The No. 462 Squadron Cyberspace Incident Analyst Course has begun providing initial role training for Air Forces’ newest employment categories, Cyber Warfare Analyst (CWA) and Cyber Warfare Officer (CWO). 

This is an important step in realising the fifth-generation workforce is capable of defending and protecting networked assets in and through the cyber domain.

The officer in charge of Cyber Warfare Training, Flying Officer Hayden Wade, said the first round of in-service transfers will undergo an intensive six-month training program using internally developed and commercial off-the-shelf-delivered material. 

“The course aims to provide skills, knowledge, attitudes and behaviours required to employ digital forensics to analyse cyberspace incidents, determine causes and provide recommendations for remediation,” Flying Officer Wade said.

“Due to the current COVID-19 restrictions, the 462 Squadron training team rapidly adjusted the course format to distance delivery mode with minimal impact, leveraging digital platforms such as GovTeams for live instruction and ADELE for course material.

“We have been bringing small numbers back into the workplace on a semi-routine basis for those elements limited to in-person delivery, as well as to ensure training objectives around cohesion and collaboration are met.”

Specific topics covered on course include the triage of malware to determine its behaviour and risk to mission, analysis of network traffic to identify malicious activity, and Intel briefs on cyber threat actors.

CWA trainee Leading Aircraftman Connor Strickley has always been interested in technology and in more recent years, by the contested nature of the cyber domain. 

The course is intense but rewarding. We are learning everything from basic linux knowledge to hacker tools and techniques. We will be eventually focussing on forensics.

“It’s the challenge of defending against almost endless threats in an evolving environment,” he said.

“There is no end to what you can learn and adversaries are becoming perpetually more advanced in their tactics.

“The course is intense but rewarding. We are learning everything from basic linux knowledge to hacker tools and techniques. We will be eventually focussing on forensics.”

Flying Officer Theresa Sobb joined the Air Force in January 2016 as a personnel capability officer but has since commenced her path towards becoming a CWO.

“I am excited for the opportunity to work with a team of highly-skilled individuals on systems that have real-world effects,” Flying Officer Sobb said.

“I would encourage anyone who is interested to reach out and speak to people in the area. 

“The most important consideration is that you are motivated to solve dynamic and complex problems.”

CWAs and CWOs can be employed in many roles that enable the projection of airpower, roles that typically fall within two families – Incident Response or Defensive Cyberspace Operations. 

At the end of the course, both will be posted to the 462 Squadron Air Force Cyber Incident Response Team (AFCIRT). There, they will conduct a range of activities in reaction to security breaches of

systems including triaging, sanitisation of systems, and restoration of services and development of future prevention techniques.