Signals Intelligence Analyst
E-4 (Specialist/Corporal) · Army
Specialist is the rank where the team stops grading you on whether you can read traffic and starts grading you on whether you can drive an unsupervised position on an NSA-tasked analytic line for a full shift without the senior analyst over your shoulder. The TS/SCI with the CI poly is still the load-bearing credential; SEAD 3 / SEAD 6 / DoDM 5200.02 / Continuous Vetting do not sleep at SPC, and the second clearance reinvestigation cycle is now visible on the horizon. Two non-negotiables before pinning E-5: clean clearance maintenance through the polygraph re-scope and any SEAD 3 self-reporting that lands, and the first unsupervised work-role qualification closed plus the second one driving. BLC packet conversation opens 12 months out from the SGT-window TIS / TIG hit. The cherry phase is over — the bench-phase begins.
- 01E-4 SPC pin-on (automatic per AR 600-8-19 at 24 mo TIS / 6 mo TIG, waiver-eligible; CPL by lateral if the chain puts you in an analyst-team-lead billet before BLC).
- 02First 90 days as a qualified analyst — driving the home work-role unsupervised, scanning open RFIs, running the watch log discipline, mentoring the next cherry off the bus from Goodfellow.
- 03Compartment access broadens — additional read-on briefings with the SSO under DoDM 5105.21 and ICD 705 as the senior analyst and SSO match access to analytic responsibility; FS polygraph re-scope cycle if a compartment requires it.
- 04Second work-role under JQR / OJT — typically opens 6-12 months into unsupervised first-position; the differentiator at the SGT board and the senior NCO read of board competitiveness.
- 05IFPC (Intelligence Fundamentals Professional Certification) attempted and ideally passed; NCS (National Cryptologic School at Fort Meade) entry-and-mid-catalog seats consumed as the team slots them.
- 06IAT-III credential in motion or in hand — CISSP / CISSP-Associate, CASP+, CCNP-Security, or GIAC certifications depending on work-role and team funding posture.
- 07Possible 60-90 day NSA / CSS enterprise-team rotation — embedded alongside civilian GS-12 / GS-13 / GS-14 analysts on an IC-wide problem set.
- 08BLC packet built 12 months out from the SGT-window TIS / TIG hit; BLC graduate before the board — STEP gate under AR 600-8-19, no waivers.
- 09First re-enlistment window: SRB / CSRB conversation per current HRC MILPER; follow-on assignment decision; ETS with clearance, or Active to Reserve, or Active continuation.
- 10Promotion to E-5 SGT: 36 mo TIS / 8 mo TIG (waivable), DA 3355, BLC complete, cutoff above MOS-specific line per HRC MILPER, chain release, senior NCO recommendation block defensible.
- ×Coasting at the qualified-analyst seat for 18 months instead of pushing toward the second work-role. The SGT board reads single-qualification Specialists against multi-qualification peers; the senior NCO read of the slate names tracks the same metric. Coasting at SPC is the cleanest way to sit in zone at the SGT board.
- ×Treating BLC as optional or delaying the packet because 'the team needs me at the position.' BLC is the STEP gate — no BLC, no SGT pin, no exceptions under AR 600-8-19. The team will backfill the seat; the chain will not waive the gate. Get the slot 12 months out.
- ×DUI / Article 15 / off-post arrest with a TS/SCI + CI poly on the line. SEAD 4 Adjudicative Guidelines apply immediately — Guideline G (alcohol), Guideline H (drugs), Guideline E (personal conduct), Guideline I (criminal conduct). Clearance suspension is the default; the SSO pulls access; the team chief writes the counseling that ends the trajectory toward SGT in this MOS.
- ×Failure to self-report under AR 381-12 (TARP) and SEAD 3 inside the published windows — foreign contact, foreign travel, marriage to a foreign national, financial event, suspicious cyber activity, attempted elicitation, behavioral change. Continuous Vetting under SEAD 6 will surface the indicator before you do, and the conversation moves from SSO administrative to CI investigative under AR 381-20.
- ×Letting an IAT-II or IAT-III credential lapse on the DoDM 8140 schedule. The audit pulls you off the position the day it expires; the team is short an analyst until you re-test; the senior NCO read of you is set by the gap.
- ×Cross-domain spillage — SCI material onto SIPR or NIPR, NSANet content onto JWICS without proper sanitization and tear-line. One spillage is a CI inquiry under AR 381-20 that lasts longer than your first enlistment; the SSO pulls access that afternoon; the brigade S2 OIC reads the report; the Defense Counterintelligence and Security Agency (DCSA) reads it two echelons later.
- ×Re-enlisting without reading the current HRC SRB / CSRB MILPER carefully. Wrong contract terms (rank, zone, MOS, follow-on assignment, language-pay reset if applicable, reclass option) lock you in for years. Career counselors fill slots; you live with the contract.
- ×Confusing the joint workforce chain (team chief, watch chief at NSA, NSA civilian senior) with your Army NCO chain (section sergeant, platoon sergeant, MI company 1SG, MI battalion / brigade CSM). The GS-13 civilian sitting next to you cannot write your NCOER and cannot drive your DA 4187 for BLC.
A Day in the Life
- 0500Wake. Coffee. Phone check — accountability OK, no overnight emergencies, no team-chat from the senior NCO that requires response. Phone goes back in the kitchen because it is not going near the SCIF. PT uniform on, badge in pocket.
- 0530PT formation at the MI company area or the team's designated PT pad. The cryptologic / MI companies run PT on a schedule aligned to the team's SCIF rhythm. Accountability to the section sergeant; the senior NCO reads the formation.
- 0545-0700Unit PT — cardio, strength, recovery-mobility rotation. The Specialist who shows up at the front of the run is the Specialist the senior NCO and the team chief read as serious about both sides of the seat. The cryptologic workforce has worked hard to shed the "soft" stereotype; do not put it back on the section.
- 0700-0830Hygiene, breakfast at the DFAC or off-post if married. Walk to the SCIF in OCPs (some NSA-detail seats run a different uniform standard — the senior NCO walks you through it).
- 0830In-process the SCIF. Badge swipe, SF 702 sign, lock all personal electronics in the entry container, walk to your position. The senior analyst from the previous watch briefs the picture or the watch log captures it.
- 0830-1130Unsupervised position on the home work-role. You drive the position from start of shift to handoff; you read the overnight traffic queue; you write the BLUFs that go forward in the watch log; you handle the RFI dialogue with the supported customer; you log every action under your credentials. The senior analyst may sit alongside you on a hard problem but you are driving.
- 1130-1300Chow. You eat with the team at the on-post DFAC or in the team space if your facility supports it. The senior NCO read of you forms around that table; the team chief may pull you aside for a five-minute mentor conversation about the morning's traffic, the IAT-III credential timeline, or the second-position JQR pace.
- 1300-1430Second work-role time. You sit alongside the certified analyst on the second position; you drive JQR signoff line items; you read the second position's traffic and tooling. The discipline at SPC: do not let the second-position qualification slide because the home position is busy.
- 1430-1600Position return for any RFI follow-up; team huddle if your shift includes one; cross-domain hygiene checks; sourcing-line cleanup on the morning's products before they go forward. The warrant officer (a 350F or 353-series technician) may pull you aside for an NCS catalog conversation or a technician-track candidacy discussion if you are in the candidacy window.
- 1600-1630SF 702 walk-around begins; classified destruction line if your section is on rotation; SF 701 end-of-day SCIF checklist support; sensitive items and terminals secured before lights down on the section.
- 1630Out-process the SCIF. Lock workstations, sign SF 702, secure containers, walk out. Released most garrison days. Watch cycles and contingencies change the hour.
- 1700-2000Personal time. IAT-III credential study if the test date is approaching. ACFT prep at the gym. BLC packet documentation work if the slot is in motion. IFPC prep if the certification is on the calendar. Married Specialists get family time; single Specialists in the BEQ rotate gym, books, chow hall. The Specialist who studies on his own time is the Specialist whose SGT board NCOER reads stronger.
- 2000-2200Wind-down. If a junior soldier (PFC, PV2) called you about a problem — financial, BLC packet, work-role question, polygraph re-scope concern, family-care plan question — you are on the phone or in his BEQ room. The qualified-analyst phase introduces real mentorship duty; the senior NCO read of you tracks how you handle the after-hours calls from the cherries you came up alongside.
- 2200Lights out. Tomorrow starts at 0500.
- Watch / shift rotation24-hour watches during exercises and real-world contingencies. The 12-hour night shift becomes your rhythm; you sleep when the watch hands off; the morning brief is briefed by whoever has the picture at the agreed time. The Specialist who runs the night-shift unsupervised cleanly is the Specialist the team chief names in the SCE shift turnover.
- BLC slot (typically 22-29 days at the regional NCO Academy)The team backfills your seat; you check into the Academy; you spend the course in a standardized leadership block that is the same for every MOS. Show up at standard PT, in clean uniform, with the section-NCO habits already built. The Commandant's List at BLC is a promotion-points line; the SPC who phones it in is the SPC the team chief hears about from the NCO Academy CSM.
- NSA / CSS enterprise-team rotation (60-90 days)Embedded on a civilian-led analytic line alongside GS-12 / GS-13 / GS-14 analysts and contractors. The senior analyst on the rotation is your senior in practice; the Army NCO chain feels distant; the work-role focus is whatever the NSA enterprise team is producing. The reps and the civilian-workforce relationships from this rotation compound for the rest of the career.
Weekly Cadence
Key Skills — How to Drill Each
- 01Run an unsupervised position on an NSA-tasked analytic line or a Cyber Mission Force seat — log every action, hand off cleanly at shift change, produce the standard work-role deliverable on time, and never act on a credentialed peer's behalf.Unsupervised position discipline is the difference between qualified and cherry. Log every action under your own credentials on JWICS, SIPR, NSANet; never log in as someone else, never let someone else log in as you; the audit log under AR 25-2 finds account-sharing every cycle. Close the watch log at shift end so the next analyst reads the picture without re-deriving it — the watch chief and the team chief read the log retrospectively when a mission goes sideways, and the analyst who logged transparently is the analyst the team defends. Build the muscle memory: at shift start, read the previous log, scan open RFIs, walk the SCIF physical security under ICD 705 (SF 702 status, container check, terminal lock state), identify the day's two-or-three highest-priority deliverables. At shift end, write the log the next analyst will read first.
- 02Build a SIGINT product that survives the supported staff's read — COMINT-derived assessment, ELINT/FISINT cross-cuts where the data exists, pattern-of-life over time and geography, sourcing per ICD 206, confidence per ICD 203, gaps named honestly, alternative analysis on the front of the deck when the data supports more than one read.The senior analyst on your line has a product template the team runs against; do not invent your own format. Pull a previous product the section signed off on and use it as the structural reference. Build the COMINT-derived assessment from the cited traffic — paragraph by paragraph, with citation lines, distinguishing reported speech from analytic interpolation. Pull ELINT or FISINT cross-cuts when the supported question warrants them and the team's tasking authorities allow. Plot pattern-of-life on a timeline view and on a geo-plot; export both in the format the supported staff actually uses. Name the gaps explicitly — the supported O-4 or the NSA civilian senior will ask 'what do you not know' and the SPC who has the gap-list ready is the SPC who survives the brief. Run the alternative-analysis line on the front of the deck, not buried — ICD 203 grades on this, and the senior analyst will pull you on it if you hide it.
- 03Apply the joint analytic and intelligence cycle (JP 2-0) and the joint targeting cycle (JP 3-60, F2T2EA) end-to-end inside the cryptologic enterprise — not theoretically, in the specific products your team owes the supported command.JP 2-0 is the joint intelligence cycle framing the inputs and outputs of your team's products. JP 3-60 is the joint targeting cycle (find, fix, track, target, engage, assess) the working group above your team applies. ATP 2-22.6 is the Army SIGINT doctrine. As an unsupervised Specialist, you are not designing the cycle — you are producing the team's piece of it cleanly, on time, sourced to standard. Read the chapters the senior analyst references during the team huddle; the cycle becomes second nature as the products accumulate. The discipline at SPC: trace each product you sign back to the PIR / EEI it supports, name the customer it serves, and cite the source authorities (USSID-series — your team certifies you on the specific volumes that apply) under which the collection was authorized.
- 04Apply ICD 203 / 206 / 208 to every product — sourcing line, confidence statement, alternative analysis when warranted, dissent captured per ICD 203 if you disagree with the team call.ICD 203 (Analytic Standards), ICD 206 (Sourcing Requirements for Disseminated Analytic Products), and ICD 208 (Maximizing the Utility of Analytic Products) are the IC-wide standards your products are graded against above the team. Print the five ICD 203 tradecraft elements (properly describe quality and credibility of underlying sources, properly express and explain uncertainties, properly distinguish between underlying intelligence information and the analyst's assumptions and judgments, incorporate analysis of alternatives, demonstrate customer relevance and address implications) and keep them at the position. Build the habit at SPC: every product has a sourcing line per ICD 206; every confidence call is explicit; the alternative-analysis line is on the front of the deck when the data supports more than one read. If you disagree with the team's call, ICD 203 has a dissent mechanism — use it through the proper channel, not in the hallway.
- 05Drive cross-domain hygiene — JWICS, SIPR, NIPR, NSANet, GENSER, EKMS — without spillage. One spillage rolls up to Army CI under AR 381-20 and the SSO closes terminals for a week.Cross-domain spillage is the unforced error that ends careers in this MOS. The terminals on different domains are physically and logically separated; the procedures for moving material between domains are formal and supervised (sanitization, tear-line, release-authority signature per USSID-series guidance); the discipline of not pasting from one window into another window on a different domain is muscle memory. The senior analyst will warn you once, then warn you formally, then write the counseling. The SSO inspects against AR 380-5; the cyber incident reporting chain under AR 25-2 carries the report. The fix in concept is simple: do not paste across domains. The discipline is hard in practice when you are tired, behind on a deliverable, and the data you need is on the wrong terminal. Slow down. Re-derive on the correct domain.
- 06Run an RFI dialogue with a theater intel brigade, an INSCOM element, a COCOM J2 SIGINT desk, an NSA enterprise team, or a sister-service partner — phrase the answer so it survives the next echelon up, and pull the senior analyst in when it should not be on your shoulders.The RFI is the team's daily currency at SPC. Phrase the answer specifically — named PIR / EEI link, sourced citation per ICD 206, confidence level per ICD 203, gaps named, timeline for follow-up, classification ceiling the receiving element can read at. Route it through the channel the team SOP requires — typically the watch log, the team's RFI tracker, and the supported command's chat channel. Know when to pull the senior analyst or the warrant officer (a 350F All-Source Intelligence Technician or 353-series SIGINT Analysis Technician at the team) in: anything that crosses an authority line (USSID, EO 12333 Procedures, AR 381-10), anything that exceeds your confidence to answer alone, anything that touches a partner element's lane (NSA civilian senior, sister-service equivalent, theater intel brigade analyst). The SPC who runs the RFI dialogue cleanly is the SPC the supported customer asks for by name a quarter later.
- 07Mentor the next cherry on JQR and OJT — the signoff you collected at PFC becomes the signoff you sign for a new PV2 inside 12 months.Teaching is the SPC's hidden differentiator and the senior NCO read of bench potential. The senior analyst notices the SPC who walks a cherry through the tool stack at 1400 on a Wednesday because the cherry asked. The team chief notices the SPC whose section's product velocity does not collapse when the senior analyst is at appointments. Build the teaching reps deliberately: pull a cherry to your position for an hour, walk through a query end-to-end, let her drive while you back-seat, let her teach a PFC the same workflow the next week. The SPC who teaches is the SPC the senior NCO names when the SGT slate comes around. Sign JQRs only on tasks you personally watched the cherry perform — falsified signoffs are auditable, and the team's training authority is pulled when found.
Manuals & References — What Chapters Matter
- ATP 2-22.6 — Signals Intelligence TechniquesOwn it at SPC, not just refer to it. The Army keystone doctrine for the SIGINT discipline — the SIGINT framework, COMINT / ELINT / FISINT breakdown, the cryptologic enterprise architecture, tactical SIGINT and theater SIGINT, the relationship between the Army SIGINT workforce and the NSA / CSS enterprise. Reread it cover-to-cover at SPC; the senior analyst quotes from chapters when explaining the discipline to junior soldiers, and the team chief expects an unsupervised Specialist to know the section he is referencing.
- JP 2-0 — Joint Intelligence; JP 3-60 — Joint Targeting; FM 2-0 — Intelligence; ADP 2-0 — IntelligenceJP 2-0 is the joint intelligence cycle your team's products travel through when they cross sister-service lines or move above the team. JP 3-60 is the joint targeting cycle (F2T2EA — find, fix, track, target, engage, assess) the working group above your team applies. FM 2-0 and ADP 2-0 frame the Army intelligence warfighting function. The Specialist who can defend a SIGINT product against JP 2-0, JP 3-60, and ATP 2-22.6 is the Specialist the team chief brings to the partner-element coordination call.
- ICD 203 — Analytic Standards; ICD 206 — Sourcing Requirements for Disseminated Analytic Products; ICD 208 — Maximizing the Utility of Analytic ProductsThe IC-wide standards your products are graded against above the team. Print the five ICD 203 tradecraft elements, the ICD 206 sourcing requirements, and the ICD 208 utility framework; keep them at your position; reread them quarterly. The senior analyst, the warrant, the team chief, the NSA civilian senior, and any IC reviewer above the team all apply these lenses. The SPC whose products read like ICD 203 standards from the first paragraph is the SPC whose products travel forward to the watch chief without rewriting.
- USSID-series — United States Signals Intelligence DirectivesThe cryptologic enterprise rulebook — the directives governing what your team can collect, exploit, and disseminate. Volumes are FOUO; the senior analyst and the SSO brief you on the specific volumes that apply to your work-role at compartment read-on. Do not freelance on USSID-governed work; the cost of a USSID violation at SPC is a CI inquiry under AR 381-20, not a counseling. The discipline at unsupervised Specialist: ask 'what USSID covers this' before pressing the key on a borderline action.
- AR 380-5 — Information Security; AR 381-10 — US Army Intelligence Activities; AR 381-12 — TARP; AR 380-67 — Personnel Security; AR 25-2 — Army CybersecurityAR 380-5 is the day-to-day classified handling reg — material classification, marking, handling, storage, transmission, destruction (SF 700 / 701 / 702 / 153 trail). AR 381-10 is the governing reg for Army intelligence activities including the Procedures 1-15 oversight rules for collection on US persons; the IG inspects the MI community against this reg. AR 381-12 is your TARP self-reporting obligation (foreign contacts, foreign travel, suspicious behavior, attempted elicitation, insider-threat indicators inside the 24-hour / 72-hour windows). AR 380-67 governs personnel security including SSBI / TS/SCI continuous-evaluation. AR 25-2 is the Army cybersecurity reg; the cyber-incident reporting chain runs under it.
- EO 12333 — US Intelligence Activities; DoDD 5240.01 — DoD Intelligence Activities; DoDM 5105.21 — SCI Administrative Security Manual; ICD 705 — SCIF Standards; DoDM 8140 — Cyberspace Workforce QualificationEO 12333 is the executive-order architecture framing every collection authority you operate under. DoDD 5240.01 is the DoD implementation. DoDM 5105.21 is the practical playbook the SSO works from for read-on, read-off, and operational SCI discipline. ICD 705 is the SCIF accreditation standard. DoDM 8140 (verify the current edition; it succeeded the older DoDM 8570 framework) governs the cyberspace workforce qualification framework your IAT-II / IAT-III credentials live under.
Standards — How to Hit Each
- First unsupervised work-role qualification signed off and current; second work-role under JQR / OJT before the SGT board window opens.Drive the second work-role conversation with your senior analyst by month 3-6 of unsupervised first-position. The senior NCO and team chief read multi-qualification Specialists as the SGT-bench names; the Specialists who arrive at the board with one work-role at the cutoff line sit in zone while peers with two qualifications pin. The trade-off: time on the home position vs time learning the second position. Build a JQR-driving rhythm for the second work-role alongside the production rhythm on the first — published block of hours per week, JQR signoff session with the second-position senior analyst, line-item tracker you keep your own copy of.
- IAT-II baseline maintained (Security+ CE typical) on the DoDM 8140 schedule; IAT-III in motion if the team's work-role requires it (CISSP, CASP+, CCNP-Security, GIAC, or platform-specific equivalents on the DoDM 8140 list).The IAT-II currency cycle runs on the DoDM 8140 schedule — CompTIA's Continuing Education program for Security+ CE requires CEUs across a three-year cycle. Plan the renewal early. The IAT-III credential path runs through Army Credentialing Assistance (current portal) and unit training funds; the team's credential coordinator walks you through the budget cycle and prerequisites. The GIAC certifications (SANS / GIAC — GCIH, GCIA, GREM, GPEN, GXPN, etc.) are gold-standard in the joint cryptologic / cyber workforce; if your team funds GIAC seats, treat the opportunity as the priority it is. The day the IAT-II deadline passes uncertified, the DoDM 8140 audit pulls you off the position.
- IFPC (Intelligence Fundamentals Professional Certification) attempted and ideally passed; NCS (National Cryptologic School at Fort Meade) entry-and-mid-catalog seats consumed as the team slots them.IFPC is the entry-level IC analytic certification the community has rallied around. Pull the IFPC prep package from JWICS or your unit's Foundry / NCS coordinator; study ICD 203 / 206 / 208, the intelligence cycle, structured analytic techniques, and the discipline fundamentals; sit the exam on the first available slot the team supports. NCS at Fort Meade is the IC's training center for cryptologic skills — entry-and-mid-catalog seats fill from the Specialist who asks first. Ask the section sergeant about NCS catalog availability quarterly; the Specialist who asks is the Specialist who fills slots, and the seats on the wall are the SGT-board differentiator.
- BLC graduate before the SGT board — STEP gate under AR 600-8-19, no waivers.BLC (Basic Leader Course) is run by the regional NCO Academy and is the prerequisite to pin SGT. Get on the BLC roster 12 months before your TIS / TIG hits the SGT window; slots fill from the SPC who asks first. Show up to BLC at standard PT, in clean uniform, with the squad-leader-time habits already built — your record at BLC follows you back to the unit and the BLC Commandant's List is a promotion-points line. Phone it in at BLC and the brigade S2 SGM hears about it from the NCO Academy CSM faster than you expect.
- ACFT 540+ floor — the cryptologic floor does not bend because your duty station is a SCIF. Section ACFT pass rate trends to the senior analyst's and senior NCO's pass rate.540 requires roughly 250+ on three events plus 60+ on the others. The cyber / cryptologic workforce has a PT reputation problem in some teams; the Specialist who shows up at the front of the run is the Specialist the senior NCO and team chief read as serious about both sides of the seat. Lift heavy three days a week, run intervals two days a week, focus on grip and core. The 2-mile run is the score-killer in a sedentary MOS — pull your time below 16:30 and you can afford to score moderately on the lift.
- TS/SCI with appropriate polygraph (CI poly minimum; FS poly for some compartments) maintained without a derogatory flag; Continuous Vetting (SEAD 6) and SEAD 3 self-reporting current; source-citation discipline 100%.Clearance maintenance runs through Continuous Vetting under SEAD 6 and periodic polygraph re-scope cycles. Self-report under AR 381-12 (TARP) and SEAD 3 inside the published windows — foreign contact, foreign travel, name changes, marriage, unexplained affluence, attempted elicitation, suspicious cyber activity, alcohol or drug incidents. The Adjudicative Guidelines under SEAD 4 / DoDM 5200.02 are the lens DoD CAF applies — A (foreign influence), B (foreign preference), C (sexual behavior), D (personal conduct), E (financial), F (alcohol), G (drug), I (criminal), J (handling protected information), K (outside activities), L (use of IT). Source-citation discipline at 100% — every fact, every assessment, every confidence call has an attribution line per ICD 206. The SSO inspects on these; the team chief reads the inspection report.
Technical Mistakes — Concrete Consequences
- Running on a position you are not currently qualified on because 'I did it last rotation.'Currency lapses are auditable under the team's JQR review and the DoDM 8140 cyber workforce audit. The team's analytic authority on that position gets pulled until the qualification is re-validated; your individual access gets re-evaluated; the senior analyst is in the counseling chain because he let it slide; the team chief reads the gap as a discipline failure. The fix: re-qualify cleanly before sitting the position again, and treat currency as the rolling discipline it is.
- Pushing a confidence level the traffic does not support because the supported command wants it — 'likely' becomes 'high confidence' because the BN S3 or the supported O-4 wanted a cleaner answer.ICD 203 grades on this and the dissent procedures exist for a reason. The supported command makes a real decision on the inflated confidence and the operation goes sideways; the team's senior analyst is in the team chief's office that afternoon explaining the call; the SPC who softened the confidence to please the room is the SPC the senior analyst does not let brief BN-CDR-level or NSA-civilian-senior-level products again until the trust is rebuilt — usually a quarter, sometimes longer. The discipline: name the confidence honestly; cite the data; let the room argue if it wants.
- Plagiarizing a higher-echelon assessment into your slide or BLUF without source citation per ICD 206.The supported analyst, the senior analyst, the warrant officer, the NSA civilian senior, and any IC reviewer above the team will catch it. ICD 206 treats sourcing as load-bearing; ICD 203 treats source attribution as the analytic-tradecraft floor. The SPC who plagiarizes once never gets the senior analyst trust back inside the same team; the credibility never comes back, and the next team you arrive at hears about it before you do. Cite the source. Even when it feels redundant.
- Letting the IAT-II credential lapse on the DoDM 8140 schedule.The audit pulls you off the position the day the credential expires; the team is short an analyst until you re-test; the senior analyst backfills the seat; the team chief writes the counseling statement; the SGT board NCOER reads the gap. The renewal cycle is published — CompTIA CE for Security+ requires CEUs across a three-year cycle, and Army Credentialing Assistance funds the renewal voucher if you are inside the window. Plan the renewal 6 months out, not 6 days out.
- Sharing a SIPR / JWICS / NSANet password with anyone — your team lead, your roommate, the contractor sitting next to you, the senior analyst who 'just needs to check one thing.' Two-person integrity is two people with their own credentials.The audit log under AR 25-2 finds it every cycle. The cyber incident reporting chain carries the report; the SSO and the team chief write the counseling statements; the access closes permanently; the senior analyst who accepted the shared credentials is in the counseling chain alongside you. The discipline at SPC is the same discipline at PV2: every keystroke under your own credentials, every time. The 'I was just helping' rationalization is the one the SSO has heard before and the one that ends the trajectory toward SGT in this MOS.
- Taking SCI-derived analysis to the SIPR or unclassified side without proper sanitization, tear-line, and release-authority signature per USSID-series guidance.Cross-domain spillage. The CI inquiry under AR 381-20 opens by close of business; the SSO walks you out of the SCIF that afternoon while the investigation runs; the brigade S2 OIC reads the report; the Defense Counterintelligence and Security Agency (DCSA) reads it two echelons later. The damage assessment may close the spillage administratively, but the SPC's name appears in the CI file regardless and reads at every clearance reinvestigation for the rest of the career. The 'just one paragraph for the S3 by COB' move is the move that ends careers in this MOS.
Career Decisions at This Rank
- BLC slot timing and Commandant's List pursuitBLC is the STEP gate for SGT under AR 600-8-19; without BLC complete, no SGT pin regardless of points. Most teams release SPCs to BLC after the first unsupervised work-role qualification is signed off; some teams wait for the second work-role to be in OJT. Plan the slot 12 months before you anticipate hitting the SGT board window. The Commandant's List at BLC is a promotion-points line (worth real points on the DA 3355 worksheet) and a known check at the SGT board. Show up at standard PT, in clean uniform, with the section-NCO habits already built. Phoning in BLC is the cleanest way to be remembered by the regional NCO Academy CSM in the wrong way — and the message travels back to your team chief faster than you expect. Default is yes to the next available slot the section sergeant offers.
- Second work-role qualification pace — push for it fast or build broader depth on the home positionThe SGT board reads multi-qualification Specialists as the bench names; the senior NCO and team chief read the same metric. Second-position qualification typically takes 12-18 months. The trade-off: time on the home position (deeper credibility on the work-role you already drive) vs time learning the second position (broader analytic resume). The senior analyst will tell you which pace fits the team. Specialists who arrive at the SGT board with one work-role at the cutoff line sit in zone while peers with two qualifications pin. There is no honest version of "I did not have time" — the time is in the schedule if you drive it. Ask the senior analyst on your work-role directly: "What pace do you want me at, and how do I know when I am ready to drive the second position." Then match the pace.
- IAT-III credential path — CISSP / CISSP-Associate, CASP+, CCNP-Security, or GIACThe IAT-III credential path depends on your work-role, the team's funding posture, and your career trajectory. CISSP is the gold standard but requires 5 years of demonstrated cyber experience (or waiver via CISSP-Associate); CASP+ is the CompTIA senior credential; CCNP-Security is Cisco's senior networking-security credential; the GIAC certifications (SANS / GIAC — GCIH, GCIA, GREM, GPEN, GXPN, etc.) are gold-standard offensive/defensive cyber credentials in the joint cryptologic / cyber workforce. The Army funds some GIAC vouchers through Army Credentialing Assistance and others through unit-specific training funds. Talk to the team's credential coordinator about the budget cycle and the prerequisites. The honest test: which credential matches your work-role and your post-Army trajectory if the second re-enlistment math does not work.
- NSA / CSS enterprise-team rotation — volunteer or stay on the teamSome teams rotate qualified Specialists into NSA / CSS enterprise-team seats for 60-90 days. The rotation is one of the most valuable experiences a 35N can have at SPC — IC-wide analytic exposure, civilian-workforce relationships that pay out at ETS or retirement, NCS / Foundry slot access, and a known differentiator on the SGT board. The trade-off: time away from the team and the home work-role qualification cycle. The team chief decides whether the rotation matches the team's coverage; ask the senior analyst about availability at month 6 of unsupervised position. The Specialists who ask are the ones who fill the seats.
- First re-enlistment — SRB, CSRB, follow-on assignment, ETS with clearance, or Active to ReserveThe first re-enlistment window typically opens 12-18 months before your first contract ends. The Selective Reenlistment Bonus (SRB) per the current HRC SRB MILPER and the Critical Skills Retention Bonus (CSRB) for specific cryptologic / SIGINT skill identifiers vary by MOS, re-up zone, shortage indicator, and follow-on assignment. Pull both current MILPERs before signing. 35N soldiers at SPC are often on the CSRB schedule because the MOS is a Critical Skill. The ETS-with-clearance option is real and substantial — the cleared-contractor market (Booz Allen Hamilton, Leidos, SAIC, CACI, ManTech, MITRE, Northrop Grumman, BAE, and the long tail of cleared SIGINT / cyber shops) hires qualified 35Ns with TS/SCI + CI poly straight off the orders, and the NSA-civilian crossover at the GS-9 to GS-13 entry ladder is a parallel option for soldiers with a clean JQR jacket and a credential stack. The trap: signing for a longer contract than you actually want, or signing for a follow-on assignment that breaks your family. Run the math twice. Talk to your spouse if you have one. If the re-up math does not work without the bonus, the re-up does not work.
- Cross-reclass at first re-enlistment window — 35F / 35G / 35P / 35Q / 35S / 17CRe-enlistment windows are when the Army funds cross-reclass between MOSes. The HRC MILPER publishes the in-cycle reclass options quarterly. 35F (All-Source Intelligence Analyst) consumes SIGINT alongside other disciplines and is a broader analytic seat; 35G (GEOINT) is the geospatial path and integrates with NGA; 35P (Cryptologic Linguist) is target-language SCC workforce (requires DLPT qualification on a controlled language); 35Q (Cryptologic Cyberspace Operator) is cryptologic cyber operations under SCC authorities; 35S (Signals Collector) is the collection side of the SCC workforce; 17C (Cyber Operations Specialist) is cyber operations workforce under USCYBERCOM authorities. The right reclass depends on which discipline you actually like — talk to soldiers in the receiving MOS before signing, read the current accession requirements on the HRC reclass page, and run the second-order question: where does the 10-year senior NCO trajectory in that MOS sit. The decision is consequential; do not let it be transactional.
How the Seat Varies by Unit Type
- 706th MI Group (Fort Meade) — Army element co-located with NSA / CSS WashingtonThe most common SPC seat for the analytic-deep cryptologic side. The 706th MI Group is the Army element at NSA / CSS Washington — the largest Army cryptologic concentration outside Fort Eisenhower. As a qualified Specialist at the 706th, you sit on an NSA-tasked analytic line alongside Navy CTRs, Air Force 1Ns, Marines, NSA civilians (GS-12 / GS-13 / GS-14), and contractors. The technical work is SIGINT-deep; the joint workforce density is the highest in the MOS; the senior NCO and warrant bench is deep. Multi-position qualification at SPC is the pattern; NCS entry-and-mid catalog seats are accessible. The cost: Fort Meade BAH is high, the cost of living in the DMV is high, and the commute inside the NSA campus is real.
- INSCOM theater intelligence brigade — 470th (JBSA-Fort Sam Houston), 500th (Schofield Barracks), 501st (Korea), 66th (Wiesbaden Germany), 207th (Africa)The theater-strategic seat. As SPC on a theater intel brigade, you support a CCMD J2 SIGINT desk on theater-level problems — 470th supports SOUTHCOM / CENTCOM-adjacent SIGINT, 500th supports INDOPACOM, 501st supports the Korea theater, 66th supports EUCOM, 207th supports AFRICOM. The products travel further (CCMD J2 audience, IC-wide dissemination); the analytic standards are applied at the IC source-level standard. The OPTEMPO is slower than a brigade combat team but the analytic depth is greater. The SGT-bench reads at theater intel brigades trend toward the analytic-depth track and the 353-series SIGINT Analysis Technician path.
- 780th MI Brigade (Fort Eisenhower) — Army cyber brigade, cyber-SIGINT fusion floorThe 780th is the Army's cyber brigade at Fort Eisenhower (renamed from Fort Gordon in 2023; the Cyber Center of Excellence is also on post). The 781st MI Battalion (Vanguard) and 782nd MI Battalion (Cerberus) sit under the 780th. The brigade runs Army-side Cyber Mission Force teams alongside USCYBERCOM and the joint cyber enterprise. The cyber-SIGINT fusion line is where 35N analytic work integrates with 35Q cryptologic cyberspace and 17C cyber operations work. The OPTEMPO is high; the senior NCO and warrant bench (350F, 353-series, 170A) is deep. Multi-qualification pace is faster than at theater intel brigades.
- Cyber Mission Force team detached to NSA / CSS Cryptologic Centers (NSA-Hawaii at Kunia, NSA-Texas at San Antonio, NSA-Colorado at Aurora)CMF teams are joint formations detached to NSA Cryptologic Centers. The Army NCO chain runs through the parent brigade (often the 706th or 780th); the daily operational chain runs through the team chief at the NSA-co-located site. The work-role focus is mission-set-specific to the team and the supported COCOM. Hawaii is paradise with brutal cost of living; Texas is San Antonio with the BAMC / Fort Sam Houston military density; Colorado is altitude and proximity to USNORTHCOM and Buckley Space Force Base. The Specialist experience on a CMF team is more compartmented than at a brigade — you may not know the names of soldiers in the next team space, and the joint workforce is closer to you daily than the Army chain.
- National detail — NSA / CSS enterprise team alongside civilian analystsA small number of qualified Specialists land on national detail seats at NSA / CSS Fort Meade — embedded on a civilian-led analytic line alongside GS-12 / GS-13 / GS-14 analysts and contractors. The technical work is IC-wide; the team you sit on has one or two Army uniformed soldiers and a much larger civilian bench. The senior civilian analyst is your senior analyst in practice; the Army NCO chain feels distant; the team chief at NSA is your daily reality. The Specialist experience here is the broadest analytic exposure in the MOS, and the post-service NSA-civilian crossover pipeline reads strongest from these seats. The technician (353-series) packet candidacy from national detail reads strong on the WORC board when the time comes.
What Good Looks Like at This Rank
Preview — The Next Rank
35N E4 — Frequently Asked Questions
Q01What does a E4 35N (Signals Intelligence Analyst) actually do?
Q02What's the most important thing to know as a E4 35N?
Q03What does a typical day look like for a E4 35N?
Q04What mistakes get E4 35N soldiers fired or relieved?
Q05What career decisions matter most at the E4 35N rank tier?
Q06What's next after E4 for a 35N (Signals Intelligence Analyst) in the Army?
Q07What manuals and regulations does a E4 35N need to know cold?
This playbook has no tips yet. Be the first to share what you know.