Skip to main content
HonestMOS
InvestigationsHow EUCOM shelved a tax break for 9,000 troops in Poland — for five years.
Back to 1D7X3 Cable and Antenna Operations — overview, pay, training, civilian translation, reviews
1D7X3E6

Cable and Antenna Operations

E-6 (Staff Sergeant) · Air Force

HEADS UP

TSgt is the rank where your job title and your actual job diverge the most. Your title says Cyberspace Defense Analyst. Your actual job is 60% people management, 30% staff work, and 10% hands-on technical — if you are lucky. Staying technical at TSgt requires deliberate, sustained effort against institutional gravity pulling you toward meetings and paperwork.

The Honest MOS Read
TSgt 1D7X3 is where you confront an uncomfortable truth about the military cyber career path: the promotion system rewards leadership performance, and leadership performance at this tier is measured almost entirely by how you manage people, not by how well you can reverse-engineer malware or hunt adversaries in the network. The EPR system, the promotion board, and the senior rater comments are all calibrated to surface leaders, not analysts. If your goal is to be the best technical analyst in the building, TSgt is the rank where the institution starts pushing you toward an office. The operational picture at TSgt is typically flight superintendent or senior shift supervisor. You are responsible for the performance of multiple shift teams, the professional development of several SSgts and a bench of junior analysts, and the flight's compliance with an escalating stack of administrative requirements. Your technical duties exist but they are subordinated to your supervisory duties in practice. The staff work at TSgt is real. Contributions to OPLANs, participation in unit-level defensive posture assessments, inputs to MAJCOM-level cyber policy development, preparation of command briefings — these are TSgt-level tasks that require you to translate technical content into decision-relevant communication for commanders who are not cyber specialists. If you cannot write a clear executive summary of a complex incident for a wing commander, you will stall at this tier. The temptation to drift entirely away from technical work at TSgt is strong and the consequences are significant. Senior analysts who stop doing the technical work lose the credibility to supervise technical teams within two to three years. The SSgts who work for you will notice if you cannot answer a technical question without looking it up. The field moves fast enough that passive technical currency is not sufficient — you have to actively maintain it through deliberate exposure to current toolsets and adversary TTPs. One of the most important contributions a TSgt makes is quality assurance on the unit's analytical product. The incidents that reach your level for review or escalation are significant — multi-host compromises, potential insider threats, nation-state-attributed activity. Your judgment on these cases, your ability to distinguish a genuine intrusion from a sophisticated false positive, and your credibility when briefing the results to command are the most consequential technical contributions you make at this rank.
Career Arc
["CDO Flight Superintendent or Senior Shift Supervisor responsibility begins \u2014 team spans multiple shifts and levels", "Contributions to wing or MAJCOM-level defensive posture documentation, OPLANs, and cyber policy inputs", "SMSgt board awareness begins \u2014 whole-person record from SSgt through TSgt is the foundation", "Advanced certifications: CISSP, GREM, cloud security architect credentials, or other senior-level technical certs", "Staff tour or joint assignment becomes a relevant option \u2014 career broadening at this tier has long-term value", "Evaluation of whether to pursue 1st Sergeant or Chief track versus staying in the technical/operations lane"]
Common Screwups
["Losing technical credibility by spending zero time on hands-on technical work \u2014 when your SSgts stop asking your opinion on hard cases because they know you will not have a useful answer, you have lost the one thing that makes cyber supervision different from generic NCO supervision", "Failing to manage up effectively \u2014 wing commanders and squadron commanders need to understand cyber threats in mission terms, not technical terms, and a TSgt who cannot translate between the two is functionally invisible to decision-makers", "Allowing a flight culture to develop that tolerates mediocre documentation and sloppy incident handling because the boss is too busy to check \u2014 the audit will happen and your name is on the flight's products", "Missing the SMSgt board window by prioritizing current assignment comfort over career broadening \u2014 a TSgt who has spent 10 years doing the same CDO flight rotation without a staff tour or joint assignment is not competitive for senior enlisted leadership"]

A Day in the Life

[{"time": "0700", "activity": "Arrive; review overnight significant incidents and any items requiring TSgt-level action or reporting"}, {"time": "0730", "activity": "Brief with shift SSgt leads \u2014 current incident status, personnel issues, and any command-level items pending"}, {"time": "0800", "activity": "Flight administrative work: EPR reviews, training records, compliance documentation, MICT updates"}, {"time": "0930", "activity": "Review significant open incidents with the responsible SSgt \u2014 technical engagement, not just supervisory check-in"}, {"time": "1000", "activity": "Staff coordination: inputs to wing-level briefings, OPLAM contributions, liaison with S6 or mission defense team"}, {"time": "1100", "activity": "Formal or informal counseling sessions with assigned SSgts and junior Airmen as needed"}, {"time": "1200", "activity": "Commander or supervisor update: brief squadron or group leadership on significant cyber events and flight status"}, {"time": "1300", "activity": "Technical block: hands-on time in SIEM or threat intel tools \u2014 deliberate maintenance of operational proficiency"}, {"time": "1400", "activity": "Professional development: cert study, review of current threat intelligence reporting, or contribution to unit TTPs"}, {"time": "1500", "activity": "Shift review: quality check on the day's significant tickets before outgoing brief"}, {"time": "1600", "activity": "Flight end-of-day summary: significant incidents, personnel notes, anything requiring commander awareness"}, {"time": "1700", "activity": "Administrative wrap: email, action items, next-day prep"}, {"time": "1800", "activity": "Depart \u2014 on-call responsibility remains for significant events"}]

Weekly Cadence

TSgt on a non-rotating schedule (most flight superintendent roles operate on a standard duty day) works a traditional Monday-Friday pattern with on-call responsibility for significant events across all shifts. The operational rhythm is driven by the flight's shift rotations — you are not on shift yourself but you are accountable for what each shift produces. Weekly staff meetings, training compliance reviews, and command briefings create a recurring administrative cadence that competes with the supervisory and technical work for your time. The TSgts who manage this schedule well build buffer into their calendar — they do not schedule administrative work into the same blocks where they have reserved technical engagement time.

Key Skills — How to Drill Each

[{"skill": "Executive communication \u2014 briefing complex cyber incidents to non-technical commanders", "how": "Develop a standard incident briefing template your flight uses that automatically translates technical findings into mission impact, adversary intent, and recommended command decisions. Practice briefing it until you can deliver it without notes in the time a commander will give you."}, {"skill": "Flight-level quality assurance on analytical products", "how": "Build a review cadence that touches significant incidents before they close or escalate \u2014 not to second-guess your SSgts, but to ensure the documentation meets the standard for external reporting and future reference. Your review should add to the product, not just approve it."}, {"skill": "OPLAM and defensive posture planning input", "how": "Understand your supported unit's mission well enough to articulate what cyber threats most directly threaten their operational tasks. Your contributions to defensive planning need to be mission-oriented, not just technically thorough."}, {"skill": "Senior enlisted personnel development \u2014 SSgt mentorship toward TSgt", "how": "Your SSgts are at the hardest career decision point in the AFSC. The ones who are considering ETS are doing it partly because the leadership they are getting now is not showing them a compelling path forward. Be the leader who makes the career case through demonstrated coaching and visible advocacy."}, {"skill": "Technical currency maintenance against institutional drift", "how": "Block four to six hours per week for technical work \u2014 actual hands-on time in tools, not reading about tools. Review significant incidents your team is working with technical engagement, not just supervisory oversight. Your certification currency is also part of this \u2014 CISSP or an advanced technical cert demonstrates continued investment."}]

Manuals & References — What Chapters Matter

[{"ref": "DAFI 17-101, Cyberspace Operations \u2014 command authority sections", "why": "At TSgt you are briefing commanders on their authority to take specific defensive actions. You need to know what requires SECAF-level authorization versus what falls within base authority versus what requires USCYBERCOM coordination."}, {"ref": "AFI 33-322, Records Management and Information Governance", "why": "Cyber incident documentation is subject to records retention requirements. As the flight superintendent your unit's compliance with records management is your administrative responsibility and audit findings in this area fall on the senior NCO."}, {"ref": "DCSA Industrial Security regulations (if supporting contractor-cleared facilities)", "why": "TSgts supporting or liaising with defense contractor networks need to understand the industrial security framework governing what those organizations are required to report and how your defensive support relates to their compliance obligations."}, {"ref": "MAJCOM-level cyber TTP library and threat model", "why": "Your wing or MAJCOM publishes a threat-specific defensive posture document. As the senior technical NCO in your flight you should know this document well enough to teach it to your team and apply it to defensive planning."}]

Standards — How to Hit Each

[{"standard": "Flight analytical product quality that passes ORI/MICT review without corrective findings", "how": "Build a continuous internal review process \u2014 monthly sample audits of closed tickets from each team, documented findings, and trending. If you wait for the external review to find problems, you are already behind."}, {"standard": "CISSP or equivalent senior-level credential maintained", "how": "CISSP CPE requirements are ongoing. Build the annual CPE tracking into your administrative calendar \u2014 conference attendance, webinars, and formal training all count. Letting CISSP lapse at TSgt is a visible technical decline signal."}, {"standard": "SMSgt board record that reflects deliberate career broadening", "how": "A TSgt who has only done wing-level CDO flight work is not competitive for SMSgt in a career field that values both technical depth and organizational breadth. A staff tour, a joint assignment, or a CPT deployment distinguishes a competitive record."}]

Technical Mistakes — Concrete Consequences

[{"mistake": "Approving a significant incident report to higher headquarters without personally reviewing the technical analysis", "consequence": "If the incident report contains analytical errors and it has already been sent to MAJCOM or USCYBERCOM, the correction process is visible and embarrassing. Your signature on an external product means you have validated it."}, {"mistake": "Allowing your team to tune out detections for high-volume but analytically difficult categories without a formal exception process", "consequence": "Detection gaps created by informal 'we just ignore those' practices are not documented, not reviewed, and not visible during audits. When an adversary exploits the gap, the lack of documented rationale for the coverage hole is a findings nightmare."}, {"mistake": "Briefing a wing commander on a cyber incident using technical terminology without translating to mission impact", "consequence": "The commander does not make a decision or allocate resources based on a briefing they cannot parse. You have wasted their time and your technical content has zero organizational effect. The briefing fails even if the analysis was correct."}]

Career Decisions at This Rank

[{"decision": "Pursue 1st Sergeant (1C0X2) reclass or stay in the technical operations lane?", "analysis": "First Sergeant is a genuinely different career path \u2014 welfare of the unit's enlisted personnel, UCMJ advisor to the commander, career of-last-resort counselor. If you have strong interpersonal instincts and want to influence unit culture more than technical operations, 1st Sergeant is a legitimate and valued path. If your identity is tied to cyber work, reclass will be frustrating within 18 months."}, {"decision": "Apply for a staff tour at MAJCOM or USCYBERCOM or stay in an operational assignment?", "analysis": "Staff tours build the organizational perspective that makes senior enlisted leaders competitive for the most visible billets. A TSgt who has never worked a staff position cannot write a CONOP, contribute meaningfully to capability planning, or advocate for their career field in resource allocation discussions. Do one staff tour before making SMSgt \u2014 it changes how you understand the enterprise."}, {"decision": "ETS and take a contractor or federal civilian position in the cleared cyber workforce?", "analysis": "TSgt-level 1D7X3 with TS/SCI and active CPE certs is a highly competitive federal civilian applicant. GS-12/13 cyber analyst and SIEM engineer positions pay significantly more than E-6 total compensation in most duty station areas. The retirement vesting timeline is the primary financial argument for staying \u2014 if you are within 10 years of 20, the math shifts considerably in favor of completion."}]

How the Seat Varies by Unit Type

[{"unitType": "CDO Flight Superintendent (Wing-level)", "reality": "The most common TSgt assignment. People management, compliance, and administrative work dominate. Technical engagement is self-directed and requires discipline to maintain. Strong organizational leadership experience but high risk of technical drift."}, {"unitType": "CPT / Cyber Operations Element (Mission-focused)", "reality": "TSgt CPT leadership roles have higher operational tempo and more direct technical engagement. You supervise a hunt team rather than a SOC. The technical currency maintenance is easier because the work demands it. Deployment exposure is higher."}, {"unitType": "USCYBERCOM / Joint Staff Cyber", "reality": "Joint staff TSgts are doing predominantly staff work at a national level. The organizational exposure is exceptional. The technical work is minimal but the policy and planning work at this level shapes how the entire enterprise operates. Career-broadening value is among the highest available."}, {"unitType": "NRO / NSA / IC Assignments", "reality": "Intelligence community secondments for 1D7X3 TSgts with full-scope polygraphs are available and operationally significant. The work can be classified at levels that preclude EPR specificity but the peer development and operational exposure is high. These assignments are selectively filled and typically require deliberate pursuit."}]

What Good Looks Like at This Rank

A strong TSgt 1D7X3 is the flight superintendent the wing commander calls directly when there is a significant cyber event — not because the commander bypasses the chain, but because the TSgt has established enough credibility to translate cyber threats into mission language that enables command decisions. Their flight's products are clean, their team is developing, and their technical opinions carry weight because they have stayed close enough to the work to have earned them. The best TSgts at this tier have also built a clear succession in their NCO corps. Their best SSgt is ready to take their shift lead role. They have documented the institutional knowledge the flight depends on. When they PCS, the flight does not crater — it transitions. That is the standard.

Preview — The Next Rank

SMSgt in the cyber domain is an organizational leadership role. The technical work is almost entirely advisory — your value is your judgment, your institutional knowledge, and your ability to develop and advocate for junior cyber professionals across a large organization. The hands-on technical work you have been protecting at TSgt will largely disappear at SMSgt, replaced by policy, strategy, and senior personnel management responsibilities. The SMSgts who remain credible technical voices do so through active engagement with the technical community — attending relevant conferences, maintaining professional relationships with operational units, and being intellectually honest about what they know and do not know in a fast-moving field.
FAQ

1D7X3 E6 — Frequently Asked Questions

Q01What does a E6 1D7X3 (Cable and Antenna Operations) actually do?
Serve as the CD section NCOIC or shift lead supervisor.
Q02What's the most important thing to know as a E6 1D7X3?
TSgt is the rank where your job title and your actual job diverge the most.
Q03What mistakes get E6 1D7X3 soldiers fired or relieved?
["Losing technical credibility by spending zero time on hands-on technical work \u2014 when your SSgts stop asking your opinion on hard cases because they know you will not have a useful answer, you have lost the one thing that makes cyber supervision different from generic NCO supervision", "Failing to manage up effectively \u2014 wing commanders and squadron commanders need to understand cyber threats in mission terms, not technical terms,…
Q04What's next after E6 for a 1D7X3 (Cable and Antenna Operations) in the Air Force?
SMSgt in the cyber domain is an organizational leadership role.
Q05What manuals and regulations does a E6 1D7X3 need to know cold?
AFMAN 17-1303, AFCYBER management publications, DISA network security publications, unit incident response plans

This playbook has no tips yet. Be the first to share what you know.

Published by the Honest MOS Editorial DeskVerified against DoD/.gov sourcesUpdated May 2026Editorial standards