Skip to main content
HonestMOS
InvestigationsCongress made VA disability claims free to file. An entire industry charges veterans anyway — and nobody can stop them.
USA17A

Cyber Warfare Officer

Leads cyber operations units in conducting offensive and defensive cyberspace operations. Plans and directs cyber missions to support military objectives and protect Army networks.

No reviews yet
Watch this MOSGet pinged when 17A — Cyber Warfare Officer hits an SRB list, cutoff drop, or BAH change. Free account, anonymous as always.
Recruiter vs. Reality
What they tell you

As a Cyber Operations Officer, you'll lead the Army's most elite digital warriors in offensive and defensive cyberspace operations. You'll master network warfare, cyber strategy, and digital force management — positioning yourself at the forefront of the most critical domain in modern warfare with career options in the $200K+ range.

What it's actually like

You will lead cyber soldiers who are smarter than you and know it. Your job is not to out-hack them — it's to protect them from the Army's bureaucratic immune system, which treats anything it doesn't understand as a threat to be briefed into submission. You'll spend half your career translating 'we exploited a vulnerability in their C2 network' into language a brigade commander can put on a slide without getting confused. Your OER depends on operations you can't talk about and metrics that don't exist yet for a domain the Army is still figuring out how to fight in. The best cyber officers are the ones who get out of their people's way. The worst ones try to apply infantry tactics to a keyboard.

First-hand intel neededWrite a Review

MOS Intel

ClearanceTS/SCI
|
PromotionFast
|
Deploy TempoLow
Career Intel
Duty StationsFort Eisenhower (GA) · Fort Meade (MD) · Fort Liberty (NC) · Fort Cavazos (TX) · Various ARCYBER/NSA sites
Daily LifeLeading cyber operations teams — offensive and defensive network operations, planning cyber campaigns, and integrating cyber capabilities with conventional military operations. As a platoon leader: leading a cyber team. As a company commander: responsible for multiple cyber teams and their operations. The work is highly classified and technically sophisticated.
AIT / SchoolCyber Basic Officer Leader Course (CBOLC) at Fort Eisenhower (GA) is about 6 months. Covers network operations, cyber warfare, malware analysis, and cyber mission planning. The training is demanding and assumes strong technical aptitude. Many 17A officers come from computer science or engineering backgrounds.
Physical DemandsLow. Cyber operations are desk-based. Standard Army PT requirements but the job is entirely cerebral.
DeploymentsMostly garrison at cyber operations centers; some deploy to support theater cyber operations
Certifications
TS/SCI clearanceCompTIA Security+CEHGIAC certificationsVarious classified cyber qualifications
Pro Tips
  1. 1The 17A branch is the youngest in the Army and career management is still evolving. Be adaptable — the career path is not as well-defined as infantry or armor.
  2. 2Network with NSA and CYBERCOM civilians and contractors. The cyber community is tight-knit and your professional network is your most valuable asset.
  3. 3Post-military cyber leaders command $150-200K+ in the private sector. The combination of technical skills, TS/SCI, and leadership experience is extraordinarily valuable.
The Honest Truth

Cyber operations officer is the most modern branch in the Army and one of the most valuable for post-military career potential. You lead teams conducting real offensive and defensive cyber operations — the digital equivalent of combat. What the branch briefer won't fully explain: the Army is still figuring out how to use cyber officers. The career path is less defined than traditional branches, organizational structures are evolving, and you may find yourself explaining to senior leaders what your team does and why it matters. The upside: the work is genuinely fascinating, the clearance and skills are worth a fortune in the civilian market, and the branch is young enough that you can shape its future. The civilian career ceiling is exceptionally high — cyber security leadership positions in the private sector start well into six figures.

Execute the Job — By Rank

How you actually run this job at each rank — what you do, what you drill, which manuals you own, and what good looks like. Written for the soldier, sailor, airman, Marine, or Guardian currently in the seat. Each rank deeplinks into the full Playbook deep-dive: time-blocked schedules, unit-type variations, career decisions, and the read on the next rank.

O1-O22LT — 1LT (Cyber Officer / DCO/OCO Team Leader)

You are a Cyber Corps lieutenant. The branch stands up a new kind of war; you are one of the officers expected to figure out how to fight it. Your platoon sergeant cannot teach you the technical depth — you have to bring it yourself.

What You Actually Do

Cyber Basic Officer Leader Course (CBOLC) at the Army Cyber School, Fort Eisenhower runs you through the foundational stack: defensive cyberspace operations (DCO), offensive cyberspace operations (OCO), Department of Defense Information Network-Army (DODIN-A) fundamentals, vulnerability assessment methodology, and the joint planning process as it applies to cyberspace effects. From CBOLC you typically slate to one of three first-assignment tracks: a Cyber Mission Force (CMF) team at U.S. Army Cyber Command (ARCYBER, Fort Eisenhower) or one of its assigned Cyber Mission Teams (CMTs) under USCYBERCOM; a Defensive Cyber Operations – Internal Defensive Measures (DCO-IDM) element at an Army echelon (INSCOM, a division or corps G-6 cyber cell); or a Joint Force Headquarters – Department of Defense Information Network (JFHQ-DODIN) or subordinate Cyber Mission Force element at Fort Meade. Your day-to-day is a split between technical work and planning work — hunting adversary activity in Army networks, running vulnerability scans and STIG compliance cycles, integrating cyber effects requests into the supported command's targeting process, and sitting in BUBs briefing commanders who have never taken a cybersecurity course on why the risk they are about to accept matters. The unglamorous garrison parts — MEDPROS, APFT/ACFT prep, counseling cycles, property accountability — do not pause because the threat did not pause.

Key Skills to Drill
  • 01Plan and brief a DCO-IDM operation — threat hunting, network analysis, STIG remediation, anomaly detection — to the standard where the G-6 or J-6 senior does not have to clean up the slide before it goes to the commander.
  • 02Execute vulnerability assessments using DoD-approved toolsets and translate raw findings into a prioritized risk register the supported command can act on — CAT-I open for more than 30 days is a reportable event.
  • 03Integrate cyber effects requests into the joint targeting cycle per JP 3-12 — understand the coordination with the fires cell, the legal review for Title 10 / Title 50 distinctions, and the time-sensitive targeting timeline.
  • 04Run a DODIN-A compliance cycle — IAVA closure rates, STIG posture, configuration baseline enforcement — and brief the status accurately on a five-slide update without hiding CAT-I findings.
  • 05Operate under USCYBERCOM / ARCYBER command relationships — understand the CMF construct (Cyber National Mission Forces, Cyber Combat Mission Forces, Cyber Protection Forces), your team's mission set, and how authorities flow under Title 10 USC Chapter 18.
  • 06Mentor your team's enlisted cyber operators (17C Cyber Operations Specialists) through technical task qualification, DCWF role certifications, and the NCOER counseling calendar.
Manuals & References
  • FM 3-12 — Cyberspace and Electronic Warfare Operations (the Army's primary cyberspace doctrine; read it before your first BUB brief).
  • JP 3-12 — Cyberspace Operations (joint doctrine; the authorization, coordination, and deconfliction logic that governs everything above DCO-IDM).
  • AR 25-2 — Army Cybersecurity; AR 380-5 — Department of the Army Information Security Program.
  • DoDM 8140.03 — Cyberspace Workforce Qualification and Management Program (the credential framework behind every DCWF role your billet codes).
  • ADP 6-0 — Mission Command; DA PAM 600-3 — Officer Professional Development (17A / Cyber branch chapter).
  • USCYBERCOM TASKORD / EXORD series (classified; know the document structure and where to pull current authorities on the SIPR before your first planning meeting).
Standards You Must Hit
  • DoD 8140 / DCWF credential for your coded billet role — at minimum CompTIA Security+ (CE) for IAT-II; your billet may code IAT-III (CASP+ / CISSP) or CSSP Analyst / Incident Responder; arrive at first unit with Sec+ done.
  • CBOLC graduation and 17A branch qualification — the Army Cyber School sets the technical baseline; everything downstream assumes you absorbed it.
  • ACFT pass at the officer standard — the Cyber Center of Excellence does not exempt officers for technical MOS assignment.
  • Successful CMF team or DCO-IDM element integration — the CMF readiness construct measures team certifications quarterly; a new LT who cannot account for her team's DCWF qualification posture is a gap on the readiness slide.
  • OER profile from first KD that the senior rater can defend — bullets tied to measurable outcomes (IAVA closure rate, vulnerability findings actioned, exercise participation, CMF mission execution).
Common Technical Mistakes
  • Briefing a CAT-I finding "for awareness" without a closure timeline. The ARCYBER G-3 or the JFHQ-DODIN element lead hears "for awareness" as "I don't own the fix" and the LT owns the follow-up memo that explains why it is still open.
  • Mixing Title 10 / Title 50 authorities without a legal review in hand. Offensive cyber effects requests that cross the OCO / intelligence-collection line require SECDEF or Presidential-level authorization; a LT who blurs this in a targeting brief goes to the JAG's office before the end of the day.
  • Letting STIG compliance drift because "operations tempo is high." The CCRI / CORA inspector does not accept OPTEMPO as a CAT-I justification; the inspection result lands on the LT's OER.
  • Treating your 17C NCOs as technicians you direct from a distance. The Cyber Operations Specialist enlisted ranks carry the hands-on toolset expertise the LT was briefed on in CBOLC — lose their trust early and the team stops performing.
  • Posting any detail about mission, tool, target, or authority on an unclassified platform. The OPSEC surface in the cyber community is sharp — a screenshot on a personal device, a LinkedIn post about "government cyber work," or a conversation at an open-source conference about current operations gets flagged the same day.
What Good Looks Like

The good 17A LT is the one the ARCYBER or JFHQ-DODIN team lead puts on the planning cell for the next CPX because the threat-model brief will come back accurate, the IAVA compliance will be green, and the supported command's J-3 will not have to explain cyber integration to the maneuver staff. She has her DCWF credentials current, her team's qualification posture documented, and her BN CDR's OER bullet reads "select to command early; assign to USCYBERCOM or NSA post-KD to build the joint depth the Army needs."

Go Deeper at O1-O2
Time-blocked daily schedule, unit-type variations, career decisions, full reading list with chapters — written for the soldier in this seat.
Full O1-O2 Playbook →
O3-O4CPT — MAJ (Cyber Company Commander / CMF Team Lead / Staff)

You are a Cyber Corps captain or major. The KD window is narrow, the post-command billets are genuinely joint, and the Army's ability to operate in cyberspace in 2030 depends in part on whether you can build and lead a team that can fight in a domain most commanders still treat as IT support.

What You Actually Do

You return to Fort Eisenhower — or deploy in the seat — for your Key Developmental billet. The most common 17A CPT KD tracks are: Cyber Company Command at ARCYBER or a subordinate element (a Cyber Mission Force company of 50-80 soldiers running CMF team operations under USCYBERCOM tasking); the Defensive Cyber Operations Company Commander at an Army Service Component Command (ASCC) running DCO-IDM across a theater network; or a Cyber Planner / Staff Cyber Officer at a corps, division, ASCC, or COCOM J-39 / J-2 staff integrating cyber effects into joint operations. The Captains Career Course for 17A runs at the Army Cyber School and covers advanced cyberspace planning, CMF operations management, joint cyber integration, and the command climate / legal framework that governs offensive authorities. After KD, the major-level billets that define the field-grade record are at USCYBERCOM, NSA, ARCYBER G-3/G-5/G-7, DIA, INSCOM, or a joint task force J-39 — the joint cyberspace billets that the Army and OSD use to populate the interagency and COCOM cyber staffs. ILE / CGSC at Fort Leavenworth is the professional military education gate before the major's board. The 17A major who has a KD OER, joint-tour credit, a current TS/SCI with relevant access, and the post-command billet at a COCOM or NSA staff is the one the HRC cyber branch manager recommends for battalion command consideration. The FA49 (Operations Research / Systems Analysis) and FA59 (Strategist) functional areas attract some 17A officers at the major's board window — the analytic depth that cyber demands translates well into both.

Key Skills to Drill
  • 01Command a Cyber Mission Force company or DCO company — certify teams to USCYBERCOM readiness standards, manage personnel and equipment across a geographically dispersed CMF element, sustain DCWF qualification currency across 50-80 soldiers.
  • 02Run a joint cyber planning cell — integrate OCO / DCO effects requests into the Joint Targeting Cycle (JP 3-60), coordinate with the fires cell, JAG, and IO cell, and brief the two-star on a cyber effects recommendation without requiring a cleanup brief before it reaches the commander.
  • 03Manage the CMF readiness construct — team certification cycles, quarterly readiness assessments, DCWF credential expiration tracking, and the honest reporting line to ARCYBER G-3 when a team is below threshold rather than papering the report.
  • 04Translate technical cyber risk to a maneuver commander or a GS-15 civilian SES in language they will repeat correctly to the next echelon — and translate the commander's intent back into a cyber effects plan the teams can execute.
  • 05Build and run an officer development program for a bench of 17A LTs — OER counseling cadence, DCWF credential sponsorship, KD assignment timing, school slate management (CGSC, Cyber-specific courses at Fort Eisenhower, NSA/USCYBERCOM fellowship programs).
  • 06Navigate the FA / functional area decision honestly — 17A branch is small, the post-command billet market is joint, and the officers who understand their talent fit (operational cyber vs staff cyber vs technical vs strategic) before the major's board are the ones who build a competitive record rather than drifting.
Manuals & References
  • FM 3-12 — Cyberspace and Electronic Warfare Operations; JP 3-12 — Cyberspace Operations (the two documents that frame the planning logic at every brief level).
  • JP 3-60 — Joint Targeting (the cycle that OCO effects requests enter; know it at the chapter level before your first targeting board).
  • AR 25-2 — Army Cybersecurity; DoDM 8140.03 — DCWF Qualification; DoDD 8140.01 — Cyberspace Workforce Management.
  • AR 600-20 — Army Command Policy; AR 623-3 — Evaluation Reporting; AR 600-8-29 — Officer Promotions; DA PAM 600-3 — Officer Professional Development.
  • CJCSI 3210.01 — Joint Information Operations Policy (EW / IO / cyber integration at the joint level); CJCSI 6510.01 — Information Assurance and Support to Computer Network Defense.
  • ADP 6-0 — Mission Command; ADP 5-0 — The Operations Process (the planning framework behind every cyber effects request that enters a CONOP or OPORD).
Standards You Must Hit
  • Captains Career Course graduate; ILE / CGSC slate (resident at Fort Leavenworth or non-resident ATRRS/DL) complete before the major's board.
  • Successful KD OER — Cyber Company Command or equivalent — with a senior rater profile and bullets tied to measurable outcomes: CMF team certification rate, DCWF qualification currency, mission execution on USCYBERCOM-tasked events, soldiers certified and promoted.
  • TS/SCI with access to relevant compartmented programs maintained continuously — a 17A major who has a clearance gap is non-competitive for the NSA / USCYBERCOM / DIA post-command billets that shape the field-grade record.
  • JDAL credit (Joint Duty Assignment List) — the 17A field-grade slate values joint experience (USCYBERCOM, JFHQ-DODIN, NSA, COCOM J-39) at a premium; joint tours open the post-command billets that lead to battalion command consideration.
  • For the centralized HRC command board and major's board: pull the current Officer Personnel Management Directorate (OPMD) board release — the 17A branch is small enough that selection demographics shift year-to-year and the published board statistics are the only honest source.
Common Technical Mistakes
  • Treating company command as a technical problem. The KD is a soldier problem and a property-accountability problem — the cyber mission execution is what you brief, but the formation is what the brigade commander and the ARCYBER CSM are watching.
  • Hiding a CMF team's readiness shortfall from the chain of command to "fix it before the quarterly report." The ARCYBER G-3 reads the readiness dashboard; the discrepancy between the slide and the team's actual certification status surfaces at the CTC or during an actual mission — and the relief-for-cause is at ARCYBER command level.
  • Confusing technical cyber operator depth with cyber commander depth. The post-KD billets at USCYBERCOM, NSA, and COCOM J-39s require strategic planning and leadership, not the ability to run the toolset faster than your NCOs. Captains who try to stay technical at the expense of building the staff-officer muscle arrive at the major's board without the joint-planning credibility the field-grade billet market demands.
  • Skipping the FA / branch-transfer conversation because "I am a 17A." DA PAM 600-3 names the functional area paths and the inter-branch transfer options explicitly; the captains who slate themselves honestly based on talent and the actual post-command billet landscape are the majors who build a competitive record.
  • Letting DCWF credential expiration creep across the company because "everyone is deployed / on mission." The DoDM 8140 audit pull reflects on the CO, and a mass expiration during a command tour is a visible failure of the administrative-management half of the KD.
What Good Looks Like

The good 17A captain commanded a Cyber company that certified its CMF teams to standard, did not lose a TS/SCI holder to a clearance reinvestigation failure she didn't see coming, and turned over a formation the next CO did not have to repair. As a major he is on a billet at USCYBERCOM, NSA, ARCYBER G-3, or a COCOM J-39; his ILE is complete; his joint-tour credit is on the record; and the HRC cyber branch manager recommends him for battalion command without needing to explain the OER profile. Pull the current board release for the actual selection demographics — the branch is small enough that individual cases matter, and the numbers shift.

Go Deeper at O3-O4
Time-blocked daily schedule, unit-type variations, career decisions, full reading list with chapters — written for the soldier in this seat.
Full O3-O4 Playbook →
Training Pipeline
1
OCS, ROTC, or USMA12w
Fort Eisenhower (GA)
2
Cyber Basic Officer Leader Course (CYBERBOLC)26w
Fort Eisenhower (GA)
Cyber operations planning, network defense, offensive tools. Highly technical.
On the Outside

What this actually is in the real world

Your skills translate. Here's what civilian employers call this job — and what they pay.

Computer and Information Systems Managers

Strong match
$171,200$136,960$205,440/yr median

Salary data from the U.S. Bureau of Labor Statistics Occupational Employment and Wage Statistics program, retrieved Feb 2026. BLS.gov cannot vouch for the data or analyses derived from these data after the data have been retrieved from BLS.gov.

MOS Pulse

Anonymous · One tap · No account

Three seconds of your time, zero of your identity. This is how the honest picture of 17A gets built — one tap at a time.

Knowing what you know now — would you pick 17A again?

Did your recruiter describe this job accurately?

Hours per week this job actually takes in garrison?

That tap took 3 seconds. A full review takes 10 minutes — and does about 100x more for the next person staring at this contract.

Write the Full Review →
Reviews
Founding ReviewUnclaimed

Nobody’s gone first. Yet.

Zero reviews for 17A. Not because nobody has opinions — anyone who’s actually done Cyber Warfare Officer is carrying a full magazine of them — but because nobody’s put theirs on the record.

So here’s the deal: the first approved review of every MOS becomes its Founding Review. Permanently badged, permanently first. Every person who looks up 17A from now on reads it before anything else — including the recruiter’s version.

We could fill this page with fake reviews tonight. Plenty of sites do. We never will — which means this space stays exactly this empty until someone who lived it goes first.

Sign Up & Claim ItFree account · takes two minutes

Anonymous by default — no name, no unit, fuzzy timestamps. Your chain of command never knows it was you.

FAQ

17A Cyber Warfare Officer — FAQ

Q01What does a 17A do in the Army?
Cyber Basic Officer Leader Course (CBOLC) at the Army Cyber School, Fort Eisenhower runs you through the foundational stack: defensive cyberspace operations (DCO), offensive cyberspace operations (OCO), Department of Defense Information Network-Army (DODIN-A) fundamentals, vulnerability assessment methodology, and the joint planning process as it applies to cyberspace effects.
Q02How long is 17A training and where is it held?
17A training is approximately 16 weeks of Advanced Individual Training (AIT) after Basic Combat Training, held at Fort Eisenhower, GA.
Q03What security clearance does a 17A need?
17A typically requires a TS/SCI security clearance, granted after a background investigation.
Q04What does a day in the life of a 17A look like?
Leading cyber operations teams — offensive and defensive network operations, planning cyber campaigns, and integrating cyber capabilities with conventional military operations. As a platoon leader: leading a cyber team. As a company commander: responsible for multiple cyber teams and their operations. The work is highly classified and technically sophisticated.
Q05What civilian jobs does 17A translate to?
17A maps most directly to civilian occupations including Computer and Information Systems Managers. Translation quality varies by skill — see the Honest MOS Civilian Translation block for full O*NET matches and salary data.
Q06How often do 17A soldiers deploy?
Deployment tempo for 17A is low — most assignments are CONUS-based. Mostly garrison at cyber operations centers; some deploy to support theater cyber operations
Q07What's the recruiter not telling me about 17A?
You will lead cyber soldiers who are smarter than you and know it.
How does 17A compare?
See side-by-side ratings, quality of life, and community takes.
Published by the Honest MOS Editorial DeskVerified against DoD/.gov sourcesUpdated May 2026Editorial standards

Sources:Branch MOS catalog · DTMO pay tables · DoD/.gov benefits references · O*NET civilian career mapping · verified service-member reviews