Skip to main content
HonestMOS
InvestigationsCongress made VA disability claims free to file. An entire industry charges veterans anyway — and nobody can stop them.
Back to 17A Cyber Warfare Officer — overview, pay, training, civilian translation, reviews
17AO3-O4

Cyber Warfare Officer

O-3 to O-4 (Field Grade) · Army

HEADS UP

Cyber Company Command is the KD that gates the major's board and the post-command billet landscape. The branch is small enough that there is no hiding place — every captain's performance in command is visible to the ARCYBER senior leadership, and the OER from a Cyber Company Command runs against a small rated population where 'above center of mass' is a concrete bar rather than a statistical abstraction. Build the joint-tour credit early; the post-command billets that build the field-grade record are at USCYBERCOM, NSA, and COCOM J-39s, and joint-duty credit at the captain's tier puts you ahead of the ILE-plus-post-command peers who first touched joint work as a major.

The Honest MOS Read
The Captains Career Course at the Army Cyber School at Fort Eisenhower runs roughly 5-6 months and adds the command-level legal framework, company-grade operations management, and advanced cyberspace planning doctrine that CBOLC was too early to deliver. You finish CCC and enter the KD window as one of the Army's most in-demand company-grade officers for a set of billets that do not look like any other company command in the Army. The most common 17A KD tracks: Cyber Mission Force Company Command at ARCYBER or a subordinate element — a company of 50-80 personnel running National Mission Team, Combat Mission Team, or Cyber Protection Team operations under USCYBERCOM tasking authority; Defensive Cyber Operations Company Command at an Army Service Component Command, responsible for DCO-IDM operations across a theater network; or a Cyber Planner or Staff Cyber Officer billet at a corps, ASCC, or COCOM J-39/J-2 integrating cyber effects into joint operations. A small number of competitively selected 17A CPTs slate directly to joint-force-headquarters staff billets — USCYBERCOM J-3, JFHQ-DODIN staff, NSA — at the captain's tier as a first-KD-adjacent assignment rather than a command. Command of a Cyber company is different from command of a rifle company in ways that most Army institutions have not yet fully processed. The formation is small by Army standards, but every person in it holds a security clearance, most hold a TS/SCI, and a meaningful fraction hold access that requires continuous evaluation rather than periodic reinvestigation. The readiness construct reports to USCYBERCOM through ARCYBER on a quarterly certification cycle — the CMF readiness metric is not an ARNG/USAR availability percentage; it is a technical certification posture that either allows the CMF team to execute its USCYBERCOM-tasked mission or does not. A company commander who papers the readiness report creates a mission risk that surfaces during an actual event, not a training event. The post-command billet landscape for a 17A major is genuinely joint and genuinely competitive. USCYBERCOM J-2, J-3, and J-6 staff billets draw 17A majors with strong operational records. NSA's military associate program takes cleared Army officers into mission-support roles that build the intelligence-community integration that the senior cyber officer positions demand. ARCYBER G-3, G-5, G-7, and the operational planning teams at Fort Eisenhower are the Army-organic post-command destinations that build the field-grade cyber-command competitive record. COCOM J-39 Cyber planners — at INDOPACOM, EUCOM, CENTCOM, AFRICOM, CYBERCOM — are the joint-tour credit billets that combine JDAL credit with operational planning depth. ILE / CGSC at Fort Leavenworth is the professional military education gate before the major's board. The 17A officer who arrives at ILE with a Cyber Company Command OER, joint-tour credit, a current TS/SCI with active access, and a clear understanding of where he wants to go after ILE is positioned to compete for the lieutenant colonel command consideration that a small branch with a growing mission set offers at a higher rate than most Army branches. The field-grade billet market is where the FA / functional area decision becomes unavoidable. Some 17A majors are genuinely operational-cyber officers — their competitive record is in CMF execution, joint targeting, and command. Others are strategist-caliber thinkers whose talent is more FA59-shaped than 17A-shaped, or analysts whose depth is more FA49-shaped. DA PAM 600-3 names the options. The officers who make the decision before the major's board is their first opportunity are the ones who build a coherent competitive record rather than arriving at the board with a mixed OER narrative that HRC has to interpret.
Career Arc
  • 01Captains Career Course (CCC) at Army Cyber School, Fort Eisenhower — ~5-6 months.
  • 02KD billet: Cyber Company Command at ARCYBER/CMF element, DCO Company Command at an ASCC, or competitive staff billet at USCYBERCOM / JFHQ-DODIN.
  • 03CMF company readiness certification — quarterly USCYBERCOM accountability cycle; KD OER depends on this number.
  • 04ILE / CGSC at Fort Leavenworth (resident or non-resident ATRRS/DL) — gate before the major's board.
  • 05Post-command billet: USCYBERCOM J-3/J-6, NSA military associate, ARCYBER G-3/G-5/G-7, COCOM J-39 Cyber planner (JDAL-eligible).
  • 06Major's board (O-4 promotion) — centralized board under AR 600-8-29; branch is small, population is visible.
  • 07FA / functional area decision — 17A branch, FA26, FA49, FA59, or FA40 space — honest self-assessment before post-command billet execution.
Common Screwups
  • ×Papering the CMF readiness report — the ARCYBERCOM G-3 reads the quarterly readiness dashboard directly, and a company commander whose certified-team count does not match the actual team's DCWF qualification posture gets the relief conversation at ARCYBER command level, not at the battalion level. The branch is small; the relief is visible to everyone in the senior cyber officer cohort.
  • ×Clearance revocation during command — a TS/SCI revocation while in command of a Cyber company triggers a non-deployable, non-executable status for the commander and a cascade of readiness reporting that does not disappear from the record. Financial disclosure issues, unreported foreign contacts, and drug-related incidents are the three most common triggers. Own your continuous evaluation posture the way you own your ACFT score.
  • ×DUI or alcohol-related misconduct — same as every Army branch, but in a small community the incident is immediately visible to the ARCYBER CSM and the Army Cyber School leadership. The cleared-access career after an alcohol-related misconduct finding is a different conversation than it is in a branch where the incident disappears into a larger cohort.
  • ×Hiding a CMF team readiness shortfall or a DCWF credential expiration cascade from the chain of command. The instinct to fix it before reporting it is the instinct that produces the relief conversation. Report the shortfall, brief the closure plan, and execute. A chain of command that hears about a readiness problem from the G-3 dashboard before hearing about it from the commander does not forget that sequencing.
  • ×Post-command billet selection driven by geography rather than competitive record. The USCYBERCOM J-3 and NSA military associate billets are not filled by officers who request them — they are filled by officers the branch manager recommends based on KD OER quality and clearance posture. An officer who optimizes the post-command assignment for PCS destination rather than field-grade record impact arrives at the lieutenant colonel's board without the joint exposure that differentiates the competitive slate.

A Day in the Life

  • 0530-0630PT formation — company PT at the Cyber element level. Fort Eisenhower maintains Army PT standards; the company commander sets the formation standard and runs with the company rather than running separately. The unit PT program reflects the commander's priorities — this is an OER-visible signal.
  • 0700-0730Shower, uniform, chow. Check overnight alert queue — any ARCYBER FRAGORD, readiness-dashboard anomaly, or personnel flag (security clearance alert, DCWF expiration pop, leave/pass issue) that requires a commander response before the morning battle rhythm brief.
  • 0730-0800Commander's review of daily suspense list. Which readiness deliverables are due today? Which NCOERs are pending signature? Which team has a DCWF expiration in the next 30 days that needs a commander endorsement for a testing window?
  • 0800-0900Company command team sync or battalion morning battle rhythm brief (alternating, depending on the week's schedule). The commander updates the battalion/element leadership on company readiness posture, personnel issues, and ongoing mission support commitments. Anything that changed since yesterday's update goes on the slide before the brief, not after.
  • 0900-1200Primary command work block. CMF company command: team certification review, mission planning oversight for USCYBERCOM-tasked events, commander's time for targeted soldier development. DCO company command: supported-command coordination calls, CCRI/CORA inspection prep review, STIG remediation tracking across the supported network. Planning billet: CONOP / OPORD development, targeting cycle coordination, staff synchronization at the corps/ASCC/COCOM level.
  • 1200-1300Lunch — with NCOs or with the LT bench at least twice a week. The company commander who eats alone every day loses situational awareness faster than any other single behavior.
  • 1300-1500Personnel and administrative work block. NCO counseling sessions (quarterly minimum; monthly preferred at the E-6 and below level). School-slate coordination — who is eligible for CGSC, 17A branch-specific courses at the Army Cyber School, or NSA fellowship nominations. Reenlistment counseling for the 17C NCOs who are at their decision window.
  • 1500-1700Commander's availability block. Open door for NCOs, LTs, or soldiers who need a commander conversation. Read the ARCYBER G-3 information summary if published. Review the next day's training schedule. Prepare for any evening or next-day external coordination calls with the supported command or higher HQ.
  • 1700-1800End-of-day command debrief with XO / 1SG. What happened today that the commander needs to know before tomorrow morning? Any incident, personnel flag, or readiness change that requires a notification to battalion gets drafted now, not tomorrow morning.
  • Evening (mission support periods)When the company is supporting a live USCYBERCOM-tasked mission or a major CPX, the schedule collapses to a 24-hour operations rhythm. The commander runs the shift transition brief, monitors the battle rhythm, and is the decision authority for any effects request or incident report that exceeds team-lead authority. Sleep, food, and personal admin get managed around the mission window — this is not the norm, but it is not rare in a CMF company.

Weekly Cadence

The company command week in a CMF element is anchored by two reporting cycles that do not move: the daily readiness posture update to the battalion or element operations center, and the quarterly USCYBERCOM readiness certification cycle that the weekly posture feeds into. Monday morning the commander reviews the weekend incident log (even in garrison, the monitoring function does not fully stop), confirms the week's training schedule is locked and resourced, and checks the DCWF expiration tracker for any credential that moved into the 30-day warning window. By Tuesday afternoon, the battalion/element battle rhythm brief has happened and the company's readiness posture is on record for the week. Mid-week is the personnel and development intensive. Wednesday and Thursday: NCO counseling blocks, school-slate coordination, LT development meetings. The company commander who does not have a structured counseling calendar by month two of command is a commander who will be writing reactive counselings rather than developmental ones — and the NCO counseling record is visible at the E-7 promotion board in ways that compound. Thursday is also the targeting-coordination window for companies with an ongoing effects request in the joint targeting cycle; the fires cell, JAG, and IO cell coordination calls cluster in the mid-week window. Friday is the administrative anchor: 4986s, property-accountability checks, leave-request review, MEDPROS status pull. The property-accountability function in a Cyber company is more complex than it appears — the classified equipment accountability, the COMSEC sub-hand-receipts, and the computing hardware with both unclassified and classified configurations require a company commander who treats property accountability with the same rigor the armor company commander applies to tracked vehicle readiness. Equipment with TS/SCI-level classification attached to it gets counted and verified the same way a COMSEC keying material inventory gets counted — two-person integrity, documented, defensible.

Key Skills — How to Drill Each

  1. 01
    Command a Cyber Mission Force company or DCO company — certify teams to USCYBERCOM readiness standards, manage personnel and equipment across a geographically dispersed CMF element, sustain DCWF qualification currency across 50-80 soldiers.
    Build the readiness tracking infrastructure in the first 30 days of command: a living DCWF qualification roster for every person in the formation, a clearance reinvestigation timeline tracker (know who is due for a 5-year or 6-year periodic reinvestigation 12 months before it happens, not 30 days before), and a team certification calendar synced to the USCYBERCOM quarterly readiness cycle. The company commander who inherits a formation in readiness debt and clears it in the first 90 days earns an OER that reads 'took over a degraded readiness posture and certified all teams within 90 days.' That bullet is worth more than any single technical achievement in the KD window.
  2. 02
    Run a joint cyber planning cell — integrate OCO / DCO effects requests into the Joint Targeting Cycle per JP 3-60, coordinate with fires, JAG, and IO, and brief the two-star on a cyber effects recommendation.
    The targeting-cycle coordination meeting is where the 17A captain earns or loses credibility with the maneuver staff. Know the JP 3-60 targeting cycle sequence cold — commander's objectives, target development, capabilities analysis, commander's decision, mission planning, execution, assessment — and know where cyber effects requests enter and exit each phase. The JAG review is not a checkbox; the Title 10 / Title 50 / intelligence-community authority seam is where most OCO requests get slowed, and the captain who has pre-coordinated with the JAG before the targeting board is the captain whose request moves through the cycle on schedule.
  3. 03
    Manage the CMF readiness construct — team certification cycles, quarterly readiness assessments, DCWF credential expiration tracking, and honest reporting to ARCYBER G-3.
    The readiness report is the company commander's most publicly visible product. Treat it with the same rigor you would treat a CTC AAR. Before each quarterly report, run a ground-truth audit: pull every team member's DCWF credential status from the authoritative source (not from the NCO's recollection), verify each team's certification currency against the USCYBERCOM certification criteria, and document the delta between reported and actual. A commander who submits a readiness report that matches the actual posture, even when the posture is degraded, earns the senior rater's trust. A commander who submits a clean report that does not survive a G-3 audit loses it.
  4. 04
    Translate technical cyber risk to a maneuver commander or a GS-15 in language they will repeat correctly to the next echelon.
    The brief that works is the one the commander retells accurately to the next echelon without embellishment or simplification. Build a translation layer: for every technical finding, draft a one-sentence commander's summary that captures the operational impact without requiring the commander to understand CVSS scoring or STIG categories. Test it in the hallway before the brief — if a non-technical major can repeat the summary accurately after hearing it once, it is ready for the two-star. If he cannot, rewrite it. The 17A captain who earns 'communications skills' as an OER bullet from a maneuver senior rater is the one who built this translation layer early.
  5. 05
    Build and run an officer development program for a bench of 17A LTs — OER counseling cadence, DCWF credential sponsorship, KD assignment timing, school slate management.
    The 17A LT cohort is small and the senior leadership knows every name. The captain who is sponsor, mentor, and OER writer for two to three LTs simultaneously is building the next generation of the branch. Counseling cadence: 30-day, 60-day, and quarterly minimum; every counseling session documents the LT's DCWF credential status, the KD assignment timeline, and the school-slate recommendation. A LT whose captain never wrote a school endorsement until the board window opened is a LT whose record looks thin at a board where two or three schools sponsored by a captain's recommendation would have been easy bullets.

Manuals & References — What Chapters Matter

  • FM 3-12 — Cyberspace and Electronic Warfare Operations
    The command-level planning doctrine that the company commander's briefs to the BCT or ASCC are expected to reflect. Chapter 2 (cyberspace operations types) and Chapter 3 (integration with other warfighting functions) are the references behind every command relationship brief the captain delivers to a supported maneuver commander who is learning the domain.
  • JP 3-12 — Cyberspace Operations; JP 3-60 — Joint Targeting
    The targeting cycle in JP 3-60 is the document the fires cell, JAG, and J-3 are reading when the captain walks into the targeting board. Know both documents at the chapter level — JP 3-12 for the authority and coordination framework, JP 3-60 for the targeting cycle sequence. A company commander who is fluent in both can defend an effects request through the targeting cycle without escalation.
  • AR 600-20 — Army Command Policy; AR 623-3 — Evaluation Reporting
    Command policy and the OER system are the two documents that define the company command window. AR 600-20 governs command climate, counseling obligations, and the legal framework for command authority. AR 623-3 governs how you write the OERs for your LTs and how your senior rater writes yours — know the rating scheme, the profile requirements, and the distinction between 'most qualified' and 'highly qualified' before you submit your first OER under your signature.
  • DoDM 8140.03 — Cyberspace Workforce Qualification; DoDD 8140.01 — Cyberspace Workforce Management
    The credential framework that governs every DCWF role in the formation. At the company commander level, you own the aggregate DCWF qualification posture for the entire company. DoDM 8140.03 Annex 1 lists the approved credentials by work role category — know the list for every role coded in your unit before the first quarterly readiness report is due.
  • DA PAM 600-3 — Officer Professional Development; AR 600-8-29 — Officer Promotions
    The 17A / Cyber branch chapter in DA PAM 600-3 and the DOPMA-governed promotion math in AR 600-8-29 are the documents behind every career decision the captain makes during the KD window. Read both before the CCC graduation — the captain who arrives at KD knowing the field-grade billet landscape, the joint-tour credit requirements, and the promotion-zone math under DOPMA is the one who makes deliberate rather than reactive career decisions.

Standards — How to Hit Each

  • Captains Career Course graduate; ILE / CGSC complete before the major's board.
    ILE resident at Fort Leavenworth is the competitive-record preference; non-resident via ATRRS/DL satisfies the gate but is less visible. The CCC graduate who requests resident ILE early — before the major's board creates the pressure — demonstrates the long-range planning instinct that the field-grade billet market rewards.
  • Successful KD OER — Cyber Company Command or equivalent — with a senior rater profile and bullets tied to measurable outcomes.
    The KD OER is the single most-read document in the 17A captain's record at the major's board. Bullets that the senior rater can defend must be tied to the USCYBERCOM quarterly readiness metric, to a specific CMF mission execution event, to a DCWF qualification improvement (team went from 65% to 100% certified in the first 90 days), or to a specific inspection or exercise result. 'Led cyber company through successful training' is not a bullet that survives a small-branch board where the rated population is visible.
  • TS/SCI with relevant access maintained continuously throughout KD and post-command window.
    The clearance is the career. Own the continuous-evaluation lifecycle: know your investigation due date, ensure every foreign travel report is filed within the required window, and maintain financial disclosure currency. A clearance gap during the post-command billet window makes the NSA military associate and USCYBERCOM J-3 billets inaccessible — the billet manager moves to the next candidate and the field-grade record is missing the joint-exposure bullet that the major's board expects.
  • JDAL credit (Joint Duty Assignment List) — joint-tour credit on the path to O-5.
    JDAL-eligible billets at USCYBERCOM, JFHQ-DODIN, NSA, and COCOM J-39s are the post-command destinations that satisfy both the joint-credit requirement and the field-grade record requirement simultaneously. Identify the JDAL-eligible billets in the 17A post-command landscape before CCC graduation and work the assignment request through the HRC 17A branch manager rather than waiting for the post-command assignment cycle to surface an option.

Technical Mistakes — Concrete Consequences

  • Treating Cyber Company Command as a technical problem rather than a people and accountability problem.
    The brigade commander and the ARCYBER CSM are watching the formation, not the network brief. A company commander who spends the KD window as the best technical operator in the unit — running vulnerability scans, building targeting products — while the 17C NCO retention rate drops, the DCWF certification roster falls behind, and the counseling cadence goes dark will receive an OER that describes a technically proficient captain who could not run a formation.
  • Hiding a CMF team readiness shortfall from the chain of command to 'fix it before the quarterly report.'
    The ARCYBER G-3 reads the readiness dashboard before the quarterly report is submitted. The company commander who reports a degraded posture accurately — 'Team Alpha is at 60% certified, closure plan attached, 90-day timeline' — gives the chain of command a solvable problem. The company commander who submits a 95% report that the G-3 dashboard contradicts gives the chain of command a trust problem, and the relief conversation at ARCYBER command level is visible to the entire senior cyber officer cohort.
  • Confusing technical cyber depth with strategic or staff cyber depth in post-command billet conversations.
    The USCYBERCOM J-3 and NSA military associate billets require staff-officer planning skills and interagency coordination depth — not the ability to run the CMF toolset faster than the team. A captain who arrives at a USCYBERCOM staff billet and tries to establish credibility through technical operator performance will find that the GS-14 civilian sitting next to her has been running the toolset for eight years and is unimpressed. The staff-level credibility in those billets comes from planning quality and joint-process fluency, not technical virtuosity.
  • Letting DCWF credential expiration cascade across the company because 'the team is deployed or on mission.'
    DoDM 8140 does not suspend for OPTEMPO. The quarterly readiness report captures the expiration status regardless of deployment or mission tempo, and a company-wide DCWF expiration event — even if operationally understandable — lands as a commander-owned readiness failure in the record. Build the 12-month and 6-month expiration warning into the company administrative calendar and execute the renewal cycle proactively.
  • Skipping the FA / branch-transfer conversation because 'I am a 17A and want to stay 17A.'
    DA PAM 600-3 names the functional area paths for a reason. A 17A captain who arrives at the major's board without having consciously evaluated whether FA26, FA49, FA59, or the 17A operational track matches her talent and the available post-command billet landscape is an officer whose record was built by default rather than by design. The captains who make the decision honestly and early — and build the record that supports the chosen track — are the majors who do not need the branch manager to explain their OER narrative to the board.

Career Decisions at This Rank

  • Cyber Company Command vs. competitive staff billet as the KD
    Company Command is the most common KD for 17A captains and the one the centralized board reads with the most confidence — it is the seat the Army expects a 17A captain to prove himself in, and the OER narrative from a company command with measurable readiness outcomes is the clearest competitive record at the major's board. The competitive staff billet (USCYBERCOM J-3, NSA military associate, JFHQ-DODIN) as a KD-adjacent assignment is available for a small cohort of high-performing captains; it builds joint-planning credibility earlier but produces an OER narrative that the board reads with less confidence because company command is the known standard. The case for taking the staff billet as KD is strongest if the billet is at the USCYBERCOM level and the senior rater is a senior military officer — not a GS-15 civilian — who can write a defensible OER in Army terms.
  • Functional Area designation vs. staying 17A operational track at the major's window
    DA PAM 600-3 names FA24, FA26, FA40, FA49, FA59 as the functional area destinations that 17A officers have historically moved into. The case for FA designation is strongest for officers whose talent is demonstrably strategic (FA59), analytic (FA49), engineering-depth (FA26), or space-integrated (FA40) rather than operational-cyber. The case for staying in 17A is strongest for officers who want to command a battalion and who have the KD OER and post-command billet record to compete for that slate. The branch is small; battalion command opportunity exists but is not automatic. The FA decision is irreversible after the major's board window closes — make it on talent and trajectory, not on peer pressure or inertia.
  • Post-command billet at USCYBERCOM / NSA vs. ARCYBER G-staff vs. COCOM J-39
    All three post-command tracks lead to the major's board with a field-grade record — the question is which one builds the joint-duty credit and planning depth that positions the officer for lieutenant colonel command consideration. USCYBERCOM J-3 and NSA military associate billets produce JDAL credit and interagency depth; the daily work is staff-intensive and requires the planning-level skill that the LT and company-command years built. ARCYBER G-3/G-7 keeps the officer in the Army-organic cyber world with high visibility to the ARCYBER command team — good for officers who want battalion command at Fort Eisenhower-adjacent commands. COCOM J-39 billets (INDOPACOM, EUCOM, CENTCOM) combine JDAL credit with joint-planning depth in a geographic combatant command environment that broadens the strategic context beyond the cyber domain.
  • ILE resident at Fort Leavenworth vs. non-resident ATRRS/DL completion
    Resident ILE is the competitive preference — not mandatory, but the boards read it differently. The year at Fort Leavenworth is the one year in the career where the officer is not accountable to a formation or a readiness report; the intellectual development, the cross-branch network, and the staff-college credential it produces are disproportionately valuable for a small branch where the senior officers know every face. Non-resident completion satisfies the gate but does not produce the network or the experience. If resident ILE is available in the post-command window, take it.
  • Retention vs. separation at the post-command window (civilian sector / cleared contractor market)
    The 17A major at the post-command window holds a TS/SCI clearance, operational cyber experience, and a demonstrated ability to lead technical personnel — this profile is worth $150,000-$250,000+ in the cleared contractor market, and the defense-industry and intelligence-community civilian appetite for this profile is real and growing. The retention conversation is honest: the Army's battalion command slate for 17A is real but competitive; the path to O-6 and the senior assignments that follow requires a sustained commitment over the next decade; and the civilian-sector timing window (cleared experience at the 10-12 year mark) is genuinely favorable. Officers who want battalion command and are performing at the competitive level should stay. Officers who are performing above average but below the battalion-command threshold should make the separation decision clearly rather than drifting through post-KD tours without a plan. The clearance does not expire the day you separate — the value of the profile is portable.

How the Seat Varies by Unit Type

  • Cyber Mission Force Company (Combat Mission Teams), ARCYBER Fort Eisenhower
    The primary KD track for 17A captains and the most USCYBERCOM-visible command. The formation is small (50-80 personnel), the mission tempo is set by USCYBERCOM tasking, and the readiness construct is quarterly certified. The command climate challenge is unique: the 17C NCOs and civilian contractors in the formation have technical depth the captain does not — the captain's authority is organizational, not technical, and the formation knows it. The company commanders who thrive here build trust with the NCO leadership by clearing administrative roadblocks, sponsoring DCWF credentials, and making the mission execution environment as low-friction as possible. The ones who struggle try to establish technical credibility in a formation of people who have been doing this for a decade.
  • DCO Company, Army Service Component Command (ASCC)
    The most operationally integrated command for 17A captains — your formation is defending a theater-level Army network, your supported command is an operational ASCC (USAREUR-AF, USARPAC, USARCENT, USASOC), and the maneuver community visibility is real. The ASCC commanding general's staff reads your DCO readiness brief. The work is less CMF-toolset-intensive and more network-architecture-and-compliance-intensive than a CMF company command. The OER narrative from a DCO company command at an ASCC is visible to the supported maneuver command's senior leadership — a positive relationship with the ASCC G-6 and J-6 translates into OER bullets written at a visibility level the Fort Eisenhower CMF company does not always produce.
  • USCYBERCOM / NSA military associate billet (as a KD-adjacent assignment or post-command billet)
    The most joint and most civilian-interface-intensive assignment in the 17A track. USCYBERCOM Fort Meade is NSA's neighbor and the operational headquarters for the joint cyber mission force. The military associate program places Army officers in NSA mission-support roles; the USCYBERCOM J-3 staff is a mix of military officers from all services and civilian analysts who have been working the problem since before USCYBERCOM was established. The culture is more NSA than Army — rank matters less than expertise and output in the daily work culture, and the 17A captain who arrives expecting the traditional military chain-of-command dynamic will spend the first 90 days recalibrating. The post-command billet here is the highest-visibility joint assignment in the 17A field-grade landscape.
  • COCOM J-39 Cyber Planner (INDOPACOM, EUCOM, CENTCOM, AFRICOM)
    The post-command assignment that most directly builds the combatant-command planning depth and geographic context that shapes a 17A major's strategic worldview. The J-39 at each COCOM is a small staff of cyber planners who integrate cyber effects into the combatant commander's theater campaign plan. The work is staff-intensive, classification-intensive, and coalition-coordination-intensive at EUCOM and INDOPACOM — working with allied nation cyber teams is a different coordination dynamic than working inside the US-only USCYBERCOM construct. JDAL credit and the geographic combatant command planning credential are the two outputs that justify the PCS cost of a COCOM J-39 tour.
  • 780th MI Brigade (Cyber) / INSCOM, Fort Meade
    The Army-organic cyber-intelligence command. The 780th is the Army's primary cyber brigade under INSCOM and includes elements that operate at the SIGINT/cyber seam. 17A officers at the 780th are working in a formation where the 35-series MI officer culture and the intelligence-community clearance framework are dominant — the daily work is more IC-adjacent than a CMF company at Fort Eisenhower. Post-command billets here feed into DIA, INSCOM G-2, and the NSA/CSS military affiliate tracks rather than the USCYBERCOM operational staff.

What Good Looks Like at This Rank

The good 17A captain commanded a Cyber company that did not lose its CMF team certification posture during his KD window. All teams were certified to USCYBERCOM readiness standards before the first quarterly report was due; the one team that dropped below threshold during a personnel turbulence event had a documented recovery timeline on the G-3 desk within 48 hours. The DCWF qualification roster was accurate — not the NCO's recollection, not last quarter's spreadsheet, but a live document that matched the authoritative source on the day of any audit. The 17C NCOs who served under him during command are on the next reenlistment cycle at better-than-branch-average rates, and two of them are on the NCOER that his senior rater signed. As a major, he is on a USCYBERCOM J-3 or NSA military associate billet — not because he requested the assignment for the prestige, but because the HRC 17A branch manager recommended him based on the KD OER quality and the clearance posture that never had a gap. His ILE is complete. His joint-tour credit is logged. His FA decision is made and documented in the branch manager's assignment file. The post-KD billet is building the planning-depth record that the centralized lieutenant colonel command board looks for in a small branch where every competitive candidate is visible by name. The observable signature of the good 17A captain-major is not any single technical achievement — it is the pattern of decisions that shows the branch manager, the senior rater, and the board that this officer understands the domain, leads the people in it honestly, and makes career decisions that reflect the long-game rather than the assignment-cycle default. When the board reads the OER narrative, the arc is coherent: command performance tied to measurable readiness outcomes, joint exposure that is genuine rather than credential-chasing, and a post-command billet that was selected because it builds the field-grade depth the Army Cyber Corps needs in its next generation of battalion commanders.

Preview — The Next Rank

The lieutenant colonel command slate for the Army Cyber Corps is small — the branch generates fewer active-duty LTC command positions than most Army combat-support branches, and the competition for those billets concentrates in a cohort where every officer knows every other officer by name and OER reputation. The major who arrives at the lieutenant colonel command consideration window with a CMF company command OER, joint-tour JDAL credit, ILE complete, and a post-command billet that built planning depth at the USCYBERCOM or COCOM level is the profile the branch manager recommends without needing to explain the record. What changes at the LTC level is the scope of the accountability. A Cyber battalion commander (or a senior USCYBERCOM / ARCYBER staff element chief) is managing multiple company-grade elements, the aggregate CMF team readiness posture for a larger formation, and the relationship with the COCOM or ASCC supported command at the O-6 level. The technical execution is further from the LTC than it was from the captain — the battalion commander is managing readiness, personnel, and command climate across a larger formation, not running a planning cell or a targeting board personally. The officers who were strongest at the company command level because they were still close to the technical work are the officers who have the hardest transition to the battalion command level, where the job is building the conditions for the company commanders to perform rather than performing directly. The post-LTC command billet landscape for a 17A officer runs toward senior staff positions at USCYBERCOM, ARCYBER, OSD Cyber Policy, NSA leadership, or the joint cyber planner tracks at the joint staff. The cyber domain's growth means that the colonel and general officer billets that did not exist in 2009 are now a real career horizon for the 17A officers who are performing at the top of the branch cohort today.
FAQ

17A O3-O4 — Frequently Asked Questions

Q01What does a O3-O4 17A (Cyber Warfare Officer) actually do?
You return to Fort Eisenhower — or deploy in the seat — for your Key Developmental billet.
Q02What's the most important thing to know as a O3-O4 17A?
Cyber Company Command is the KD that gates the major's board and the post-command billet landscape.
Q03What does a typical day look like for a O3-O4 17A?
Time-blocked day at the O3-O4 17A rank tier: 0530-0630 PT formation — company PT at the Cyber element level. Fort Eisenhower maintains Army PT standards; the company commander sets the formation standard and runs with the company rather than running separately. The unit PT program reflects the commander's priorities — this is an OER-visible signal, 0700-0730 Shower, uniform, chow. Check overnight alert queue — any ARCYBER FRAGORD, readiness-dashboard anomaly, or personnel flag (security clearance alert, DCWF expiration pop,…
Q04What mistakes get O3-O4 17A soldiers fired or relieved?
Papering the CMF readiness report — the ARCYBERCOM G-3 reads the quarterly readiness dashboard directly, and a company commander whose certified-team count does not match the actual team's DCWF qualification posture gets the relief conversation at ARCYBER command level, not at the battalion level. The branch is small; the relief is visible to everyone in the senior cyber officer cohort;…
Q05What career decisions matter most at the O3-O4 17A rank tier?
Cyber Company Command vs. competitive staff billet as the KD — Company Command is the most common KD for 17A captains and the one the centralized board reads with the most confidence — it is the seat the Army expects a 17A captain to prove himself in, and the OER narrative from a company command with measurable readiness outcomes is the clearest competitive record at the major's board. The competitive staff billet (USCYBERCOM J-3, NSA military associate, JFHQ-DODIN) as a KD-adjacent assignment is available for a small cohort of high-performing captains;…
Q06What's next after O3-O4 for a 17A (Cyber Warfare Officer) in the Army?
The lieutenant colonel command slate for the Army Cyber Corps is small — the branch generates fewer active-duty LTC command positions than most Army combat-support branches, and the competition for those billets concentrates in a cohort where every officer knows every other officer by name and OER reputation.
Q07What manuals and regulations does a O3-O4 17A need to know cold?
FM 3-12 — Cyberspace and Electronic Warfare Operations; JP 3-12 — Cyberspace Operations (the two documents that frame the planning logic at every brief level).; JP 3-60 — Joint Targeting (the cycle that OCO effects requests enter; know it at the chapter level before your first targeting board).; AR 25-2 — Army Cybersecurity; DoDM 8140.03 — DCWF Qualification; DoDD 8140.01 — Cyberspace Workforce Management.

This playbook has no tips yet. Be the first to share what you know.

Published by the Honest MOS Editorial DeskVerified against DoD/.gov sourcesUpdated May 2026Editorial standards