Skip to main content
HonestMOS
InvestigationsCongress made VA disability claims free to file. An entire industry charges veterans anyway — and nobody can stop them.
USA35Q

Cryptologic Network Warfare Specialist

Operates offensive and defensive cyber tools to support intelligence collection and operations. Works at the intersection of SIGINT, cyberspace, and network operations to support national intelligence missions.

No reviews yet
Watch this MOSGet pinged when 35Q — Cryptologic Network Warfare Specialist hits an SRB list, cutoff drop, or BAH change. Free account, anonymous as always.
Recruiter vs. Reality
What they tell you

Conduct cyberspace operations at the intersection of SIGINT and cyber warfare. Work with advanced collection and exploitation tools. Operate in one of DoD's most technically demanding intelligence specialties. Direct pathways to NSA, CYBERCOM, and defense cyber contractor roles.

What it's actually like

The 35Q sits at the intersection of signals intelligence and cyberspace operations — collection, exploitation, and analysis of digital communications and networks with the technical depth of both fields. The training is classified enough that what you learn in AIT is not discussed at family dinners, which is either thrilling or isolating depending on your relationship with secrets. The work involves network analysis, digital forensics, exploitation techniques, and production of intelligence that feeds both the signals intelligence community and cyber operations planning. The technical depth required is real — this is not a MOS for people who want to operate systems without understanding them. If you have the aptitude, the training is exceptional, comparable to programs that cost six figures in the civilian world. The cleared contractor ecosystem for people with 35Q backgrounds and the relevant clearances is lucrative in a way that is not adequately emphasized during your service. NSA and CYBERCOM are the natural government landing zones. The contractors who support those missions pay what the government can't. The transition, when timed well, is one of the better financial outcomes available to an enlisted soldier leaving the Army.

First-hand intel neededWrite a Review

Execute the Job — By Rank

How you actually run this job at each rank — what you do, what you drill, which manuals you own, and what good looks like. Written for the soldier, sailor, airman, Marine, or Guardian currently in the seat. Each rank deeplinks into the full Playbook deep-dive: time-blocked schedules, unit-type variations, career decisions, and the read on the next rank.

E1-E3PV1 — PFC (Cherry Operator)

You are the junior cryptologic cyberspace soldier — the Army's contribution to an NSA-tasked Cyber Mission Force seat. You have a TS/SCI with the polygraph and zero credibility. Your job for the next 24 months is to earn the second one so the first one is worth carrying.

What You Actually Do

You came out of AIT at NIOC Corry Station in Pensacola — the 334th Military Intelligence Battalion runs the schoolhouse alongside the Navy, the Air Force, and the Marines, because 35Q is the Army's piece of the Service Cryptologic Component workforce that fills NSA's chairs. You showed up to your first unit — most likely the 780th MI Brigade at Fort Meade, the 706th MI Group at Fort Eisenhower (NSA/CSS Georgia), or a Cyber Mission Force team detached to NSA-Hawaii, NSA-Texas, or NSA-Colorado — and the senior operator on the team handed you a reading queue, a JWICS account, and a list of internal certifications you have 12 months to pass. Most of your week is shadowing a certified work-role on the team, consuming on-the-job training, sitting at a position you cannot drive alone yet, and grinding through the unglamorous part — clearance reinvestigation paperwork, polygraph re-scopes, SAEDA / TARP / cyber-awareness ticklers, IAT-II prerequisite study, classified destruction logs, and the JQR / OJT signoff book the senior operator inspects every Friday.

Key Skills to Drill
  • 01Operate inside an NSA-tasked SCIF to AR 380-5 and ICD 705 standards — badge discipline, two-person integrity, classified discussion only inside the spaces rated for it.
  • 02Drive the basic analyst / operator tooling on JWICS and SIPR — query, pivot, log your work, and never run on someone else's credentials.
  • 03Read traffic and write a one-paragraph BLUF a senior operator can put in front of the watch chief without rewriting.
  • 04Sit a position under qualification — shadow the certified operator, run the JQR / OJT book, and ask the question before you press the key, not after.
  • 05Apply the analytic standards from ICD 203 (sourcing, confidence, alternative analysis) to anything you produce, even at the trainee level.
  • 06Pass the IAT-II prerequisites — the DoDM 8140 cyber workforce framework gates every position you are trying to qualify on.
Manuals & References
  • FM 2-0 — Intelligence (the Army doctrine spine; read chapters 1-3 your first month).
  • JP 3-12 — Cyberspace Operations (how the Joint Force frames the mission you sit in).
  • JP 2-0 — Joint Intelligence (you are inside a joint workforce from day one).
  • AR 380-5 — Department of the Army Information Security Program.
  • AR 381-12 — Threat Awareness and Reporting Program (TARP); AR 381-10 — US Army Intelligence Activities.
  • AR 25-2 — Army Cybersecurity; DoDM 8140 — Cyberspace Workforce Qualification.
Standards You Must Hit
  • JQR / OJT signoff on your assigned work-role inside the published timeline — most teams expect first-position qualification inside 12-18 months.
  • IAT-II baseline credential on the DoDM 8140 list (Security+ CE is the most common entry credential funded by the unit).
  • TS/SCI with the appropriate polygraph maintained without a flag — one mishandling incident and the SSO pulls your access that afternoon.
  • ACFT 500+ floor — NSA-detail work is sedentary by nature; the Army standard does not move.
  • Annual SAEDA / TARP / cyber awareness / OPSEC / insider-threat training complete before the suspense — your name on the brigade non-compliance roll is the wrong way to be noticed.
Common Technical Mistakes
  • Taking a phone, smartwatch, or any personal electronic into a SCIF. Even once. The SSO pulls access that afternoon and the CI investigation runs months.
  • Logging into a SIPR or JWICS terminal on someone else's account because "they were right here." Account sharing is auditable; the audit closes your access permanently.
  • Talking about work in the hallway, the smoke pit, or the gym. Where you work, what you target, and who you support do not leave the SCIF — not even shorthand to your roommate.
  • Posting OPSEC-relevant content on social media — unit patch, building location, "first day at Fort Meade" photos, LinkedIn descriptions that name programs by code. Foreign collection is real and your name goes in a file.
  • Pressing a key on a position you are not signed-off on because "the senior op stepped out." Unsupervised operator action without qualification gets the team's authority pulled and your career ends before E-4.
What Good Looks Like

The good cherry 35Q is the PFC the senior operator brings to the morning brief because the BLUF on his shadow-product was right and the citations were clean. By month nine the JQR book is half done; by month eighteen he is sitting an unsupervised position and the team chief mentions him by name at the Service Cryptologic Element shift turnover. The warrant on the team has started asking him what he is reading on his own time.

Go Deeper at E1-E3
Time-blocked daily schedule, unit-type variations, career decisions, full reading list with chapters — written for the soldier in this seat.
Full E1-E3 Playbook →
E4SPC / CPL (Qualified Operator)

You are the workhorse on the position. The new privates copy how you log a query and how you write a target line; the senior operator hands you the hard problem on Monday because he expects it back clean by Wednesday.

What You Actually Do

You are qualified on at least one work-role under the joint NSA/USCYBERCOM training framework, and you are reading toward the next one. You sit a position unsupervised on a Cyber Mission Force team, an NSA-tasked analytic line at Fort Meade, NSA Georgia, NSA Hawaii, NSA Texas, or a deployed-equivalent detachment. You drive the tools, you write the products, you handle the RFI cycle with the supported staff, and you are the bench when the senior operator is on leave or at a school. You are also the Army-side junior leader on a joint team — when the joint workforce confuses Army career counseling with Navy detailing, you are the one explaining how DA Form 4187s, PERSTEMPO, and the brigade enlisted-management cell actually work.

Key Skills to Drill
  • 01Run a qualified position on a Cyber Mission Force or NSA-tasked analytic line without supervisor over-the-shoulder — log every action, hand off cleanly at shift change, and produce the standard work-role deliverable on time.
  • 02Apply the joint targeting and analytic cycle (JP 3-60, JP 2-0, JP 3-12) end-to-end inside the cryptologic enterprise — not theoretically, in the specific products your team owes the supported command.
  • 03Apply ICD 203 / 206 to every product — sourcing line, confidence statement, alternative analysis when warranted, dissent captured per ICD 203 if you disagree.
  • 04Drive cross-domain hygiene — JWICS, SIPR, NIPR — without spillage. One spillage rolls up to Army CI and the SSO closes terminals for a week.
  • 05Operate the team's position-specific tooling well enough to train the next cherry on it; the JQR signoff you collect today becomes the JQR you sign for someone else inside 12 months.
  • 06Run a request-for-information dialogue with the supported tactical or theater customer — phrase the answer so it survives the next echelon up, and know when to pull the senior operator into the chat.
Manuals & References
  • JP 3-12 — Cyberspace Operations (the joint frame for everything your team does).
  • JP 2-0 — Joint Intelligence; JP 3-60 — Joint Targeting.
  • ICD 203 — Analytic Standards; ICD 206 — Sourcing Requirements for Disseminated Analytic Products.
  • ICD 503 — IC IT Systems Security Risk Management; ICD 705 — SCIF Standards.
  • AR 381-10 — US Army Intelligence Activities; AR 381-12 — TARP; AR 380-5 — Information Security.
  • DoDM 8140 — Cyberspace Workforce Qualification (the framework your IAT and work-role credentials live under).
Standards You Must Hit
  • At least one work-role qualification signed off; second work-role under JQR.
  • IAT-II baseline maintained (Security+ CE typical); IAT-III in motion if the team's work-role demands it (CISSP, CCNA-CyberOps, or platform-specific equivalents on the DoDM 8140 list).
  • BLC graduate; promotion points stacked with credentials, college credit (CLEP/DSST/TA), correspondence, and any Foundry / cryptologic-school seat the unit slots you for.
  • ACFT 540+ floor — the Army standard does not bend because your duty station is a SCIF.
  • Source-citation discipline 100% — the SSO inspects on this and ICD 203 grades on this above brigade.
Common Technical Mistakes
  • Running on a position you are not currently qualified on because "I did it last rotation." Currency lapses are auditable; the team's authority and your access both pay.
  • Plagiarizing a higher-echelon assessment into your product without proper sourcing — the supported analyst will catch it, the senior operator will catch it, the credibility never comes back.
  • Letting the IAT-II credential lapse. The DoDM 8140 audit pulls you off the position the day it expires and the team is short an operator until you re-test.
  • Sharing a SIPR / JWICS / NSAnet password with anyone — your team lead, your roommate, the contractor sitting next to you. Two-person integrity is two people with their own credentials. The audit log finds it.
  • Treating the joint workforce as "not really Army." Promotion points, NCOERs, schools, and re-enlistment options run through your Army chain; the Navy chief sitting next to you cannot fix your DA 4187.
What Good Looks Like

The good Specialist 35Q is the operator the senior NCO hands the hardest target line to on Monday because it will come back clean, sourced, and ready by Wednesday. He is sitting two work-roles, his IAT-III voucher is in motion, the team chief mentions his name in the SCE shift turnover, and the brigade S2 SGM is asking whether he is on the SGT-board slate yet. He also gets the platoon's Army-internal paperwork done on time, which is what separates a qualified operator from a Specialist running a junior NCO seat.

Go Deeper at E4
Time-blocked daily schedule, unit-type variations, career decisions, full reading list with chapters — written for the soldier in this seat.
Full E4 Playbook →
E5SGT (Mission Element Lead / Watch NCO)

You are an NCO now and a qualified operator with a vote on the floor. The privates do their counselings off your statements; the senior NCO briefs the team chief and the supported command off products you signed for.

What You Actually Do

You lead a small Army-side element on a Cyber Mission Force team, a watch shift in an NSA-tasked analytic cell, or a section inside the 780th MI Brigade or the 706th MI Group. You are dual-billeted in a way the Army does not always explain well — you have a joint work-role at NSA / USCYBERCOM and an Army NCO seat, and you are accountable to both. You counsel your soldiers on the 14th and after every position event. You write the section's input to the watch chief's shift turnover. You sit at the team huddle, you defend confidence levels under questioning from a supported O-3 or O-4, and you are the senior Army NCO on the floor when the SSG NCOIC is at sick call or in ALC. You will also still be at the position — the moment you stop driving the tools is the moment you stop being credible.

Key Skills to Drill
  • 01Run a Cyber Mission Force shift, mission element, or analytic watch as the lead Army NCO — accountability, position coverage, JQR currency, IAT credential currency, and tasked deliverables out the door on time.
  • 02Drive at least two qualified work-roles to current standard; lead the JQR / OJT signoff for the soldiers underneath you to the same standard you were held to.
  • 03Apply the joint analytic and targeting cycle (JP 2-0, JP 3-12, JP 3-60) end-to-end on the products your shift owes — and defend the team's call to the supported command when they wanted a different one.
  • 04Write the DA 4856 counseling that documents both the technical mistake and the development plan — Plan of Action specific, measurable, signed before the soldier leaves the room.
  • 05Run the Army-internal piece for a joint workforce — promotion packets, DA 4187s, schools, retention bonuses, family-readiness — without making the soldier go find HRC themselves.
  • 06Operate the cross-MOS interface honestly — 35Q sits next to 35N (SIGINT analyst), 35P (cryptologic linguist), 35S (signals collector), and 17C (cyber operations) seats. Know what each does and how the work-role boundaries are drawn so you do not embarrass the team by claiming someone else's lane.
Manuals & References
  • FM 2-0 — Intelligence (own it cover-to-cover at this rank).
  • JP 3-12 — Cyberspace Operations; JP 2-0 — Joint Intelligence; JP 3-60 — Joint Targeting.
  • ICD 203 / 206 / 208 — Analytic Standards, Sourcing, Utility of Disseminated Analytic Products.
  • ICD 503 — IC IT Risk Management; ICD 705 — SCIF Accreditation.
  • AR 380-5 — Information Security; AR 381-10 — US Army Intelligence Activities; AR 381-12 — TARP; AR 25-2 — Cybersecurity.
  • DoDM 8140 — Cyberspace Workforce Qualification; AR 600-20 — Army Command Policy; AR 623-3 — Evaluation Reporting.
Standards You Must Hit
  • At least two work-role qualifications current; IAT-III credential in motion or already in hand if the work-role requires it.
  • BLC graduate; ALC slot built and ready when the schedule drops.
  • ACFT 560+ as a floor — your soldiers do not respect an NCO who skates on the test they are graded on, joint workforce or not.
  • Section product quality measurable — work-role deliverable timeliness, JQR pipeline velocity, IAT credential currency rate trending the right way under your tenure.
  • Promotion-points stacked: cryptologic / cyber school seats, weapons quals, college credit, credentials (Sec+, CCNA-CyberOps, CYSA+ depending on work-role), correspondence.
Common Technical Mistakes
  • Signing off a JQR on a soldier you have not actually watched at the position. The audit finds it, the senior operator finds it, and the team's training authority gets pulled.
  • Counseling soldiers verbally. If the SPC's currency-lapse or sourcing-discipline slip is not in writing, the senior rater cannot defend you and the SSG NCOIC cannot help you.
  • Skipping the SAEDA / TARP / insider-threat report on an indicator you saw — foreign contact, financial distress, unreported travel, behavioral change. AR 381-12 is not optional; the SSO will hear it from someone else first if not from you.
  • Confusing the joint chief / watch chief with your Army NCO chain. The CWO at NSA cannot write your NCOER and cannot defend you at the brigade enlisted-management cell.
  • Letting a SIPR / JWICS / NSAnet currency lapse on a soldier under you. Day-one of expiry the position is empty and the team chief asks why.
What Good Looks Like

The good SGT 35Q is the operator the watch chief trusts with the supported O-4's brief on a Saturday. His element's products survive the next echelon's read; his soldiers are picking up second and third work-roles on schedule; his SPCs are on the SGT-board slate when their time comes. The team's warrant officer (or the supported NSA civilian senior) knows his name. He is also the Army NCO who turned in his platoon's NCOER input on time without the 1SG asking — which is what separates a credible joint-workforce NCO from one who is hiding from the Army side of the house.

Go Deeper at E5
Time-blocked daily schedule, unit-type variations, career decisions, full reading list with chapters — written for the soldier in this seat.
Full E5 Playbook →
E6SSG (Mission Element NCOIC / Senior Operator)

You are the senior Army NCO on a Cyber Mission Force team, a senior watch NCO inside an NSA-tasked analytic line, or a section NCOIC at the 780th MI Brigade or 706th MI Group. The team chief runs the mission; you run the Army operators and the JQR / IAT / NCOER readiness picture.

What You Actually Do

You own a 6-12 soldier Army-side element on a joint team or platoon-equivalent of operators. You write the section's input to the brigade QTB. You sign for SCIF accreditation tasks under ICD 705, IT compliance tasks under ICD 503, and the work-role qualification pipeline under DoDM 8140. You build two SGTs into ALC-graduate, SLC-ready NCOs. You sit at the brigade enlisted-management table and at the joint team's leadership huddle. You will brief the team chief, the supporting MI battalion S3, or a supported O-6 on element readiness at least once a quarter, and you will defend the workforce-qualification line to a senior who wants a different number.

Key Skills to Drill
  • 01Run an Army-side element through a Cyber Mission Force readiness cycle, a real-world contingency, or an NSA-tasked operational tempo without losing JQR currency or the products.
  • 02Defend the element's readiness picture to the supported team chief, the MI battalion S3, or the brigade S2 OIC — say "this position is not currently qualified" when the room wants a different answer, and back it up.
  • 03Build a six-month training plan that produces one work-role-instructor-qualified NCO, two ICD-203-compliant analytic writers, and three certified operators on the team's second-most-demanded work-role.
  • 04Run the unit's Foundry / cryptologic school slot program — slot management, prerequisite tracking, post-course JQR follow-through. Foundry and NSA-cryptologic-school seats wasted are the SSG's on the next inspection.
  • 05Mentor SGTs on NCOER writing, board prep, and the warrant-officer-track / commissioning-track conversation honestly — the 35-series technician slate, the 17A Cyber Warfare Officer path, and the broader cryptologic-enterprise civilian pipeline are all real options to mentor.
  • 06Translate cryptologic / cyberspace uncertainty into a recommendation a supported commander can act on without losing the uncertainty in translation.
Manuals & References
  • FM 2-0; JP 3-12 — Cyberspace Operations; JP 2-0 — Joint Intelligence; JP 3-60 — Joint Targeting.
  • ICD 203 — Analytic Standards; ICD 206 — Sourcing; ICD 208 — Utility of Analytic Products.
  • ICD 503 — IC IT Risk Management; ICD 705 — SCIF Standards.
  • AR 380-5 — Information Security; AR 381-10 — US Army Intelligence Activities; AR 381-12 — TARP; AR 25-2 — Cybersecurity.
  • DoDM 8140 — Cyberspace Workforce Qualification (the framework you defend the element's readiness against).
  • AR 623-3 — Evaluation Reporting; AR 600-8-19 — Enlisted Promotions (you write NCOERs that pick the next slate).
Standards You Must Hit
  • ALC graduate; SLC packet built; consider an NSA-cryptologic-school instructor-qualified seat or an advanced cyber-school certification as the differentiator.
  • Three or more work-role qualifications across your career; IAT-III credential in hand (CISSP, CASP+, CCNP-Security, or equivalent depending on work-role).
  • Element JQR pipeline velocity at or above the team's average; IAT-credential currency rate at or above 95%; zero work-role-qualification audit findings during your tenure.
  • NCOER bullets on the official achievement list — action-result-impact, measurable, no "demonstrated exceptional cryptologic performance" filler.
  • Element ACFT pass rate at or above brigade average — the cryptologic guys do not get to skip the test.
Common Technical Mistakes
  • Letting a junior operator push a product to the supported command without your sign-off when the SOP requires senior-operator review. You signed for the element; you own every product that leaves the floor.
  • Writing an NCOER as a wish-list. Senior raters at the MI brigade and INSCOM read every 35Q NCOER and remember the SSG who inflated the SGT who could not drive a position.
  • Confusing tactical / Army-internal analysis with strategic / IC-level analysis. The skills overlap; the standards do not. Be honest about which one your element is producing for whom.
  • Bypassing the SSO on a physical-security, IT-compliance, or PERSEC finding. The SSO outranks you on SCIF compliance, and the report rolls up the chain you cannot influence.
  • Letting the warrant-officer / commissioning conversation be transactional. The technician and 17A paths are among the most consequential career moves in this MOS — mentor them like it is, including the honest parts about commute, family, and clearance maintenance.
What Good Looks Like

The good SSG 35Q runs an element the team chief names in the SCE shift turnover and the MI battalion CDR names in the brigade slide. His SGTs are SLC-board ready. His element produces products that survive the next echelon's read and that the supported command actually uses. His soldiers re-enlist with credentials the cleared-contractor sitting across the SCIF is bidding on, or they walk into a federal civilian seat with a clean clearance and a JQR jacket that translates. He has the warrant-officer-track / 17A / civilian-pipeline conversation honestly with each of his soldiers before their next re-enlistment window closes.

Go Deeper at E6
Time-blocked daily schedule, unit-type variations, career decisions, full reading list with chapters — written for the soldier in this seat.
Full E6 Playbook →
E7SFC (Platoon Sergeant / Senior Cryptologic NCO)

You are the senior Army cryptologic / cyber NCO in a company, a battalion S3 cell, a brigade S2 NCOIC seat, or a Cyber Mission Force operational element. The MI battalion CDR briefs the brigade CDR off the readiness picture you produced; the team chief at NSA briefs the supported COCOM off products your element signed for.

What You Actually Do

You run the platoon's or element's entire enlisted cryptologic / cyber workforce — training, evaluations, schools, the joint work-role pipeline, the IAT-II/III credential pipeline, NSA / USCYBERCOM detail assignments, retention, discipline. You build the MI company commander or the team chief into the next echelon. You write four-to-five NCOERs per cycle that pick the next SSG / SFC slate across the brigade's cryptologic / cyber workforce. You walk the floor during operational tempo — the brigade CDR, the brigade S2 SGM, the team chief, and the NSA civilian senior all rely on your read of the element's qualification picture. You will also still be the senior analytic / operational voice on a hard problem the team chief or the supported commander wants a second opinion on — the day you stop reading raw is the day you become a brochure.

Key Skills to Drill
  • 01Run a Cyber Mission Force team's enlisted readiness picture, or an MI company analytic platoon through a contested operational tempo and a real-world contingency mission, back-to-back, without losing the products or the soldiers.
  • 02Build the brigade or team's enlisted cryptologic / cyber training plan — Foundry slot allocation, NSA cryptologic-school sequencing, ALC/SLC scheduling, IAT-II/III certification pipeline, language-program coordination where applicable — and defend it at the brigade QTB or team-chief huddle.
  • 03Mentor a warrant-officer-technician or 17A Cyber Warfare Officer commissioning packet through preparation, application, and board sequencing.
  • 04Operate as senior cryptologic NCO on a JTF, INSCOM detachment, theater intel brigade, ARCYBER staff, or NSA-co-located detail — speak the language of the supported staff, not just the home one.
  • 05Run an internal SCIF accreditation cycle (ICD 705), an IC IT compliance cycle (ICD 503), and a DoDM 8140 workforce-qualification audit end-to-end without senior-NCO-attributable CAT-1 findings.
  • 06Brief enlisted readiness, JQR pipeline status, and credential-currency rate at the brigade CSM or team-chief level, in language the senior can defend at the next higher echelon.
Manuals & References
  • FM 2-0; JP 3-12 — Cyberspace Operations; JP 2-0 — Joint Intelligence; JP 3-60 — Joint Targeting; JP 2-01 — Joint and National Intelligence Support to Military Operations.
  • ICD 203 / 206 / 208 — Analytic Standards, Sourcing, Utility.
  • ICD 503 — IC IT Risk Management; ICD 705 — SCIF Accreditation.
  • AR 381-10 — US Army Intelligence Activities; AR 381-12 — TARP; AR 380-5 — Information Security; AR 25-2 — Army Cybersecurity.
  • DoDM 8140 — Cyberspace Workforce Qualification (the framework you defend the platoon's readiness against).
  • INSCOM, ARCYBER, and CIO/G-6 FRAGOs / ALARACTs; the USA Intelligence School and Cyber Center of Excellence senior leader publications.
Standards You Must Hit
  • SLC graduate; MLC packet built — required for E-8 board competitiveness.
  • Three-plus work-role qualifications across your career; senior IAT-III credential current (CISSP, CASP+, or equivalent).
  • Platoon / element JQR pipeline at or above the brigade or team's average; IAT-credential currency rate at or above 95%; zero unresolved CAT-1 SCIF accreditation or DoDM 8140 audit findings during your tenure.
  • Warrant-officer or 17A commissioning pipeline producing at least one selected candidate per year out of your platoon or section when the talent is there.
  • NCOER profile defensible at brigade, division, INSCOM, ARCYBER, and team-chief level — the rated NCOs you raised are getting selected on the next slate.
Common Technical Mistakes
  • Letting one team or section drift because the SSG NCOIC is "your guy." The DoDM 8140 audit finds it first, the SSO finds it second, the brigade CSM finds it third.
  • Briefing a confidence level or a readiness picture you cannot defend at the next echelon up. Theater intel brigades, INSCOM staff, ARCYBER staff, and NSA leadership read brigade products; they remember who wrote what.
  • Confusing tactical / Army-internal experience with strategic / IC / joint-force competence. The brigade and the team chief need both; senior NCOs who fake the second are exposed the first time they brief a J2 or an NSA senior.
  • Skipping the family-readiness piece because "the spouses run that." Cryptologic-MOS deployment tempo, polygraph reinvestigation stress, and irregular shift work are real loads on families, and you sign the readiness report on it.
  • Going around the brigade S2 OIC or the MI battalion CDR to a higher echelon. The CSM's door closes; the slate gets read out at the next CSM conference.
What Good Looks Like

The good SFC 35Q is the senior cryptologic / cyber NCO the brigade CSM, the MI battalion CDR, and the team chief at NSA all trust to run the element's readiness through a contested operational tempo and a real-world contingency without surprises. His warrant-officer-track and 17A commissioning pipeline is producing accessions; his platoon's NCOERs pick the next SSG-board slate; his SGTs are on the SLC slot list. He is on the short list for First Sergeant of an MI company before he sits MLC, and the supported COCOM's J2 enlisted senior knows his name.

Go Deeper at E7
Time-blocked daily schedule, unit-type variations, career decisions, full reading list with chapters — written for the soldier in this seat.
Full E7 Playbook →
E8-E91SG / MSG / SGM / CSM (Senior Enlisted Cryptologic / Cyber)

You are the senior enlisted cryptologic / cyber voice on a Military Intelligence company, a Cyber Mission Force element, the 780th MI Brigade, the 706th MI Group, an INSCOM major subordinate command, or an NSA / USCYBERCOM enlisted advisory seat. The brigade CDR, the team chief, or the INSCOM CG names you in the slide.

What You Actually Do

As 1SG you run an MI company — 90-130 operators, analysts, linguists, signals soldiers, the SCIF footprint, the orderly room, the supply room, the security clearances, the polygraph re-scope tracker, and the readiness reporting. As SGM/CSM on the 780th MI Brigade, the 706th MI Group, an INSCOM major subordinate command, an NSA-co-located detail, ARCYBER staff, or a Cyber Mission Force element, you set the standard for the enlisted cryptologic / cyber workforce at scale — JQR currency, IAT-II/III certification, work-role qualification, the warrant-officer-track / 17A commissioning pipeline, language-program governance where applicable, command climate inside a closed-access workforce that runs odd hours in a SCIF. You sit in the cryptologic-strategy and cyber-strategy conversations alongside O-5s, O-6s, GS-15s, and senior NSA civilians; you advise on enlisted talent slate at echelons above brigade.

Key Skills to Drill
  • 01Run an MI company, brigade, or team enlisted readiness picture — JQR currency, IAT-II/III, language proficiency (DLPT) where applicable, work-role qualification, polygraph re-scope tracker — and defend it at the brigade CDR, INSCOM CG, or team-chief level.
  • 02Mentor a warrant-officer-technician slate and a 17A Cyber Warfare Officer commissioning slate at brigade or higher-staff level.
  • 03Brief the brigade CDR, theater intel brigade, INSCOM, ARCYBER, or supported COCOM senior enlisted advisor on enlisted cryptologic / cyber readiness in language the senior can defend at the next higher echelon.
  • 04Run a SCIF accreditation cycle (ICD 705), an IC IT compliance cycle (ICD 503), and a DoDM 8140 workforce-qualification audit end-to-end without senior-NCO-attributable CAT-1 findings.
  • 05Translate the Army Intelligence Enterprise / INSCOM / ARCYBER / Cyber Mission Force strategy into enlisted-talent decisions at the unit — slots, schools, assignments, retention bonuses, polygraph re-scope sequencing.
  • 06Run a casualty notification, PERSEC compromise response, CI compromise response, or insider-threat referral inside a closed-access workforce with the dignity and discretion the population and the mission require.
Manuals & References
  • AR 600-20 — Army Command Policy; AR 27-10 — Military Justice (you are in the room).
  • AR 381-10 — US Army Intelligence Activities; AR 381-12 — TARP; AR 380-5 — Information Security; AR 25-2 — Army Cybersecurity.
  • ICD 503 — IC IT Risk Management; ICD 705 — SCIF Accreditation; ICD 203 / 206 / 208 — Analytic Standards (you teach these now).
  • JP 3-12 — Cyberspace Operations; JP 2-0 — Joint Intelligence; JP 2-01 — Joint and National Intelligence Support; INSCOM / ARCYBER FRAGOs and ALARACTs.
  • DoDM 8140 — Cyberspace Workforce Qualification; the DoD Sensitive Compartmented Information Administrative Security Manual series (DoD 5105.21).
  • The 1SG Course / USASMA / SGM-A reading list — you are expected to teach doctrine and translate strategy down.
Standards You Must Hit
  • USASMA / SGM-A completion before competing for command CSM slate.
  • Brigade or higher-staff SCIF accreditation and DoDM 8140 workforce-qualification passes without senior-NCO-attributable CAT-1 findings during your tenure.
  • Warrant-officer-technician and 17A commissioning pipeline producing 1+ selected candidate per year from your unit when the talent is there.
  • NCOER profile the senior rater can defend at brigade, division, INSCOM, ARCYBER, and team-chief level — your rated NCOs are picking up 1SG and SGM chevrons on schedule.
  • Zero senior-NCO-level integrity, financial, fraternization, OPSEC, polygraph-falsification, or CI incidents. One ends the career permanently — and at this rank, in this MOS, it also threatens the clearance of every soldier you mentored.
Common Technical Mistakes
  • Pretending to be the senior technical voice on a work-role you have been off of for years. Senior cryptologic / cyber NCOs lose authority by faking depth — the warrants and the GS-13 civilians will catch you the first week.
  • Letting a 1SG-led company drift on SCIF accreditation, DoDM 8140 workforce qualification, or insider-threat reporting because "the SSO will catch it." You own it; the SSO is your partner, not your replacement.
  • Treating the warrant-officer-track or 17A commissioning slate conversation as transactional. The technician and Cyber Warfare Officer paths are among the highest-leverage technical career moves in the cryptologic / cyber community — mentor them like it is.
  • Going public with disagreement over a CO's operational call, an NSA-civilian senior's analytic line, or a J2's targeting decision. Take it in the office. Walk out aligned, or push back in writing through the right echelon.
  • Confusing seniority with current relevance. The cryptologic and cyber fields move fast — the soldier sitting today's position is closer to the truth than the CSM who has not driven a work-role tool in five years.
What Good Looks Like

The good 35Q CSM / 1SG / SGM is the senior enlisted leader the brigade CDR, the team chief at NSA, the INSCOM CG, or the supported COCOM senior enlisted advisor names without thinking. His MI company or element is the one the brigade pulls forward for the contested mission. His warrant-officer-technician and 17A commissioning rate is in the upper third of the community; his rated NCOs are picking up first sergeant chevrons on schedule. He is the enlisted voice in the room when the J2, the NSA civilian senior, and the supported commander disagree on what the threat is doing in cyberspace — and the conversation ends with the analytic and operational lines intact.

Go Deeper at E8-E9
Time-blocked daily schedule, unit-type variations, career decisions, full reading list with chapters — written for the soldier in this seat.
Full E8-E9 Playbook →
Training Pipeline
1
Basic Combat Training10w
Various
2
AIT — Cryptologic Network Warfare26w
Fort Gordon (GA)
Offensive and defensive cyberspace operations, signals exploitation, network penetration. TS/SCI. One of the most technical Army pipelines.
On the Outside

What this actually is in the real world

Your skills translate. Here's what civilian employers call this job — and what they pay.

Intelligence Analysts

Related field
$103,880$64,430$159,720/yr median
Job market: Average (4%)

Operations Research Analysts

Related field
$83,640$51,490$138,810/yr median
Job market: Much faster than average (23%)

Data Scientists

Related field
$108,020$64,240$167,040/yr median
Job market: Much faster than average (35%)

Salary data from the U.S. Bureau of Labor Statistics Occupational Employment and Wage Statistics program, retrieved Feb 2026. BLS.gov cannot vouch for the data or analyses derived from these data after the data have been retrieved from BLS.gov.

The Robot Read

How exposed is the civilian version of this job to AI?

Not a measurement of this MOS. Published labor-market research on the closest civilian occupation in our crosswalk — treat it as a signal, not a verdict.

Moderate ExposureModerate Confidence

Closest civilian match: Intelligence Analysts (related match)

Report writing, pattern analysis, and briefing production are the core of the job — real, meaningful LLM exposure (40%) in the 2023 study. Frey & Osborne’s 2013 appendix never scored "Intelligence Analysts" as a distinct occupation (it wasn’t broken out as its own line in their 702-job list), so there’s no comparable 2013-era number — we’re not going to borrow one from a neighboring title and pretend it fits.

This describes exposure for the civilian occupation, not a rating of this MOS, your unit, or your actual day-to-day duties. The matched civilian job is a close or related crosswalk, not exact.

MOS Pulse

Anonymous · One tap · No account

Three seconds of your time, zero of your identity. This is how the honest picture of 35Q gets built — one tap at a time.

Knowing what you know now — would you pick 35Q again?

Did your recruiter describe this job accurately?

Hours per week this job actually takes in garrison?

That tap took 3 seconds. A full review takes 10 minutes — and does about 100x more for the next person staring at this contract.

Write the Full Review →
Reviews
Founding ReviewUnclaimed

Nobody’s gone first. Yet.

Zero reviews for 35Q. Not because nobody has opinions — anyone who’s actually done Cryptologic Network Warfare Specialist is carrying a full magazine of them — but because nobody’s put theirs on the record.

So here’s the deal: the first approved review of every MOS becomes its Founding Review. Permanently badged, permanently first. Every person who looks up 35Q from now on reads it before anything else — including the recruiter’s version.

We could fill this page with fake reviews tonight. Plenty of sites do. We never will — which means this space stays exactly this empty until someone who lived it goes first.

Sign Up & Claim ItFree account · takes two minutes

Anonymous by default — no name, no unit, fuzzy timestamps. Your chain of command never knows it was you.

FAQ

35Q Cryptologic Network Warfare Specialist — FAQ

Q01What does a 35Q do in the Army?
You came out of AIT at NIOC Corry Station in Pensacola — the 334th Military Intelligence Battalion runs the schoolhouse alongside the Navy, the Air Force, and the Marines, because 35Q is the Army's piece of the Service Cryptologic Component workforce that fills NSA's chairs.
Q02How long is 35Q training and where is it held?
35Q training is approximately 24 weeks of Advanced Individual Training (AIT) after Basic Combat Training, held at Fort Huachuca, AZ.
Q03What does a day in the life of a 35Q look like?
A typical junior-enlisted 35Q day: 0500 Wake. Coffee. Quick phone check — accountability OK, no soldier emergencies, no overnight team chat from the senior NCO. Phone goes back in the kitchen drawer because it is not going anywhere near the SCIF. PT uniform on, 0530 PT formation at the company area or the team's designated PT pad. Cyber-MI companies often run PT on a slightly delayed schedule to align with the team's watch rhythm. Accountability to the section sergeant;…
Q04What are the most common career-ending mistakes for a 35Q?
Bringing a personal electronic device into a SCIF — phone, smartwatch, fitness tracker, AirPods, even once. The SSO pulls your access that afternoon, the CI investigation under AR 381-12 runs months, and the incident lives in your security file forever. The clearance may survive; the senior NCO read of you does not; DUI / Article 15 / off-post arrest with a TS/SCI on the line. Adjudicative Guideline G (alcohol consumption), Guideline H (drug involvement),…
Q05What's the career progression for a 35Q?
BCT (one-station BCT or split-option to AIT — most 35Qs do split-option through the cyber pipeline); AIT at NIOC Corry Station (Pensacola, FL) — 334th MI Battalion as Army host, joint with Navy/Air Force/Marines, JCAC and 35Q-specific follow-on; TS/SCI with polygraph adjudicated through DoD CAF — the gate to every assignment in the MOS
Q06What's the recruiter not telling me about 35Q?
The 35Q sits at the intersection of signals intelligence and cyberspace operations — collection, exploitation, and analysis of digital communications and networks with the technical depth of both fields.
How does 35Q compare?
See side-by-side ratings, quality of life, and community takes.
Published by the Honest MOS Editorial DeskVerified against DoD/.gov sourcesUpdated May 2026Editorial standards

Sources:Branch MOS catalog · DTMO pay tables · DoD/.gov benefits references · O*NET civilian career mapping · verified service-member reviews