Assessment Strategy Development Adversary Simulation
Digital Forensics Cybersecurity Design Policies Development Social Engineering
Malware Analysis Cyber Programme Mgmt Audit & Compliance Penetration Testing
Cyber Threat Intelligence Cyber Tech Assessment Software Development
Cyber Threat Analysis
SOC Operations

Cybersecurity Specialist

Cybersecurity Specialist is a role which requires deep expertise in a particular domain  to support the needs of a particular function.

Relevant Areas
Grade Competencies
Intern 1 X L1
Associate 1 X L1

1 X L2

Junior 2 X L1

1 X L2

1 X L3

Senior 3 X L1

2 X L2

1 X L4

Cybersecurity Operations Cybersecurity Consulting Cybersecurity Governance Cybersecurity Engineering
Incident Response Cyber Risk Assessment Adversary Simulation
Digital Forensics Cybersecurity Design Social Engineering
Malware Analysis Cyber Programme Mgmt Penetration Testing
Cyber Threat Intelligence Cyber Tech Assessment Software Development
Cyber Threat Analysis
SOC Operations

Governance, Risk & Compliance

GRC is a job which requires broad knowledge across cybersecurity domains, and deep competencies in areas of governance, to deliver mandate for all system implementers.

Relevant Areas
Grade Competencies
Intern 1 X L1

1 X L2 (GC)

Associate 2 X L1

1 X L3 (CG)

Junior 2 X L1

1 X L2

1 X L3 (CG)

Senior 3 X L1

2 X L2

1 X L4 (CG)

Cybersecurity Operations Cybersecurity Consulting Cybersecurity Governance Cybersecurity Engineering
Incident Response Cyber Risk Assessment Strategy Development Adversary Simulation
Digital Forensics Cybersecurity Design Policies Development Social Engineering
Malware Analysis Cyber Programme Mgmt Audit & Compliance Penetration Testing
Cyber Threat Intelligence Cyber Tech Assessment Software Development
Cyber Threat Analysis
SOC Operations

Cybersecurity Engineer

Cybersecurity engineer is a job which requires deep expertise in a particular domain to support the needs of a particular function.

Relevant Areas
Grade Competencies
Intern 1 X L1  (CE)
Associate 2 X L1

1 X L2 (CE)

Junior 2 X L1

1 X L2

1 X L3 (CE)

Senior 3 X L1

2 X L2

1 X L4 (CE)

Cybersecurity Operations Cybersecurity Consulting Cybersecurity Governance Cybersecurity Engineering
Incident Response Cyber Risk Assessment Strategy Development Adversary Simulation
Digital Forensics Cybersecurity Design Policies Development Social Engineering
Malware Analysis Cyber Programme Mgmt Audit & Compliance Penetration Testing
Cyber Threat Intelligence Cyber Tech Assessment Software Development
Cyber Threat Analysis
SOC Operations

Competency Areas

Incident Response

Training
CSX Practitioner
Incident Handling
Digital Forensics
Assessment Level
Able to articulate IR process L1
Describe information to collect during IR L1
How would you use information collected during IR L2
How would you determine root cause of incident L3
Describe some process improvement for IR L4
Develop automation tools for IR L5

Skills Expectation

Level Description Skills
L1 Understanding
  • Gather information related to incident
  • Categorize the incident according to guidelines
  • Assist with mitigation of incident
  • Help document the mitigation process
L2 Application
  • Review categorisation by L1
  • Perform triage
  • Perform log analysis
  • Escalate as per SOP
L3 Analysis
  • Correlate evidence to diagnose incident
  • Manage the containment of incident
  • Lead the root cause analysis
L4 Synthesis
  • Develop mitigation strategies
  • Coach and supervise IR teams
  • Establish SOPs and develop incident playbook
L5 Evaluation
  • Adapt and create new SOPs and playbook for group
  • Develop automaton for SOPs

Digital Forensics

Training
Digital Forensics
Encase/Axiom training
Cellebrite
Assessment Level
Able to articulate how forensics images are collected L1
Describe some coming imaging tools L1
How would you use a forensics tool to extract evidence L2
How would you determine incident from evidence L3
Describe some process improvement for forensics investigation L4
Develop new techniques/tools for forensics L5

Skills Expectation

Level Description Skills
L1 Understanding
  • Understand basic forensics techniques and tools
L2 Application
  • Process media to collect evidence
  • Preserve chain of custody of evidence
L3 Analysis
  • Evaluate tools and techniques for forensics
L4 Synthesis
  • Establish forensics SOP
  • Mentor and guide forensics team
  • Create techniques, tactics and procedures for forensics practice
L5 Evaluation
  • Develop new tools and/or techniques for forensics

Malware Analysis

Training
Digital Forensics
Malware deep dive
MITRE ATT&CK
Assessment Level
Able to articulate malware families and how they work L1
How would you extract a malware and determine its type L2
How would you reverse engineer a malware L3
Describe ways to counter malware and how would you implement them L4
Develop new techniques/tools for malware capture and reverse engineering L5

Skills Expectation

Level Description Skills
L1 Understanding
  • Understand basic malware characteristics and families
  • Understand how malware works
L2 Application
  • Create investigation sandbox
  • Replicate malware attack
  • Document exploit and mitigation
  • Use anti-malware tools to contain threat
L3 Analysis
  • Perform reverse engineering to find root cause
L4 Synthesis
  • Develop defenses to counter malware
  • Verify intel on malware threats
L5 Evaluation
  • Develop new tools and/or techniques for malware detection and response

Cyber Threat Intelligence

Training
OSINT
MITRE ATT&CK
Assessment Level
Able to articulate what is CTI L1
Describe some threat intel source L1
How would you use open source intel feed to build a story L2
How would you gather intel feed and how to verify and make sense L3
Describe how would you use STIX, TAXII, YARA and what make  up these files L4
Demonstrate new tools/techniques for intel collection and analysis L5

Skills Expectation

Level Description Skills
L1 Understanding
  • Understand what is CTI
L2 Application
  • Able to gather information using OSINT
L3 Analysis
  • Possess analysis skills to better comprehend, synthesise and leverage complex scenarios
L4 Synthesis
  • Generate threat intelligence to detect, respond to, and defeat focused and targeted threats
  • Create indicators of compromise  (IoCs) in formats such as YARA, OpenIOC, and STIX
L5 Evaluation
  • Establish structured analytical techniques to be used by analyst.

Cyber Threat Analysis

Training
OSINT
MITRE ATT&CK
Assessment Level
Understand what is CTA L1
Able to understand information found using OSINT L2
Possess analysis skills to better comprehend, synthesise and leverage complex scenarios L3
Generate threat analyse to explain and predict threats

Create analyst reports for management

L4
Establish structured analytical techniques to be used by analyst. L5

Skills Expectation

Level Description Skills
L1 Understanding
  • Understand what is CTA
L2 Application
  • Able to explain risk of threats identified
L3 Analysis
  • Possess analysis skills to articulate risk of threat from intel for the organisation
L4 Synthesis
  • Generate threat report on possible scenarios and countermeasures to be deployed
L5 Evaluation
  • Publish industry threat analysis

SOC Operations

Training
OSINT
MITRE ATT&CK
SOAR
Assessment Level
Able to articulate role and function of a SOC L1
L2
L3


L4
L5

Skills Expectation

Level Description Skills
L1 Understanding •Perform operational task per SOP
L2 Application •Level 1 diagnostics on alerts

•Able to escalate to right Level 2 analyst team

L3 Analysis •Able to correlate alerts to make sense of alarms

•Establish root cause of alarm

L4 Synthesis •Develop orchestration flows for SOC processes
L5 Evaluation •Automate SOC processes with SOAR tools and create products to improve SOC productivity

Cyber Risk Assessment

Training
GRC
MITRE ATT&CK
Assessment Level
Able to articulate what is cyber risk L1
L2
L3


L4
L5

Skills Expectation

Level Description Skills
L1 Understanding •Knowledge of cyber risk concepts, regulations, policies and common standards

•Follow SOPs and standards to help identify risk areas

•Assist in checking compliance to policies and standards

L2 Application •Develop audit plan

•Conduct audits

•Able to perform impact analysis on risk

•Develop action plan to close audit gaps

L3 Analysis •Uncover root cause for high-risk areas
L4 Synthesis •Develop tools to improve risk assessment capabilities
L5 Evaluation •Publish risk models in international conference or journals

Cybersecurity Design

Training
Cybersecurity Arcitecture
MITRE ATT&CK
Assessment Level
Able to articulate what is threat model L1
Able to apply threat models to design L2
L3


L4
L5

Skills Expectation

Level Description Skills
L1 Understanding •Knowledge of cybersecurity architecture concepts
L2 Application •Review architecture for security risk

•Able to categorize risk areas

L3 Analysis •Enhance architecture to include countermeasures for security risks

•Able to rate and prioritize risk areas

L4 Synthesis •Develop cybersecurity artifacts that can be reused by group
L5 Evaluation •Develop new cybersecurity design paradigms for the organisation

Cyber Programme Management

Training
CISSP
MITRE ATT&CK
NIST Framework
ISO27001
Assessment Level
Able to explain what is the NIST Framework/ISO27001 L1
L2
L3


L4
L5

Skills Expectation

Level Description Skills
L1 Understanding •Knowledge of cybersecurity programme management concepts
L2 Application •Able to use frameworks to develop programme maps
L3 Analysis •Understand details of NIST CSF and MITRE ATT&ACK frameworks in detail

•Establish and mandate usage of a document review and version management system to support ongoing management of CMP documentation

L4 Synthesis •Able to develop an enterprise wide cybersecurity programme charter

•Able to identify and treat high-priority development efforts such as key elements with enterprise wide impact

L5 Evaluation •Develop and publish new cybersecurity frameworks

Cyber Technology Assessment

Training
CISSP
MITRE ATT&CK
NIST Framework
ISO27001
Assessment Level
Able to explain what is the NIST Framework/ISO27001 L1
L2
L3


L4
L5

Skills Expectation

Level Description Skills
L1 Understanding
  • Knowledge of cybersecurity technologies
L2 Application
  • Able to use frameworks to test and evaluate technologies
L3 Analysis
  • Understand details of security technologies to identify strength and weakness of technologies or products
  • Able to create realistic POCs for product evaluation
L4 Synthesis
  • Able to reverse engineer security technologies
  • Develop ways to bypass security during assessment
L5 Evaluation
  • Able to create new cybersecurity technology assessment frameworks

Strategy Development

Training
CISSP
MITRE ATT&CK
NIST Framework
ISO27001
Assessment Level
Able to explain the cyber domains L1
L2
L3


L4
L5

Skills Expectation

Level Description Skills
L1 Understanding
  • Knowledge of cybersecurity domains
L2 Application
  • Able to define documented operational standards, process, procedures and other collateral that specify what operators should do and how they should do it.
L3 Analysis
  • Able to identify why cybersecurity is needed, consider the business issues, and then define, document and publish the direction that the required cybersecurity programme will adopt
L4 Synthesis
  • Able to define controls and measurement metrics
L5 Evaluation
  • Identify as leader in vertical industry

Policies Development

Training
CISSP
MITRE ATT&CK
NIST Framework
ISO27001
Assessment Level
Able to explain the cyber domains L1
L2
L3


L4
L5

Skills Expectation

Level Description Skills
L1 Understanding
  • Knowledge of cybersecurity domains
L2 Application
  • Able to define, interpret and implement policies related to cybersecurity
L3 Analysis
  • Able to formulate and offer recommendations on new security policies
L4 Synthesis
  • Able to analyse complex cybersecurity issues and work with analytics to develop or revise existing policies
L5 Evaluation
  • Establish as thought leader in policies development

Audit & Compliance

Training
CISSP
ISO27001 Lead Auditor
NIST Framework
PCI-DSS
GRC
Assessment Level
Able to explain the cyber domains L1
L2
L3


L4
L5

Skills Expectation

Level Description Skills
L1 Understanding
  • Knowledge of cybersecurity domains and audit principles
L2 Application
  • Able to analyse policies and define compliance checkpoints.
L3 Analysis
  • Able to research, analyse and evaluate issues/situations pertaining to policies
L4 Synthesis
  • Posses qualitative and quantitative skills In descriptive and inferential statistic to perform basic forecasting
L5 Evaluation
  • Identified as thought leader in vertical industry

Adversarial Simulation

Training
MITRE ATT&CK
OSCP
OSWP
Crest
Assessment Level
Able to explain the red/blue/purple concepts L1
L2
L3


L4
L5

Skills Expectation

Level Description Skills
L1 Understanding
  • Maintain current knowledge of malware attacks, and other cyber threats
L2 Application
  • Able to deliver objective insights into the existence of vulnerabilities, the effectiveness of defence and mitigation controls – both in places and planned for future implementation
L3 Analysis
  • Able to take a comprehensive approach to seeking vulnerabilities across the full spectrum of organisation policies, processes and defences in order to improve organisational readiness
L4 Synthesis
  • Able to develop new tools and techniques for adversarial simulation
L5 Evaluation
  • Identified as thought leader in vertical industry

Social Engineering

Training
Social Engineering
Psychology 101
Assessment Level
Able to explain the social engineering domains L1
L2
L3


L4
L5

Skills Expectation

Level Description Skills
L1 Understanding
  • Understand concept of social engineering and basic human behaviour
L2 Application
  • Able to employ standard social engineering techniques to manipulate subject to perform certain tasks
L3 Analysis
  • Able to take a comprehensive approach to exploiting human weakness in order to extract information or to get access to system via human manipulation.
L4 Synthesis
  • Able to develop new tools and/or techniques for social engineering
L5 Evaluation
  • Identified as leader in vertical industry