Analyzing real traffic and associated artifacts: malicious, normal, and application traffic and demonstrate demonstrate the ability to differentiate malicious traffic from false positives Correlate data points and determine malicious purposes Understanding network protocols and traffic flow in an enterprise environment Ability to communicate