Identifies cybersecurity risks and vulnerabilities and assesses threats to the ICT infrastructure and the incident management organization.

Cybersecurity Unit Leader– Plans and manages the technical and operational aspects of meeting the cybersecurity needs of an incident or event; supervises unit personnel and is responsible for performance of subordinate positions duties that are not filled or delegated; participates in incident action planning meetings; develops and publishes a basic cybersecurity plan; establishes and supports on-scene cyber defense and application capabilities; coordinates support with the cybersecurity departments of all responding agencies; orders or requests personnel, supplies and equipment; and documents and escalates incidents that may cause ongoing and immediate impact to the environment

Cybersecurity Planner – Assesses planning needs and collaborates with stakeholders to develop cybersecurity related policies, plans, practices and guidelines for implementation; analyzes organization’s cyber defense policies; configurations and evaluates compliance with regulations and organizational directives; integrates applicable laws, statutes and regulatory documents into policies, plans, practices and guidelines; promotes awareness of cybersecurity plans and strategies, as appropriate, among command and other stakeholders; monitors the implementation of cybersecurity policies, principles, practices and guidelines in the planning process; provides guidance and support to command during the development of cyber-related plans and policies; communicates threat and risk reports to incident command; develops strategies and plans for mitigating identified vulnerabilities and threats; develops security monitoring plan to detect potential malicious or suspicious activity that could impact response activities; and assists ITSL with preparing the Information Technology Plan.

Cybersecurity Support Specialist – Performs system administration on specialized cyber defense applications and systems or virtual devices; Assists in identifying, prioritizing and implementing technical infrastructure and key resources utilized in cyber defense efforts; builds, installs, configures and tests dedicated cyber defense hardware and services; assists in assessing the operational impact of implementing and sustaining cyber defense infrastructure; assesses and evaluates applications, hardware infrastructure, prevention and detection tools, access controls and configurations platforms managed by service providers; and implements security monitoring plan.

Cybersecurity Coordinator – Coordinates the development, promotion and sharing of cybersecurity information both within and outside the ICT Branch and the responding organizations; coordinates the integration of competing requirements and priorities from multiple agencies and internal/external stakeholders; identifies gaps and impediments across internal and external partner organizations or third-party services; coordinates with technical and operational personnel to ensure the implementation and updating of specialized cyber defense applications based upon identified threats and vulnerabilities; coordinates with public information officers (PIO) for social media monitoring inputs; liaises with supporting IT and cybersecurity organizations, including vendors, volunteers, insurance companies and other outside partners; and manages documentation and ensures sensitive security information is properly controlled (e.g., PII, PHI and PCII).