Explore KSACs by Pathway
In late 2025, the Partnership pulled together members of industry from across tech to share how the in-demand skillsets for entry-level roles in their fields have changed in the last two years. The Knowledge, Skills & Abilities and Credentials (KSACs) below reflect their feedback on entry-level expectations, especially in a tech workplace increasingly shaped by AI.
7. Incident Response
| Label | KSAC Description | Bloom's Taxonomy Level | |
|---|---|---|---|
| a | Understand the concept of a Cybersecurity Operations Center (CSOC).and how network security is implemented in the CSOC | knowledge | 2 |
| b | Understand log filtering and aggregation. | knowledge | 2 |
| c | Understand SIEM technology. | knowledge | 2 |
| d | Understand the role of alert signatures. | knowledge | 2 |
| e | Run queries on event data. | ability | 3 |
| f | Understand forensics and chain of custody. | knowledge | 2 |
| i | Apply Incident Response procedures (e.g. preparation, incident identification, escalation and notification, mitigation steps, lessons learned, reporting, recovery procedures, first responder, incident isolation, quarantine, device removal, and data breach). | skill | 3 |
| j | Construct a timeline of a cybersecurity incident. | ability | 3 |
| k | Implement a recovery procedure. | skill | 3 |
| l | Conduct periodic cybersecurity training exercises. | skill | 3 |
| m | Differentiate between detection controls and prevention controls (e.g., IDS vs. IPS, camera vs. guard). | knowledge | 4 |
| n | Create, edit and use roles and system management tools. | ability | 3 |
| o | Implement Access Control Lists (ACL). | skill | 3 |
| p | Deploy a server hardening plan. | skill | 3 |
| q | Implement a Network Access Control (NAC) plan. | skill | 3 |
| r | Interpret alarms and alert trends. | skill | 2 |
| s | Differentiate between types of enetration testing (e.g., Black box, White box, Gray box). | knowledge | 4 |