Skip to main content
HonestMOS
InvestigationsCongress made VA disability claims free to file. An entire industry charges veterans anyway — and nobody can stop them.
Back to 35N Signals Intelligence Analyst — overview, pay, training, civilian translation, reviews
35NE1-E3

Signals Intelligence Analyst

E-1 to E-3 (Junior Enlisted) · Army

HEADS UP

Your TS/SCI with the CI polygraph is the most valuable thing in your wall locker, and it is on probation every day for the next twenty years. One personal electronic into the SCIF, one unreported foreign contact, one shared password on NSANet or JWICS, one careless comment in the parking lot at Fort Meade or Fort Eisenhower — and you are out of the building. The Goodfellow pipeline is done; the work-role pipeline is just starting. Two non-negotiables before pin-on E-4: keep the TS/SCI with the polygraph clean, and close out the JQR / OJT signoff book on your first work-role inside the team's published timeline. Everything else is recoverable; those two are not.

The Honest MOS Read
You are the junior Signals Intelligence Analyst — the Army's chair at an NSA-tasked Service Cryptologic Component (SCC) seat. You finished BCT (Fort Jackson, Fort Sill, Fort Moore, or Fort Leonard Wood depending on cycle), then shipped to Goodfellow AFB, Texas, the joint cryptologic schoolhouse the Air Force's 17th Training Wing hosts and the Army's 344th Military Intelligence Battalion (under the 312th Training Squadron's joint construct) runs the Army piece of. You sat in the same classrooms as Navy CTRs / CTNs, Air Force 1N-series, and Marine 26-series Marines, and the senior instructor cadre is a mix of all four services plus NSA / CSS civilians. The 35N pipeline runs roughly 25+ weeks depending on follow-on tracks; it is graded hard because every chair you fill downstream is an NSA-tasked seat in the cryptologic enterprise. Before you ever sat in a Goodfellow classroom you went through Single Scope Background Investigation (SSBI), now folded into Trusted Workforce 2.0 / Continuous Vetting under Security Executive Agent Directive (SEAD) 4, with a Counterintelligence (CI) polygraph adjudicated through DoD CAF. Some compartments downstream require a Full Scope (FS) poly on top of the CI; the team's polygraph branch walks you through the cycle when it applies. AR 380-5 (Information Security), AR 381-10 (US Army Intelligence Activities — Procedures 1-15 govern collection on US persons), AR 380-67 (Personnel Security), and DoDM 5105.21 (SCI Administrative Security Manual) are the governing regs you sign read-on paperwork against. You do not get to talk about what you read. You do not get to talk about what you target. You do not get to put it on LinkedIn at ETS in any specific terms. EO 12333 frames the whole IC architecture you now operate inside, and DoDD 5240.01 frames the DoD piece of it. You walked off the plane at one of a small set of duty stations: the 706th MI Group at Fort Meade (Army element co-located with NSA-Washington, the largest Army cryptologic concentration outside Fort Eisenhower); an INSCOM theater intelligence brigade slot (470th MI BDE at JBSA-Fort Sam Houston for SOUTHCOM / CENTCOM-adjacent SIGINT, 500th MI BDE at Schofield Barracks for INDOPACOM, 501st MI BDE in Korea, 66th MI BDE in Wiesbaden Germany for EUCOM); the 780th MI Brigade at Fort Eisenhower (the Army's offensive cyber brigade — note Fort Eisenhower was renamed from Fort Gordon in 2023; senior NCOs there treat the sign on the gate as the least interesting thing about the unit, but cite the rename when explaining the post to family); a Cyber Mission Force team detached to NSA-Hawaii at Kunia, NSA-Texas at San Antonio, or NSA-Colorado at Aurora; or a national-detail seat that puts an Army PFC on an NSA enterprise team alongside civilian analysts and contractors. The team you arrived at had your slot on the manning document for months — they know your name, your Goodfellow grades, and roughly when you cleared the polygraph. Your job for the next 18-24 months is to earn the second TS/SCI clearance review so the first one is worth carrying. Most of your week is shadowing a certified analyst on the team's assigned work-role, consuming the on-the-job training pipeline, sitting a position you cannot drive alone yet, and grinding the unglamorous workforce of an SCC seat: SCIF in-processing through the Special Security Officer (SSO), polygraph re-scope paperwork when SEAD 3 or the unit's CV cycle drives one, IAT-II prerequisite study under DoDM 8140, SAEDA / TARP / cyber-awareness / OPSEC / insider-threat training ticklers, classified destruction logs under AR 380-5 (SF 700 / SF 701 / SF 702 / SF 153 paperwork with two-person integrity logged), NSANet and JWICS account activation, badge audits, and the Job Qualification Record (JQR) / OJT signoff book the senior analyst inspects every Friday. The senior analyst on the team and the team chief (often a CW2/CW3 350F All-Source Intelligence Technician or a 353-series SIGINT Analysis Technician, paired with an NSA civilian senior at the GS-13 / GS-14 level) are the two people whose read of you matters most in your first year — the team chief signs off on your first work-role qualification, and the senior analyst decides which position you sit on which days. The SCIF reality the recruiter blurred over: you do not work in an open building. The SCIF is a hardened, ICD 705-accredited room with controlled physical access, no personal electronics beyond the entry container, no cameras, no recording devices, no smart watches, no fitness trackers, no anything with a microphone or a radio. The SSO inspects on this. The brigade S2 OIC reads the SSO's report. The Defense Counterintelligence and Security Agency (DCSA) reads the report two echelons later. Walking a cell phone through the door — even by accident — is a security incident, and the response is a documented out-brief from the SSO, often immediate access suspension while a TARP (Threat Awareness and Reporting Program, AR 381-12) review and a CI inquiry under AR 381-20 / DoD 5240.06 run. Live like the spaces matter; they do. The 35N work runs across the SIGINT disciplines you started learning at Goodfellow — COMINT (Communications Intelligence — the voice / text / chat / messaging traffic), ELINT (Electronic Intelligence — radar and other non-communications emitters), FISINT (Foreign Instrumentation Signals Intelligence — telemetry, beacon, and related), with cross-discipline integration alongside IMINT (the 35G GEOINT analyst on the next floor), HUMINT (35M HUMINT collector products), and OSINT. The product traffic moves on JWICS (the IC TS/SCI network), SIPR (Secret), and NSANet (the NSA enterprise's classified network — the platform the cryptologic workforce lives on day to day). You will read traffic. You will plot pattern-of-life. You will write the one-paragraph BLUF a senior analyst can put in front of the watch chief without rewriting. You will follow the United States Signals Intelligence Directives (USSID-series) — the cryptologic enterprise rulebook governing what your team can collect, exploit, and disseminate; the directives are FOUO and the senior analyst will brief you on the specific volumes that apply to your work-role. Do not freelance on USSID-governed work; the cost of a USSID violation is a CI inquiry, not a counseling. You are joint workforce from day one. The Service Cryptologic Element (SCE) you sit on is Army-led when an Army NCO runs it, Navy-led when a Navy chief does, Air Force-led when an Air Force MSgt does, and joint-NCO-led when the joint construct prevails. Your Army chain (section sergeant, platoon sergeant, MI company 1SG, MI battalion CSM, MI brigade CSM, INSCOM CSM) runs the Army-internal piece — promotion math, NCOERs, school slots, family-readiness, retention. Your joint chain (senior analyst on the position, watch chief at NSA, team chief at the SCE, the GS-13/14 NSA civilian senior on your line) runs the operational piece — work-role assignment, JQR signoffs, mission tasking. Both chains matter; engage both. A note on pay and the IAT-II credential cycle. 35N soldiers do not receive special pay solely for the MOS itself; you are on the standard enlisted base pay table per BAH/BAS rates of the duty station. What does exist: Foreign Language Proficiency Bonus (FLPB) per DoDI 1340.27 if you carry a current Defense Language Proficiency Test (DLPT) score on a controlled language (most 35Ns do not, since 35P is the linguist MOS — but if you came in with heritage language, the FLPB conversation is real); Critical Skills Retention Bonus (CSRB) cycles for 35-series MOS — pull the current HRC MILPER before assuming any figure; Selective Reenlistment Bonus (SRB) at re-up windows per the current HRC SRB MILPER. The IAT-II credential cycle is on the clock from day one — DoDM 8140 (current edition; verify the version, the manual is the successor to the older 8570 framework and aligned to the NIST NICE workforce model) governs the cyber workforce credentialing the SCC seats sit inside. Most 35N positions require IAT-II baseline; CompTIA Security+ CE is the common funded entry credential through Army Credentialing Assistance via the GoArmyEd / ArmyIgnitED portal (verify the current portal name — the system has changed names over the years). Start studying early. The team does not pull you off the position because you missed the IAT-II deadline; the DoDM 8140 audit pulls you off, and the team is short an analyst for however long it takes you to test. The civilian transferability the recruiter sold is real for 35N — with caveats. The TS/SCI with the CI polygraph is the most marketable credential in the federal contracting market; cleared-contractor billets at Booz Allen Hamilton, Leidos, SAIC, CACI, ManTech, MITRE, Northrop Grumman, BAE, and the long tail of cleared cyber/SIGINT shops all hire from the SCC enlisted workforce on this exact profile. NSA civilian seats run a GS-9 to GS-13 entry-ladder for analysts crossing over with the JQR jacket and the IAT-III stack built. DoD / VA federal civilian roles in the intelligence community translate. But the credential and clearance are only as good as your record while you carry them — one Article 15, one DUI, one mishandled classified incident, one personal-conduct flag from CV, and the clearance is suspended, the SSO pulls your access that afternoon, the contractor offer waiting for you at ETS evaporates, and the NSA-civilian package is non-starter. Live like the clearance is the career — because at this rank, in this MOS, it is.
Career Arc
  • 01BCT (one of the Army's BCT installations).
  • 02AIT at Goodfellow AFB, TX — joint cryptologic schoolhouse, 17th Training Wing hosting, Army host battalion under the 312th Training Squadron's joint construct; ~25+ weeks depending on follow-on track.
  • 03TS/SCI with CI polygraph adjudicated through DoD CAF — the gate to every assignment in the MOS; FS poly for some compartments downstream.
  • 04First duty station: 706th MI Group at Fort Meade, 470th / 500th / 501st / 66th theater intel BDE, 780th MI BDE at Fort Eisenhower (formerly Fort Gordon — renamed 2023), CMF team detached to NSA-Hawaii / NSA-Texas / NSA-Colorado, or national-detail seat.
  • 05Month 0-6: in-process the team, SCI read-on through SSO, NSANet / JWICS / SIPR account activation, JQR / OJT signoff book started, IAT-II (Sec+ CE typical) credential in motion through Army Credentialing Assistance.
  • 06Month 6-12: shadowing certified analyst on assigned work-role, JQR half-complete, first polygraph re-scope if SEAD 3 / CV cycle drives one, NCS (National Cryptologic School at Fort Meade) entry-catalog seats consumed.
  • 07Month 12-18: unsupervised work-role qualification signed off, second position under JQR or in trainer, IFPC (Intelligence Fundamentals Professional Certification) attempt window opens.
  • 08Month 6 TIS: E-2 (automatic per AR 600-8-19); Month ~12 TIS: E-3 / PFC (4 mo TIG, waivable). E-4 board prep begins in second half of first contract; BLC packet conversation opens with section sergeant 12 months before SGT-window TIS/TIG hits.
Common Screwups
  • ×Bringing a personal electronic device into the SCIF — phone, smart watch, fitness tracker, wireless earbuds. Even once. SSO suspends access that afternoon; the security incident report runs months; DCSA reviews; the file sits on your security record forever and reads at every clearance reinvestigation. The seat sits empty for weeks or months while the inquiry runs.
  • ×Failing to self-report a foreign contact, foreign travel, marriage to a foreign national, or a financial event under AR 381-12 (TARP) and SEAD 3 inside the published windows. Continuous Vetting under SEAD 6 will surface it before you do, and the conversation moves from SSO administrative review to CI investigative under AR 381-20.
  • ×DUI / drug pop / off-post arrest with a TS/SCI + polygraph on the line. SEAD 4 Adjudicative Guidelines (G alcohol, H drug, E personal conduct, I criminal) apply immediately; clearance suspension is the default; AR 635-200 chapter 14 separation paperwork runs in parallel. You leave the SCIF the same afternoon and the access never comes back.
  • ×Talking shop off-post — to a girlfriend, a roommate, a bartender, the squad at the bar in Augusta or Laurel. Classified discussion outside the rated space is a security incident under AR 380-5 regardless of who was listening. The SSO writes the report; the senior NCO writes the counseling; the next CV review reads it.
  • ×Posting OPSEC-relevant content on social media — unit patch, building photos, 'first day at NSA' selfies, LinkedIn that names programs by code or target sets by label. Foreign collection against the SCC workforce is real; the brigade S2 OIC runs OPSEC reviews of cleared-workforce social media; the SGM hears your name on the non-compliance roll.
  • ×Letting the IAT-II credential (Security+ CE typical) lapse on the DoDM 8140 schedule. The audit pulls you off the position the day it expires; the team is short an analyst until you re-test; the senior NCO who backfills your seat reads the gap as a discipline failure.

A Day in the Life

  • 0500Wake. Coffee. Quick phone check — accountability OK, no soldier emergencies, no overnight team chat from the senior NCO. Phone goes back in the kitchen drawer because it is not going anywhere near the SCIF. PT uniform on, badge in pocket.
  • 0530PT formation at the company area or the team's designated PT pad. Cryptologic / MI companies often run PT on a slightly delayed schedule to align with the team's SCIF rhythm. Accountability to the section sergeant; the senior NCO reads the formation.
  • 0545-0700Unit PT — rotates through cardio days, strength days, recovery-mobility days. The cryptologic workforce has a PT reputation to fight; the cherry who shows up at the front of the run is the cherry the senior NCO notices.
  • 0700-0830Hygiene, breakfast at the DFAC or in the barracks if you are still in the BEQ, change into the uniform of the day. OCPs typically; some NSA-detail seats run a different uniform standard — the senior NCO walks you through it.
  • 0830In-process the SCIF. Badge swipe, SF 702 sign, lock all personal electronics in the entry container, walk to your position. The senior analyst on the floor reads the previous watch log and briefs the picture.
  • 0830-1130Shadow shift on the assigned work-role. The senior analyst drives the position; you sit next to him, you read the traffic alongside him, you walk through the tooling, you ask questions during the slow moments rather than during the active ones. You also work on your JQR signoff line items — each task you can demonstrate is a signoff to drive.
  • 1130-1300Chow. You eat with the team at the on-post DFAC or in the team space if your facility supports it. The senior NCO read of you forms around that table; the senior analyst may pull you aside for a five-minute mentor conversation about the morning's traffic.
  • 1300-1500Afternoon shadow shift continues. You may rotate to a second work-role for an hour to begin building the second JQR. The senior analyst redlines a BLUF you drafted in the morning; you take the redline as a teaching moment rather than as a personal hit.
  • 1500-1600Compliance and admin block. IAT-II credential study if your test date is approaching; annual SAEDA / TARP / cyber-awareness / OPSEC / insider-threat training if a module is due; classified destruction log entries if your section is on rotation; SF 701 end-of-day SCIF checklist support if your section closes the spaces.
  • 1600-1630Section huddle with the senior NCO. The senior NCO walks the team's rollup for the day, names tomorrow's priorities, confirms watch coverage, and reads anyone who is on a deadline (BLC packet, IAT-II test date, polygraph re-scope, JQR milestone, NCS slot).
  • 1630Out-process the SCIF. Lock workstations, sign SF 702, secure containers, walk out. Released. Some days the watch cycle keeps the section in longer; the team chief will tell you when that day comes.
  • 1700-2000Personal time. If studying for IAT-II, this is the block. If chasing an ACFT score the senior NCO will respect, this is the gym block. Married soldiers get family time; single soldiers in the BEQ rotate between the gym, the books, and the chow hall. Smart cherries study on their own time; average ones do not.
  • 2000-2200Wind-down. The cherry 35N schedule is not as compressed as a line-MOS schedule at this rank — the watch rhythm and the SCIF day are bounded. The cherry who uses the evening to study and to PT is the cherry the senior NCO reads as serious about the career.
  • 2200Lights out. Tomorrow starts at 0500.
  • Watch / shift rotationSome teams run 24-hour watches during exercises or real-world contingencies. As a shadow you sit on the watch shift the senior analyst sits — the night shift is your shift if he is the night-shift senior. The clock breaks; you sleep when the watch hands off; the morning brief is briefed by whoever has the picture at the agreed time.

Weekly Cadence

The Mon-Fri rhythm in your first 12 months as a 35N is dominated by the JQR / OJT signoff book, the IAT-II credential study, and the team's compliance calendar. Monday is the heaviest day — the senior NCO publishes the week's watch coverage, the senior analyst names the work-role focus areas, the team chief reads any compliance items on the schedule (annual training suspenses, polygraph re-scope appointments, clearance reinvestigation interviews, brigade S2 visits, NCS slot windows). You spend Monday morning re-reading the previous Friday's senior-analyst redlines on your shadow products and walking through the watch log for any items the previous week did not close. Tuesday through Thursday is the rhythm of position-shadowing and JQR drive. The senior analyst is at the position; you are next to him; the JQR book is open and you are running through the line items you can demonstrate that week. Sergeant's Time Training equivalent in the cryptologic MOS often happens as senior-analyst-led skill blocks — tool refreshers on the team's stack, ICD 203 / 206 writing drills, RFI-handling rehearsals, structured analytic technique drills against ATP 2-22.6, USSID-compliance reviews where applicable. The cherry who shows up to those blocks with the printed standards and the redlined examples from the previous week is the cherry the senior analyst reads as serious. Friday is the compliance and admin day in most teams. SF 702 walk-arounds, classified destruction log review, JQR signoff session with the senior analyst, IAT-II credential progress check, compliance-training closeout. The senior analyst inspects the JQR book on Friday in most teams — show up with the items you completed that week, ready for signoff, and the senior analyst will sign through. Show up with an empty week and the senior analyst reads the signal. The week's other rhythm is administrative — Army-internal paperwork (DA 4187 for BLC slot, DA 3355 for promotion points, leave requests, family-care plans for soldiers with dependents), joint-workforce paperwork (NSA badge maintenance, parking pass renewal, team-specific badging), and the personal-conduct calendar (polygraph re-scope appointments, CV self-reporting under SEAD 3, foreign travel pre-clearance, AR 381-12 indicators). Real-world contingencies and exercise cycles compress this rhythm; when the team is in a sustained operational tempo, garrison-time is for sleep, watch coverage, and the documentation you owe before the next cycle starts.

Key Skills — How to Drill Each

  1. 01
    Operate inside an NSA-tasked SCIF to AR 380-5, AR 380-67, DoDM 5105.21, and ICD 705 standards — badge discipline, two-person integrity, classified discussion only inside spaces rated for it.
    The SCIF is not a metaphor; it is a physical space accredited by the cognizant security authority under ICD 705 with a specific authorized-use envelope and a Special Security Officer (SSO) who inspects against the accreditation. Badge worn inside, badge in the pocket outside the spaces, badge never on a guard-gate photo on Instagram. Two-person integrity means two people with their own credentials, their own awareness of what is happening — not 'my buddy is in the building somewhere.' Classified discussion stays inside the rated space; the hallway, the smoke pit, the gym, the carpool, and the chow hall all count as outside, even if every person present is cleared. The SF 700 (container info), SF 701 (end-of-day SCIF walk), SF 702 (container open/close log), and SF 153 (classified destruction / transfer) trail you sign tells the truth about whether the spaces were closed correctly. The senior analyst tells you within the first month who the SSO is, which space is rated to which level, and which doors you do not push without permission.
  2. 02
    Read SIGINT product traffic on JWICS, SIPR, and NSANet — COMINT, ELINT, FISINT — and write a one-paragraph BLUF a senior analyst can put in front of the watch chief without rewriting.
    The BLUF (Bottom Line Up Front) is the discipline of leading with the answer, then the confidence, then the sourcing. Three sentences max for a shadow product at your level: what does the traffic say, how confident are you, where is the citation. Apply ICD 203 (Analytic Standards) and ICD 206 (Sourcing) from day one — even at the trainee level. The senior analyst on the position redlines your first ten BLUFs hard; by the fourth or fifth he is signing them through with minor edits; by the tenth he is asking you to draft the BLUF on his product because your habits are cleaner than his. The cherry-analyst mistake is over-writing — five sentences when three would do, qualifiers stacked because you do not yet trust your own confidence call. Read for two hours, write for fifteen minutes. The senior NCO and the team chief notice the cherry whose first ten BLUFs were redlined hard and whose next ten were clean.
  3. 03
    Drive the basic analyst tooling on the cryptologic enterprise — query, pivot, plot, log every action, never run on someone else's credentials.
    The work-role-specific tooling is taught at Goodfellow and re-taught at the team because every team's stack is slightly different. The discipline that does not change: every query, every pivot, every action is logged under your credentials and is auditable. The audit log finds account-sharing; the audit log finds credential reuse; the audit log finds the 'I was just helping' moment when a senior analyst stepped away from his workstation and you pressed the key under his login. Two-person integrity in tooling means each person logs in as themselves. The senior analyst who lets you 'just finish this query' under his credentials is teaching you the wrong lesson — politely log out and log back in under your own. The CCRI (Command Cyber Readiness Inspection) and the quarterly cyber audit close accounts found sharing credentials.
  4. 04
    Apply the analytic standards from ICD 203 (sourcing, confidence, alternative analysis) and ICD 206 (sourcing requirements) to anything you produce, even at the trainee level.
    ICD 203 is the IC-wide analytic tradecraft standard — the five elements grade objectivity, independence of political consideration, timeliness, all-sourcing, and the tradecraft tells (source description, expression and explanation of uncertainty, distinguishing assessment from underlying information, alternative analysis where warranted, customer relevance). ICD 206 governs how you cite the sources behind the assessment. At the trainee level three things matter: cite your sources by enclave and date, name your confidence honestly (low / moderate / high with the analytic basis), mention alternative explanations when the data could support more than one read. The senior analyst and the team chief grade on these before they grade on technical content. Print the five ICD 203 standards; keep them at the position; the cherry whose BLUFs read like ICD standards from day one is the cherry whose products move forward without rewriting.
  5. 05
    Sit a position under qualification — shadow the certified analyst, run the JQR / OJT signoff book, ask the question before you press the key, not after.
    Position qualification is the formal process by which you move from shadow to unsupervised operator. The JQR (Job Qualification Record) book and the OJT (On-the-Job Training) signoff book are the formal record. Each line item is a specific task the certified analyst has watched you do, signed off on, and dated. The book is inspected by the team chief monthly and by the brigade or supported command quality officer periodically. The discipline: do not sign for what you have not done, do not let the senior analyst sign for what he has not watched, treat each signoff as a contract. The audit catches falsified JQR entries faster than most cherries expect, and the team's training authority gets pulled when it is found. Build the habit of asking for signoffs after specific tasks you have demonstrated, not in bulk at the end of a quarter — and keep your own copy of the JQR tracker so you know which line items remain.
  6. 06
    Pass the IAT-II prerequisites — DoDM 8140 (Cyberspace Workforce Qualification) gates every position you are trying to qualify on.
    DoDM 8140 (current edition — verify; the manual succeeded the older 8570 framework and aligned to the NIST NICE workforce model) governs cyberspace workforce qualification. Most 35N positions inside the cryptologic enterprise require IAT-II baseline; CompTIA Security+ CE is the most common funded entry credential. Army Credentialing Assistance via the GoArmyEd / ArmyIgnitED portal (verify the current portal name) funds the voucher and prep materials. Study the official CompTIA exam objectives, work through a prep guide, take practice tests. Plan to test within the first 6 months at your team. The team's IAT compliance officer or the SSO walks you through the credential reporting once you pass. The day the IAT-II deadline passes without you certified, the DoDM 8140 audit pulls you off the position until you re-test — and the senior NCO read of you tracks who needs reminding and who self-drives.

Manuals & References — What Chapters Matter

  • ATP 2-22.6 — Signals Intelligence Techniques
    The Army's keystone doctrine for the SIGINT discipline. Read it cover-to-cover your first quarter — the SIGINT framework, COMINT / ELINT / FISINT breakdown, the cryptologic enterprise architecture, tactical SIGINT and theater SIGINT, the relationship between the Army SIGINT workforce and the NSA / CSS enterprise. The senior analyst on the position quotes from ATP 2-22.6 when explaining the discipline; the team chief expects you to know the chapter and section he is referencing.
  • FM 2-0 — Intelligence; ADP 2-0 — Intelligence
    The Army's doctrine spine for the intelligence warfighting function. Read FM 2-0 chapters 1-3 your first month — the intelligence warfighting function, the operations process and intelligence integration, the intelligence disciplines. ADP 2-0 is the principles-level companion. The senior rater quotes from these in NCOER block-reads; the BCT or theater intel brigade S2 OIC references them when describing how SIGINT fits inside the broader intelligence enterprise.
  • EO 12333 — US Intelligence Activities; DoDD 5240.01 — DoD Intelligence Activities
    EO 12333 is the executive-order architecture framing every collection authority and oversight requirement you operate under. DoDD 5240.01 is the DoD implementation. AR 381-10 (US Army Intelligence Activities) is the Army implementation with the Procedures 1-15 oversight rules. Read them once at trainee level. The senior analyst, the warrant officer, and the team chief will reference them when explaining why a specific collection or report falls inside or outside the authority envelope. The cherry analyst who freelances outside the envelope is the cherry analyst the CI office sees.
  • USSID-series — United States Signals Intelligence Directives
    The cryptologic enterprise rulebook — the directives governing what your team can collect, exploit, and disseminate. Volumes are FOUO; the senior analyst briefs you on the specific volumes that apply to your work-role. Do not freelance on USSID-governed work; the cost of a USSID violation is a CI inquiry, not a counseling. The discipline at trainee level is to ask 'what USSID covers this' before pressing the key on a borderline action.
  • AR 380-5 — Information Security Program; AR 381-10 — US Army Intelligence Activities; AR 381-12 — TARP; AR 380-67 — Personnel Security
    AR 380-5 governs day-to-day classified handling — material classification, marking, handling, storage, transmission, destruction (SF 700 / 701 / 702 / 153). The SSO inspects against AR 380-5. AR 381-10 is the governing reg for Army intelligence activities including Procedures 1-15 (collection on US persons). AR 381-12 is your TARP self-reporting obligation — foreign contacts, foreign travel, suspicious behavior, attempted elicitation, insider-threat indicators inside the published 24-hour / 72-hour windows. AR 380-67 governs personnel security including the SSBI / TS/SCI continuous-evaluation framework.
  • ICD 203 — Analytic Standards; ICD 206 — Sourcing Requirements; ICD 705 — SCIF Standards; DoDM 5105.21 — SCI Administrative Security Manual
    ICD 203 governs analytic tradecraft (your BLUFs and products are graded against it). ICD 206 governs sourcing on disseminated products. ICD 705 governs SCIF accreditation — the standard the rooms you work in are built to. DoDM 5105.21 is the SCI Administrative Security Manual — the practical playbook the SSO works from for read-on, read-off, visit certs, and the operational discipline of running an SCI program. Print the ICD 203 standards; keep them at the position.

Standards — How to Hit Each

  • STP 34-35N task signoffs and JQR / OJT first-position qualification inside the published timeline — most teams expect first position qualification inside 12-18 months.
    STP 34-35N (Soldier Training Publication for MOS 35N) is the Army's task-level standard publication for your MOS. The JQR / OJT book is the team's local position-qualification record built on top. Each STP task and each JQR line item is signed by the certified analyst, dated, and inspected by the team chief monthly. Build the habit of asking for signoffs after specific tasks you have demonstrated, not bulk at quarter's end. Keep your own copy of the tracker. The senior analyst who watches you sit a position for a year without driving the signoff book is not the person you blame — that is the cherry's signoff to drive.
  • IAT-II baseline credential on the DoDM 8140 list (Security+ CE typical, funded by Army Credentialing Assistance) inside the published window. NCS (National Cryptologic School at Fort Meade) entry-catalog seats consumed as the team slots them.
    Most teams give cherries 6-12 months from arrival to test for IAT-II. Army Credentialing Assistance through the current portal funds the voucher and prep materials. Study early; test once ready; do not let the deadline slide because the senior NCO did not personally remind you. The NCS at Fort Meade is the IC's training center for cryptologic skills — entry-catalog seats fill from the soldier who asks first. Ask the section sergeant about NCS catalog availability at month six; the cherry who asks is the cherry who fills slots.
  • TS/SCI with appropriate polygraph (CI minimum; FS for some compartments) maintained without a derogatory flag — one mishandling incident or one personal-conduct flag and the SSO pulls access that afternoon.
    Clearance maintenance runs through Continuous Vetting (SEAD 6) and periodic polygraph re-scope cycles. Self-report under AR 381-12 (TARP) and SEAD 3 inside the published windows — foreign contact, foreign travel, name changes, marriage to a foreign national, unexplained affluence, attempted elicitation, suspicious cyber activity, drug or alcohol incidents. The polygraph re-scope cycle is published by your unit's polygraph branch. Live like the clearance matters — because at this rank, in this MOS, it is the credential that carries forward into the rest of the career.
  • ACFT 500+ floor — NSA-detail work is sedentary by design; the Army standard does not move.
    500 is the bare minimum to be left alone; 540+ is where senior NCOs stop reading you as a PT problem. Lift heavy three days a week, run intervals two days a week, focus on grip and core. The 2-mile run is the score-killer in a sedentary MOS — pull your time below 16:30 and you can afford to score moderately on the lifts. The senior NCO and the team chief read the ACFT score as the discipline metric for the rest of the seat. The cryptologic community has worked hard to shed the 'soft' stereotype; do not put it back on the section.
  • Annual SAEDA / TARP / cyber awareness / OPSEC / insider-threat / USSID-compliance training complete before suspense — your name on the brigade non-compliance roll is the wrong way to be noticed.
    The training cycle is published by the brigade S2 / SSO / cyber-awareness shop through JKO / ALMS / unit-specific compliance trackers — verify which one your team uses. Complete each module before the suspense; print or screenshot certificates; send to the training NCO if the team requires manual confirmation. Set calendar reminders 30 days out. Do the trainings on a Wednesday afternoon when the section is quiet, not the Friday before suspense. The cherry analyst whose name lands on the non-compliance roll is the cherry whose next NCS / Foundry seat is the next one revoked.

Technical Mistakes — Concrete Consequences

  • Taking a personal electronic device — phone, smart watch, fitness tracker, wireless earbuds — into the SCIF.
    SSO pulls access that afternoon; CI inquiry under AR 381-20 / DoD 5240.06 runs; AR 380-5 incident report runs months. The file lives on your security record forever and reads at every clearance reinvestigation. The team chief explains the gap to the brigade S2 OIC or the supported command; your seat sits empty for weeks or months. The 30 seconds it takes to lock the device in the entry container is the 30 seconds that protects the rest of the career.
  • Logging into a JWICS, SIPR, or NSANet terminal under another analyst's credentials because 'they were right here.'
    Account sharing is auditable. The audit closes your access permanently and the senior analyst's access for as long as the inquiry runs. The team chief writes a counseling statement; the SSO writes an incident report; the cyber-incident reporting chain under AR 25-2 puts the event on the brigade S6 / S2 incident dashboard. The senior analyst who let you log in under his credentials is in the counseling chain too — and the team's training authority pays through the inquiry window.
  • Talking shop in the hallway, the smoke pit, the gym, the carpool, the chow hall, or the BEQ — even shorthand, even to another cleared soldier.
    Classified discussion outside the rated space is a security incident under AR 380-5 regardless of whether anyone outside the cleared workforce was present. The SSO writes the incident report; the senior NCO writes the counseling statement; the clearance review reads the incident in the next CV cycle. Foreign collection against the cryptologic workforce is real — open-source overhearing happens, and the senior NCOs have stories. The discipline: where you work, what you target, who you support do not leave the SCIF.
  • Posting OPSEC-relevant content on social media — unit patch, 'first day at Fort Meade' photo, LinkedIn bullets that name programs by code or target sets.
    The brigade S2 OIC runs OPSEC reviews of cleared-workforce social media periodically. Your name surfaces on the non-compliance review; the senior NCO and the SSO have a conversation you do not want; the post comes down; and the incident lives in the security file. Foreign collection scrapes LinkedIn and social media for cleared-workforce names — the discipline is operational reality, not paranoia. Set LinkedIn to private, scrub the BCT-graduation Instagram, and do not let the next post happen.
  • Pressing a key on a position you are not signed-off on because 'the senior analyst stepped out.'
    Unsupervised operator action without qualification gets the team's authority pulled and your career ends before E-4. The audit log catches it; the senior analyst is in the counseling chain; the team chief explains the gap to the brigade and supported command. The discipline: if the senior analyst stepped out and the position needs action, call the next certified analyst on the watch bill or tell the senior analyst the team needs to backfill the position. You do not press the key.

Career Decisions at This Rank

  • BLC packet timing and slot pursuit.
    BLC (Basic Leader Course) is the prerequisite to pin SGT and the first NCO Academy gate under STEP per AR 600-8-19. For 35N soldiers the BLC slot is harder to get than line-MOS peers expect because the senior NCOs at your team are reluctant to release you for 22 days when you are sitting an unsupervised position the team spent 18 months qualifying you on. Open the packet conversation with your section sergeant 12 months before you need the slot. The trade-off is real: you lose three weeks of position time and the team backfills the seat; the team chief reads whether the packet was driven by you or chased by the senior NCO. Do not skip BLC because the timing is hard — the SGT board moves regardless of your readiness, and the soldier without BLC at cutoff is the soldier who sits in zone.
  • IAT-II credential study and timing — Security+ CE typically.
    The IAT-II baseline credential is the DoDM 8140 gate to most 35N positions. Most teams give cherries 6-12 months to test. Army Credentialing Assistance funds the voucher and prep materials. Study early — the cherry who treats the credential as a Year One priority is the cherry whose JQR pipeline does not stall when the audit window approaches. Once Sec+ CE is on the wall, the next conversation is the IAT-III credential (CASP+, CISSP-Associate, or platform-specific equivalents on the DoDM 8140 list); for most cherries that conversation is at E-4 or E-5, but the soldier who tests early earns currency with the team and the senior NCO. The trap: failing the test and not retesting promptly. The team chief and senior NCO read the gap; do not let one failure become a six-month delay.
  • First re-enlistment window — SRB, CSRB, follow-on assignment, ETS, or Active to Reserve.
    The first re-enlistment window typically opens 12-18 months before your first contract ends. The Selective Reenlistment Bonus (SRB) per the current HRC SRB MILPER and the Critical Skills Retention Bonus (CSRB) for specific cryptologic / SIGINT skill identifiers vary by MOS, re-up zone, shortage indicator, and follow-on assignment. Pull both current MILPERs before signing. 35N soldiers are often on the CSRB schedule because the MOS is a Critical Skill and experienced-analyst inventory is tighter than cherry-analyst inventory. The trap: signing a 6-year contract to maximize the bonus, then deciding 18 months later you want out. Run the math twice. Talk to your spouse if you have one. Talk to a senior NCO who has been through the re-enlistment cycle. If the re-up math does not work without the bonus, the re-up does not work.
  • JQR pace — push for first qualification fast or build depth slowly.
    Some cherries push hard to clear first work-role qualification inside 9-12 months; some take 15-18 months and build broader technical depth in the shadow phase. The senior NCO and team chief will tell you which pace fits the team. Pushing fast earns currency and gets you to unsupervised position sooner; building slowly earns broader technical credibility but risks the team chief reading you as not driving. There is no universal right answer — it is team-dependent. Ask the senior analyst on your work-role directly: "What pace do you want me at, and how do I know when I am ready to drive an unsupervised position." Then match the pace.
  • Marriage / BAH / housing / family-care planning during the first enlistment.
    Getting married as a junior 35N changes BAH status (barracks-rate to with-dependents) and introduces family-care-plan paperwork, EFMP enrollment if applicable, spouse employment, child care, and the complications of a clearance reinvestigation that now reads marriage status. Marriage to a foreign national is a separate, more involved conversation that requires AR 381-12 and SEAD 3 self-reporting and additional CI / SSO coordination — the foreign-influence Adjudicative Guideline A under SEAD 4 applies. The financial math is real (BAH bump, dependent allocations); the logistical math is also real (family-care plan, Tricare, on-post or off-post housing, spouse employment in a high-clearance community at Meade or Eisenhower). Talk to S1 and ACS in the first week of any major family change. If you are getting married for the BAH bump alone, you and your spouse will be in legal aid within two years. If you are getting married because the relationship is real, the Army's family infrastructure makes it workable.

How the Seat Varies by Unit Type

  • 706th MI Group (Fort Meade) — Army element co-located with NSA-Washington
    The 706th MI Group is the Army element at NSA / CSS Washington at Fort Meade — the largest Army cryptologic concentration outside Fort Eisenhower. As a cherry 35N at the 706th, you sit on an NSA-tasked analytic line alongside Navy CTRs, Air Force 1Ns, Marines, NSA civilians, and contractors. The technical work is SIGINT-deep; the joint workforce density is the highest in the MOS; the senior NCO and warrant bench is deep. The cost: Fort Meade BAH is high, the cost of living in the DMV is high, and the commute inside the NSA campus is real.
  • INSCOM theater intelligence brigade — 470th (JBSA-Fort Sam Houston), 500th (Schofield Barracks), 501st (Korea), 66th (Wiesbaden Germany)
    Theater intel brigades are operational-strategic seats supporting CCMD J2s — 470th supports SOUTHCOM / CENTCOM-adjacent SIGINT problems, 500th supports INDOPACOM, 501st supports the Korea theater, 66th supports EUCOM. The shop is bigger than a BCT MICO, the products travel further (CCMD J2 audience, IC-wide dissemination), and the analytic standards are applied at the source-level standard the IC publishes. The 207th MI BDE (Africa) is the AFRICOM-aligned counterpart. Cherry seats at theater intel brigades typically come with specific work-role assignment matching brigade need.
  • 780th MI Brigade (Fort Eisenhower) — Army cyber brigade, cyber-SIGINT fusion floor
    The 780th is the Army's cyber brigade at Fort Eisenhower (renamed from Fort Gordon in 2023). The 781st MI Battalion (Vanguard) and 782nd MI Battalion (Cerberus) sit under the 780th. The brigade runs Army-side Cyber Mission Force teams alongside USCYBERCOM and the joint cyber enterprise. The cyber-SIGINT fusion line is where 35N analytic work integrates with 35Q and 17C operations work. The OPTEMPO is high; the senior NCO and warrant bench (350F, 353-series, 170A) is deep. Fort Eisenhower also hosts ARCYBER and the Cyber Center of Excellence.
  • Cyber Mission Force team detached to NSA-Hawaii (Kunia) / NSA-Texas (San Antonio) / NSA-Colorado (Aurora)
    CMF teams are joint formations detached to NSA Cryptologic Centers at named locations. The Army NCO chain runs through the parent brigade (often the 706th or 780th); the daily operational chain runs through the team chief at the NSA-co-located site. The work is mission-set-specific to the team and the supported COCOM. Hawaii is paradise with brutal cost of living; Texas is San Antonio with the BAMC / Fort Sam Houston military density; Colorado is altitude and proximity to USNORTHCOM. The cherry experience is more compartmented than at a brigade.
  • National detail — NSA enterprise team alongside civilian analysts
    A small number of cherry 35Ns land on national detail seats — embedded on an NSA enterprise team with civilian analysts (GS-12 / 13 / 14) and contractors. The technical work is IC-wide; the team may have one or two Army uniformed soldiers and a much larger civilian bench. The cherry experience is unusual — you are the junior member of an analytic line grading itself against ICD 203 every day, and the senior civilian analyst is your senior analyst in practice. The Army NCO chain feels distant; the team chief at NSA is your daily reality. Most cherries on national detail go through a training-and-mentorship cycle before sitting unsupervised positions.

What Good Looks Like at This Rank

The good cherry 35N is the PFC the senior analyst brings to the morning brief because the BLUF on his shadow product was right, the citations were clean to ICD 206, the confidence call was honestly named per ICD 203, and the alternative-analysis line was on the front of the deck. He showed up to Goodfellow with the academic discipline to grind a 25+ week pipeline, he walked off the bus at Fort Meade or Fort Eisenhower or NSA-Hawaii with the JQR book in his pocket and the Security+ prep study guide already half-read, and he treated the first six months as the apprenticeship the senior NCOs say it is rather than the holding pattern the cherry brain wants it to be. By month nine the JQR book is half done; by month twelve the IAT-II credential is on the wall; by month eighteen he is sitting an unsupervised position and the watch chief mentions him by name at the Service Cryptologic Element shift turnover. He is not the loudest soldier in the SCIF. He does not argue with the senior analyst in front of the team. He runs the unglamorous work — the classified destruction log, the SF 702 walk-around, the two-person integrity walks, the annual compliance training — without being chased, and when the senior NCO checks behind him the work is done correctly. He asks the question before he presses the key, not after, and the senior analyst learns within the first quarter that the cherry will not improvise. The warrant on the team (a 350F All-Source Intelligence Technician or a 353-series SIGINT Analysis Technician) starts asking him what he is reading on his own time — and the cherry has an answer, because he is reading the ATP 2-22.6 chapters the senior analyst mentioned at the last shift turnover and the ICD 203 standards printed at the position. By the first re-enlistment window he carries an IAT-II credential current, a clean JQR book, an unsupervised work-role qualification signed off, IFPC on the calendar, an NCS entry-catalog seat consumed, an ACFT he can defend to the senior NCO on a ruck, and the BLC packet conversation already opened with the section sergeant. The senior NCO read of him at the E-4 board cycle is set in this 18-24 month window. The foundation he laid as a cherry is the resume the brigade S2 SGM and the team chief will read at his first promotion gate. He has not done anything heroic; he has done the boring thing exactly the same way every day, and the senior workforce notices.

Preview — The Next Rank

E-4 SPC / CPL is the next gate, and it is structurally tighter than the E-3 promotion gate. AR 600-8-19 governs: 24 months TIS / 6 months TIG (waivable), DA 3355 promotion-points worksheet, BLC complete or slotted, command recommendation, cutoff score above the MOS-specific monthly line per the HRC MILPER. For 35N specifically, the BLC slot is the long pole — the team is reluctant to release you for 22 days, the regional NCO Academy schedule is competitive, and the senior NCO read of you weighs heavily on which soldier gets the next available slot. Plan the packet 12 months out. The job content at E-4 is the qualified analyst — you sit unsupervised positions, you drive the team's work-role outputs, you handle the RFI cycle with the supported tactical or theater customer, and you are the bench when the senior analyst is on leave or at a school. You are the workhorse on the position. You also become the Army-side mentor for the next cherry who walks off the bus from Goodfellow — the JQR book you are now closing, you help the next PFC start. The differentiator at E-4: a second work-role under qualification, the IAT-III credential conversation (CASP+, CISSP-Associate, or platform-specific equivalents), the IFPC certification on the wall, an NCS course in the folder, and the BLC graduate status that opens the SGT board conversation. The other change at E-4: you start carrying real Army-internal load alongside the joint-workforce position. NCOER input cycles begin (you write input on yourself for your rater); DA 4187 paperwork for school slots and re-assignments is now your responsibility; the next re-enlistment math arrives; the cross-MOS conversations (35F / 35G / 35P / 35Q / 35S / 17C / 350F / 353-series) become more concrete; the senior NCO and team chief read of you starts forming the slate names that determine your E-5 board competitiveness. The cherry phase is over by E-4; the SGT-bench phase begins. The Specialists who built clean JQR books, clean compliance records, clean ACFT scores, and clean re-enlistment math at this rank are the Specialists who pin SGT on the next cycle the points clear.
FAQ

35N E1-E3 — Frequently Asked Questions

Q01What does a E1-E3 35N (Signals Intelligence Analyst) actually do?
You came out of AIT at Goodfellow AFB, Texas — the joint cryptologic schoolhouse the Army, Air Force, Navy, and Marines share, with the 312th Training Squadron hosting and Army cadre teaching the 35N pipeline.
Q02What's the most important thing to know as a E1-E3 35N?
Your TS/SCI with the CI polygraph is the most valuable thing in your wall locker, and it is on probation every day for the next twenty years.
Q03What does a typical day look like for a E1-E3 35N?
Time-blocked day at the E1-E3 35N rank tier: 0500 Wake. Coffee. Quick phone check — accountability OK, no soldier emergencies, no overnight team chat from the senior NCO. Phone goes back in the kitchen drawer because it is not going anywhere near the SCIF. PT uniform on, badge in pocket, 0530 PT formation at the company area or the team's designated PT pad. Cryptologic / MI companies often run PT on a slightly delayed schedule to align with the team's SCIF rhythm. Accountability to the section sergeant; the senior NCO reads the formation, 0545-0700 Unit PT — rotates through cardio days,…
Q04What mistakes get E1-E3 35N soldiers fired or relieved?
Bringing a personal electronic device into the SCIF — phone, smart watch, fitness tracker, wireless earbuds. Even once. SSO suspends access that afternoon; the security incident report runs months; DCSA reviews; the file sits on your security record forever and reads at every clearance reinvestigation. The seat sits empty for weeks or months while the inquiry runs; Failing to self-report a foreign contact, foreign travel, marriage to a foreign national,…
Q05What career decisions matter most at the E1-E3 35N rank tier?
BLC packet timing and slot pursuit — BLC (Basic Leader Course) is the prerequisite to pin SGT and the first NCO Academy gate under STEP per AR 600-8-19. For 35N soldiers the BLC slot is harder to get than line-MOS peers expect because the senior NCOs at your team are reluctant to release you for 22 days when you are sitting an unsupervised position the team spent 18 months qualifying you on. Open the packet conversation with your section sergeant 12 months before you need the slot. The trade-off is real: you lose three weeks of position time and the team backfills the seat;…
Q06What's next after E1-E3 for a 35N (Signals Intelligence Analyst) in the Army?
E-4 SPC / CPL is the next gate, and it is structurally tighter than the E-3 promotion gate.
Q07What manuals and regulations does a E1-E3 35N need to know cold?
ATP 2-22.6 — Signals Intelligence (the Army doctrine for the discipline; read it cover-to-cover your first quarter).; FM 2-0 — Intelligence; ADP 2-0 — Intelligence (the doctrine spine).; EO 12333 — US Intelligence Activities (the executive-order frame for everything you touch); DoDD 5240.01 — DoD Intelligence Activities.

This playbook has no tips yet. Be the first to share what you know.

Published by the Honest MOS Editorial DeskVerified against DoD/.gov sourcesUpdated May 2026Editorial standards