CNO Operator Track

The structured path to building CNO Operator skills. This track covers operational tradecraft, tool usage, mission planning, and the specialized training that prepares Navy operators to execute cyberspace operations in support of national security objectives. These skills are essential for H16A (ION) roles and operational cyber positions.

Core Skills For

H16A (ION), H12A/B (Operator Focus)

Mission

Execute cyberspace operations to achieve mission objectives.

What Does a CNO Operator Do?

CNO Operators execute cyberspace operations using tools and capabilities developed by analysts and developers. They conduct offensive and defensive cyber operations, maintain persistent access, and execute complex multi-stage missions in contested cyber environments while maintaining operational security and mission effectiveness.

Operators work directly with planners, analysts, and developers to execute missions ranging from reconnaissance to direct action. They must understand both the technical and operational aspects of cyberspace operations while maintaining strict adherence to rules of engagement.

Core Responsibilities
  • Execute cyberspace operations according to mission parameters
  • Establish and maintain access to target networks
  • Deploy and operate CNO tools and capabilities
  • Conduct reconnaissance and intelligence gathering
  • Maintain operational security and avoid detection
  • Report operational status and intelligence to commanders
  • Coordinate with analysts, developers, and planners

Learning Path

Work through these stages to build operational proficiency. Strong fundamentals in networking, security, and basic tooling are essential before advanced operational techniques.

0
Prerequisites — Cyber Operations Fundamentals
Essential foundation before operational activities
Beginner
What to Know First
  • Network protocols and architecture
  • Windows and Linux system administration
  • Basic scripting (PowerShell, Bash, Python)
  • Security fundamentals and threat landscape
  • Basic penetration testing concepts
Recommended Starting Resources
1
Operational Tooling & Frameworks
Learning to use CNO tools and operational frameworks
Beginner → Intermediate
Why Tooling Proficiency

CNO operators must be proficient with a wide range of tools and frameworks. This includes understanding how tools work, their limitations, and how to adapt them for specific operational requirements.

Key Tools & Frameworks
Metasploit Cobalt Strike Empire Nmap Burp Suite OSINT Framework
Resources
Beginner
Metasploit Unleashed
Free comprehensive guide to Metasploit framework
Intermediate
HackTheBox Academy
Hands-on cybersecurity training platform
Intermediate
SANS SEC560 — Network Penetration Testing
Comprehensive penetration testing course
Intermediate
OSCP — Offensive Security Certified Professional
Industry-standard penetration testing certification
Intermediate
Red Team Field Manual (RTFM)
Quick reference for red team operations by Ben Clark
Advanced
Cobalt Strike Documentation
Commercial C2 framework documentation (Fortra/HelpSystems)
2
Operational Tradecraft & OPSEC
Stealth, persistence, and operational security in cyberspace
Intermediate
Operational Security

Maintaining operational security while executing missions is critical. This includes understanding attribution, avoiding detection, covering tracks, and maintaining persistent access without compromise.

Topics to Cover
  • Operational security (OPSEC) principles
  • Attribution avoidance and tradecraft
  • Persistence mechanisms and stealth
  • Anti-forensics and log evasion
  • Command and control (C2) infrastructure
  • Operational planning and risk assessment
Resources
Beginner
MITRE ATT&CK Framework
Comprehensive framework for understanding adversary tactics and techniques
Intermediate
Red Team Development and Operations
Comprehensive guide to red team operations and tradecraft
Advanced
SANS SEC565 — Red Team Operations & Adversary Emulation
Advanced red team operations and adversary emulation course
Intermediate
Adversary Emulation Plans
Real-world adversary tactics and techniques for training
Intermediate
C2 Matrix
Comparison of command and control frameworks
Beginner
OPSEC Fundamentals
NCSC/ODNI official operational security program and guidance
3
Advanced Operations & Mission Execution
Complex multi-stage operations and mission planning
Intermediate → Advanced
Advanced Operational Skills

This stage covers advanced operational techniques including complex attack chains, living off the land techniques, advanced persistence, and coordination of multi-vector operations across diverse environments and platforms.

Topics
  • Advanced persistent threats (APT) simulation
  • Living off the land (LotL) techniques
  • Cross-platform operations (Windows/Linux/Cloud)
  • Supply chain and third-party compromise
  • Mission planning and operational coordination
  • Intelligence integration and target development
Resources
Intermediate
LOLBAS Project
Living off the land binaries, scripts, and libraries
Intermediate
GTFOBins
Unix binaries that can be used to bypass local security restrictions
Advanced
APT Simulator
Tool for simulating advanced persistent threat activities
Advanced
SANS FOR710 — Reverse Engineering Malware
Advanced malware analysis for operators
Intermediate
Cloud Security Alliance
Cloud security best practices and threat models
Intermediate
NIST Cybersecurity Framework
Framework for understanding and managing cybersecurity risk

Formal DoD Training Programs

Joint
JCAC
Joint Cyber Analysis Course
Premier joint CNO operator training program

JCAC provides the foundational training for CNO operators across all service branches. The course covers both technical skills and operational tradecraft needed to execute cyberspace operations in support of national objectives.

What JCAC Covers
Operational Planning
Mission analysis, target development, operational design
Tool Proficiency
CNO tools, frameworks, and operational platforms
OPSEC & Tradecraft
Operational security, attribution avoidance, stealth
Access Operations
Initial access, persistence, lateral movement
Intelligence Integration
Working with intelligence products and analysts
Team Operations
Coordination with analysts, developers, and command
Access: JCAC requires command sponsorship, appropriate clearance, and H16A NEC assignment. Coordinate through your TYCOM training office.
SANS SEC565 — Red Team Operations & Adversary Emulation
SANS

Advanced red team operations course. Covers adversary emulation, operational planning, and advanced tradecraft. Navy COOL fundable.

Learn More
SANS SEC660 — Advanced Penetration Testing
SANS

Advanced exploitation techniques and operational skills. Builds on OSCP-level knowledge for enterprise environments.

Learn More
OffSec OSEP
Offensive Security

Advanced penetration testing course covering evasion, custom tools, and advanced attack chains. Industry-recognized credential.

Learn More
GIAC GPEN
GIAC/SANS

Penetration testing certification validating hands-on offensive skills. DoD 8570 approved for certain positions.

Learn More

Target Certifications for This Track

OSCP — Offensive Security Certified Professional
Intermediate

Industry-standard penetration testing certification. Essential baseline for CNO operators. 24-hour hands-on exam.

Offensive Security Details
OSEP — Offensive Security Experienced Penetration Tester
Advanced

Advanced penetration testing certification covering modern evasion techniques and complex attack chains.

Offensive Security Details
GPEN — GIAC Penetration Tester
Intermediate

Validates penetration testing skills and knowledge. DoD 8570 approved. Hands-on practical exam.

GIAC/SANS Details
GCFA — GIAC Certified Forensic Analyst
Intermediate

Digital forensics certification useful for understanding blue team capabilities and anti-forensics.

GIAC/SANS Details
CEH — Certified Ethical Hacker
Intermediate

DoD 8570 approved ethical hacking certification. Good foundational knowledge for operators.

EC-Council Details
CISSP — Certified Information Systems Security Professional
Advanced

Advanced security management certification. Required for many senior operator positions.

ISC2 Details
Assess Your Skills

Rate your current proficiency across CNO operator skill domains.

Take Assessment
Certification Funding

OSCP, OSEP, GPEN, and CEH are all Navy COOL fundable.

Navy COOL
NEC Paths

Understand how operator skills relate to H16A and related NECs.

View NEC Paths