KSA Matrix · Insider Threat Analyst Career Framework

🚀 New here? · Framework · KSA Matrix · 🧭 Clusters · 📜 Governance · ♡ Wellness · 📚 References · 🤝 Contributors · 💬 Suggest
Type
Knowledge
Skill
Ability
Task
Introduced at level
L1
L2
L3
L4
L5
Source
NICE InT
NICE Task
Custom
Adjacent
Concentration
Core
Tech
Hunt
Case
Desk
Outreach
Maturity
CAG
Cluster
Net
Endpoint
SIEM
Hunt
Forensics
Behavioral
Interview
CTI
OSINT
Analysis
Legal
Program
Case Mgmt
Crisis
Outreach
Comms
AI/ML
Not yet at this level
Active at this level
Introduced at this level
Sources & attribution
NICE InT — KSAs from the NIST NICE Framework Insider Threat Analysis work role (SP 800-181r1). Public domain.
Adjacent — KSAs cherry-picked from related NICE work roles: Incident Response, Digital Evidence Analysis, Threat Analysis. Source role shown on each KSA.
Custom — KSAs written for this framework by insider threat practitioners, drawing on operational experience, industry research, and published best practices. Sources include CMU SEI Common Sense Guide, SIFMA Best Practices, MITRE Behavioral Risk Framework, SOFIT 2.0, and direct subject matter expertise.
Frameworks referencedMITRE ATT&CK · InT TTP KB v2.0 · CDSE/DSI · NCFTA · NITTF · ATAP

🤖 Use this matrix with your AI assistant

Want to feed this KSA framework into an LLM, Copilot, or your own RAG pipeline? Download a machine-readable JSON export of the full matrix — every KSA with its ID, description, type, source, concentration, and level. Use it for career planning prompts, gap analysis, job description generation, or whatever you can dream up.

This export is provided for individual and organizational use. Attribution appreciated: insiderthreatanalyst.com. Data is structured, not copyrighted text — use freely.

Helpful? Thanks!

🚀 Start here · 📚 References · 🤝 Contributors · Changelog · 💬 Suggest

Vibe-coded with Claude™ · hello@insiderthreatanalyst.com