All-Source Collection Manager
What does this role do? Identifies collection authorities and environment; incorporates priority information requirements into collection management; develops concepts to meet leadership’s intent. Determines capabilities of available collection assets, identifies new collection capabilities; and constructs and disseminates collection plans. Monitors execution of tasked collection to ensure effective execution of the collection plan.
CORE KSATs
| KSAT ID | Description | KSAT |
|---|---|---|
| 22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. | Knowledge |
| 108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). | Knowledge |
| 1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. | Knowledge |
| 1158 | * Knowledge of cybersecurity principles. | Knowledge |
| 1159 | * Knowledge of cyber threats and vulnerabilities. | Knowledge |
| 2005 | Adjust collection operations or collection plan to address identified issues/challenges and to synchronize collections with overall operational requirements. | Task |
| 2015 | Analyze feedback to determine extent to which collection products and services are meeting requirements. | Task |
| 2021 | Analyze plans, directives, guidance and policy for factors that would influence collection management’s operational structure and requirement s (e.g., duration, scope, communication requirements, interagency/international agreements). | Task |
| 2035 | Assess and apply operational environment factors and risks to collection management process. | Task |
| 2096A | Compare allocated and available assets to collection demand as expressed through requirements. | Task |
| 2165 | Coordinate resource allocation of collection assets against prioritized collection requirements with collection discipline leads. | Task |
| 2235 | Determine how identified factors affect the tasking, collection, processing, exploitation and dissemination architecture’s form and function. | Task |
| 2245 | Develop a method for comparing collection reports to outstanding requirements to identify information gaps. | Task |
| 2290 | Allocate collection assets based on leadership’s guidance, priorities, and/or operational emphasis. | Task |
| 2376 | Establish processing, exploitation and dissemination management activity using approved guidance and/or procedures. | Task |
| 2421 | Formulate collection strategies based on knowledge of available intelligence discipline capabilities and gathering methods that align multi-discipline collection capabilities and accesses with targets and their observables. | Task |
| 2451 | Identify collaboration forums that can serve as mechanisms for coordinating processes, functions, and outputs with specified organizations and functional groups. | Task |
| 2613 | Optimize mix of collection assets and resources to increase effectiveness and efficiency against essential information associated with priority intelligence requirements. | Task |
| 2705 | Prioritize collection requirements for collection platforms based on platform capabilities. | Task |
| 3010 | Ability to apply collaborative skills and strategies. | Ability |
| 3011 | Ability to apply critical reading/thinking skills. | Ability |
| 3102 | Knowledge of operational planning processes. | Knowledge |
| 3127 | Knowledge of asset availability, capabilities and limitations. | Knowledge |
| 3128 | Knowledge of tasking mechanisms. | Knowledge |
| 3148 | Knowledge of collection capabilities and limitations. | Knowledge |
| 3160 | Knowledge of collaborative tools and environments. | Knowledge |
| 3195 | Knowledge of criteria for evaluating collection products. | Knowledge |
| 3204 | Knowledge of current collection requirements. | Knowledge |
| 3297 | Knowledge of how to establish priorities for resources. | Knowledge |
| 3380 | Knowledge of methods for ascertaining collection asset posture and availability. | Knowledge |
| 3436 | Knowledge of production exploitation and dissemination needs and architectures. | Knowledge |
| 3464 | Knowledge of research strategies and knowledge management. | Knowledge |
| 3575 | Knowledge of the factors of threat that could impact collection operations. | Knowledge |
| 3619 | Knowledge of the systems/architecture/communications used for coordination. | Knowledge |
| 3663 | Knowledge of tasking, collection, processing, exploitation and dissemination. | Knowledge |
| 3974 | Skill to apply the capabilities, limitations and tasking methodologies of available platforms, sensors, architectures and apparatus as they apply to organization objectives. | Skill |
| 3991 | Ability to coordinate and collaborate with analysts regarding surveillance requirements and essential information development. | Ability |
| 3994 | Ability to coordinate, collaborate and disseminate information to subordinate, lateral and higher-level organizations. | Ability |
| 4002 | Skill to determine feasibility of collection. | Skill |
| 4004 | Skill to develop a collection plan that clearly shows the discipline that can be used to collect the information needed. | Skill |
| 4012 | Skill to ensure that the collection strategy leverages all available resources. | Skill |
| 4014 | Skill to evaluate factors of the operational environment to objectives, and information requirements. | Skill |
| 4019 | Skill to extract information from available tools and applications associated with collection requirements and collection operations management. | Skill |
| 4024 | Skill to identify and apply tasking, collection, processing, exploitation and dissemination to associated collection disciplines. | Skill |
| 4026 | Skill in information prioritization as it relates to operations. | Skill |
| 4033 | Skill to interpret readiness reporting, its operational relevance and intelligence collection impact. | Skill |
| 4049 | Skill to prepare and deliver reports, presentations and briefings, to include using visual aids or presentation technology. | Skill |
| 4056 | Skill to review performance specifications and historical information about collection assets. | Skill |
| 4066 | Skill to use collaborative tools and environments. | Skill |
| 6900 | * Knowledge of specific operational impacts of cybersecurity lapses. | Knowledge |
ADDITIONAL KSATs
| KSAT ID | Description | KSAT |
|---|---|---|
| 52 | Knowledge of human-computer interaction principles. | Knowledge |
| 87 | Knowledge of network traffic analysis methods. | Knowledge |
| 2051 | Assess performance of collection assets against prescribed specifications. | Task |
| 2098 | Compile lessons learned from collection management activity’s execution of organization collection objectives. | Task |
| 2147 | Consider efficiency and effectiveness of collection assets and resources if/when applied against priority information requirements. | Task |
| 2153 | Construct collection plans and matrixes using established guidance and procedures. | Task |
| 2167 | Coordinate inclusion of collection plan in appropriate documentation. | Task |
| 2172 | Re-task or re-direct collection assets and resources. | Task |
| 2232 | Determine course of action for addressing changes to objectives, guidance, and operational environment. | Task |
| 2233 | Determine existing collection management webpage databases, libraries and storehouses. | Task |
| 2239 | Determine organizations and/or echelons with collection authority over all accessible collection assets. | Task |
| 2271 | Develop coordinating instructions by collection discipline for each phase of an operation. | Task |
| 2342 | Disseminate tasking messages and collection plans. | Task |
| 2373 | Establish alternative processing, exploitation and dissemination pathways to address identified issues or problems. | Task |
| 2414 | Facilitate continuously updated intelligence, surveillance, and visualization input to common operational picture managers. | Task |
| 2456 | Identify coordination requirements and procedures with designated collection authorities. | Task |
| 2464 | Identify issues or problems that can disrupt and/or degrade processing, exploitation and dissemination architecture effectiveness. | Task |
| 2475 | Identify potential collection disciplines for application against priority information requirements. | Task |
| 2479 | Identify and mitigate risks to collection management ability to support the plan, operations and target cycle. | Task |
| 2529 | Issue requests for information. | Task |
| 2538 | Link priority collection requirements to optimal assets and resources. | Task |
| 2597 | Monitor completion of reallocated collection efforts. | Task |
| 2604 | Monitor operational status and effectiveness of the processing, exploitation and dissemination architecture. | Task |
| 2609 | Monitor the operational environment for potential factors and risks to the collection operation management process. | Task |
| 2726 | Provide advice/assistance to operations and intelligence decision makers with reassignment of collection assets and resources in response to dynamic operational situations. | Task |
| 2793 | Request discipline-specific processing, exploitation, and disseminate information collected using discipline’s collection assets and resources in accordance with approved guidance and/or procedures. | Task |
| 2807 | Review capabilities of allocated collection assets. | Task |
| 2809 | Review intelligence collection guidance for accuracy/applicability. | Task |
| 2810 | Review list of prioritized collection requirements and essential information. | Task |
| 2812 | Review and update overarching collection plan, as required. | Task |
| 2817 | Revise collection matrix based on availability of optimal assets and resources. | Task |
| 2828 | Specify changes to collection plan and/or operational environment that necessitate re-tasking or re-directing of collection assets and resources. | Task |
| 2829 | Specify discipline-specific collections and/or taskings that must be executed in the near term. | Task |
| 2845 | Synchronize the integrated employment of all available organic and partner intelligence collection assets using available collaboration capabilities and techniques. | Task |
| 3092 | Knowledge of database administration and maintenance. | Knowledge |
| 3095 | Knowledge of internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering). | Knowledge |
| 3098 | Knowledge of virtualization products (Vmware, Virtual PC). | Knowledge |
| 3116 | Knowledge of all possible circumstances that would result in changing collection management authorities. | Knowledge |
| 3131 | Knowledge of available databases and tools necessary to assess appropriate collection tasking. | Knowledge |
| 3135 | Knowledge of basic computer components and architectures, including the functions of various peripherals. | Knowledge |
| 3137 | Knowledge of basic malicious activity concepts (e.g., foot printing, scanning and enumeration). | Knowledge |
| 3156 | Knowledge of collection management tools. | Knowledge |
| 3162 | Knowledge of collection capabilities, accesses, performance specifications, and constraints utilized to satisfy collection plan. | Knowledge |
| 3165 | Knowledge of collection planning process and collection plan. | Knowledge |
| 3175 | Knowledge of leadership’s Intent and objectives. | Knowledge |
| 3177 | Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.). | Knowledge |
| 3188 | Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.). | Knowledge |
| 3205 | Knowledge of current computer-based intrusion sets. | Knowledge |
| 3217 | Knowledge of cyber lexicon/terminology | Knowledge |
| 3225 | Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media). | Knowledge |
| 3253 | Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP). | Knowledge |
| 3275 | Knowledge of fundamental cyber concepts, principles, limitations, and effects. | Knowledge |
| 3286 | Knowledge of host-based security products and how they affect exploitation and vulnerability. | Knowledge |
| 3291 | Knowledge of how internet applications work (SMTP email, web-based email, chat clients, VOIP). | Knowledge |
| 3292 | Knowledge of how modern digital and telephony networks impact cyber operations. | Knowledge |
| 3293 | Knowledge of how modern wireless communications systems impact cyber operations. | Knowledge |
| 3298 | Knowledge of how to extract, analyze, and use metadata. | Knowledge |
| 3322 | Knowledge of indications and warning. | Knowledge |
| 3325 | Knowledge of information needs. | Knowledge |
| 3332 | Knowledge of tasking processes for organic and subordinate collection assets. | Knowledge |
| 3361 | Knowledge of key cyber threat actors and their equities. | Knowledge |
| 3362A | Knowledge of key factors of the operational environment and related threats and vulnerabilities. | Knowledge |
| 3374 | Knowledge of malware. | Knowledge |
| 3389 | Knowledge of organization objectives and associated demand on collection management. | Knowledge |
| 3417 | Knowledge of non-traditional collection methodologies. | Knowledge |
| 3420 | Knowledge of ongoing and future operations. | Knowledge |
| 3424 | Knowledge of operational asset constraints. | Knowledge |
| 3428 | Knowledge of organization formats of resource and asset readiness reporting, its operational relevance and intelligence collection impact. | Knowledge |
| 3430 | Knowledge of organizational priorities, legal authorities and requirements submission processes. | Knowledge |
| 3441 | Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc. | Knowledge |
| 3470 | Knowledge of risk management and mitigation strategies. | Knowledge |
| 3541 | Knowledge of the available tools and applications associated with collection requirements and collection management. | Knowledge |
| 3543 | Knowledge of the basic structure, architecture, and design of modern communication networks. | Knowledge |
| 3545 | Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection). | Knowledge |
| 3549 | Knowledge of the capabilities and limitations of new and emerging collection capabilities, accesses and/or processes. | Knowledge |
| 3552 | Knowledge of the capabilities, limitations and tasking methodologies of internal and external collections as they apply to planned cyber activities. | Knowledge |
| 3557 | Knowledge of collection strategies. | Knowledge |
| 3558 | Knowledge of the priority information requirements from subordinate, lateral and higher levels of the organization. | Knowledge |
| 3561 | Knowledge of the common networking and routing protocols(e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications. | Knowledge |
| 3574 | Knowledge of the existent tasking, collection, processing, exploitation and dissemination architecture. | Knowledge |
| 3595 | Knowledge of the organization, roles and responsibilities of higher, lower and adjacent sub-elements. | Knowledge |
| 3598 | Knowledge of the organizational plans/directives/guidance that describe objectives. | Knowledge |
| 3599 | Knowledge of the organizational policies/procedures for temporary transfer of collection authority. | Knowledge |
| 3602 | Knowledge of the POC’s, databases, tools and applications necessary to establish environment preparation and surveillance products. | Knowledge |
| 3624 | Knowledge of different organization objectives at all levels, including subordinate, lateral and higher. | Knowledge |
| 3625 | Knowledge of the organization’s established format for collection plan. | Knowledge |
| 3626 | Knowledge of the organization’s planning, operations and targeting cycles. | Knowledge |
| 3631 | Knowledge of internal and external partner organization capabilities and limitations (those with tasking, collection, processing, exploitation and dissemination responsibilities). | Knowledge |
| 3633 | Knowledge of tipping, cueing, mixing, and redundancy. | Knowledge |
| 3650 | Knowledge of priority information, how it is derived, where it is published, how to access, etc. | Knowledge |
| 3651 | Knowledge of what constitutes a “threat” to a network. | Knowledge |
| 3654 | Knowledge of who the organization’s operational planners are, how and where they can be contacted, and what are their expectations. | Knowledge |
| 3957 | Skill to access information on current assets available, usage. | Skill |
| 3960 | Skill to access the databases where plans/directives/guidance are maintained. | Skill |
| 3977 | Skill to articulate a needs statement/requirement and integrate new and emerging collection capabilities, accesses and/or processes into collection operations. | Skill |
| 3985 | Skill to associate Intelligence gaps to priority information requirements and observables. | Skill |
| 3986 | Skill to compare and contrast indicators/observables with requirements. | Skill |
| 3995 | Ability to correctly employ each organization or element into the collection plan and matrix. | Ability |
| 4016 | Skill to evaluate the capabilities, limitations and tasking methodologies of organic, theater, national, coalition and other collection capabilities. | Skill |
| 4025 | Skill to identify Intelligence gaps. | Skill |
| 4027 | Skill to identify when priority information requirements are satisfied. | Skill |
| 4029 | Skill to translate the capabilities, limitations and tasking methodologies of organic, theater, national, coalition and other collection capabilities. | Skill |
| 4044 | Skill to optimize collection system performance through repeated adjustment, testing, and re-adjustment. | Skill |
| 4113 | Knowledge of the request for information process. | Knowledge |