Network Vulnerability Assessment Roles, Skills and Knowledge Checklist

Job Roles
- Network Vulnerability Assessment Lead: Manages the project and serves as liaison to the client
- Policy Examiner(s): Analyzes security policies and management practices
- Technical Examiner(s): Analyzes technical aspects of the client's network; there may be several Technical Examiners, each with specialized knowledge, such as UNIX, MVS, NetWare, Win NT server configurations, routers and network architecture, and other technical knowledge specific to the client's environment

Essential skill and knowledge sets:
Project management skills and knowledge:
- Client presentations
- Project planning and administration
- Effective communication (oral and written)
- Leadership

Policy examiner skills and knowledge:
- Research and analysis
- Security industry standards (ISO 27001, ISO 17799, GASSP)
- Threat analysis
- Principles of security management
- Business continuity and disaster recovery standards

Technical examiner skills and knowledge:
- Client and server OS, NOS, UNIX, Linux hardware devices
- Software and hardware configuration management
- Reported bugs and security flaws
- Network and system testing protocols and devices
- Physical plant security

People skills:
- Ability to nonthreateningly ask questions and provide suggestions
- Strong knowledge of communications technologies, both hardware and software
- Curiosity and willingness to investigate