DNEA Track

The structured path to building Defensive Network Exploitation Analyst skills. This track covers network defense, intrusion detection, vulnerability assessment from a defensive perspective, and the formal training programs that shape the Navy's defensive cyber operators. These skills are essential for H15A (DNEA) and defensive-focused H12A roles.

Core Skills For

H15A (DNEA), H12A (Defensive Focus)

Mission

Defend networks, analyze threats, and strengthen defensive postures.

What Does a DNEA Do?

Defensive Network Exploitation Analysts (DNEAs) focus on understanding offensive techniques to build better defenses. They analyze attack patterns, reverse engineer malware, assess network vulnerabilities from a defensive perspective, and develop countermeasures to protect critical infrastructure.

DNEAs work closely with SOC analysts, incident responders, and network security engineers to create layered defense strategies. They translate offensive tactics into defensive intelligence and help organizations understand their threat landscape.

Core Responsibilities
  • Analyze attack vectors and exploitation techniques
  • Reverse engineer malware and understand threat actor TTPs
  • Assess network security posture and identify vulnerabilities
  • Develop threat intelligence and defensive recommendations
  • Create detection rules and defensive signatures
  • Perform deep packet analysis and network forensics
  • Brief leadership and technical teams on threat landscape

Learning Path

Work through these stages in order. Each builds on the last. Strong networking and security fundamentals are essential before diving into advanced threat analysis.

0
Prerequisites — Networking & Security Fundamentals
Essential foundation before defensive analysis work
Beginner
What to Know First
  • OSI model and network protocols (TCP/IP, HTTP, DNS, DHCP)
  • Network security concepts — firewalls, IDS/IPS, VPNs
  • Windows and Linux system administration
  • Basic scripting — PowerShell and Bash
  • Security+ level knowledge of threats and vulnerabilities
Recommended Starting Resources
1
Network Analysis & Traffic Inspection
Understanding network traffic patterns and identifying anomalies
Beginner → Intermediate
Why Network Analysis First

Network traffic analysis is the foundation of defensive operations. Understanding normal network behavior allows you to identify malicious activity. Wireshark, tcpdump, and similar tools are essential for any DNEA.

Key Tools to Master
Wireshark tcpdump tshark Suricata Zeek NetworkMiner Security Onion
Resources
Beginner
Wireshark Documentation
Official docs for the most important network analysis tool
Intermediate
Security Onion
Free Linux distribution for threat hunting and network security monitoring
Advanced
SANS FOR572 — Network Forensics
Advanced network forensics and analysis course
Intermediate
Zeek Documentation
Network security monitor and analysis framework
Intermediate
Malware Traffic Analysis
Real malware traffic samples for analysis practice
Beginner
PacketLife Cheat Sheets
Quick reference for network protocols and analysis
2
Threat Detection & Analysis
Understanding attack patterns and developing detection capabilities
Intermediate
Why Threat Detection

DNEAs must understand how attackers operate to build effective defenses. This includes studying the MITRE ATT&CK framework, analyzing malware samples, and understanding common attack vectors.

Topics to Cover
  • MITRE ATT&CK framework and TTPs
  • Malware analysis (static and dynamic)
  • Intrusion detection systems (IDS/IPS)
  • SIEM configuration and rule writing
  • Threat intelligence platforms
  • Incident response procedures
Resources
Beginner
MITRE ATT&CK Navigator
Interactive tool for exploring attack techniques and building defensive matrices.
Intermediate
SANS FOR578 — Cyber Threat Intelligence
Comprehensive threat intelligence and analysis course.
Beginner
VirusTotal
Online malware analysis service for initial threat assessment.
Intermediate
Hybrid Analysis
Free automated malware analysis sandbox.
Intermediate
YARA Rules
Pattern matching engine for malware research and detection.
Advanced
SANS FOR610 — Malware Analysis
Comprehensive malware analysis and reverse engineering course.
3
Vulnerability Assessment & Defensive Planning
Identifying weaknesses and developing comprehensive defense strategies
Intermediate → Advanced
What This Stage Covers

Understanding vulnerabilities from an attacker's perspective helps build better defenses. This stage covers vulnerability assessment tools, threat modeling, and developing comprehensive defensive strategies.

Topics
  • Vulnerability scanning and assessment
  • Threat modeling methodologies
  • Defense in depth strategies
  • Security architecture review
  • Risk assessment and management
  • Compliance and regulatory frameworks
Resources
Intermediate
NIST Cybersecurity Framework
Comprehensive framework for managing cybersecurity risk.
Advanced
SANS FOR508 — Advanced Incident Response
Advanced incident response and threat hunting course.
Beginner
OWASP Top 10
Most common web application security risks.
Intermediate
Nessus
Industry-standard vulnerability scanner.
Intermediate
Microsoft STRIDE
Threat modeling methodology for identifying security threats.
Advanced
SANS FOR301 — Applied Security Architecture
Security architecture and infrastructure protection course.

Formal DoD Training Programs

NSA
DNEA
NSA DNEA Training Program
Specialized DNEA curriculum from NSA

The NSA's DNEA training program is the primary source for formal DNEA education. The curriculum covers threat analysis, defensive strategies, and vulnerability assessment from a national security perspective.

What NSA DNEA Covers
Network Defense
IDS/IPS configuration, network monitoring, defensive architecture
Threat Analysis
Malware analysis, attack pattern recognition, TTPs
Defensive Operations
Incident response, forensics, containment strategies
Intelligence Analysis
Threat intelligence, reporting, briefing leadership
Vulnerability Assessment
Risk analysis, defensive planning, mitigation strategies
Collaboration
Working with offensive teams, intelligence sharing
Access: NSA DNEA training requires command sponsorship and appropriate clearance levels. Coordinate with your training office and ensure H15A NEC assignment.
SANS FOR572 — Network Forensics
SANS

Advanced network forensics and analysis course. Covers packet analysis, network-based evidence collection, and advanced investigation techniques. Navy COOL fundable.

Learn More
SANS FOR578 — Cyber Threat Intelligence
SANS

Comprehensive threat intelligence course covering collection, analysis, and dissemination. Essential for DNEA threat analysis responsibilities.

Learn More
SANS FOR508 — Advanced Incident Response
SANS

Advanced incident response and threat hunting course. Covers enterprise-level incident response and forensic analysis techniques.

Learn More
CompTIA CySA+
CompTIA

Cybersecurity Analyst certification covering threat detection, analysis, and response. DoD 8570 approved for CSSP roles.

Learn More

Target Certifications for This Track

GCTI — GIAC Cyber Threat Intelligence
Intermediate

Validates threat intelligence analysis and reporting skills. Essential for DNEA threat analysis responsibilities. Navy COOL fundable.

GIAC/SANS Details
GNFA — GIAC Network Forensic Analyst
Advanced

Advanced network forensics and analysis certification. Validates deep packet analysis and network investigation skills.

GIAC/SANS Details
GCIH — GIAC Certified Incident Handler
Intermediate

Incident response and computer crime investigation certification. Essential for defensive cyber operations.

GIAC/SANS Details
CySA+ — CompTIA Cybersecurity Analyst
Intermediate

DoD 8570 approved certification for CSSP analyst roles. Covers threat detection and analysis fundamentals.

CompTIA Details
CISSP — Certified Information Systems Security Professional
Advanced

Advanced security management certification. Required for many senior DNEA positions. Focuses on security architecture and management.

ISC2 Details
GSEC — GIAC Security Essentials
Intermediate

Broad-based security certification covering hands-on security skills. Good foundation for DNEA roles.

GIAC/SANS Details
Assess Your Skills

Rate your current proficiency across DNEA skill domains.

Take Assessment
Certification Funding

GCTI, GNFA, GCIH, and CySA+ are all Navy COOL fundable.

Navy COOL
NEC Paths

Understand how DNEA skills relate to H15A and defensive H12A NECs.

View NEC Paths