Skip to main content
HonestMOS
InvestigationsCongress made VA disability claims free to file. An entire industry charges veterans anyway — and nobody can stop them.
Back to 25D Cyber Network Defender — overview, pay, training, civilian translation, reviews
25DE1-E3

Cyber Network Defender

E-1 to E-3 (Junior Enlisted) · Army

HEADS UP

Stop looking for the day-one private 25D — it does not exist. Nobody enlists Cyber Network Defender; you reclass in years later as a senior NCO, holding a clean Top Secret, an IAT-II cert, and roughly four years of verifiable IT/IA experience. At this rank your only 25D move is to be excellent at your feeder MOS (25B, 17C, or another signal/intel job), guard the clearance like it is the MOS, and start the cert clock now.

The Honest MOS Read
There is no 25D at PV1 through PFC. Read that twice, because a recruiter or a TikTok may have told you otherwise, and they were selling something. Cyber Network Defender is a reclassification-only, senior MOS — you do not enlist into it, you do not get it out of OSUT, and there is no cherry 25D anywhere in the Army. You come up through a feeder MOS — most often 25B (Information Technology Specialist), 17C (Cyber Operations Specialist), or a 35-series intel job — and you reclass IN later, after you have stacked the prerequisites. So this entry is the on-ramp, not the job. The honest question at your rank is not 'how do I do 25D work,' it is 'what do I do right now so the door even opens?' Start with the load-bearing wall: the clearance. 25D requires a Top Secret to award and TS/SCI eligibility to do the real work and to maintain. AR 380-67 governs the Personnel Security Program; the SSBI / Tier 5 investigation behind your clearance is run by DCSA (Defense Counterintelligence and Security Agency) and adjudicated off the SF-86 you filled out in the recruiter's office. From the day you raise your hand, your finances, your foreign contacts, your drug history, and your social-media footprint are the substrate of that clearance — and continuous evaluation never stops. The cherries who treat the clearance as a credential instead of a daily discipline are the ones who lose it inside their first enlistment. For most MOS that costs you an assignment. For 25D it costs you the MOS before you ever apply. There is no recovering the 25D path after a money problem, a concealed foreign contact, or a USB-in-the-wrong-port incident kills your clearance. Second: the experience clock. 25D wants roughly four years of documented, supervised IT/IA experience — and the word that matters is documented. Help-desk ticket volume is not the same as information-assurance depth. The reclass screen is looking for a soldier who has actually hardened systems to the DISA STIG, run patch and compliance cycles, read a SIEM, and triaged an incident — not a soldier who reimaged 400 laptops and never touched the defensive side. So at this rank you ask your S6 NCOs for the messy defensive work, and you make sure somebody with rank attests to it on paper. Verbal experience does not count when the board reads your packet years from now. Third: the certs. CompTIA Security+ is the DoDM 8140 / DoD 8570 IAT Level II baseline — it is the cheapest, fastest down-payment on a future 25D packet, and Army Credentialing Assistance pays for the voucher. Get A+ and Network+ done as the unspoken floor, get Security+ in hand early, and start eyeing CySA+ next. Every year you wait is a year you are not IAT-II and not building the file. Fourth, and the part everyone underestimates: 25D is a senior-NCO MOS. The rank floor has historically been SSG/E-6, with some windows opening to senior SGT/E-5 — but it moves, so the only true answer is the current HRC reclass MILPER message, not a barracks rumor. That means you cannot reclass into 25D without becoming a senior NCO first. Take the BLC slot when it is offered. Stack promotion points. Get good at being a soldier and a leader, because the cyber piece will not exempt you from any of it. The 25D-bound private is the 25B/17C the staff sergeant trusts with the weird STIG failure — and who already protects the clearance like the career it is about to become.
Career Arc
  • 01Enlist and complete the feeder-MOS pipeline (25B AIT or 17C pipeline at the Cyber Center of Excellence, Fort Eisenhower; or a 35-series intel pipeline) — there is no 25D AIT to attend at this rank.
  • 02Lock the Top Secret clearance through the SSBI / Tier 5 adjudication and treat continuous evaluation as a daily discipline from day one.
  • 03Month ~6 TIS: E-2 (automatic per AR 600-8-19); month ~12 TIS: E-3 / PFC (4 mo TIG, waivable).
  • 04Knock out A+, Network+, and Security+ (the IAT-II baseline) early — Army Credentialing Assistance funds the vouchers.
  • 05Move from help-desk tickets to real information-assurance work — STIG hardening, patch cycles, SIEM reading, incident triage — and get it documented by a supervisor.
  • 06Take the BLC slot when offered; 25D is a senior-NCO MOS and you cannot reclass in without the NCO development that starts here.
  • 07Find the senior 25D / 25B in the S6 and pull the current HRC reclass MILPER so you plan against the real gate, not a rumor.
Common Screwups
  • ×Believing you can enlist straight into 25D, or that you will 'switch over soon.' You cannot, and there is no soon — it is a senior-NCO reclass years away. Anyone telling you otherwise is selling a contract.
  • ×Treating the clearance casually — a shared CAC PIN 'just this once,' a careless credit decision, a hidden foreign contact, a badge selfie. Any one of those can quietly end the 25D dream before you ever apply, and a clearance revocation under AR 380-67 follows you forever.
  • ×DUI / drug pop / barracks Article 15 — separation risk under AR 635-200, a re-enlistment code that limits your options, and a security flag that makes the whole cyber-defense lane theoretical.
  • ×Financial mismanagement — maxed cards, a repo, unpaid debt going to collections. Money problems are the single most common clearance-killer in the security-adjudication guidelines, and the defensive community treats your credit report as part of your fitness for the job.
  • ×Coasting through your feeder MOS waiting for the reclass to save you. The reclass screen rewards the soldier who got genuinely good at IT/IA, not the one who marked time on tickets hoping the stripes would carry a thin packet.

A Day in the Life

  • 0500Wake. PT clothes on. Nothing here is 25D yet — you are a junior soldier in a feeder MOS, and the day starts the same as any private's. The cyber piece happens at the keyboard later, not at 0500.
  • 0530PT formation in the company / detachment area. Signal and cyber units run PT to the same Army standard as anyone else; the CSM reads ACFT pass rates off the slide whether you are 25B or 11B. Take accountability, fall in.
  • 0545-0700Unit PT. Cardio and strength rotate through the week. The mistake here is thinking a 'tech' MOS exempts you from the run — it does not, and a low ACFT will flag a future 25D packet just as fast as anyone else's.
  • 0700-0900Hygiene, change, breakfast. Most junior soldiers eat at the DFAC. This is also free study time if you are smart — Security+ objectives on the phone over coffee beat scrolling.
  • 0900First formation. Section sergeant reads announcements and hands out the day's tasks. You listen; phone stays in the pocket.
  • 0915-1200Work call in the S6 / help desk / network shop. Reimage and harden workstations to the DISA STIG, close tickets, run a patch cycle, re-rack a server when the systems NCO says so. The 25D-bound soldier asks for the defensive task — the STIG failure, the SIEM question — instead of taking only the easy tickets.
  • 1200-1300Chow. Conversation drifts to certs, the Credentialing Assistance backlog, and who is studying for what. The smart junior is in those conversations, not avoiding them.
  • 1300-1530Afternoon work call. More tickets and patches, plus whatever mandatory training the company stacked — cyber-awareness, OPSEC, SHARP, the annual DoD information-assurance training. Sit, listen, sign the roster, then get back to the keyboard.
  • 1530-1630Final formation. Section sergeant briefs the next day. Account for any sensitive items and government devices — for a future clearance holder, accountability discipline is the habit you are building now.
  • 1630Released. Mostly. Staff duty, CQ, and details still apply to junior soldiers regardless of MOS.
  • 1700-2000Personal time — and the real differentiator. The disciplined junior is in a home lab (personal equipment, never government) writing scripts and breaking down SIEM queries, or studying to a cert objective. The average junior is not. Three years from now that gap is the difference between a competitive 25D packet and a thin one.
  • 2000-2200Cert study, college coursework for promotion points, or family time for the few married this young. The soldier building the 25D path treats his own time as the lab the Army does not schedule for him.
  • 2200Lights out. Tomorrow is the same — and the long game is built one ordinary day like this at a time.
  • Field / exerciseWhen the unit deploys to the field or runs a network-focused exercise, the junior signal soldier is setting up and defending the tactical network — running cable, standing up systems, patching, and watching the logs. It is the closest you get to 25D work at this rank, and it is the kind of experience worth getting documented.

Weekly Cadence

The Mon-Fri rhythm at this rank is the feeder-MOS rhythm, not a cyber-defender's. Monday is high tempo — PT, the week's announcements, the tickets that piled up over the weekend, and any mandatory training the company front-loaded. Tuesday through Thursday are the work days: patch cycles, STIG compliance, imaging, ticket queues, and whatever the network shop is building or breaking. The 25D-bound junior treats these days as the place to volunteer for information-assurance depth — the STIG that will not pass, the alert nobody can explain — instead of cherry-picking the easy tickets, because the senior NCOs who will one day attest to your IA experience are forming their read of you in exactly these moments. Friday is usually the company-level event — PT, a safety brief, awards formation — and release. But the real weekly cadence for a soldier on the 25D path is the one the Army does not schedule: the home-lab hours and the cert study after 1700. The promotion-point and certification clock is a slow, steady grind — Security+ this quarter, Network+ done, CySA+ objectives opened, a few college credits banked, the Distributed Leader Course knocked out, the BLC slot requested. None of it is dramatic on any given week. All of it compounds. The junior who logs an hour of real study or lab work four nights a week for two years arrives at the reclass conversation with a packet; the one who waits for the Army to make him a defender arrives with a story about how he always meant to. The field and exercise weeks break the rhythm — those are when you actually stand up and defend a tactical network, which is the most 25D-flavored thing you will do at this rank and the most worth getting your supervisor to document.

Key Skills — How to Drill Each

  1. 01
    Be genuinely excellent at your feeder MOS first — 25B / 17C tier-1 and tier-2 work is the experience base the 25D reclass screen looks for, not a side quest.
    Volunteer for the work nobody wants: the failed STIG, the unreproducible ticket, the after-hours patch window. The senior NCOs who will one day attest to your IA experience form their read of you on whether you chase the hard problem or hide from it. Keep a private running log of what you touched, when, and what you fixed — that log becomes the spine of your documented-experience packet years from now.
  2. 02
    Operate a Windows and Linux command line — bash, grep, PowerShell, basic scripting — at the level a defensive analyst will expect of you later.
    Spend 30 minutes a night in a free home lab (a couple of VMs on a personal laptop, never on a government box). Learn to grep a log, parse a process list, and write a five-line script that automates a check you do by hand. The 25D who can read a host without a senior narrating it starts as the 25B who built that muscle on his own time at E-3.
  3. 03
    Image and harden a workstation to the relevant DISA STIG before it touches an operational network — STIG fluency is core to cyber defense, not just help desk.
    Pull the STIG and the STIG Viewer from public.cyber.mil and actually walk a checklist against a system. Do not just apply the unit GPO and move on — understand WHY a finding is a finding, so you can defend it at a cyber inspection instead of just flagging it. The defender who knows the control behind the setting is the one the section trusts with the assessment.
  4. 04
    Read a SIEM (Splunk / Elastic) and a packet capture in Wireshark well enough to describe what you are looking at without someone narrating it.
    Ask the S6 or your shop's senior analyst to show you the saved searches, then take them apart — figure out what each clause does and rebuild one yourself. Load a free PCAP from a public training set in Wireshark and follow a TCP stream end to end. The goal is to stop pasting someone else's query and start writing your own; that transition is the moment you become defensive talent instead of help desk.
  5. 05
    Protect your clearance like it is the MOS — because for 25D it literally is.
    Treat your finances, foreign contacts, and social media as part of your professional fitness, not your private life. Keep credit clean, report contacts and travel through your security manager before you have to, and post nothing about what you do — no unit, no 'learning cyber' badge, no location. Read the security-adjudication guidelines once so you know exactly what the reinvestigation looks at, and live so the answers are boring.
  6. 06
    Earn CompTIA Security+ early — it is the IAT Level II baseline 25D requires and the single fastest credibility move you can make as a junior.
    Submit for an Army Credentialing Assistance voucher, set a test date 8-10 weeks out, and study to the current SY0 exam objectives a little every day rather than cramming. Then keep going — open the CySA+ objectives the week you pass Security+. The junior who arrives at the eventual 25D conversation already IAT-II with CySA+ in progress is years ahead of the one who 'will get it before the board.'

Manuals & References — What Chapters Matter

  • AR 25-2 — Army Cybersecurity.
    The policy floor every defensive job in the Army is measured against. Read it once even if you only quote it later — it is the document that tells you what 'secure' officially means and what the cyber inspection holds your network to. Everything you do on the defensive side ladders up to this reg.
  • DoDM 8140 / the DoD 8570 framework — Cyberspace Workforce Qualification.
    This is the IAT / IAM chart that gates which billet you are allowed to hold. Find the IAT Level II line, see that Security+ sits there, and understand that the 25D you want to be is a stack of work-role qualifications above it. Read your eventual target work role's tasks now so the cert ladder you climb has a destination.
  • DISA STIGs and the public.cyber.mil reading list.
    The engineering standards you will be holding networks to as a defender. Download a STIG and the STIG Viewer and run a real checklist — this is where help-desk knowledge turns into cyber-defense knowledge. The public.cyber.mil library is also free and the same source the senior defenders use.
  • CompTIA Security+ exam objectives (current SY0 release).
    The IAT-II baseline 25D will require, and the cheapest first cert in the stack. Study straight off the published objectives. Then look at CySA+ next — the defensive-analyst cert that starts separating a real 25D candidate from a soldier who only holds the floor.
  • AR 380-67 — Personnel Security Program.
    The reg behind the clearance you have to protect to ever hold 25D. It explains the SSBI / Tier 5 process, continuous evaluation, and what gets a clearance suspended or revoked. Knowing it turns the clearance from a mysterious thing that happens to you into a discipline you actively manage.
  • The current HRC 25D reclass MILPER message + your career counselor.
    The single most important reference at this rank, because the prerequisites move. Rank floor, experience years, clearance level, the IAT-II cert, the In-Service Screening Test (ISST), and the 36-month service-remaining requirement are all spelled out in the live message — confirm them there, not from a buddy who reclassed three years ago under different rules.

Standards — How to Hit Each

  • CompTIA Security+ in hand early — the IAT-II floor and the cheapest down-payment on a future 25D packet.
    Use Army Credentialing Assistance for the voucher, set the date, and study to the objectives daily for two months. Do not wait until you are 'about to need it' — the value is in having it years before the reclass conversation so the packet shows a long defensive arc, not a last-minute scramble.
  • A+ and Network+ as the unspoken floor of any IT feeder — do not arrive at the 25D conversation without the basics done.
    Stack them early, also on Credentialing Assistance. These are the cheap, foundational certs that signal you are serious; a soldier who reaches the reclass screen still missing Network+ reads as someone who never built the base. Knock them out at E-3 when the schedule is lighter.
  • A clean Top Secret maintained without incident — the lane is permanent once it closes.
    Keep credit clean, report foreign contacts and travel through your security manager proactively, and live a boring social-media life. Treat every continuous-evaluation trigger — a credit pull, a contact, a financial event — as something to get ahead of, not hide. One incident does not just hurt a future reclass; under AR 380-67 it can end the 25D possibility outright.
  • Documented, supervised IT/IA experience that an NCO or officer can attest to — 25D wants roughly four years of it.
    The clock you start now is the clock that matters, so make it count and make it provable. Ask supervisors to capture your defensive work in counselings and evaluations, keep your own dated log, and chase IA depth (STIGs, SIEM, incident response) over ticket volume. The reclass screen treats experience that is not on paper as if it never happened.
  • BLC slot taken when offered — 25D is a senior-NCO MOS and the development starts here.
    Get on the roster the moment you are eligible; you cannot reclass into a senior-NCO MOS without making senior NCO first. Stack promotion points through cert credit, college, and the Distributed Leader Course in parallel, so the NCO track and the technical track climb together instead of one waiting on the other.

Technical Mistakes — Concrete Consequences

  • Plugging an unauthorized USB or personal device into a government system 'just to move a file.'
    That is a security incident and a removable-media violation the moment it happens. It triggers an inquiry, a counseling at minimum, and a note in the file that surfaces at your next clearance reinvestigation — the exact wrong thing on a record you want a 25D board to read. Use the approved transfer process, every time.
  • Closing a defensive ticket or marking a STIG finding 'compliant' without actually verifying the fix.
    The cyber inspection or the next assessment finds the open gap, and the senior NCO who trusted your work is the one who has to brief why it was signed off. You go from the junior trusted with the messy ticket to the junior whose work gets re-checked — the opposite of the read you need for a reclass.
  • Running an experimental or unauthorized tool on an operational network 'to learn.'
    Curiosity on a live network is an incident inquiry, possibly a violation under AR 380-5, and a clearance flag. Learn in a home lab on your own equipment. On the operational network you touch only what you are authorized to touch — the defensive community has no tolerance for freelancing, especially from juniors.
  • Skipping documentation — not logging the host, time, command, and output of what you touched.
    When an incident write-up needs your piece, your undocumented work is a hole in the timeline that the senior analyst has to reconstruct or guess at. Sloppy documentation reads as sloppy defense; clean, disciplined notes are how a junior earns the harder tasks.
  • Posting your job, unit, or a 'learning cyber' badge selfie on LinkedIn or social media.
    The defensive community is explicit about this, the SSO monitors it, and it surfaces at the clearance reinvestigation. What looks like harmless career-building is an OPSEC slip that flags you as someone who does not understand the discipline the MOS is built on.

Career Decisions at This Rank

  • Which feeder MOS to commit to as your road into 25D.
    If you enlisted 25B (IT Specialist) you are already on the most common on-ramp — systems administration and information assurance are the daily diet, and the experience maps cleanly to the 25D screen. If you enlisted 17C (Cyber Operations Specialist), you are in the deepest technical pipeline, but 17C has its own long career arc and its own retention math, so weigh whether you want to reclass to defensive 25D at all or stay on the 17C track. A 35-series intel feeder works too but requires you to deliberately chase the IT/IA experience your day job may not hand you. The decision at this rank is to commit to a feeder that actually generates documentable defensive work — and if yours does not, to get the messy defensive tasks anyway.
  • Credentialing Assistance now vs. waiting until you 'need' the certs.
    Army Credentialing Assistance funds vouchers for A+, Network+, Security+, CySA+, and more while you are junior and the schedule is light. The case for going now is overwhelming: the certs are cheaper to earn early, they show a long defensive arc on a future packet, and IAT-II standing opens billets the moment you have it. The only case for waiting is laziness dressed as patience. There is no version of the 25D path where having Security+ at E-3 hurts you. Pull the trigger this quarter.
  • How hard to guard the clearance versus living like a normal 19-year-old.
    This is the quiet, consequential one. The clearance does not forgive the choices most junior soldiers get away with — the maxed credit card, the off-the-books side hustle, the foreign girlfriend you did not report, the wild social media. For a 25D-bound soldier those are not youthful mistakes, they are MOS-enders. The honest analysis is that the cyber-defense path costs you some normal-private freedom in exchange for a six-figure post-Army future — and you have to decide at this rank whether that trade is worth it. If it is, start living like the clearance is already the career. If it is not, that is a legitimate answer too, but then 25D is not your lane.
  • Take the BLC slot early or keep grinding the technical side.
    Because 25D is a senior-NCO MOS, the leadership track is not optional — you cannot reclass in without making senior NCO first. Some junior tech soldiers want to bury themselves in the keyboard and treat NCO development as a distraction. That is a trap for a 25D-bound soldier specifically: the rank gate is as real as the experience gate. Take BLC when it is offered, stack promotion points, and run the NCO track and the technical track in parallel. The soldier who is technically sharp but rank-stalled never reaches the reclass window.
  • First re-enlistment — staying the course, reclassing early to a sister MOS, or eyeing the contractor exit.
    Your first re-enlistment window opens inside this rank tier or just after, and the cleared-IT contractor market is real money even for a junior. The honest test: are you on the 25D path because you want defensive cyber as a career, or because you want the credentials and an exit? Both are defensible. If you want the career, re-enlist with eyes on the experience clock and the reclass gate; the SRB and any 25-series retention initiatives are in the current HRC MILPER, so pull it before signing. If you want the exit, the certs and clearance you are building are worth more outside than the bonus — but be honest with yourself now rather than re-enlisting and resenting it.

How the Seat Varies by Unit Type

  • Brigade / battalion S6 (line BCT signal shop)
    The most common landing spot for a junior 25B feeder. You are running the brigade's network — help desk, patching, STIG compliance, standing up the tactical network in the field. The defensive depth is there if you chase it, but you have to chase it; the easy path is pure ticket-closing. This is where a 25D-bound soldier deliberately volunteers for the information-assurance work the shop would otherwise hand to whoever is left.
  • NETCOM / signal brigade / fixed-network footprint
    A more enterprise, garrison-network environment — RCC-style operations, larger systems, more formal change management. The IA work here is closer to what 25D actually does day to day, and the experience is highly documentable. A junior soldier in this kind of footprint who chases defensive tasks is building one of the cleanest reclass packets available.
  • INSCOM / 35-series intel formation (intel feeder route)
    If you came in 35-series, your day job is intelligence, not network defense — so the IT/IA experience 25D wants does not arrive automatically. You have to manufacture it: take the systems and information-assurance side tasks, get them documented, and build the cyber-defense resume your primary duty will not build for you. The upside is you are already living in the clearance discipline 25D requires.
  • Cyber Protection Brigade / ARCYBER footprint (17C feeder, rare for juniors near 25D work)
    If you enlisted 17C and landed in the Cyber Mission Force world, you are adjacent to the highest-end defensive work in the Army — but you are doing it as 17C, not 25D, and the question becomes whether you reclass to 25D at all or stay 17C. The exposure to real defensive cyberspace operations at this footprint is the best technical education a junior can get; the decision is which MOS you ultimately want to wear.
  • Field / deployed tactical network
    Across any feeder MOS, the field is where the junior signal soldier gets closest to real 25D work — standing up, monitoring, and defending the tactical network under pressure, with the logs actually mattering. The OPTEMPO is harder and the sleep is worse, but the experience is the most 25D-flavored thing you will do at this rank, and the most worth getting your supervisor to capture in writing.

What Good Looks Like at This Rank

The soldier actually on the 25D path at this rank does not look like a 25D — because there is no 25D yet. He looks like the sharpest 25B or 17C in the S6: the one the staff sergeant hands the messy defensive ticket — the STIG that will not pass, the SIEM alert nobody can explain — and gets back a clean, documented answer by the next morning. He chases the IA work that builds depth instead of the ticket volume that builds a number. He spends 30 minutes a night in a home lab learning to write the query instead of pasting it. And every piece of that work is getting captured by a supervisor, because he understands that experience the board cannot verify is experience that does not count. More than the technical chops, what marks him is the discipline around the clearance and the long game. His credit is clean. His social media says nothing about what he does. He reports a foreign contact before anyone asks. He took the BLC slot the day it was offered because he understands — unlike most of his peers — that 25D is a senior-NCO MOS, and the only way in is to become a senior NCO first. By his first re-enlistment window he has A+, Network+, and Security+ done, CySA+ in progress, a spotless Top Secret, four years of documented IA experience starting to accrue, and a senior NCO who has already said out loud, 'When you hit the rank and the experience window, you should pack for 25D.' That sentence — said by someone with rank, unprompted — is what good looks like at this stage. Everything else is the work that earns it.

Preview — The Next Rank

The next rank is Specialist — E-4 — and for a 25D-bound soldier nothing about the structural truth changes: you still are not a 25D, and you still cannot be. What changes is that the door starts to look real. At SPC the Army's tolerance for being figured-it-out drops, and you stop being a ticket-closer and become a defender. The expectation is that you run a real information-assurance workflow end to end — detect an anomaly in the SIEM, triage the host, contain it, document it — and that you can write a SIEM query yourself instead of pasting the senior analyst's saved search. The packet-construction job gets serious at E-4. This is the rank where you make sure the four-year experience clock is not just running but provable — getting your IT/IA time documented by a supervisor so it is verifiable when you apply, not a he-said claim. The cert ladder pushes past the floor: Security+ maintained, CySA+ on the wall before your E-5 board, and a defensive specialty cert (a GIAC family cert, or comparable) in progress. You also learn to speak the defensive community's language — mapping an observed behavior to a MITRE ATT&CK technique by ID and defending the mapping, because 25D is expected to do that fluently and the habit starts at SPC. The overarching reality at E-4 is that the rank floor still towers above you. 25D is historically SSG and up, with some windows opening to senior SGT — so at Specialist you are not reclassing yet, you are making damn sure that when you do hit the rank and experience gate, your packet is already built and your In-Service Screening Test is already passed. The smart E-4 pulls the current reclass MILPER with the career counselor, confirms this fiscal year's exact requirements, and reverse-engineers the timeline from there. The door is closer. It is still years away. The work between now and then is what decides whether it opens.
FAQ

25D E1-E3 — Frequently Asked Questions

Q01What does a E1-E3 25D (Cyber Network Defender) actually do?
You are not a 25D.
Q02What's the most important thing to know as a E1-E3 25D?
Stop looking for the day-one private 25D — it does not exist.
Q03What does a typical day look like for a E1-E3 25D?
Time-blocked day at the E1-E3 25D rank tier: 0500 Wake. PT clothes on. Nothing here is 25D yet — you are a junior soldier in a feeder MOS, and the day starts the same as any private's. The cyber piece happens at the keyboard later, not at 0500, 0530 PT formation in the company / detachment area. Signal and cyber units run PT to the same Army standard as anyone else; the CSM reads ACFT pass rates off the slide whether you are 25B or 11B. Take accountability, fall in, 0545-0700 Unit PT. Cardio and strength rotate through the week.…
Q04What mistakes get E1-E3 25D soldiers fired or relieved?
Believing you can enlist straight into 25D, or that you will 'switch over soon.' You cannot, and there is no soon — it is a senior-NCO reclass years away. Anyone telling you otherwise is selling a contract; Treating the clearance casually — a shared CAC PIN 'just this once,' a careless credit decision, a hidden foreign contact, a badge selfie. Any one of those can quietly end the 25D dream before you ever apply, and a clearance revocation under AR 380-67 follows you forever;…
Q05What career decisions matter most at the E1-E3 25D rank tier?
Which feeder MOS to commit to as your road into 25D — If you enlisted 25B (IT Specialist) you are already on the most common on-ramp — systems administration and information assurance are the daily diet, and the experience maps cleanly to the 25D screen. If you enlisted 17C (Cyber Operations Specialist), you are in the deepest technical pipeline, but 17C has its own long career arc and its own retention math, so weigh whether you want to reclass to defensive 25D at all or stay on the 17C track.…
Q06What's next after E1-E3 for a 25D (Cyber Network Defender) in the Army?
The next rank is Specialist — E-4 — and for a 25D-bound soldier nothing about the structural truth changes: you still are not a 25D, and you still cannot be.
Q07What manuals and regulations does a E1-E3 25D need to know cold?
AR 25-2 — Army Cybersecurity (the policy floor every defensive job is measured against; read it once even if you only quote it later).; DoDM 8140 / the DoD 8570 framework — Cyberspace Workforce Qualification (the IAT/IAM chart that gates which billet you are allowed to hold).; DISA STIGs and the public.cyber.mil reading list (the engineering standards you will be holding networks to as a defender).

This playbook has no tips yet. Be the first to share what you know.

Published by the Honest MOS Editorial DeskVerified against DoD/.gov sourcesUpdated May 2026Editorial standards