Skip to main content
HonestMOS
InvestigationsCongress made VA disability claims free to file. An entire industry charges veterans anyway — and nobody can stop them.
USMC1721

Cyberspace Warfare Operator

Conducts defensive cyberspace operations — network defense, host analysis, incident response, and threat hunting. Operates within Marine Corps Cyberspace Warfare Groups and joint cyber task forces. Part of the 17xx Cyberspace Operations field established when the Marine Corps moved cyber out of the 06xx Communications field. Training at Pensacola followed by advanced courses. TS/SCI required.

No reviews yet
Watch this MOSGet pinged when 1721 — Cyberspace Warfare Operator hits an SRB list, cutoff drop, or BAH change. Free account, anonymous as always.
Recruiter vs. Reality
What they tell you

You'll be a cyber warfare operator — defending Marine Corps and DoD networks against nation-state threats, conducting threat hunting operations, and responding to cyber incidents in real time. The TS/SCI clearance combined with hands-on defensive cyber experience puts you on the same career trajectory as NSA analysts and civilian threat hunters making $120K+ before their first gray hair.

What it's actually like

The 17xx field is where the Marine Corps decided to get serious about cyber. You're no longer a 06xx comm Marine who happens to do security — you're a dedicated cyber operator with a mission that has its own chain of command. The training pipeline runs through Pensacola and builds real technical skills: network defense, malware analysis, host forensics, and incident response. The work is shift-based, classified, and intellectually demanding. You will stare at packet captures, SIEM alerts, and log files for 12-hour shifts looking for adversary activity that is specifically designed to be invisible. When you find it, the work becomes genuinely consequential. The civilian cyber security market is desperate for people with this background — cleared defensive cyber operators with operational experience are a specific hire that SOCs, MSSPs, and IC agencies recruit from aggressively. Get every certification you can (Security+, CySA+, GCIA, GCIH) while you're in.

First-hand intel neededWrite a Review

Execute the Job — By Rank

How you actually run this job at each rank — what you do, what you drill, which manuals you own, and what good looks like. Written for the soldier, sailor, airman, Marine, or Guardian currently in the seat. Each rank deeplinks into the full Playbook deep-dive: time-blocked schedules, unit-type variations, career decisions, and the read on the next rank.

E1-E3Pvt — LCpl (Cyber Operator Trainee)

You are the newest body in MARFORCYBER's operator pipeline. The clearance investigation is still open, the schoolhouse is still grading you, and everything you touch is classified — which means every mistake you make is a security incident, not a training opportunity.

What You Actually Do

You graduated MCRD and shipped to MCCES Twentynine Palms for the Cyberspace Warfare Operator course — the MOS-producing school that takes you from boot Marine to someone who can sit in front of a terminal and not break something classified. The schoolhouse pipeline is longer than most 03XX or 06XX Marines expect: the MCCES portion covers network fundamentals, operating systems, defensive cyber operations basics, and an introduction to the tool sets the community uses. Many 1721s then move to advanced training at Fort Eisenhower (formerly Fort Gordon) for joint cyber qualifications that align you with USCYBERCOM standards. When you arrive at your first unit — typically a Cyber Operations Company under Marine Corps Cyberspace Warfare Group (MCCYWG) or a supporting element at MARFORCYBER — you are a trainee operator on a DCO or OCO team, doing the unglamorous work: running vulnerability scans, monitoring SIEM dashboards, documenting anomalies, maintaining mission logs, and learning the SOPs that keep the team inside its authorities. Your TS/SCI clearance is the gate to everything; losing it ends the MOS.

Key Skills to Drill
  • 01Operate baseline vulnerability scanning and assessment tools to the team SOP standard — run the scan, document findings, and present results to the team lead without editorializing what you do not yet understand.
  • 02Monitor SIEM and IDS/IPS dashboards during a watch rotation, recognize alert categories, and escalate anomalies per the team's reporting procedures without waiting for someone to tell you the alert is real.
  • 03Navigate and operate in Linux and Windows environments at the command-line level — the schoolhouse teaches fundamentals, the unit expects you to live in the terminal.
  • 04Maintain mission logs and documentation to the standard the team lead can brief from — timestamps, tool outputs, actions taken, and handoff notes that the next watch can read cold.
  • 05Handle classified material and systems IAW NAVMC 3500.44 and DoDD 8500.01 — every removable media, every printout, every screen you leave unlocked is a potential security incident.
  • 06Pass the initial Security+ or equivalent DoD 8140/8570 baseline certification within the timeline the command sets — the cert is a compliance gate, not an optional resume line.
Manuals & References
  • NAVMC 3500.44 — Cyberspace Operations Training and Readiness Manual (the T&R that governs every individual and collective task you are evaluated against as a 1721).
  • DoDD 8500.01 — Cybersecurity (the overarching DoD directive that defines the cybersecurity framework your unit operates inside).
  • JP 3-12 — Cyberspace Operations (joint doctrine — read the unclassified portions to understand the OCO/DCO/DODIN-Ops framework you are working within).
  • MCO 5500.13 — USCYBERCOM alignment and Marine Corps cyber policy (verify current revision against MCPEL).
  • DoDM 8140 — Cyberspace Workforce Management (the workforce qualification framework that drives your certification requirements).
  • MCO 6100.13 — Marine Corps Physical Fitness, Body Composition, and Military Appearance (your PFT/CFT still counts; the cyber schoolhouse does not exempt you).
Standards You Must Hit
  • 1st-Class PFT and CFT under MCO 6100.13 — you are still a Marine and the formation notices when the cyber operator cannot keep up on the hump.
  • TS/SCI clearance adjudicated and maintained — this is the single most career-critical standard in the MOS. Lose the clearance, lose the job.
  • DoD 8140 baseline certification (typically CompTIA Security+) earned within the schoolhouse timeline or the command-directed window.
  • Cyberspace Warfare Operator course at MCCES Twentynine Palms completed with passing marks; advanced joint training at Fort Eisenhower completed if slotted.
  • Zero security incidents attributable to personal negligence — unattended CAC, unsecured classified material, unauthorized device in the SCIF. One incident at this rank defines you in a community this small.
Common Technical Mistakes
  • Leaving a workstation unlocked in a SCIF — even for 30 seconds. The security manager logs it, the team lead writes you up, and the incident report follows you to every clearance review for the next five years.
  • Running a tool outside your authorized scope because you wanted to "see what happens." OCO/DCO authorities are legally bounded; an unauthorized scan or probe is not curiosity — it is a violation of authorities that can generate a formal investigation.
  • Failing to document an anomaly you noticed on the SIEM because you thought it was a false positive. The post-incident review finds your watch log, sees nothing, and you are the Marine who missed the indicator.
  • Plugging a personal device — phone, USB, anything — into a classified system or bringing an unauthorized electronic device into the SCIF. This is an immediate security incident and potential clearance revocation.
  • Talking about work — tools, targets, operations, even the name of the team you are on — outside the SCIF, at the barracks, on the phone, on social media. The counterintelligence debrief is not hypothetical.
What Good Looks Like

The good junior 1721 is the Marine the team lead trusts to run a watch rotation alone at 0200 because the logs will be clean, the anomalies will be escalated correctly, and nothing classified will be left on an unattended screen. By month twelve the team lead is pulling this Marine into planning sessions because the questions are smart, the documentation is precise, and the clearance jacket is spotless.

Go Deeper at E1-E3
Time-blocked daily schedule, unit-type variations, career decisions, full reading list with chapters — written for the soldier in this seat.
Full E1-E3 Playbook →
E4Cpl (Cyber Operator)

You are a qualified operator. The trainee phase is over — you own a seat on a DCO or OCO team, you run tools with real authorities, and the team lead is starting to trust your analysis, not just your keystrokes.

What You Actually Do

You are a fully qualified 1721 operator sitting on a Cyber Mission Force team or a DCO element under MCCYWG / MARFORCYBER. You run the tools the team is authorized to employ — vulnerability scanners, exploitation frameworks, network forensics platforms, SIEM correlation — and you are responsible for producing the analysis that the team lead briefs up the chain. You train the junior Marines who just arrived from the schoolhouse, you sign off on their watch procedures, and you start carrying individual tasks on mission sets rather than just supporting someone else's. You are also pursuing intermediate certifications (CEH, CySA+, GIAC family, or equivalent) that the command tracks against DoDM 8140 work-role requirements. The composite score for Sgt matters here, but in a community this small, the FitRep narrative about your operational performance carries as much weight as any number.

Key Skills to Drill
  • 01Execute assigned DCO or OCO tasks as the primary operator — run the tool, analyze the output, document the findings, and present to the team lead with a recommendation, not just raw data.
  • 02Conduct host-based and network-based forensic analysis at the journeyman level — artifact collection, timeline reconstruction, indicator extraction — and produce a report the team lead can brief without rewriting.
  • 03Train junior 1721 Marines on watch procedures, tool operation, documentation standards, and SCIF security protocols — your signature on their qualification checklist means something.
  • 04Operate within the team's Rules of Engagement and mission authorities precisely — know where the boundary is and stop there, every time.
  • 05Maintain and troubleshoot the team's operational infrastructure — servers, VMs, network segments, tool deployments — so the mission does not stall because a platform is down.
  • 06Write a clear, technically accurate mission report that the section chief can route to the supported commander or USCYBERCOM coordination element without translation.
Manuals & References
  • NAVMC 3500.44 — Cyberspace Operations T&R Manual (Cpl-level individual and collective tasks you are evaluated against).
  • JP 3-12 — Cyberspace Operations (understand the OCO/DCO/DODIN-Ops framework at the operational level, not just the buzzwords).
  • DoDD 8500.01 — Cybersecurity (the directive-level authority framework governing everything you touch).
  • DoDM 8140 — Cyberspace Workforce Management (the cert requirements for your specific work role — verify your role code and the approved certification list).
  • MCO 1610.7 — Performance Evaluation System (you are writing proficiency and conduct marks on juniors now; the FitRep is coming).
  • MCO 1400.32 — Marine Corps Promotion Manual (composite scores, cutting scores, board eligibility for Sgt — pull the current MARADMIN).
Standards You Must Hit
  • Corporals Course graduate — required and gated. Do not let the slot drop; the 17XX community is small and the company gunny notices.
  • Intermediate DoDM 8140 certification earned or in progress — CEH, CySA+, GIAC, or equivalent per your work-role requirements.
  • 1st-Class PFT and CFT — the formation still runs and the cyber Cpl who cannot keep up loses credibility outside the SCIF.
  • Zero security incidents under your watch — as the qualified operator, you own the watch log and every anomaly decision on your shift.
  • Composite score tracked monthly — pull the current MARADMIN cutting score for 1721 to Sgt. The MOS is small; the score moves differently than 03XX.
Common Technical Mistakes
  • Running a tool beyond your authorized scope because the mission seemed to justify it. The authorities exist for a reason; the JAG review that follows does not care about your intent.
  • Signing off a junior Marine's qualification checkpoint without actually verifying competence. When that Marine makes a mistake on watch, the qualification log traces back to your signature.
  • Failing to report an anomaly because you assessed it as benign and did not want to generate paperwork. The post-incident investigation reads your watch log and finds nothing where something should have been.
  • Discussing mission specifics — even sanitized generalities — outside the SCIF or on an unclassified system. The counterintelligence threat to this MOS is not theoretical.
  • Letting your certifications lapse because "I already know the material." DoDM 8140 compliance is a unit readiness metric; your lapsed cert is the team lead's next headache.
What Good Looks Like

The good Cpl 1721 is the operator the team lead assigns to the most complex analysis task on the mission set because the work comes back clean, documented, and defensible. The junior Marines on the team learn how to run a watch correctly by watching this Cpl work. The section chief already has this Marine's name on the short list for the next Sergeants Course slot and the next advanced training opportunity.

Go Deeper at E4
Time-blocked daily schedule, unit-type variations, career decisions, full reading list with chapters — written for the soldier in this seat.
Full E4 Playbook →
E5Sgt (Team Lead / Senior Operator)

You own a team. Three to five operators, their training, their clearances, their output — and the section chief expects you to produce mission results without being told what tool to run or which anomaly matters.

What You Actually Do

You are a team lead on a Cyber Mission Force team, a DCO element, or a cyber support team under MCCYWG / MARFORCYBER. You manage three to five operators, you assign tasks against the mission set, you review their analysis before it goes up, and you brief the section chief on what the team found, what it means, and what the team recommends. You write FitReps on your Cpls under MCO 1610.7 — real evaluations with observed performance, not check-the-box narratives — and you manage the team's certification and qualification status so the unit readiness report does not have holes. You are also the team's technical backbone: when the tool fails, when the analysis does not make sense, when the authorities question is ambiguous, the team looks at you. Advanced certifications (GPEN, GCIH, OSCP, or equivalent) are expected at this tier, and the joint training opportunities — USCYBERCOM exercises, NSA-sponsored courses, joint interagency coordination — start showing up on your radar.

Key Skills to Drill
  • 01Lead a cyber operations team through a mission set from tasking through reporting — assign roles, manage the timeline, review analysis, brief results, and own the team's output to the section chief.
  • 02Conduct advanced network exploitation or defense analysis at the senior operator level — the team lead who cannot do the work cannot evaluate the work.
  • 03Write FitReps on Cpls that the reporting senior can defend at the battalion review — observed performance, specific mission contributions, honest comparative assessment.
  • 04Manage the team's qualification and certification posture — who is current, who is lapsing, who needs the next training slot — and report status that the section chief can brief without surprises.
  • 05Coordinate with adjacent teams, intelligence support elements, and the USCYBERCOM coordination chain on mission deconfliction and reporting — the 1721 Sgt who works in isolation produces analysis nobody can use.
  • 06Mentor Cpls through the composite-score stack, Sergeants Course, and the certification pipeline that separates the operator who stays in the community from the one who reclasses.
Manuals & References
  • NAVMC 3500.44 — Cyberspace Operations T&R Manual (Sgt-level collective tasks and team-lead evaluation standards).
  • JP 3-12 — Cyberspace Operations (you brief from this framework now, not just read it).
  • DoDD 8500.01 — Cybersecurity.
  • MCO 1610.7 — Performance Evaluation System (you write FitReps now — learn the system before you write the first one).
  • MCO 1400.32 — Marine Corps Promotion Manual (SSgt board mechanics, FitRep relative-value impact in a small MOS).
  • DoDM 8140 — Cyberspace Workforce Management (you manage your team's compliance, not just your own).
Standards You Must Hit
  • Sergeants Course graduate — required before competing for SSgt in the 17XX community.
  • Advanced DoDM 8140 certification earned — GPEN, GCIH, OSCP, or equivalent per your work-role requirements. The intermediate cert is no longer sufficient at this tier.
  • 1st-Class PFT and CFT — your team watches your score and your Marines do not respect a team lead who posts 2nd-Class.
  • Team mission output rated at or above the section standard — the section chief's next FitRep on you reflects what the team produced, not what you personally contributed.
  • FitRep relative value above community average — the SSgt board in a small MOS reads every narrative. One weak cycle moves the timeline by years.
Common Technical Mistakes
  • Doing the work yourself instead of developing the Cpl to do it. The team fails when you go to Sergeants Course because no one else can run the analysis.
  • Briefing results you have not personally reviewed because the operator "seemed confident." The section chief asks a follow-up question and you do not know the answer — that is the last time you brief without reviewing.
  • Letting a team member's certification lapse because you were focused on operations. The unit readiness report flags it, the company commander asks the section chief, and the section chief asks you.
  • Failing to document a authorities question before executing. The JAG review finds no record that the team paused to clarify, and the investigation names the team lead.
  • Writing inflated FitReps on Cpls because it feels collegial. The SSgt board in a community this small reads the inflation across commands — your bullets stop meaning anything.
What Good Looks Like

The good Sgt 1721 is the team lead the section chief assigns to the highest-priority mission set because the team produces analysis that the supported commander acts on, the documentation is airtight, and the team members are getting better every cycle. The Cpls on this team are Sergeants Course-ready and the section chief is already mentioning this Sgt's name to the company commander for the next SSgt board.

Go Deeper at E5
Time-blocked daily schedule, unit-type variations, career decisions, full reading list with chapters — written for the soldier in this seat.
Full E5 Playbook →
E6SSgt (Section Chief / Senior Team Lead)

You are the section chief. Multiple teams, multiple mission sets, and the company commander is watching whether your section can produce results that MARFORCYBER and USCYBERCOM can use without rewriting.

What You Actually Do

You run a section of two or three cyber operations teams — six to fifteen operators — and you are responsible for their training, their mission output, their clearance posture, and their careers. You coordinate directly with the MARFORCYBER staff on mission tasking, you defend your section's capabilities and readiness at the company-level brief, and you write FitReps on three to four Sgts whose next board cycle depends on what you write. You sit in planning sessions with the operations officer and the company commander, translating operational requirements into team-level mission assignments. You manage the section's advanced training pipeline — who goes to which SANS course, which USCYBERCOM exercise, which joint qualification — and you are starting to interface with USCYBERCOM's joint force structure at the tactical coordination level. The Career Course and the SSgt-to-GySgt board are the career gates that define your next decade in the 17XX community.

Key Skills to Drill
  • 01Manage a multi-team section across concurrent mission sets — allocate operators, deconflict tasking, manage team readiness, and brief the company commander on output without losing the tactical thread.
  • 02Write FitReps on three to four Sgt team leads that the reporting senior can defend at the battalion review — mission results, leadership development, honest comparative assessment in a small community.
  • 03Coordinate with MARFORCYBER staff and USCYBERCOM coordination elements on mission tasking, reporting timelines, and authority clarification — the section chief who waits to be told what to do is already behind.
  • 04Build and defend a section training plan that keeps certifications current, advances operator qualifications, and feeds the advanced training pipeline without leaving mission sets unmanned.
  • 05Mentor Sgts through the SSgt board process, advanced certifications, and the decision between staying technical and moving toward the 1799 chief designator path.
  • 06Run the section's security posture — clearance renewals, SCIF access lists, insider threat awareness — as a continuous program, not a once-a-year compliance drill.
Manuals & References
  • NAVMC 3500.44 — Cyberspace Operations T&R Manual (section-level collective standards you build training against).
  • JP 3-12 — Cyberspace Operations (you coordinate at the joint level now; the doctrine is your operating language).
  • DoDD 8500.01 — Cybersecurity.
  • MCO 1610.7 — Performance Evaluation System (you write FitReps that decide board slates in a small MOS).
  • MCO 1400.32 — Marine Corps Promotion Manual (SSgt-to-GySgt board mechanics, FitRep relative-value impact).
  • DoDM 8140 — Cyberspace Workforce Management (section-level compliance posture is your readiness metric).
Standards You Must Hit
  • Career Course completed or in progress — required before competing for GySgt in the 17XX community.
  • Section DoDM 8140 compliance at 100% — every operator current on their work-role certification. The unit readiness report names your section.
  • 1st-Class PFT and CFT — the section watches the SSgt's scores more than anyone except the company gunny.
  • Section mission output rated at or above the company standard — the company commander's brief to the battalion reflects your section's work.
  • FitRep relative value that positions you for GySgt or the 1799 Cyberspace Warfare Chief designator — the board reads every narrative in a community this small.
Common Technical Mistakes
  • Micromanaging team leads instead of developing them. The section that runs only when the SSgt is watching is a section that fails when the SSgt goes to Career Course.
  • Hiding a security incident from the company commander to "handle it internally." The investigation finds the timeline and the SSgt who delayed reporting is the subject of the follow-up.
  • Letting the advanced training pipeline go unfed because operations are busy. The team leads who never get to SANS, USCYBERCOM exercises, or joint courses stagnate — and the best ones start looking at reclass or EAS.
  • Writing FitReps as administrative obligations instead of career-shaping documents. In a community of fewer than a thousand Marines, every FitRep narrative is read closely at the board.
  • Losing touch with the technical work because the administrative load is heavy. The SSgt who cannot walk into a team's workspace and understand what they are doing has lost the credibility that makes a 17XX leader, not a 17XX manager.
What Good Looks Like

The good SSgt 1721 is the section chief the company commander sends to the MARFORCYBER staff brief because the readiness numbers are accurate, the mission output is defensible, and the section chief can answer the technical follow-up without deferring to a team lead. The Sgts in this section are SSgt-board-ready, the operators are certified, and the section's work product is cited by name in the USCYBERCOM coordination chain.

Go Deeper at E6
Time-blocked daily schedule, unit-type variations, career decisions, full reading list with chapters — written for the soldier in this seat.
Full E6 Playbook →
E7GySgt (Company Gunny / Operations Chief)

You are the senior enlisted leader in a cyber operations company — or the operations chief at the battalion or MCCYWG level. The 17XX community is small enough that every GySgt is known by name at MARFORCYBER, and the 1stSgt and the CO are watching whether you can run the enlisted force and the technical mission simultaneously.

What You Actually Do

You are the company gunny for a Cyber Operations Company, the operations chief at the battalion or MCCYWG staff level, or the senior 17XX enlisted billet at MARFORCYBER. You manage 40-80 Marines across multiple sections, you advise the company commander on every enlisted decision — training, personnel, clearances, discipline, retention — and you set the technical and professional standard that the formation follows. You write FitReps on four to six SSgts and Sgts, you sit in the company and battalion planning cycles, you coordinate with the USCYBERCOM Joint Force Headquarters on enlisted force-management issues, and you are the voice that tells the CO what the formation can actually deliver versus what the operations officer just promised. The SNCO Academy Advanced Course is the professional gate, and the MSgt-vs-1stSgt conversation — or the transition to the 1799 Cyberspace Warfare Chief designator at this rank — is the career-defining decision.

Key Skills to Drill
  • 01Run the company's enlisted force management — training pipeline, certification compliance, clearance posture, retention, discipline — and brief the CO honestly on what the formation can and cannot do.
  • 02Write FitReps on four to six section chiefs and senior team leads that the battalion FitRep board can defend — mission results, leadership development, honest relative value in a small community.
  • 03Advise the CO and the operations officer on mission-readiness decisions — which teams are ready for which mission sets, which operators need rotation, where the certification gaps create real risk.
  • 04Coordinate with USCYBERCOM Joint Force Headquarters on enlisted force-structure and workforce-management issues — accession, training pipeline throughput, retention incentives, joint qualification standards.
  • 05Mentor SSgts through the GySgt board, the 1799 designator decision, and the career choices that separate the Marine who stays technical from the one who moves to troop leadership.
  • 06Run a casualty notification, a serious-incident response, or a security investigation referral with the composure and precision the company and the families require.
Manuals & References
  • NAVMC 3500.44 — Cyberspace Operations T&R Manual (company-level collective standards you build the training plan against).
  • JP 3-12 — Cyberspace Operations (you are the senior enlisted voice in the planning conversation now).
  • DoDD 8500.01 — Cybersecurity.
  • MCO 1610.7 — Performance Evaluation System (you write FitReps that shape the 17XX enlisted force for the next decade).
  • MCO 1400.32 — Marine Corps Promotion Manual (GySgt-to-MSgt/1stSgt board mechanics, MOS roadmap for the 17XX field).
  • MCO 5354.1 / MCO 1000.9 — SAPR and Equal Opportunity policy (you enforce these; the IG checks them).
Standards You Must Hit
  • SNCO Academy Advanced Course graduate; SNCO Academy Senior Course slated when MSgt board approaches.
  • Company DoDM 8140 compliance at or above the battalion standard — the company commander's readiness brief depends on your numbers.
  • 1st-Class PFT and CFT — the formation watches the company gunny's scores more than anyone except the 1stSgt.
  • FitRep profile that the senior reporting official can defend at the MSgt/1stSgt or 1799 board — relative value, attributes, and mission results aligned.
  • Zero senior-NCO-level integrity incidents — security, financial, fraternization. One incident at this rank in a community this small is career-terminal.
Common Technical Mistakes
  • Losing technical currency because the administrative load consumed the calendar. The GySgt who cannot walk the floor of the SCIF and understand the mission in progress has lost the credibility that makes a 17XX SNCO irreplaceable.
  • Going around the 1stSgt to the BSgtMaj on an enlisted issue. The chain runs through the 1stSgt for a reason; the correction is immediate and remembered.
  • Letting one section chief coast because "he is your guy." The IG complaint or the security incident comes from the section you stopped inspecting.
  • Confusing being liked with being credible. The 17XX community is small — the GySgt who holds the standard is the one the BSgtMaj and MARFORCYBER both trust.
  • Skipping the family-readiness piece because the mission is classified and "the families do not need to know." They do not need operational details, but they need a GySgt who remembers they exist.
What Good Looks Like

The good GySgt 1721 is the SNCO the BSgtMaj sends to the toughest company because the formation comes back certified, the mission output is clean, and the FitReps come back honest. The SSgts in this company get GySgt on the first look, the operators re-enlist, and the BSgtMaj is mentioning this GySgt's name to the regimental SgtMaj before the next 1stSgt or 1799 slate.

Go Deeper at E7
Time-blocked daily schedule, unit-type variations, career decisions, full reading list with chapters — written for the soldier in this seat.
Full E7 Playbook →
E8-E9MSgt / 1stSgt — MGySgt / SgtMaj (Senior Enlisted)

You are the senior enlisted leader for the 17XX community at the battalion, group, or MARFORCYBER level. The community is small enough that every Marine in it knows your name, and every decision you make about accession, training, retention, and standards shapes the force for the next decade.

What You Actually Do

As 1stSgt you run a cyber operations battalion's enlisted force — 200-400 Marines, the company 1stSgts, the training calendar, the clearance posture, and the boundary between what the BC needs and what the formation can deliver. As MSgt you are the senior technical SME — operations chief at MARFORCYBER, USCYBERCOM joint billet, or the 17XX MOS roadmap owner at HQMC. As SgtMaj you advise the battalion or group commander on every enlisted decision and you represent the 17XX community at MARFORCYBER and USCYBERCOM senior-enlisted forums. As MGySgt you are the occupational pinnacle — the Marine HQMC calls when the 17XX T&R Manual needs rewriting or the accession pipeline needs restructuring. You write fewer FitReps, but they are the ones that pick the next 1stSgt and SgtMaj slates. The civilian market for TS/SCI-cleared cyber professionals at this experience level is exceptionally strong — plan the transition deliberately 24-36 months out.

Key Skills to Drill
  • 01Run a 1stSgt's call that produces actions — accountability, clearance status, training pipeline, discipline, family readiness, retention — in a formation where every Marine holds a TS/SCI and every issue is potentially a security incident.
  • 02Advise the BC or group commander on the 17XX enlisted force — accession quality, training pipeline throughput, retention incentives, joint qualification gaps, and the second-order effects of policy decisions on a community that competes with six-figure civilian offers.
  • 03Mentor GySgts and the senior SSgt bench as the next 1stSgt / MSgt / 1799 cohort — honest reads on who is troop-leadership, who is SME-track, and who should transition to the civilian market while their skills are peak-value.
  • 04Represent the 17XX community at USCYBERCOM senior-enlisted forums, MARFORCYBER workforce planning, and HQMC MOS-roadmap reviews — the decisions made in these rooms shape accession, training, and retention for five years.
  • 05Run a Red Cross / casualty notification or security-incident escalation with the dignity and precision it requires — you are the face the formation and the families remember.
  • 06Translate the Commandant's cyber strategy and USCYBERCOM force-structure guidance into enlisted-talent decisions the formation can execute — who goes where, who stays, who trains, who transitions.
Manuals & References
  • JP 3-12 — Cyberspace Operations (you teach and shape the doctrine now, not just consume it).
  • MCO 1610.7 — Performance Evaluation System (you are the rater or reviewing officer on the FitReps that decide the next slate).
  • MCO 1400.32 — Marine Corps Promotion Manual (1stSgt / SgtMaj / MGySgt board mechanics for the 17XX field).
  • MCO 1900.16 / MCO P1900.16 — Marine Corps Retirement / Separation (you are the resource the formation comes to for transition questions — and in this MOS, the civilian market is part of the retention conversation).
  • MCO 5354.1 — SAPR Program; MCO 1000.9 — Equal Opportunity (you enforce both, the IG validates both).
  • The Sergeants Major Symposium reading list, the Commandant's Reading List, and the current Commandant's Planning Guidance — you translate strategic direction to LCpls.
Standards You Must Hit
  • SNCO Academy Senior Course graduate; Sergeants Major Course at Marine Corps University before competing for command SgtMaj slate.
  • Battalion or group UCMJ rate, retention rate, clearance-incident rate, and SAPR/EO climate in the top tier — the BSgtMaj reports up against every peer 1stSgt.
  • Personal FitRep profile that the reporting senior can defend at HQMC — the bar at this rank is whether your rated GySgts and SSgts get selected.
  • Zero senior-enlisted-level integrity incidents — security, financial, fraternization, OPSEC. One ends the career permanently at this rank and the community does not forget.
  • Post-service transition plan running 24-36 months out — TS/SCI-cleared cyber professionals with 15+ years of operational experience command exceptional civilian compensation. VA disability claim filed pre-EAS, civilian credential bridge mapped, SkillBridge slot identified if applicable.
Common Technical Mistakes
  • Going public with disagreement with the BC or group commander. You take the disagreement in the office with the door closed; you walk out aligned, every time.
  • Confusing seniority with expertise. The 17XX field moves fast — the MGySgt who stopped learning five years ago is being quietly briefed around by the SSgts who are current.
  • Stopping personal technical currency entirely because "I lead people now." The credibility of a 17XX senior enlisted leader comes from the intersection of leadership and technical judgment — lose either and the formation notices.
  • Letting a GySgt run a bad security climate because "he is your guy." The BSgtMaj finds out, the MARFORCYBER commander finds out, and the next slate gets read without your name.
  • Treating the retention problem as someone else's issue. The 17XX community loses Marines to the private sector at rates that would terrify any other MOS — the 1stSgt who does not own the retention conversation owns the manning gap.
What Good Looks Like

The good 1stSgt / SgtMaj is the senior Marine the MARFORCYBER commander names when asked who runs the enlisted force. The re-enlistment rate holds against civilian offers because the formation believes in the mission and in the leader. The good MGySgt is the Marine HQMC calls when the 17XX T&R Manual needs rewriting — and the GySgts in the community quote the standard without knowing they are quoting this Marine. The transition plan is running, the VA claim is filed, and the civilian market knows this Marine's name before the retirement ceremony.

Go Deeper at E8-E9
Time-blocked daily schedule, unit-type variations, career decisions, full reading list with chapters — written for the soldier in this seat.
Full E8-E9 Playbook →

MOS Pulse

Anonymous · One tap · No account

Three seconds of your time, zero of your identity. This is how the honest picture of 1721 gets built — one tap at a time.

Knowing what you know now — would you pick 1721 again?

Did your recruiter describe this job accurately?

Hours per week this job actually takes in garrison?

That tap took 3 seconds. A full review takes 10 minutes — and does about 100x more for the next person staring at this contract.

Write the Full Review →
Reviews
Founding ReviewUnclaimed

Nobody’s gone first. Yet.

Zero reviews for 1721. Not because nobody has opinions — anyone who’s actually done Cyberspace Warfare Operator is carrying a full magazine of them — but because nobody’s put theirs on the record.

So here’s the deal: the first approved review of every MOS becomes its Founding Review. Permanently badged, permanently first. Every person who looks up 1721 from now on reads it before anything else — including the recruiter’s version.

We could fill this page with fake reviews tonight. Plenty of sites do. We never will — which means this space stays exactly this empty until someone who lived it goes first.

Sign Up & Claim ItFree account · takes two minutes

Anonymous by default — no name, no unit, fuzzy timestamps. Your chain of command never knows it was you.

FAQ

1721 Cyberspace Warfare Operator — FAQ

Q01What does a 1721 do in the Marines?
You graduated MCRD and shipped to MCCES Twentynine Palms for the Cyberspace Warfare Operator course — the MOS-producing school that takes you from boot Marine to someone who can sit in front of a terminal and not break something classified.
Q02How long is 1721 training and where is it held?
1721 training is approximately 20 weeks of Advanced Individual Training (AIT) after Basic Combat Training, held at MCCES, Twentynine Palms, CA.
Q03What does a day in the life of a 1721 look like?
A typical junior-enlisted 1721 day: 0500 Wake. Gear up for PT. Phone check for the platoon or team group chat — any recall, any alert, any overnight incident that shifted the posture. In the 17XX community, an after-hours recall can mean a real-world cyber incident, not just a formation change, 0530-0700 PT formation. Company or platoon PT — the 17XX community runs the same PT program as the rest of the battalion. Runs, hikes, MCMAP, strength circuits. You are a Marine first.…
Q04What are the most common career-ending mistakes for a 1721?
Treating the clearance as a background process instead of a daily discipline. Financial trouble (predatory loans, late payments, gambling), unreported foreign contacts, drug use, or an arrest — any of these triggers an interim review that can suspend your access and effectively end the MOS before you start; Posting on social media about the schoolhouse, the unit, the work, or the tools — even vague references. The counterintelligence threat to this MOS is not theoretical,…
Q05What's the career progression for a 1721?
MCRD (Parris Island or San Diego) — ~13 weeks; MCCES Twentynine Palms — Cyberspace Warfare Operator course (network fundamentals, OS, DCO basics, tool-set intro); Fort Eisenhower (formerly Fort Gordon) joint cyber qualifications — if slotted for advanced training aligned to USCYBERCOM standards
Q06What's the recruiter not telling me about 1721?
The 17xx field is where the Marine Corps decided to get serious about cyber.
How does 1721 compare?
See side-by-side ratings, quality of life, and community takes.
Published by the Honest MOS Editorial DeskVerified against DoD/.gov sourcesUpdated May 2026Editorial standards

Sources:Branch MOS catalog · DTMO pay tables · DoD/.gov benefits references · O*NET civilian career mapping · verified service-member reviews