Skip to main content
HonestMOS
InvestigationsCongress made VA disability claims free to file. An entire industry charges veterans anyway — and nobody can stop them.
USA170A

Cyber Warfare Technician

Serves as the technical expert for cyber operations including offensive and defensive cyberspace operations, digital forensics, and malware analysis. Provides technical leadership to cyber teams.

No reviews yet
Watch this MOSGet pinged when 170A — Cyber Warfare Technician hits an SRB list, cutoff drop, or BAH change. Free account, anonymous as always.
Recruiter vs. Reality
What they tell you

As a Cyber Operations Technician, you'll be the Army's deep technical expert in cyberspace. You'll master offensive and defensive cyber tools, exploit development, and network analysis at a level that exceeds most officers — becoming the irreplaceable technical backbone of Army Cyber.

What it's actually like

You are the warrant officer the Army calls when cyber gets too complicated for the officers and too classified for the enlisted — so, always. Your job exists in a SCIF and your social life exists in theory. You troubleshoot things you can't describe at dinner, brief capabilities you can't name to people who don't understand, and maintain systems that the Army doesn't officially acknowledge using. Your civilian counterpart makes three times your salary and works half your hours, which is why retention in your field requires the Army to essentially beg. But you do things at the intersection of hacking and national defense that exactly seven people on earth understand, and you're one of them. That's worth something that money doesn't cover.

First-hand intel neededWrite a Review

MOS Intel

ClearanceTS/SCI
|
PromotionFast
|
Deploy TempoLow
Career Intel
Duty StationsFort Eisenhower (GA) · Fort Meade (MD) · Fort Liberty (NC) · Various ARCYBER/NSA sites
Daily LifeServing as the senior technical cyber operations expert — leading offensive and defensive network operations, advising commanders on cyber capabilities, and managing the technical aspects of cyber missions. You are the technical backbone of the Army's cyber teams. The work is highly classified and genuinely cutting-edge.
AIT / SchoolWOCS at Fort Novosel (AL) followed by the Cyber Operations Technician Warrant Officer Course at Fort Eisenhower (GA). The training is deeply technical and builds on prior enlisted cyber experience. Entry requires prior service as a 17C or equivalent with demonstrated technical expertise.
Physical DemandsLow. Cyber operations are desk-based. Standard Army PT requirements.
DeploymentsMostly garrison at cyber operations centers; some support to theater cyber operations
Certifications
TS/SCI clearanceCompTIA Security+CEHGIAC certificationsOSCP (advanced)Various classified cyber qualifications
Pro Tips
  1. 1The 170A is one of the highest civilian-value warrant officer positions in the Army. TS/SCI + senior cyber expertise + leadership = $150-200K+ starting salary as a civilian.
  2. 2Stay technically current. The cyber domain evolves faster than any other, and warrant officers who stop learning become obsolete.
  3. 3Network with NSA, CYBERCOM, and industry professionals. The cyber community is small enough that your reputation and relationships define your career.
The Honest Truth

Cyber operations technician warrant officer is the pinnacle of the enlisted-to-technical expert cyber path in the Army. You are the person who provides deep technical expertise to cyber operations teams — the warrant officer who can hack, defend, and advise at the highest level. What the warrant officer advisor won't tell you: the Army is still figuring out how to manage cyber warrant officers, and career progression can be inconsistent. Some 170As do incredible work leading technical operations at CYBERCOM and NSA. Others get stuck in units that don't know how to use them. The civilian career ceiling is among the highest of any warrant officer position — senior cybersecurity roles in the private sector start well into six figures and climb from there. If you are a technically excellent 17C who wants to stay technical without going the officer route, the 170A path is the best option available.

Execute the Job — By Rank

How you actually run this job at each rank — what you do, what you drill, which manuals you own, and what good looks like. Written for the soldier, sailor, airman, Marine, or Guardian currently in the seat. Each rank deeplinks into the full Playbook deep-dive: time-blocked schedules, unit-type variations, career decisions, and the read on the next rank.

WO1-CW2WO1 — CW2 (Cyber Warrant Officer, Junior)

You are the Army's cyber technical authority at the team level. Not the commander — that's the officer. Not the senior NCO — that's the team sergeant. You are the person the team asks when the access is blocked, the tool is broken, or the question is "is this actually a finding." Everything rides on whether the answer you give is right.

What You Actually Do

You completed the Cyber Warrant Officer Basic Course (CWOBC) at the Army Cyber School, Fort Eisenhower, GA — the Cyber Center of Excellence, home of ARCYBER and JFHQ-DODIN. From the schoolhouse you arrive at one of a small number of first-duty-assignment options: a Cyber Protection Team (CPT) under the Cyber Protection Brigade (CPB) executing DCO missions, a Cyber Mission Team (CMT) or Cyber Support Team (CST) under ARCYBER / USCYBERCOM executing OCO or OCO-enabling missions, or a supporting billet at an echelon network operations element. Day-to-day you run technical execution on the team's assigned mission: building or maintaining the tool stack, executing vulnerability assessments against in-scope targets, analyzing network traffic, running the team's DCO sensor suite, or supporting the planning cell with technical feasibility calls. You are one of the most junior warrant officers in the building and also one of the few people the team OIC listens to on whether a particular COA is technically possible. That gap between your formal authority and your technical responsibility is the defining tension of the WO1/CW2 years. You are also doing the Army soldier maintenance: ACFT, NCOPD, mandatory training, the OER relationship with your rater, and the DoDM 8140 workforce qualification cycle that governs every billet you hold.

Key Skills to Drill
  • 01Execute vulnerability assessments against in-scope targets — network enumeration, host discovery, service fingerprinting, vulnerability validation — and produce a technical findings report the team OIC can brief the supported commander without rewriting.
  • 02Operate the team's DCO sensor suite — IDS/IPS monitoring, log analysis, SIEM query, host-based forensics — and distinguish a real incident from noise at a rate that does not bury the team in false positives.
  • 03Maintain the team's cyber tools and infrastructure at the configuration-baseline level: software version management, license currency, tool authentication, and the technical documentation that survives the next warrant's rotation.
  • 04Conduct technical planning support for OCO/DCO missions — convert the mission's objective into a technical COA, identify the access paths and tool requirements, and brief the feasibility call to the team OIC and the J2/S2 without overclassifying the conversation.
  • 05Brief technical findings to a non-technical customer — a battalion S6, an installation ISSO, a supported-unit commander — in language that produces a decision, not a follow-up meeting.
  • 06Maintain DoDM 8140 workforce qualification currency for every billet you hold — IAT-III baseline (CASP+ / CISSP) and the DCWF work-role qualifications that govern what missions you can touch.
Manuals & References
  • FM 3-12 — Cyberspace and Electronic Warfare Operations: the Army's doctrinal framework for OCO, DCO, and DODIN-A operations; the COA development language your planning cell speaks.
  • JP 3-12 — Cyberspace Operations: joint doctrine, USCYBERCOM's operating framework, and the organizational structure your team fits inside.
  • AR 25-2 — Army Cybersecurity: the policy framework that governs every DODIN-A billet you hold, the CCRI/CORA inspection cycle, and the IAVA closure requirements your work role feeds.
  • DoDM 8140.03 — Cyberspace Workforce Qualification and Management Program: the work-role qualifications that define your billet, your training requirements, and the certification floors you must maintain to hold a coded position.
  • NIST SP 800-115 — Technical Guide to Information Security Testing and Assessment: the technical methodology behind the vulnerability assessment work your team executes; not classified, widely cited in DCO/CPT planning products.
  • AR 350-1 — Army Training: the training management framework that governs your DoDM 8140 certification plan, your ACFT cycle, and the mandatory training load that competes with mission time.
Standards You Must Hit
  • DoDM 8140.03 work-role qualifications current for every assigned billet — a warrant officer who cannot hold the billet's coded position is a manning gap, and the team OIC briefs that gap to the brigade commander monthly.
  • IAT-III baseline certification (CASP+ or CISSP) — the floor for most 170A billet codes; Sec+ is IAT-II and insufficient for the majority of CPT/CMT warrant seats.
  • OER profile from first KD that the rater can defend at the battalion level — "excels" or "above center of mass" across technical and officer-development categories, with bullets tied to specific mission outcomes.
  • ACFT pass at the officer standard with no flags — the cyber branch does not have a physical-fitness exemption, and the 1SG reads the score the same way as any other officer.
  • Technical findings report produced at quality that the team OIC signs without a rewrite cycle — the visible product that distinguishes a warrant who is earning the seat from one who is still in training.
Common Technical Mistakes
  • Asserting a technical finding is confirmed before validation is complete. The team's report goes to the supported commander; a finding that turns out to be a false positive destroys the team's credibility with that customer and the next one.
  • Modifying the team's tool baseline without coordinating with the team's configuration management process. The next mission launch fails the technical readiness check, and the warrant who made the undocumented change owns the delay.
  • Running a technical capability demonstration against a target outside the authorized scope. Scope boundaries in cyber operations have legal and UCMJ implications; a warrant who goes outside the letter of the mission authorization has created an incident.
  • Briefing the supported commander in technical jargon rather than tactical impact. The commander makes decisions based on risk and effect, not vulnerability IDs and CVSS scores — a warrant who cannot translate the technical finding into a command decision has not finished the job.
  • Letting DoDM 8140 certification currency lapse under operational tempo pressure. The certification window does not pause for deployment; an expired qualification removes the warrant from billet-eligibility and the team from full operational capacity.
What Good Looks Like

The good WO1/CW2 170A is the warrant the team OIC hands the most technically complex problem on the board and walks away from — because the answer that comes back is defensible, documented, and ready for the customer brief. By the end of the CW2 tour, the team sergeant and the battalion S3 are both fighting to keep this warrant for the next rotation.

Go Deeper at WO1-CW2
Time-blocked daily schedule, unit-type variations, career decisions, full reading list with chapters — written for the soldier in this seat.
Full WO1-CW2 Playbook →
CW3-CW5CW3 — CW5 (Cyber Warrant Officer, Senior)

You are the technical expert the brigade commander calls when the mission answer is not obvious and the lawyer is already in the room. The team executes what you technically validate. The commander decides what you technically advise. Nobody in the building outranks your answer on whether the tool works, the access is real, or the finding is true.

What You Actually Do

At CW3 and above you are a technically senior warrant operating in one of several high-demand frames: team chief or senior technical advisor on a CPT/CMT/CST within the Cyber Mission Force (CMF), a staff warrant at ARCYBER, USCYBERCOM, JFHQ-DODIN, or a CCMD J39 or equivalent, a technical advisor or program element lead inside a HQDA or OSD cyber policy or acquisition billet, or an instructor/course-developer at the Army Cyber School at Fort Eisenhower. You are one of the Army's most credentialed technical authorities in cyberspace operations — your DoDM 8140 qualifications stack is deep, your mission history spans OCO and DCO operations, and the junior warrants in the formation watch what you do in the planning cell when the COA looks impossible. Your peer group is small. The 170A community is the youngest established warrant specialty in the Army, which means senior 170A warrants are shaping doctrine, training standards, and qualification frameworks in real-time rather than inheriting a mature system. You advise commanders on OCO/DCO operational feasibility, legal constraints under Title 10 and Title 50 authorities, and the technical risks the decision slides do not capture. You mentor WO1/CW2 warrants through their first mission set, their first billet qualification cycle, and the moment they realize they are the most technically qualified person in the room and still do not have the authority to act on that — which is the defining professional challenge of the warrant officer career. Your post-service market is one of the most liquid in the Army: cleared cyber technical talent at the CW4/CW5 level enters the contractor and federal civilian space at compensation levels that will surprise no one who has been watching the DoD cyber workforce shortage numbers.

Key Skills to Drill
  • 01Lead technical planning and execution for OCO/DCO missions at the team or echelon level — convert commander's intent into a technical mission concept, identify and validate access, tool, and authority requirements, and brief the feasibility and risk call to the OIC and the supported CCMD J39 or equivalent.
  • 02Advise the commanding officer or supported commander on technical cyber risk, legal authority constraints (Title 10/50, EO 12333, AUMF applicability), and second and third-order effects in language the commander can use in a decision brief.
  • 03Conduct and supervise vulnerability assessments, network-penetration operations, or DCO survey/secure/protect missions at a technical depth the team's WO1/CW2 warrants cannot carry independently — and train them toward independence in the process.
  • 04Develop and maintain the team's or element's technical training program — tool proficiency, DoDM 8140 qualification paths, mission rehearsal exercises (MREs), and the cross-training that prevents single-point-of-failure on critical technical skills.
  • 05Represent the Army's technical cyber equities in joint or multi-agency planning environments — USCYBERCOM JOC, CCMD J39 planning teams, interagency technical working groups — where the 170A warrant's credibility is the Army's credibility in the room.
  • 06Mentor junior 170A warrants (WO1/CW2) through their first mission set, billet qualification cycle, and the officer-development demands of the warrant career — including the honest conversation about DoDM 8140 requirements, OER mechanics, and post-service positioning.
Manuals & References
  • FM 3-12 — Cyberspace and Electronic Warfare Operations: the doctrinal framework you advise from; at CW3+ you are contributing to doctrinal revision, not just citing it.
  • JP 3-12 — Cyberspace Operations: the joint framework; senior 170As operate routinely inside USCYBERCOM and CCMD structures where JP 3-12 is the planning language.
  • DoDM 8140.03 — Cyberspace Workforce Qualification and Management Program: at this level you are advising on workforce qualification design and billet-coding decisions, not just managing your own currency.
  • AR 25-2 — Army Cybersecurity; DoD Instruction 8500.01 — Cybersecurity: the policy layer above operations; the CW4/CW5 who understands policy can advise the commander on why a particular course of action creates a policy risk, not just a technical one.
  • AR 623-3 — Evaluation Reporting System: the OER system for warrant officers; at CW3+ you are a rater for WO1/CW2s under you and you need to understand the senior-rater profile, block ratings, and the board-reads implications of every word you write.
  • DA PAM 600-3 — Officer Professional Development and Career Management (Warrant Officer chapters): the career-management framework your advisees are navigating; a senior 170A who does not know the branch-specific career track is not fully advising the juniors.
Standards You Must Hit
  • DoDM 8140.03 advanced work-role qualifications current — CISSP, OSCP, GXPN, or equivalent advanced certifications depending on specific work role; the floor at CW3+ is meaningfully higher than IAT-III baseline.
  • Senior warrant OER profile across multiple rating cycles at "excels" or "above center of mass" — the CW4/CW5 board in the Warrant Officer community reads the OER trend, not just the most recent period.
  • At least one completed major mission or technical program with measurable outcomes attributed in the OER — the technical credential the promotion board and the HQDA cyber community treat as the senior warrant's visible signature.
  • Junior warrant mentorship producing at least one WO1/CW2 who is fully billet-qualified and mission-ready per rotation — the senior 170A warrant who does not grow the bench is investing in their own reputation at the cost of the community's depth.
  • JDAL or joint-qualified designation where the billet and operational history support it — USCYBERCOM, JFHQ-DODIN, and CCMD-level cyber billets generate joint credit that the Army's senior-warrant development path values.
Common Technical Mistakes
  • Validating a mission COA as technically feasible without fully accounting for the deconfliction, authority, and second-order-effect questions that the planning cell raised and the operator dismissed. The senior warrant's technical feasibility call is the last substantive check before the mission executes; treating it as a rubber stamp creates the conditions for a legal or operational incident.
  • Allowing the team's technical documentation — tool configuration baselines, mission archives, findings records — to degrade under operational tempo. The warrant who lets the institutional knowledge walk out with the rotating personnel has created a capability gap the next rotation inherits cold.
  • Mentoring junior warrants toward comfort rather than toward standard. A WO1 who has never had a senior warrant push back on a sloppy findings report will brief that same sloppy report to a supported commander. The senior warrant who lets that slide owns the credibility damage.
  • Confusing technical seniority with operational authority. At CW4/CW5 you are one of the most technically credentialed people in most rooms you enter; that does not mean you have command authority, and the senior warrant who acts as though it does creates leadership friction that the team commander has to clean up.
  • Failing to engage the post-service positioning conversation with the realism it deserves. The CW5 who retires without contractor or federal-civilian positioning built over the final 24 months has wasted the most liquid career exit in the Army. The cleared technical market is aggressive — work it early.
What Good Looks Like

The good CW4/CW5 170A is the warrant the ARCYBER or USCYBERCOM planning shop calls before the mission brief, not after. Their technical feasibility calls are clean and documented, their junior warrants are billet-qualified on schedule, and the brigade commander's OER bullet on them reads "the technical authority the command relies on" because that is factually what happened in the last rotation. They are shaping the next version of the DoDM 8140 qualification framework, and two of their former WO1/CW2 advisees are already writing better findings reports than most CW3s because this warrant held the standard on every product.

Go Deeper at CW3-CW5
Time-blocked daily schedule, unit-type variations, career decisions, full reading list with chapters — written for the soldier in this seat.
Full CW3-CW5 Playbook →
Training Pipeline
1
WOCS6w
Fort Eisenhower (GA)
2
Cyber Operations Technician Course40w
Fort Eisenhower (GA)
Advanced cyber operations, network exploitation, and defense. TS/SCI required.
On the Outside

What this actually is in the real world

Your skills translate. Here's what civilian employers call this job — and what they pay.

Computer and Information Systems Managers

Strong match
$171,200$136,960$205,440/yr median

Salary data from the U.S. Bureau of Labor Statistics Occupational Employment and Wage Statistics program, retrieved Feb 2026. BLS.gov cannot vouch for the data or analyses derived from these data after the data have been retrieved from BLS.gov.

MOS Pulse

Anonymous · One tap · No account

Three seconds of your time, zero of your identity. This is how the honest picture of 170A gets built — one tap at a time.

Knowing what you know now — would you pick 170A again?

Did your recruiter describe this job accurately?

Hours per week this job actually takes in garrison?

That tap took 3 seconds. A full review takes 10 minutes — and does about 100x more for the next person staring at this contract.

Write the Full Review →
Reviews
Founding ReviewUnclaimed

Nobody’s gone first. Yet.

Zero reviews for 170A. Not because nobody has opinions — anyone who’s actually done Cyber Warfare Technician is carrying a full magazine of them — but because nobody’s put theirs on the record.

So here’s the deal: the first approved review of every MOS becomes its Founding Review. Permanently badged, permanently first. Every person who looks up 170A from now on reads it before anything else — including the recruiter’s version.

We could fill this page with fake reviews tonight. Plenty of sites do. We never will — which means this space stays exactly this empty until someone who lived it goes first.

Sign Up & Claim ItFree account · takes two minutes

Anonymous by default — no name, no unit, fuzzy timestamps. Your chain of command never knows it was you.

FAQ

170A Cyber Warfare Technician — FAQ

Q01What does a 170A do in the Army?
You completed the Cyber Warrant Officer Basic Course (CWOBC) at the Army Cyber School, Fort Eisenhower, GA — the Cyber Center of Excellence, home of ARCYBER and JFHQ-DODIN.
Q02How long is 170A training and where is it held?
170A training is approximately 24 weeks of Advanced Individual Training (AIT) after Basic Combat Training, held at Fort Eisenhower, GA.
Q03What security clearance does a 170A need?
170A typically requires a TS/SCI security clearance, granted after a background investigation.
Q04What does a day in the life of a 170A look like?
Serving as the senior technical cyber operations expert — leading offensive and defensive network operations, advising commanders on cyber capabilities, and managing the technical aspects of cyber missions. You are the technical backbone of the Army's cyber teams. The work is highly classified and genuinely cutting-edge.
Q05What civilian jobs does 170A translate to?
170A maps most directly to civilian occupations including Computer and Information Systems Managers. Translation quality varies by skill — see the Honest MOS Civilian Translation block for full O*NET matches and salary data.
Q06How often do 170A soldiers deploy?
Deployment tempo for 170A is low — most assignments are CONUS-based. Mostly garrison at cyber operations centers; some support to theater cyber operations
Q07What's the recruiter not telling me about 170A?
You are the warrant officer the Army calls when cyber gets too complicated for the officers and too classified for the enlisted — so, always.
How does 170A compare?
See side-by-side ratings, quality of life, and community takes.
Published by the Honest MOS Editorial DeskVerified against DoD/.gov sourcesUpdated May 2026Editorial standards

Sources:Branch MOS catalog · DTMO pay tables · DoD/.gov benefits references · O*NET civilian career mapping · verified service-member reviews