Center for Qualified CyberSecurity Excellence & Mastery

"Where Qualified Cyber Education Happens"

Specialty Area Framework Category: Analyze

Specialty Areas responsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.

All Source Analysis Description

Analyzes threat information from multiple sources, disciplines, and agencies across the Intelligence Community. Synthesizes and places intelligence information in context draws insights about the possible implications.

Example Job/Billet Titles

Master Tasks and KSAs

Detailed information on the Tasks and Knowledge, Skills and Abilities (KSAs) associated with each Navy Specialty Area can be found in the Master Task & KSA List spreadsheet on the NAVIFOR website (requires credentials/CAC to access).

Initial Training

Initial training qualification for a specialty area is generally met by a High School diploma or equivalent and completion of Navy "A" school (for Navy enlisted).

Minimum Credential Requirement

You must meet one of the education, training, or certification requirements in the Qualifications Table below. See “Understanding Qualifications” on the Qualifications Table for more information on the order of precedence for the minimum credential requirement.

Qualifying Degrees

The Qualifications Table below includes college degrees in the Education section. For example, "Bachelor degree from accredited University." To view a list of degree programs that are acceptable for this Specialty Area, click List of Qualifying Degrees below or the Information icon in the Qualifications Table.

Click Here for a List of Qualifying Degrees


Qualifications Table

Entry/Apprentice Intermediate/Journeyman Advanced/Master
Education Associate Degree from accredited University Bachelor Degree from accredited University Graduate Degree from accredited University
Training Cyber Operations Fundamentals Cyber 200 Cyber 300
NEC K24A Operational Intelligence (OPINTEL) Analyst NEC C16A Journeyman Analysis and Reporting Specialist NEC C16A Journeyman Analysis and Reporting Specialist
NEC K24A Operational Intelligence (OPINTEL) Analyst NEC K24A Operational Intelligence (OPINTEL) Analyst
Certification Certified Ethical Hacker (CEH) Certified Ethical Hacker (CEH) Certified Ethical Hacker (CEH)
Certified Information Systems Auditor (CISA) Certified Information Systems Auditor (CISA) Certified In Risk and Information Systems Control (CRISC)
GIAC Certified Intrusion Analyst (GCIA) GIAC Certified Intrusion Analyst (GCIA) Certified Information Security Manager (CISM)
Certified Information Systems Security Professional (CISSP)
OJT JQR (CND Intelligence Analysis - watch) JQR (CND Intelligence Analysis and Assessments) N/A
JQR (CND Intelligence Analysis Open Source Research)


Understanding Qualifications


Background Investigation

Be appropriately cleared to DON guidance

Continuous Learning

DoD requires 72 hours Continuous Learning each calendar year. This requirement is in addition to any industry certification Continuous Learning requirement.

[Note: DoD 72 hours Annually - Industry certification Continuous Learning may be applied towards DoD 72 hour annual requirement. However, not all DoD Continuous Learning hours can be applied to industry certification Continuous Learning requirement, check with certification agency on what may be accepted.]

Operating System/Computing Environment Certificate

Operating System/Computing Environment (OS/CE) certificate of training, as dictated by Command Cyber IT/CSWF-PM.

Sign Privileged Access Statement



*If you have recommendations for degrees, qualifications, NECs or credentials for this matrix, direct them to NAVIFOR. Questions and recommendations regarding the Cyber IT/CSWF model, matrix, policies, implementation guidelines, and compliance should be directed to:


Basic understanding of computer systems and related cybersecurity software and hardware components.

  1. 1-3 years' experience (recommended)
  2. Enlisted E-1 through E-4
  3. Officer O-1 through O-2
  4. Civilian Grades 5, 7, and 9


Working knowledge and application of IS and Security operational characteristics for a variety of computer platforms, networks, software applications, and OSs.

  1. 4-6 years' experience (recommended)
  2. Enlisted E-5 through E-6
  3. Officer O-3 through O-4
  4. Civilian Grades 9, 11, 12


Advanced application and mastery of IS, plans, and functions, and is responsible for the management of complex projects, and initiatives with large scope.

  1. 7+ years' experience (recommended)
  2. Enlisted E-7 through E-9
  3. Officer O-5 through O-6/W-1 through W-5
  4. Civilian Grades 13 and above

The Certified Ethical Hacker (CEH) program certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. A Certified Ethical Hacker is a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in networks and/or computer systems and uses the same knowledge and tools as a malicious hacker upon request from an organization. The certification is for individuals who are responsible for securing (or testing the security of) computer networks. The CEH is appropriate for security officers, auditors, security professionals, site administrators, and others who may be concerned about the integrity of their organizations network infrastructure. Applicants must have a minimum of two years of security related work experience.

The Certified Information Security Auditor (CISA) is an advanced certification for individuals who work in the information systems audit, control and security industry. The CISA certification covers topics such as the information systems audit process, IT governance, systems and infrastructure lifecycle management, IT service delivery and support, protection of Information Assets, and business continuity and disaster recovery. This certification is targeted toward experienced information security auditors and those who have information security management responsibilities. Candidates are required to have a minimum of five years of professional information systems audit, control, assurance or security work experience.

The Certified Information Systems Security Professional (CISSP) is an advanced skill level certification for experienced professionals in the computer security field who are responsible for developing the information security policies, standards, and procedures and managing their implementation across an organization. To be eligible for CISSP, candidates must have five years of information security experience in at least two of the exam domain areas including security and risk management, asset security, security engineering, communications and network security, identity and access management, security assessment and testing, security operations, and software development security.

The GIAC Certified Intrusion Analyst (GCIA) is an intermediate skill level certification that was created to provide assurance that a certified individual has the knowledge, skills, and abilities to configure and monitor intrusion detection systems, and to read, interpret, and analyze network traffic and related log files. GCIAs are individuals who are responsible for network and host monitoring, traffic analysis, and intrusion detection. There are no prerequisites for the GCIA certification.

The Certified Information Security Manager (CISM) is an advanced certification for the individual who designs, builds, and manages an enterprises information security. CISM focuses on information risk management as the basis of information security. It also includes material on broader issues such as how to govern information security as well as on practical issues such as developing and managing an information security program and managing incidents. This certification is targeted toward experienced information security managers and those who have information security management responsibilities. Five or more years of information security work experience, with a minimum of three years of information security management work experience is required.

The Information Systems Audit and Control Association (ISACA) Certified In Risk and Information Systems Control (CRISC) certification is designed for those experienced in the management of IT risk, and the design, implementation, monitoring and maintenance of IS controls. Candidates must have three years of work experience managing IT risk by designing and implementing IS controls. Candidates must pass a written exam.