6. Distinguish typical behaviours of good actors and bad actors (AC 2.3)

Good and bad actors generally have the same skillset, and potentially even the same education or qualification. They might even work on seemingly identical tasks: They might be trying to find a way into an organisation's system/network, they'll be researching the newest exploits, honing their coding skills and so on. The only way you can differentiate between a good actor and a bad actor is their intention. The good actors will try to find a way into an organisation' system/network with the intention of finding and closing any gaps in the security. The bad actors will try to penetrate organisation's system/network for personal or financial gain. The good actors will research and stay up to date with newest exploits with the intention of defending the system's they're protecting. The bad actors will stay up to date with newest exploits with the intention of using it ASAP before the organisation had time to patch their systems to protect against said exploits.