Skip to main content
HonestMOS
InvestigationsCongress made VA disability claims free to file. An entire industry charges veterans anyway — and nobody can stop them.
USA35L

Counter Intelligence Agent

Conducts counterintelligence investigations, operations, collections, and analysis. Identifies and neutralizes foreign intelligence threats to the Army.

No reviews yet
Watch this MOSGet pinged when 35L — Counter Intelligence Agent hits an SRB list, cutoff drop, or BAH change. Free account, anonymous as always.
Recruiter vs. Reality
What they tell you

As a Counterintelligence Agent, you'll protect the Army's secrets from foreign intelligence threats. You'll conduct investigations, identify espionage risks, and master the art of threat analysis — launching a career in counterintelligence that the CIA, FBI, and NSA actively recruit for.

What it's actually like

You are a counterintelligence agent, which sounds exactly as cool as you think it is and is simultaneously more boring than you can imagine. The cool part: you run operations to detect, identify, and neutralize foreign intelligence threats targeting U.S. Army personnel, technology, and operations. You interview sources, conduct surveillance, and investigate security incidents that could indicate espionage, sabotage, or terrorism. Your badge carries federal law enforcement authority, and your casework is classified at levels that make your security briefing an all-day event. The boring part: mountains of reports, database queries, link analysis charts, and the administrative overhead that turns every operation into a paper trail that JAG, MI command, and sometimes DOJ will review. Your investigations range from insider threats (the soldier selling secrets) to force protection (the person surveilling the gate), and each one requires patience, documentation, and the kind of methodical work that movie spies never do. Deployed CI is the premium assignment — you're operating in environments where the threat is active, your collection is real-time, and your reports directly influence force protection measures. Your federal LE authority, TS/SCI clearance, and investigative expertise are a recruiter's dream for the FBI, CIA, DIA, DSS, and defense contractors paying $85-130K.

First-hand intel neededWrite a Review

MOS Intel

ClearanceTS/SCI
|
PromotionAverage
|
Deploy TempoModerate
|
BonusUp to $30,000
Career Intel
Duty StationsFort Liberty (NC) · Fort Meade (MD) · Fort Cavazos (TX) · Fort Huachuca (AZ) · Various INSCOM and CI sites worldwide
Daily LifeConducting counterintelligence investigations, security screenings, source operations, and threat assessments. You detect, identify, and neutralize foreign intelligence threats to the Army. The work can involve interviewing foreign nationals, investigating security violations, and running counterintelligence operations. The level of autonomy is significant.
AIT / SchoolThe CI Special Agent Course at Fort Huachuca (AZ) is about 19 weeks. Covers CI investigations, source operations, security screening, and threat analysis. Requires prior service (typically E4+ with a clean record and strong interview skills). Entry is competitive and includes a polygraph.
Physical DemandsLow. CI work is primarily interviews, investigations, and analysis. Standard Army PT requirements but the job is desk and field-interview based.
DeploymentsDeploys to conduct counterintelligence operations in theater; some assignments at fixed sites worldwide
Certifications
Counterintelligence Special Agent credentialTS/SCI clearance with CI polygraphSource handling certificationsVarious classified program accesses
Pro Tips
  1. 1Your CI credential and TS/SCI with poly make you one of the most hireable veterans in the intelligence community. Don't let your clearance lapse — ever.
  2. 2Build relationships across the intelligence community during your service. CI agents work with CIA, FBI, DIA, and NSA — those connections are your future career network.
  3. 3Specialize in cyber CI or technical CI — these subdisciplines are in extreme demand and command premium salaries in the civilian market.
The Honest Truth

Counterintelligence is one of the most intellectually demanding and career-rewarding MOSs in the Army. You are essentially a military spy hunter, and the work ranges from fascinating to mundane. The recruiter (for reclassification) will emphasize the James Bond aspects, and some assignments deliver on that promise — running source operations, investigating espionage, and conducting counterintelligence across foreign environments. The reality: a lot of CI work is security screenings, vulnerability assessments, and report writing. The high-end operational work is earned through experience and reputation. The civilian translation is extraordinary: the intelligence community and defense industry pay premium salaries for CI professionals with clearances and operational experience. FBI, CIA, DIA, and every major defense contractor actively recruit from the 35L community.

Execute the Job — By Rank

How you actually run this job at each rank — what you do, what you drill, which manuals you own, and what good looks like. Written for the soldier, sailor, airman, Marine, or Guardian currently in the seat. Each rank deeplinks into the full Playbook deep-dive: time-blocked schedules, unit-type variations, career decisions, and the read on the next rank.

E1-E3PV1 — PFC (CI Apprentice)

You are brand new to the CI world and you do not yet understand what you do not know. That gap is the mission — and closing it before you make an error that burns a source or an operation is the entire point of the first two years.

What You Actually Do

After graduating AIT at the USA Intelligence Center of Excellence (USAICoE) at Fort Huachuca, you report to a CI team at an INSCOM unit, a G2 section at a brigade or division, a theater special operations CI element, or a Defense Counterintelligence and Security Agency (DCSA) field office. You are not running solo source operations — not yet. You support senior agents by preparing CI liaison request packages, reviewing threat reports, organizing case files, running database queries in law-enforcement and intelligence systems, and helping prepare the threat portion of the base IPOE. You write military intelligence reports (MIRs) in draft form under senior review. You attend every CI interview and debrief you are allowed in the room for, and you are taking notes — not leading. Your TS/SCI clearance and SCI access are your most critical possession; how you live outside the office is now part of your professional risk picture.

Key Skills to Drill
  • 01Run a database query in CI-relevant systems (DCGS-A, SIPR-based IC databases) to support a threat review — clean, documented, submitted to the senior agent for review.
  • 02Prepare a CI Spot Report (CIREP) draft under supervision — event, location, time, CI relevance, reporting unit — formatted to the applicable INSCOM or theater reporting standard.
  • 03Conduct a screening debrief as the junior agent under an experienced 35L's observation — open questions first, documentation concurrent, do not lead the subject.
  • 04Brief the unit G2 or S2 on a CI threat indicator using an intelligence product the team has reviewed — specific, sourced, no embellishment.
  • 05Identify and report a potential OPSEC violation or anomalous contact to the senior agent — the report is not a career-ender for the person, but the failure to report is a career-ender for you.
  • 06Conduct a preliminary liaison meeting with a military or law enforcement partner under the lead agent's supervision — greeting, purpose, limits of engagement, documentation.
Manuals & References
  • AR 381-20 — The Army Counterintelligence Program (the governing regulation; know what it authorizes and what it prohibits).
  • FM 2-22.2 — Counterintelligence (the 35L doctrinal field manual; read it cover to cover before the first assignment).
  • ATP 2-22.2-1 and ATP 2-22.2-2 — CI Techniques and CI Support to Force Protection (the how-to manuals that fill in what FM 2-22.2 frames).
  • DoD 5240.1-R — Procedures Governing the Activities of DoD Intelligence Components (the legal authority framework for everything CI does).
  • UCMJ and the Classified Information Non-Disclosure Agreement (NdA) — you signed it; understand what the criminal exposure actually looks like.
Standards You Must Hit
  • TS/SCI in adjudication complete and SCI access granted before operational assignment — no clearance means no work.
  • AIT graduate from the 35L course at Fort Huachuca — the baseline credential, not the competency ceiling.
  • ACFT 540+ — the MI community takes the physical test seriously and the senior agent who has to carry a struggling private on a CI mission does not forget it.
  • No adverse financial, personal conduct, or foreign contact entries on the SF-86 update — your lifestyle is part of your product now.
  • First CI Report (CIREP) submitted within 90 days of arrival at unit — you are collecting even when you are learning.
Common Technical Mistakes
  • Sharing case details or source information with a peer outside the need-to-know chain. CI source protection is absolute; one conversation in the wrong room ends an operation and starts a federal investigation.
  • Accessing a CI database system without documented authorization for that specific query. The audit trail is real and the INSCOM security officer reads it.
  • Conducting an unsupervised contact or interview before being authorized to do so by the team chief. The legal authority for every CI activity is bounded; exceeding it exposes the Army to a Fourth Amendment or FISA problem.
  • Underreporting a potentially significant foreign contact on the SF-86 or annual update because it "wasn't a big deal." The adjudicator decides what is significant — your job is to report it.
  • Discussing the fact that you are a 35L to anyone outside a need-to-know context. Your MOS is law-enforcement sensitive; your tradecraft starts with what you say at a BBQ.
What Good Looks Like

The good PFC 35L is the one the team chief puts in the room for the debrief because they know the junior agent will take clean notes, keep their mouth shut at the right moments, and ask the right follow-up question at the right time — once. By month 18 they have three clean CIREPs in the system, the senior agent is signing off their first solo screening, and the team chief is already talking to the SFC about the SGT board.

Go Deeper at E1-E3
Time-blocked daily schedule, unit-type variations, career decisions, full reading list with chapters — written for the soldier in this seat.
Full E1-E3 Playbook →
E4SPC (CI Agent Apprentice — Certified)

You have your Basic CI Badge and you are now accountable for the legal and operational integrity of every contact you make on behalf of the Army.

What You Actually Do

As a certified CI agent you conduct supervised source operations, CI interviews, and preliminary investigations under the team chief's oversight. You develop and run contacts (potential sources) through the early stages of recruitment while the team chief or senior agent retains approval authority. You write full intelligence reports — MIRs, CIREPs, asset validation reports — in final form, not draft. You participate in CI force protection source operations supporting the local unit's OPSEC program. At a G2 CI team you may run the walk-in contact processing, the initial assessment of personnel security flags referred by the command, or the liaison relationship with a local law-enforcement partner. The SCI system access you have is real and the reporting chain — INSCOM, DIA, NSA, FBI counterpart — is real. You are beginning to understand that CI is as much about what you do NOT report as what you do.

Key Skills to Drill
  • 01Conduct a CI source development contact from initial assessment through documented contact report — approach authorized, elicitation plan rehearsed, documentation complete by end of day.
  • 02Write a finished MIR to INSCOM / theater intelligence-reporting standards — event, reliability, credibility, CI relevance, supported unit — that the team chief can sign without rewriting.
  • 03Execute a preliminary CI investigation (PCI) under the team chief's authority — authority documented, subject rights protected, interview documented, legal review obtained before any adverse action.
  • 04Run a CI threat briefing for a deploying unit — threat actors, collection methodologies, indicators, safe-reporting procedures — adapted to the audience's classification level.
  • 05Conduct a liaison meeting with a partner-nation CI element, a federal law-enforcement agency, or a host-nation intelligence organization — purpose documented, scope bounded, SITREP to the team chief same day.
  • 06Manage a case file to INSCOM / command SOP — chronological, documented authority, reports indexed, closure criteria tracked.
Manuals & References
  • FM 2-22.2 — Counterintelligence (the doctrinal backbone for every operation you run).
  • ATP 2-22.2-1 and ATP 2-22.2-2 — CI Techniques and CI Force Protection Support (you teach from these now, not just read them).
  • DoD 5240.1-R — Procedures Governing DoD Intelligence Components (every legal authority for your operations is grounded here).
  • AR 381-20 — Army CI Program (your program regulation; know the boundaries of Army CI authority versus FBI or NSA equities).
  • ICD 304 / applicable Intelligence Community Directives governing human intelligence validation — source validation standards cross MOS 35L and 35M and you need both frameworks.
Standards You Must Hit
  • Basic CI Agent Badge awarded — the minimum operational credential; without it you cannot run a sanctioned contact.
  • BLC graduate or in-slot; SGT board prep active — the SPC who never shows initiative toward the NCO corps is the one the team chief counsels on re-enlistment options.
  • Zero unresolved legal authority gaps on any active case — every contact has documented authority; the INSCOM JAG review is current.
  • ACFT 560+ and fitness maintained through field rotations — CI agents deploy to austere environments and the team chief cannot carry a liability.
  • Annual SF-86 continuous evaluation (CE) update submitted on time, complete, with all foreign contacts and financial changes documented.
Common Technical Mistakes
  • Running a contact without documented authority from the team chief or approval authority. The Army's CI program is federally regulated; an unauthorized contact can trigger a DoD IG or Congressional inquiry.
  • Using your CI badge or access to conduct an activity that benefits you personally, a friend, or an unofficial investigation. CI authority is government authority; private use is a federal crime.
  • Failing to report an anomalous contact on your SF-86 update because you assessed it as low-risk. Adjudication is the government's job; non-disclosure is your risk.
  • Writing a source report that attributes more to the source than was actually reported — to make the product look better or the source look more productive. Fabrication in intelligence reporting is a felony.
  • Over-briefing CI operations in open conversation, unclassified email, or unofficial platforms. Operational details stay in the Sensitive Compartmented Information Facility (SCIF) unless explicitly downgraded.
What Good Looks Like

The good SPC 35L is the agent whose case files the team chief uses as the training example for the new PFCs. His reports are clean, his source contacts are documented, his legal-authority package is never missing a signature, and the INSCOM staff officer calls him by name when the theater tasking arrives. He is on the SGT board before the first re-enlistment window.

Go Deeper at E4
Time-blocked daily schedule, unit-type variations, career decisions, full reading list with chapters — written for the soldier in this seat.
Full E4 Playbook →
E5SGT (CI Team Member)

You are an NCO and a certified CI agent. You own a portion of the team's case load and the junior agent next to you copies how you write, how you brief, and how you handle a source who is getting cold feet.

What You Actually Do

You run operations on the team — source development, asset validation, CI interviews, preliminary investigations, liaison operations — with senior agent oversight on the most sensitive activities but genuine ownership of your case files. You write the mission package for a CI operation: authority documentation, operational plan, after-action report. You train junior agents on interview techniques, report writing, and legal-authority frameworks. You may run the OPSEC support program for a supported battalion — walk-in program, threat brief cycle, CI force protection source file — as the primary agent of record. On a deployed team or a HUMINT support team, you may be the senior agent on site for weeks at a time with the team chief available by SIPR message but not physically present. You write NCOERs for your SPCs and you have the "NCO now, CI agent always" tension figured out — because the best 35L NCOs never forget that the tradecraft runs the career, not the stripes.

Key Skills to Drill
  • 01Run a CI source development operation from initial assessment through validation recommendation — documented authority at each phase, team chief briefed before phase transitions.
  • 02Execute a CI interview of a subject of investigative interest under the team chief's legal review — Article 31 rights administered correctly, interview documented verbatim or on audio where authorized.
  • 03Brief the supported unit G2 or S2 on CI threat picture — named threat actors, collection methodologies, force protection indicators, safe-reporting procedures — without over-classifying or over-simplifying.
  • 04Write a source validation report to DIA / INSCOM standards — reliability, access, corroboration, CI vetting, closure recommendation — clean enough the senior debriefer can sign without edits.
  • 05Mentor a SPC 35L through their first solo contact and first solo report — your name is on the endorsement and the standard is yours.
  • 06Manage a liaison relationship with a host-nation CI partner or FBI field office — purpose documented, scope bounded, no unilateral commitments, SITREP to team chief within 24 hours.
Manuals & References
  • FM 2-22.2 and ATP 2-22.2-1 / 2-22.2-2 — the doctrinal and technical backbone you quote by section, not just by title.
  • AR 381-20 — Army CI Program (the governing regulation; you counsel junior agents on the boundaries weekly).
  • DoD 5240.1-R — Procedures Governing DoD Intelligence Components (you teach this to new SPCs in their first week).
  • UCMJ Chapter X + applicable federal law (18 USC 793, 798 as applicable) — as an NCO you brief the legal exposure clearly; junior agents who understand what a felony looks like are junior agents who report correctly.
  • TC 7-22.7 — The Army NCO Guide + ADP 6-22 — Army Leadership (you are an NCO now, not just an agent; the leadership doctrine runs parallel to the CI doctrine).
Standards You Must Hit
  • BLC graduate; ALC packet built before the second re-enlistment window.
  • Minimum one senior CI qualification or training course completed (Advanced CI Agent Course, polygraph examiner school if selected, special agent designation) or in-pipeline.
  • Zero unresolved legal authority gaps on any case under your name — team chief should not have to ask.
  • NCOER bullets in action-result-impact format with classified outcomes where applicable and measurable unclassified outcomes where required by AR 623-3.
  • ACFT 560+ maintained through deployment cycles — CI NCOs who cannot pass the physical test at the team level are a liability the team chief documents.
Common Technical Mistakes
  • Conducting a source contact that escalates beyond initial assessment authority without calling the team chief for approval. The legal authority phases are hard stops, not soft guidelines.
  • Writing a NCOER bullet that reveals classified case specifics. The AR 623-3 standard for classified work is measurable impact without operational detail — get the SSO or ISOO guidance before you write it.
  • Treating a source as a friend rather than a managed human asset. Source validation lapses, unreported foreign contacts, and emotional attachment to a source are top CI compromise vectors.
  • Letting the ALC slip because the operational tempo is high. The 35L NCO who has no leadership credentials at the SSG board is the 35L who stays a SGT for two more cycles.
  • Briefing sensitive operations details to a parallel-unit MI or HUMINT element without explicit authority and coordination through your team chief and the INSCOM or theater J2X.
What Good Looks Like

The good SGT 35L is the agent the team chief sends to the solo site because the case file is the cleanest, the legal package is never missing a page, and the source who went cold came back after one contact visit. His SPCs write reports that do not need wholesale rewrites. He has ALC ready, a senior CI course in-pipeline, and the team chief is already recommending the Warrant Officer program.

Go Deeper at E5
Time-blocked daily schedule, unit-type variations, career decisions, full reading list with chapters — written for the soldier in this seat.
Full E5 Playbook →
E6SSG (CI Team Chief or Senior Agent)

You are the team chief. Every operation the team runs starts with your authority and ends with your name on the case file. The junior agents copy your tradecraft whether you intend for them to or not.

What You Actually Do

You run a CI team of 3-6 agents conducting source operations, liaison operations, CI investigations, CI force protection, and support to HUMINT operations at a G2 CI section, an INSCOM battalion, a DCSA field activity, or a theater special operations CI element. You hold operational authority for contacts at the initial and developmental phases. You brief the G2 or J2, the unit CDR, or the theater CI staff on the team's operations and threat reporting. You write and sign all case files for the operations your team conducts. You conduct the annual validation of every source in your team's file. You manage the team's counterintelligence force protection source (CFSO) program for supported units. You prepare mission packages for submission to INSCOM or theater approval for sensitive activities requiring higher authority. And you are building the SSG CI NCO who replaces you — because the 35L who commands all the institutional knowledge and trains nobody is the 35L the command cannot promote past his current billet.

Key Skills to Drill
  • 01Brief the supported G2 or CDR on CI threat picture, current operations status, and liaison products — specific, unvarnished, and calibrated to what the commander can act on.
  • 02Approve and sign CI operational authorities at the team-chief level — initial contacts, developmental contacts, CI force protection activities — with full legal review current.
  • 03Conduct a CI validation interview of a long-established source — polygraph referral if appropriate, access verification, motive assessment — and write the validation recommendation to DIA / INSCOM standard.
  • 04Run a CI mission package preparation from tasking to INSCOM or theater submission — operations plan, authority request, communications plan, extraction plan, reporting plan.
  • 05Mentor two SGTs simultaneously — case file standards, interview technique, legal-authority discipline, NCO leadership — and produce at least one SLC-ready 35L per 24-month cycle.
  • 06Run a CI liaison program with FBI, DCSA, DIA, or allied CI elements — purpose documented, deconfliction process active, no unilateral action.
Manuals & References
  • FM 2-22.2 and ATP 2-22.2-1 / 2-22.2-2 — you write the team's SOP from these.
  • AR 381-20 — Army CI Program (your authority document; you brief the CDR on its limits).
  • DoD 5240.1-R — Procedures Governing DoD Intelligence Components (the legal framework for every operation the team runs).
  • ICD 304 + applicable HUMINT validation ICDs — cross-MOS validation standards you coordinate with the theater J2X.
  • AR 623-3 + DA PAM 623-3 — Evaluation Reporting System (you write NCOERs for 3-4 agents per cycle; they need to be defensible at SFC board).
Standards You Must Hit
  • ALC graduate; SLC packet in motion; Warrant Officer program recommended to strong performers.
  • Zero case files with unresolved legal-authority gaps — team chief's name is on every file.
  • CI program metrics reported to G2 on timeline — number of contacts, reports produced, operations active, source validation currency.
  • At least one advanced CI course or joint school assignment completed or in pipeline (JCITA, advanced counterintelligence training, SEAR, SERE if applicable).
  • NCOER profile that picks at least one SGT per cycle for the SFC board slate.
Common Technical Mistakes
  • Approving an operational phase without the required legal review document in the file. When INSCOM or the DoD IG pulls the case, the missing legal review is the first thing they cite.
  • Failing to deconflict operations with the supported unit's HUMINT collection manager (35M or J2X). Parallel source contact by two different elements against the same target is a double-agent exposure vector.
  • Writing a NCOER that exposes classified operational detail or uses the NCOER as an operational history of the team. AR 623-3 requires classified work to be captured without operational specificity; the ISOO guidance is real.
  • Allowing the team's source validation cycle to lapse. Unvalidated sources are unacceptable by ICD 304 standards; the theater J2X or INSCOM CI command notices within one reporting cycle.
  • Sharing operational details across unclassified channels in an emergency because the SIPR is down. The operational security of every case is absolute; the team chief who shortcuts it once establishes the team's culture.
What Good Looks Like

The good SSG 35L is the team chief the G2 calls when the 15-6 investigation involves a potential foreign intelligence officer. His case files pass the INSCOM quality review without a single flag; his SGTs are producing reports the theater J2 replicates as templates; and the source validation cycle has never lapsed under his authority. He has ALC done, SLC in-slot, and the Warrant Officer packet is on the desk.

Go Deeper at E6
Time-blocked daily schedule, unit-type variations, career decisions, full reading list with chapters — written for the soldier in this seat.
Full E6 Playbook →
E7SFC (CI Platoon Sergeant / Senior Team Chief)

You are the senior CI NCO in the section. The junior team chiefs ask you how to handle the operation that just went sideways at 0200, and your answer is what the team does.

What You Actually Do

As a SFC you run the CI platoon or CI section of a G2 or INSCOM battalion — 2-4 teams, 10-25 agents, covering a theater geographic area or a full range of CI functions (FP, source operations, investigations, liaison, cyber CI where applicable). You build the section's CI program — operations plan, training plan, mission tracking, source validation cycle — and brief the S2 or G2 Officer and the BN CDR on program status. You write NCOERs for 4-6 SSGs per cycle. You approve operational authorities that exceed team-chief level and require senior NCO endorsement. You manage the section's security and classification program. You advocate with INSCOM staff or theater J2X for resources, authorities, and priority intelligence requirements (PIRs) that support the unit's mission. And you build the next team chief — because the SFC who stops teaching is the SFC the section cannot spare.

Key Skills to Drill
  • 01Run a multi-team CI program — source operations, investigations, liaison, CFSO — with synchronized mission packages, deconflicted collection, and reporting that contributes to the G2 PIR cycle.
  • 02Brief the BN CDR or G2 on CI threat picture, ongoing operations, and risk — including the honest call when an operation should be suspended or a source should be validated out.
  • 03Approve senior-level operational endorsements — developmental contacts, preliminary investigations, sensitive liaison activities — with full legal review in the file before the signature.
  • 04Manage the section's personnel — leave, training, clearance reinvestigations, NCOER cycle, ALC/SLC pipeline, Warrant Officer referrals — without the 1SG having to chase the SFC for updates.
  • 05Mentor 4-6 SSG team chiefs simultaneously — operational guidance, case file quality, legal discipline, leadership under ambiguity — with individual counseling on the 14th.
  • 06Translate theater or INSCOM CI strategy into team-level mission tasking the SSGs can execute without weekly re-direction.
Manuals & References
  • FM 2-22.2 + ATP 2-22.2-1 / 2-22.2-2 — doctrinal authority you quote from memory.
  • AR 381-20 — Army CI Program (you draft the section's program document against this).
  • ICD 304 and applicable Intelligence Community Directives — cross-community authorities that bind Army CI operations in joint or JSOC environments.
  • AR 623-3 + DA PAM 623-3 — Evaluation Reporting System (you write 4-6 NCOERs per cycle for SSG team chiefs; they need to be on the SFC/MSG slate).
  • TC 7-22.7 — Army NCO Guide + ADP 6-22 — Army Leadership (senior NCO doctrine runs parallel to CI doctrine at this level).
Standards You Must Hit
  • SLC graduate or in-slot; MLC packet considered; Chief Warrant Officer program recommended to the strongest SSG per cycle.
  • Section CI program documented and briefable to the G2 or BN CDR at any time — operations active, reports produced, source validation current.
  • NCOER profile producing at least one SFC selectee per 24-month cycle from among your SSG team chiefs.
  • Zero section-level security incidents — classification, clearance, source protection — under your direct supervision.
  • ACFT 540+ and physical readiness maintained through field and deployment cycles.
Common Technical Mistakes
  • Approving a team operational request without reading the legal-authority section of the case file personally. The SFC who defers the review to the team chief is the SFC whose endorsement is invalid when the DoD IG arrives.
  • Letting two teams run parallel contacts against the same subject without explicit deconfliction. A double-agent scenario surfaces; the INSCOM CI command wants to know who authorized both contacts.
  • Writing an NCOER for an SSG team chief that inflates accomplishments beyond the classified reality. The SFC board sees the evals across the INSCOM enterprise; inflated evals are visible against a peer population.
  • Stopping the Warrant Officer referral conversation for strong performers because the section needs bodies. The 35L Warrant Officer (WO) path (350L CW2-CW5) is the most capable CI track in the Army; denying strong performers access to the conversation is a talent management failure.
  • Letting the section training program drift because operations are the priority. CI tradecraft decays faster than most MI skills; the SFC who stops training is the SFC whose team makes a legal-authority error in the next deployment.
What Good Looks Like

The good SFC 35L is the senior NCO the G2 names when the INSCOM IG inspection is scheduled — because the case files are current, the legal-authority documentation is in every folder, and the source validation cycle has never lapsed on his watch. His SSG team chiefs run operations independently and brief cleanly. He has SLC done, MLC considered, and the WO referral memo is signed for the two strongest SPCs in the section.

Go Deeper at E7
Time-blocked daily schedule, unit-type variations, career decisions, full reading list with chapters — written for the soldier in this seat.
Full E7 Playbook →
E8-E91SG / MSG → SGM / CSM (Senior CI NCO)

You are the senior enlisted CI advisor at the battalion, group, or command level. The G2 calls you when the operation is sensitive enough that the team chief should not be making the call alone.

What You Actually Do

As a 1SG, MSG, SGM, or CSM in the CI community you run the enlisted force of an INSCOM battalion or company, a theater CI element, a DIA field activity, or a special operations support element where CI senior NCOs hold significant operational authority. As 1SG or MSG you run the company-level personnel, training, and readiness program for 40-100 CI agents across 6-12 teams, covering multiple geographic areas and mission sets. You advise the CDR on operational risk, personnel risk, and program integrity. You write eEVALs for SFCs and SSGs that populate the MSG / SGM slate. At SGM or CSM level you set the professional and ethical standards for the CI enterprise — INSCOM-wide, theater-wide, or joint-command-level. You build the next senior NCO, the next WO, and the next commissioned intelligence officer through mentoring that spans careers. The post-Army transition for senior 35L NCOs is real and specific: DCSA GS-13/14 special agent billets, FBI counterintelligence careers, DIA senior enlisted equivalent positions, defense contractor CI program manager. Start building that bridge 24-36 months out.

Key Skills to Drill
  • 01Run a multi-company or multi-team CI enterprise — source operations, investigations, FP, liaison, cyber CI — with reporting that contributes to the national-level CI mission.
  • 02Advise the CDR or commanding general on CI operational risk, program integrity, and sensitive-activity authority without hedging the honest assessment.
  • 03Sit on promotion boards, SGM Academy slates, and CI senior-NCO credentialing panels with the confidentiality and judgment the convening authority requires.
  • 04Translate INSCOM, DIA, or ODNI CI strategy into unit-level program and talent decisions that the company CDRs can execute.
  • 05Run a real-world CI investigation or foreign-contact response as the senior enlisted advisor — your recommendation to the CDR is what shapes the command's response.
  • 06Build the post-Army transition plan for yourself and the senior NCOs you mentor — federal civilian, defense contractor CI, law-enforcement — 24-36 months out.
Manuals & References
  • AR 381-20 — Army CI Program (you are now the command-level expert the JAG quotes).
  • DoD 5240.1-R — Procedures Governing DoD Intelligence Components (you brief the CDR on the legal boundaries of the entire program).
  • Applicable IC Directives (ICD 304, ICD 203, ICD 206) — national-level standards you translate for Army CI application.
  • AR 623-3 + DA PAM 623-3 — you produce the senior NCO eEVALs the promotion board reads.
  • MILPERSMAN equivalent INSCOM retention / promotion guidance — the 350L Warrant Officer pipeline, the SF-86 CE process for senior leaders, and the school assignment pipeline at MSG/SGM level.
Standards You Must Hit
  • SGM Academy graduate (if in 1SG / SGM track); enterprise CI program metrics briefable to the commanding general at any time.
  • CI program producing WOs, commissioned officers (Green-to-Gold), and federal civilian selectees at rates above INSCOM average.
  • Zero senior-NCO-level integrity incidents — security, financial, personnel, UCMJ.
  • Post-Army transition credentials in motion 24-36 months out: DCSA hiring process, security clearance translation, federal resume, TS/SCI reinvestigation currency maintained.
  • Personal ACFT and fitness standard maintained — the senior NCO who stops performing sets the cultural floor for the battalion.
Common Technical Mistakes
  • Allowing program-level legal-authority gaps to persist because the operational tempo is high. At SGM/CSM level a systemic legal-authority gap becomes a Congressional notification and an INSCOM command climate investigation.
  • Stopping the WO and commissioning referral conversation because the company needs to keep its best performers at team level. The talent pipeline for Army CI runs through the 350L WO program and the Enlisted Commissioning Program; denying it to strong performers is a long-term force health failure.
  • Treating the SF-86 CE update as an administrative burden at senior level. The senior 35L whose clearance lapses or who has an undisclosed foreign contact on a continuous evaluation is the one the INSCOM IG cites in the annual report.
  • Waiting until the final year to build the federal civilian or defense contractor bridge. DCSA GS-13/14 special agent positions have long hiring timelines; start 24-36 months out.
  • Running command climate at the senior enlisted level by seniority and presence instead of documented programs. The SGM who relies on reputation alone and never institutionalizes the training program creates a section that collapses when he retires.
What Good Looks Like

The good MSG, SGM, or CSM in the CI community is the senior NCO the INSCOM commanding general names when the sensitive-activity brief goes to the Senate Intelligence Committee. His program produces WOs, commissioned officers, and DCSA selectees above enterprise average. His legal-authority documentation is never an inspection finding. He has the post-Army bridge built, and the three senior NCOs he mentored are building the same for themselves.

Go Deeper at E8-E9
Time-blocked daily schedule, unit-type variations, career decisions, full reading list with chapters — written for the soldier in this seat.
Full E8-E9 Playbook →
Training Pipeline
1
BCT10w
Fort Huachuca (AZ)
2
AIT18w
Fort Huachuca (AZ)
Counterintelligence Agent — CI collection, analysis, source operations. TS/SCI required.
On the Outside

What this actually is in the real world

Your skills translate. Here's what civilian employers call this job — and what they pay.

Intelligence Analysts

Related field
$103,880$64,430$159,720/yr median
Job market: Average (4%)

Operations Research Analysts

Related field
$83,640$51,490$138,810/yr median
Job market: Much faster than average (23%)

Data Scientists

Related field
$108,020$64,240$167,040/yr median
Job market: Much faster than average (35%)

Salary data from the U.S. Bureau of Labor Statistics Occupational Employment and Wage Statistics program, retrieved Feb 2026. BLS.gov cannot vouch for the data or analyses derived from these data after the data have been retrieved from BLS.gov.

The Robot Read

How exposed is the civilian version of this job to AI?

Not a measurement of this MOS. Published labor-market research on the closest civilian occupation in our crosswalk — treat it as a signal, not a verdict.

Moderate ExposureModerate Confidence

Closest civilian match: Intelligence Analysts (related match)

Report writing, pattern analysis, and briefing production are the core of the job — real, meaningful LLM exposure (40%) in the 2023 study. Frey & Osborne’s 2013 appendix never scored "Intelligence Analysts" as a distinct occupation (it wasn’t broken out as its own line in their 702-job list), so there’s no comparable 2013-era number — we’re not going to borrow one from a neighboring title and pretend it fits.

This describes exposure for the civilian occupation, not a rating of this MOS, your unit, or your actual day-to-day duties. The matched civilian job is a close or related crosswalk, not exact.

Selective Reenlistment Bonus (SRB)
$13,700SGT · 36-month contract · as of 2024-04-03
SGT rank, 36-month contract · Source: MILPER messages · Data gaps where PDFs unavailable

MOS Pulse

Anonymous · One tap · No account

Three seconds of your time, zero of your identity. This is how the honest picture of 35L gets built — one tap at a time.

Knowing what you know now — would you pick 35L again?

Did your recruiter describe this job accurately?

Hours per week this job actually takes in garrison?

That tap took 3 seconds. A full review takes 10 minutes — and does about 100x more for the next person staring at this contract.

Write the Full Review →
Reviews
Founding ReviewUnclaimed

Nobody’s gone first. Yet.

Zero reviews for 35L. Not because nobody has opinions — anyone who’s actually done Counter Intelligence Agent is carrying a full magazine of them — but because nobody’s put theirs on the record.

So here’s the deal: the first approved review of every MOS becomes its Founding Review. Permanently badged, permanently first. Every person who looks up 35L from now on reads it before anything else — including the recruiter’s version.

We could fill this page with fake reviews tonight. Plenty of sites do. We never will — which means this space stays exactly this empty until someone who lived it goes first.

Sign Up & Claim ItFree account · takes two minutes

Anonymous by default — no name, no unit, fuzzy timestamps. Your chain of command never knows it was you.

FAQ

35L Counter Intelligence Agent — FAQ

Q01What does a 35L do in the Army?
After graduating AIT at the USA Intelligence Center of Excellence (USAICoE) at Fort Huachuca, you report to a CI team at an INSCOM unit, a G2 section at a brigade or division, a theater special operations CI element, or a Defense Counterintelligence and Security Agency (DCSA) field office.
Q02How long is 35L training and where is it held?
35L training is approximately 20 weeks of Advanced Individual Training (AIT) after Basic Combat Training, held at Fort Huachuca, AZ.
Q03What security clearance does a 35L need?
35L typically requires a TS/SCI security clearance, granted after a background investigation.
Q04What does a day in the life of a 35L look like?
A typical junior-enlisted 35L day: 0500 Wake, personal PT if the unit runs individual morning sessions — CI teams often have flex PT windows before the 0630 formation, 0630 Unit PT formation. CI sections are typically small enough that the team chief runs the PT plan directly. Runs, rucks, and functional strength depending on the week's plan, 0800 Team room open. Review overnight traffic on SIPR — threat reports, INSCOM tasking messages,…
Q05What are the most common career-ending mistakes for a 35L?
Any unauthorized disclosure of source identity, case detail, or operational information outside the need-to-know chain — this is a federal investigation, not a counseling statement; Undisclosed foreign contact, financial problem, or personal conduct issue on the SF-86 CE update — adjudication is the government's job; your job is to report everything and let them decide; UCMJ Article 15 or DUI: in a community where your security clearance is your career,…
Q06What's the career progression for a 35L?
Arrive at first unit, begin supervised operations under senior agent; target Basic CI Badge within 12 months; First CIREPs and database support products submitted under team chief review — clean documentation is the metric; Sit in on first CI interviews and liaison meetings; documentation role, not lead role
Q07How often do 35L soldiers deploy?
Deployment tempo for 35L is moderate — deployments happen on a predictable rotation. Deploys to conduct counterintelligence operations in theater; some assignments at fixed sites worldwide
Q08What's the recruiter not telling me about 35L?
You are a counterintelligence agent, which sounds exactly as cool as you think it is and is simultaneously more boring than you can imagine.
How does 35L compare?
See side-by-side ratings, quality of life, and community takes.
Published by the Honest MOS Editorial DeskVerified against DoD/.gov sourcesUpdated May 2026Editorial standards

Sources:Branch MOS catalog · DTMO pay tables · DoD/.gov benefits references · O*NET civilian career mapping · verified service-member reviews