I presented a talk last year briefing a paradigm shift that SOCs are being subject to in recent years. The talk was addressed to military personnels and so there are multiple concepts, case-studies and methodologies that were crammed into one hastily built deck. This post is based on an extract from that deck - The US-Air Force’s Offensive Cyberspace Operations program and organizational structuring that is a part of the AFCY ( AirForce Cyber Command).

I hope this will also serve as a manual for similar career paths and for understanding capabilities.

I wanted to elaborate a bit more on the Cyber Warfare career path within the USAF / AFCY - 24th.

Around 2014 - The AF-OCO was setup and this is no joke. There are various documents that explains it’s job functions and here are some key details extracted from the budgeting report.

Mission Description and Budget Item Justification

The AF Offensive Cyberspace Operations (OCO) program rapidly develops operations-ready cyberspace superiority capabilities from laboratory, industry, and academia

via studies, rapid prototyping, technology demonstrations, and other Research, Development, Testing and Evaluation (RDT&E) efforts. This program consists of a

portfolio of small programs and projects called the Offensive Cyber Product Line (OCPL) that contribute to an overall Distributed Cyber Weapons Operations (DCWO)

architecture. The OCPL establishes a flexible and balanced approach to the rapid acquisition of cyber operational capabilities. OCPL effectiveness comes from

balancing funding into three capability areas required for effective operations: Platforms, Access and Capabilities.

OCPL provides cyber warfare capabilities to the 24th Air Force in direct support of US Cyber Command (USCYBERCOM), AF Major Commands (MAJCOMs), unified

commands, and national agencies. In accordance with AF Policy, the program office develops capabilities in the cyberspace superiority core areas. OCPL efforts also

directly support the Joint Network Attack Initial Capabilities Document (ICD), the National Military Strategy for Cyberspace Operations (NMS-CO), the USCYBERCOM

operational directives, the latest AF Space Command (AFSPC) Offensive Cyberspace Operations System Flight Plan, and other formal requirements documents.

Planned areas of development, prototyping, and technology demonstration will be used to provide warfighters access, platforms, and tools. This includes mission

planning, intelligence, and Command and Control/Situational Awareness (C2SA) tools needed to attack enemy networks, telephony, Integrated Air Defense Systems (IADS), electronic warfare operations and Command and Control systems. These advancements will be used to develop and deliver cutting-edge technologies to the warfighters. This capability area leverages cyber technology investments by the Defense Advanced Research Projects Agency (DARPA), the National Security Agency (NSA), Air Force Research Labs (AFRL), DOD national laboratories, and other sources. Many program activities are protected under AF Network Warfare Special Access Programs.

Skills and Career Progression:

1. Cyber Warfare Operations Apprentice (1B431). The apprentice skill level is awarded at completion of the 1B4X1 Cyber Warfare Operations Initial Skills Course. Apprentices should be assigned to tactical level units into positions such as incident response operator, interactive operator or other entry level positions. Entry into the 1B451 CDC is mandatory.

2. Cyber Warfare Operations Journeyman (1B451). The journeyman skill level is awarded upon completion of the 1B451 CDC, required core tasks and the required upgrade training time period.

3. Cyber Warfare Operations Craftsman (1B471). The craftsman skill level is awarded upon completion of the 1B471 CDC, required core tasks and the required upgrade training time period. Minimum rank is SSgt (SrA with line number for SSgt will be entered into 7-skill level upgrade training.)

4. Cyber Warfare Operations Superintendent (1B491). The superintendent skill level is awarded upon, required core tasks and the required upgrade training time period.

Skill Level Training Requirements

The various skill levels in the career field are defined in terms of tasks and

knowledge requirements for each skill level in the Cyber Warfare Operations field of the career ladder. They are stated in broad, general terms and establish the standards of performance. Core tasks, knowledge items, and skill requirements for this specialty are identified in the STS, COL, CDCs, AFJQSs/AFQTPs, etc. Completion of the mandatory 3-level skill awarding course, CDCs, CFETP, and applicable AFJQSs/AFQTPs define the Air Force core tasks for this specialty.

Apprentice (3-Level) Training - 1B431

KNOWLEDGE:

Computer Operating Systems

Software Applications

Database Concepts

Common Programming Languages

Hardware Components

Networking Fundamentals

Protocols

Network Addressing

Network Infrastructure

Telecommunications Theory

Data Communications

Wireless Technologies

Cryptography

Cyber Operation Laws

EDUCATION

For entry into this specialty, completion of high school is mandatory. Additional courses in Science, Technology, Engineering, and Mathematics (STEM) is desirable.

Associate degree or higher in related fields or Information Technology (IT)

Certification is desirable.

TRAINING

Completion of the Cyber Warfare Operations Apprentice course

EXPERIENCE

None required

OTHER

Minimum score of 60 on the Air Force Electronic Data Processing Test.

Requires routine access to Top Secret material or similar environment, completion of a current Single Scope Background Investigation (SSBI),

Personnel Security Program Management, is mandatory for award and retention of

this skill level.

NOTE: Award of the 3-skill level without a completed SSBI is authorized provided

an interim Top Secret clearance has been granted.

For award and retention of 1B431, must attain and maintain a minimum Information

Assurance Technical Level II certification according with AFMAN 33-285, Information Assurance Workforce Improvement Program.

IMPLEMENTATION

Attendance at the Cyber Warfare Operations Apprentice course is mandatory for award of the 3-skill level unless waived by the 1B AFCFM (Air Force Career Field Manager)

Journeyman (5-Level) Training - 1B451

KNOWLEDGE

All 1B431 knowledge qualifications apply to the 1B451 requirements

TRAINING

Completion of the 1B451 Career Development Course.

Completion of all STS core tasks. (Specialty Training Standard)

Completion of applicable AFJQS/AFQTPs (Air Force Job Qualification Standard / Air Force Qualification Training Package)

Completion of all local tasks assigned for the duty position to include Crew Position

Certification if required for duty position.

EXPERIENCE

Qualification in and possession of AFSC 1B431

Experience performing Cyber Warfare Operations functions

OTHER

Requires routine access to Top Secret material or similar environment, completion of a current Single Scope Background Investigation (SSBI) according to AFI 31-501,

Personnel Security Program Management.

For award and retention of 1B451, must attain and maintain a minimum Information

Assurance Technical Level II certification according with AFMAN 33-285,

Information Assurance Workforce Improvement Program.

IMPLEMENTATION

Entry into formal journeyman upgrade training is accomplished once individuals are

assigned to their first duty station. Qualification training is initiated anytime

individuals are assigned duties for which they are not qualified.

Craftsman (7-Level) Training - 1B471

KNOWLEDGE

All 1B451 knowledge qualifications apply to the 1B471 requirements

TRAINING

Completion of the 1B471 Career Development Course.

Completion of all STS core tasks.

Completion of applicable AFJQS/AFQTPs.

Completion of all local tasks assigned for the duty position to include Crew Position

Certification if required for duty position.

EXPERIENCE

Qualification in and possession of AFSC 1B451

Experience performing or supervising Cyber Warfare Operations functions.

OTHER

Requires routine access to Top Secret material or similar environment, completion of a current Single Scope Background Investigation (SSBI)

Personnel Security Program Management,is mandatory for award and retention of this skill level.

For award and retention of 1B471, must attain and maintain a minimum Information

Assurance Technical Level II certification according with AFMAN 33-285,

Information Assurance Workforce Improvement Program.

IMPLEMENTATION

Entry into OJT (On-the-Job Training) is initiated when individuals obtain the necessary rank and skill level.

Qualification training is initiated anytime an individual is assigned duties for which

they are not qualified. Use OJT, CBTs (Computer Based Training) , CDCs, CFETP (Career Field Education and Training Plan) , and AFJQSs/AFQTPs

concurrently to obtain the necessary qualification for refresher and cross-utilization

training.

Superintendent (9-Level) Training

KNOWLEDGE

Resource Management

Manpower and Organization

Training Management

Deployment Management

Base/Unit Functional Management

TRAINING

None

EXPERIENCE

Qualification in and possession of AFSC 1B471

Managing and directing Cyber Warfare Operations personnel and processes.

OTHER

Requires routine access to Top Secret material or similar environment, completion of a current Single Scope Background Investigation (SSBI) and Personnel Security Program Management, is mandatory for award and retention of this skill level.

To sum it all up the USCYBERCOM portfolio is quite huge and we know for a fact that they have persisted for quite a while now. Will update more information on CYBERCOM functionalities and organizational structure in future posts.