Skip to main content
HonestMOS
InvestigationsCongress made VA disability claims free to file. An entire industry charges veterans anyway — and nobody can stop them.
Back to 35Q Cryptologic Network Warfare Specialist — overview, pay, training, civilian translation, reviews
35QE1-E3

Cryptologic Network Warfare Specialist

E-1 to E-3 (Junior Enlisted) · Army

HEADS UP

AIT at NIOC Corry Station in Pensacola is a joint cryptologic schoolhouse — the Army's 334th Military Intelligence Battalion is your Army host, but you sit in the same classrooms as Navy CTNs, Air Force 1N4s, and Marine 2651s, and the senior instructor cadre is a mix of all four services and NSA civilians. Treat the joint workforce as the workforce from day one — your career runs through the Army chain, but your daily seat at your first unit is inside a Service Cryptologic Component team that does not care which uniform you wear. Two non-negotiables before pin-on E-4: keep the TS/SCI with the polygraph clean, and finish the JQR / OJT signoff book on your assigned work-role inside the team's published timeline. Everything else is recoverable; those two are not.

The Honest MOS Read
You are the junior cryptologic cyberspace soldier — the Army's contribution to an NSA-tasked Cyber Mission Force seat. You walked off the bus at Naval Information Operations Command (NIOC) Corry Station in Pensacola, Florida, where the 334th Military Intelligence Battalion runs the Army piece of a joint schoolhouse alongside the Navy, the Air Force, and the Marines. The Joint Cyber Analysis Course (JCAC) — sometimes called the Basic Cyber Analyst Course depending on which year's POI is in front of you — is the long pole at Corry. JCAC is the foundational technical block, and the 35Q-specific follow-on training sits on top of it. The course is months long, it is academically demanding, and the washout rate is real — not because the Army wants to fail you, but because the joint cryptologic workforce is not a place you can carry someone. The instructors will not pretend you passed when you did not. You either got the material or you did not, and the JQR signoff at your first unit will read accordingly. You graduate Corry with a school code, a security manager's introduction to the polygraph cycle you will live under for the rest of your clearance life, and a duty-station assignment that lands you in one of a small number of places: the 780th MI Brigade at Fort Meade (the Army's offensive cyber brigade, co-located with NSA-Washington); the 706th MI Group at Fort Eisenhower (the Army element at NSA/CSS Georgia, on the post renamed from Fort Gordon in 2023; the senior NCOs there treat the sign on the gate as the least interesting thing about the unit); a Cyber Mission Force team detached to NSA-Hawaii at Kunia, NSA-Texas at San Antonio, or NSA-Colorado at Aurora; INSCOM units at named locations; or a national-detail seat that puts you on an NSA enterprise team alongside civilian analysts and contractors. The team you arrive at had your slot on the manning document for months — they know your name, your school grades from Corry, and roughly when you cleared the polygraph. Your job for the next 24 months is to earn the second TS/SCI clearance reinvestigation so the first one is worth carrying. Most of your week is shadowing a certified operator on the team's work-role, consuming on-the-job training, sitting at a position you cannot drive alone yet, and grinding through the unglamorous part of the seat: clearance reinvestigation paperwork, polygraph re-scopes when SEAD 3 or the unit's CV (Continuous Vetting) cycle calls for one, SAEDA / TARP / cyber-awareness / OPSEC / insider-threat training ticklers, IAT-II prerequisite study, classified destruction logs, two-person integrity walks of the SCIF spaces, badge audits, and the JQR / OJT signoff book the senior operator inspects every Friday. The senior operator on the team and the team chief (often a CW2/CW3 350F or 17A warrant officer, often paired with an NSA civilian senior at the GS-13/GS-14 level) are the two people whose read of you matters most in your first year — the team chief signs off on your first work-role qualification, and the senior operator decides which position you sit on which days. Promotion through E-2 and E-3 is automatic per AR 600-8-19 — E-2 at 6 months TIS, E-3 at 12 months TIS / 4 months TIG (waivable). E-4 is the first real promotion gate that requires command recommendation, the DA Form 3355 promotion-points worksheet, BLC slot, and a cutoff score per the monthly HRC MILPER. For 35Q specifically, the BLC slot is harder to get than a line MOS soldier expects, because the senior NCOs at your team are reluctant to release you for a 22-day NCO Academy course when you are sitting an unsupervised position you spent 18 months qualifying on. Plan the BLC packet conversation with your section sergeant 12 months out; do not wait until the slot drops. The other reality of this MOS that the recruiter did not tell you: the IAT-II credential cycle is real and it is on the clock. DoDM 8140 (Cyberspace Workforce Qualification — verify the current edition; the manual was rewritten in the 8140 series after the 8570 predecessor) governs the cyber workforce credentialing framework, and most 35Q positions require an IAT-II baseline credential within a published window after you arrive. CompTIA Security+ CE is the most common entry credential and the one the unit will fund through Army Credentialing Assistance. Start the study early. The team does not pull you off the position because you missed the IAT-II deadline; it pulls you off because the DoDM 8140 audit pulls you off, and the team is short an operator for however long it takes you to test. Do not be the soldier who let the credential lapse because the senior NCO did not personally remind you to study. The civilian-transferability conversation that gets sold at MEPS is real for 35Q, but with caveats. The TS/SCI with the polygraph is the most marketable credential in the federal contracting market — cleared-contractor billets at Booz Allen, Leidos, MITRE, CACI, ManTech, SAIC, BAE, the long tail of cyber-specific shops, and the prime defense integrators all hire from the SCC enlisted workforce on this exact profile. The Security+ / CCNA-CyberOps / CYSA+ / eventually CISSP stack you build on Army Credentialing Assistance translates directly. The work-role qualifications you get signed off in the joint workforce translate, with some training-record reframing, to the civilian cleared cyber market. But the credential and clearance are only as good as your record while you carry them — one Article 15, one DUI, one mishandled classified incident, one personal-conduct flag from CV, and the clearance is suspended, the SSO pulls your access that afternoon, and the contractor offer that was waiting for you at ETS evaporates.
Career Arc
  • 01BCT (one-station BCT or split-option to AIT — most 35Qs do split-option through the cyber pipeline).
  • 02AIT at NIOC Corry Station (Pensacola, FL) — 334th MI Battalion as Army host, joint with Navy/Air Force/Marines, JCAC and 35Q-specific follow-on.
  • 03TS/SCI with polygraph adjudicated through DoD CAF — the gate to every assignment in the MOS.
  • 04First duty station: 780th MI Brigade (Fort Meade), 706th MI Group (Fort Eisenhower), CMF team at NSA-Hawaii / NSA-Texas / NSA-Colorado, INSCOM unit, or national-detail seat.
  • 05Month 0-6: in-process the team, get JQR / OJT signoff book started, IAT-II (Sec+ CE) credential in motion through Army Credentialing Assistance.
  • 06Month 6-12: shadowing certified operator on assigned work-role, JQR half-complete, first polygraph re-scope if SEAD 3 / CV cycle drives one, BLC packet conversation opened.
  • 07Month 12-18: unsupervised work-role qualification signed off, second work-role under JQR, first re-enlistment window opens with Selective Reenlistment Bonus (SRB) and Critical Skills Retention Bonus (CSRB) per current HRC MILPER potential.
  • 08Promotion to E-4 SPC: 24 mo TIS / 6 mo TIG (waivable), DA 3355 worksheet, BLC complete or scheduled, cutoff above MOS-specific line, chain release.
Common Screwups
  • ×Bringing a personal electronic device into a SCIF — phone, smartwatch, fitness tracker, AirPods, even once. The SSO pulls your access that afternoon, the CI investigation under AR 381-12 runs months, and the incident lives in your security file forever. The clearance may survive; the senior NCO read of you does not.
  • ×DUI / Article 15 / off-post arrest with a TS/SCI on the line. Adjudicative Guideline G (alcohol consumption), Guideline H (drug involvement), Guideline E (personal conduct) under SEAD 4 / DoDM 5200.02 each become problems immediately. Clearance suspension is the default; restoration is a paperwork fight that takes months and is not guaranteed.
  • ×Posting OPSEC-relevant content on social media — unit patches, building photos, 'first day at Fort Meade' selfies, LinkedIn descriptions that name programs by code or that overspecify what you do at NSA. Foreign collection against the SCC workforce is real, the brigade S2 OIC reads the social-media-OPSEC briefing as a real requirement, and your name on the brigade non-compliance roll travels.
  • ×Failing to self-report a foreign contact, foreign travel, marriage to a foreign national, or a financial event under AR 381-12 (TARP) and SEAD 3 (Continuous Evaluation). CV will surface the indicator first if you do not report it; the conversation moves from SSO administrative to CI investigative, and the difference is whether your career continues.
  • ×Letting the IAT-II credential (Security+ CE typically) lapse on the DoDM 8140 schedule. The audit pulls you off the position the day it expires; the team is short an operator until you re-test; and the senior NCO who has to backfill your seat reads the gap as a discipline failure.

A Day in the Life

  • 0500Wake. Coffee. Quick phone check — accountability OK, no soldier emergencies, no overnight team chat from the senior NCO. Phone goes back in the kitchen drawer because it is not going anywhere near the SCIF. PT uniform on.
  • 0530PT formation at the company area or the team's designated PT pad. Cyber-MI companies often run PT on a slightly delayed schedule to align with the team's watch rhythm. Accountability to the section sergeant; the senior NCO reads the formation.
  • 0545-0700Unit PT — rotates through cardio days, strength days, recovery-mobility days. The cyber workforce has a PT reputation to fight; the cherry who shows up at the front of the run is the cherry the senior NCO notices.
  • 0700-0830Hygiene, breakfast at the DFAC or in the barracks if you are still in the BEQ, change into the uniform of the day. OCPs typically; some NSA-detail seats run a different uniform standard — the senior NCO walks you through it.
  • 0830In-process the SCIF. Badge swipe, SF 702 sign, lock all personal electronics in the entry container, walk to your position. The senior operator on the floor reads the previous watch log and briefs the picture.
  • 0830-1130Shadow shift on the assigned work-role. The senior operator drives the position; you sit next to him, you read the traffic alongside him, you walk through the tooling, you ask questions during the slow moments rather than during the active ones. You also work on your JQR signoff line items — each task you can demonstrate is a signoff to drive.
  • 1130-1300Chow. You eat with the team at the on-post DFAC or in the team space if your facility supports it. The senior NCO read of you forms around that table; the senior operator may pull you aside for a five-minute mentor conversation about the morning's traffic.
  • 1300-1500Afternoon shadow shift continues. You may rotate to a second work-role for an hour to begin building the second JQR. The senior operator redlines a BLUF you drafted in the morning; you take the redline as a teaching moment rather than as a personal hit.
  • 1500-1600Compliance and admin block. IAT-II credential study if your test date is approaching; annual SAEDA / TARP / cyber-awareness / OPSEC / insider-threat training if a module is due; classified destruction log entries if your section is on rotation; SF 701 end-of-day SCIF checklist support if your section closes the spaces.
  • 1600-1630Section huddle with the senior NCO. The senior NCO walks the team's rollup for the day, names tomorrow's priorities, confirms watch coverage, and reads anyone who is on a deadline (BLC packet, IAT-II test date, polygraph re-scope, JQR milestone).
  • 1630Out-process the SCIF. Lock workstations, sign SF 702, secure containers, walk out. Released. Some days the watch cycle keeps the section in longer; the team chief will tell you when that day comes.
  • 1700-2000Personal time. If you are studying for the IAT-II test, this is the block. If you are at the gym chasing an ACFT score the senior NCO will respect, this is the block. Married soldiers get family time; single soldiers in the BEQ rotate between the gym, the books, and the chow hall.
  • 2000-2200Wind-down. The cherry 35Q schedule is not as compressed as a line-MOS schedule at this rank — the watch rhythm and the SCIF day are bounded. The cherry who uses the evening to study and to PT is the cherry the senior NCO reads as serious about the career.
  • 2200Lights out. Tomorrow starts at 0500.
  • Watch / shift rotationSome teams run 24-hour watches during exercises or real-world contingencies. As a shadow you sit on the watch shift the senior operator sits — the night shift is your shift if he is the night-shift senior. The clock breaks; you sleep when the watch hands off; the morning brief is briefed by whoever has the picture at the agreed time.

Weekly Cadence

The Mon-Fri rhythm in your first 12 months as a 35Q is dominated by the JQR / OJT signoff book, the IAT-II credential study, and the team's compliance calendar. Monday is the heaviest day — the senior NCO publishes the week's watch coverage, the senior operator names the work-role focus areas, and the team chief reads any compliance items on the schedule (annual training suspenses, polygraph re-scope appointments, clearance reinvestigation interviews, brigade S2 visits). You spend Monday morning re-reading the previous Friday's senior-operator redlines on your shadow products and walking through the watch log for any items the previous week did not close. Tuesday through Thursday is the rhythm of position-shadowing and JQR drive. The senior operator is at the position; you are next to him; the JQR book is open and you are running through the line items you can demonstrate that week. Sergeant's Time Training equivalent in the cyber MOS often happens as senior-operator-led skill blocks — tool refreshers on the team's stack, ICD 203 / 206 writing drills, RFI-handling rehearsals, structured analytic technique drills. The cherry who shows up to those blocks with the printed standards and the redlined examples from the previous week is the cherry the senior operator reads as serious. Friday is the compliance and admin day in most teams. SF 702 walk-arounds, classified destruction log review, JQR signoff session with the senior operator, IAT-II credential progress check, compliance-training closeout. The senior operator inspects the JQR book on Friday in most teams — show up with the items you completed that week, ready for signoff, and the senior operator will sign through. Show up with an empty week and the senior operator will read the signal. The week's other rhythm is administrative — Army-internal paperwork (DA 4187 for the BLC slot, DA 3355 for promotion points, leave requests, family-care plans for soldiers with dependents), the joint-workforce paperwork (NSA badge maintenance, parking pass renewal, team-specific badging), and the personal-conduct calendar (polygraph re-scope appointments, CV self-reporting under SEAD 3, foreign travel pre-clearance). Real-world contingencies and exercise cycles compress this rhythm; when the team is in a sustained operational tempo, garrison-time is for sleep, watch coverage, and the documentation you owe before the next cycle starts.

Key Skills — How to Drill Each

  1. 01
    Operate inside an NSA-tasked SCIF to AR 380-5 and ICD 705 standards — badge discipline, two-person integrity, classified discussion only inside the spaces rated for it.
    The SCIF is not a metaphor; it is a physical space accredited by the cognizant security authority (CSA) under ICD 705 with a specific authorized-use envelope. Badge worn inside, badge in the pocket outside, badge never on the gate guard photo on Instagram. Two-person integrity means two people with their own credentials and their own awareness of what is happening — not 'my buddy is in the building somewhere.' Classified discussion stays inside the rated space; the hallway, the smoke pit, the gym, the carpool conversation all count as outside. The SSO walks the spaces weekly and the SF 702 / SF 701 trail you sign tells the truth about whether the spaces were closed correctly. The senior operator on the team will tell you within the first month who the SSO is, which space is rated to which level, and which doors you do not push without permission.
  2. 02
    Drive the basic analyst / operator tooling on JWICS, SIPR, and the team's mission systems — query, pivot, log your work, and never run on someone else's credentials.
    The work-role-specific tooling is taught in JCAC and the 35Q follow-on at Corry, then re-taught at the team because every team's stack is slightly different. The discipline that does not change: every query, every pivot, every action is logged under your credentials and is auditable. The audit log finds account-sharing; the audit log finds credential reuse; the audit log finds the 'I was just helping' moment when a senior operator stepped away from his workstation and you pressed the key under his login. Two-person integrity in tooling means each person logs in as themselves. The senior operator who lets you 'just finish this query' under his credentials is teaching you the wrong lesson — politely log out and log back in under your own.
  3. 03
    Read traffic and write a one-paragraph BLUF a senior operator can put in front of the watch chief without rewriting.
    The BLUF (Bottom Line Up Front) is the discipline of leading with the answer, then the confidence, then the sourcing. Three sentences max for a shadow product at your level: what does the traffic say, how confident are you, where is the citation. Apply ICD 203 (Analytic Standards) and ICD 206 (Sourcing) from day one — even at the trainee level. The senior operator on the team will redline your first ten products the same way; by the fourth or fifth he will start signing them through with minor edits; by the tenth he is asking you to write the BLUF on his product because your habits are cleaner than his. The senior NCO and the team chief notice the cherry whose first ten BLUFs were redlined hard and whose next ten were clean.
  4. 04
    Sit a position under qualification — shadow the certified operator, run the JQR / OJT signoff book, and ask the question before you press the key, not after.
    Position qualification is the formal process by which you move from shadow to unsupervised. The JQR (Job Qualification Requirements) book and the OJT (On-the-Job Training) signoff book are the formal record. Each line item is a specific task the senior operator has watched you do, signed off on, and dated. The book is inspected by the team chief monthly and by the brigade or supported command quality officer periodically. The discipline: do not sign for what you have not done, do not let the senior operator sign for what he has not watched, and treat each signoff as a contract. The audit catches falsified JQR entries faster than most cherries expect, and the team's training authority gets pulled when it is found.
  5. 05
    Apply the analytic standards from ICD 203 (sourcing, confidence, alternative analysis) to anything you produce, even at the trainee level.
    ICD 203 is the IC-wide analytic standard — the five tradecraft elements are objectivity, independence of political consideration, timeliness, based on all available sourcing, and exhibits analytic tradecraft (logical argument, source description, expression and explanation of uncertainty, distinguishing assessment from underlying information, accuracy of judgments, incorporation of alternative analysis where appropriate, and customer relevance). At the trainee level, three things matter: cite your sources by enclave, name your confidence honestly (low/moderate/high with reasoning), and mention alternative explanations when the data could support more than one read. The senior operator and the team chief grade on these even before they grade on the technical content; the cherry whose products read like ICD 203 standards from day one is the cherry whose work the senior operator hands forward without rewriting.
  6. 06
    Pass the IAT-II prerequisites — the DoDM 8140 cyber workforce framework gates every position you are trying to qualify on.
    DoDM 8140 (Cyberspace Workforce Qualification) replaced the older 8570 framework and aligned to the NIST NICE workforce model. Most 35Q positions require IAT-II baseline; the most common funded credential is CompTIA Security+ CE. Army Credentialing Assistance pays for the voucher and the prep materials through the GoArmyEd / ArmyIgnitED portal — verify the current portal and process, the system has changed names over the years. Study the official CompTIA exam objectives, work through a prep guide (Professor Messer's free video series is the standard recommendation in the joint workforce; verify it is still current), and take practice tests. Plan to test within the first 6 months at your team. The team's IAT compliance officer or the SSO can walk you through the credential reporting once you pass.

Manuals & References — What Chapters Matter

  • FM 2-0 — Intelligence
    The Army doctrine spine for the warfighting function you are part of. Read chapters 1-3 in your first month — the intelligence warfighting function, the relationship between echelons, the intelligence disciplines. As a cherry 35Q you sit inside the SIGINT / cyberspace operations side, but the FM is how the Army frames the whole picture and how your work fits inside the BCT / division / corps / theater Army intelligence enterprise.
  • JP 3-12 — Cyberspace Operations; JP 2-0 — Joint Intelligence
    JP 3-12 is how the Joint Force frames the cyberspace operations mission your team sits in — offensive cyber, defensive cyber, DODIN operations, and the relationships between Cyber Mission Force teams, NSA, USCYBERCOM, and the supported combatant commands. JP 2-0 is the joint intelligence doctrine; you are inside a joint workforce from day one, and the FM 2-0 / JP 2-0 split matters when the team chief asks 'is this an Army problem or a joint problem.'
  • AR 380-5 — Department of the Army Information Security Program
    The day-to-day classified handling reg. Material classification, marking, handling, transmission, destruction, and the consequences when each goes wrong. The SSO inspects against AR 380-5; the brigade S2 OIC inspects against AR 380-5; the IG inspects against AR 380-5. As a cherry, read chapters on marking and handling first; the destruction and incident-reporting chapters become relevant by month 6.
  • AR 381-12 — Threat Awareness and Reporting Program (TARP); AR 381-10 — US Army Intelligence Activities
    AR 381-12 is your self-reporting obligation for foreign contact, foreign travel, suspicious behavior, attempted elicitation, and insider-threat indicators. The 24-hour and 72-hour reporting windows for specific indicators are not optional. AR 381-10 is the governing reg for Army intelligence activities including the Procedures 1-15 oversight rules for collection on US persons — the IG inspects the MI community against this reg and the senior operator will explain how it shapes what your team can and cannot do.
  • AR 25-2 — Army Cybersecurity; DoDM 8140 — Cyberspace Workforce Qualification
    AR 25-2 is the Army cyber reg — system authorization, configuration management, the cyber-incident reporting chain. DoDM 8140 (current edition — verify the version) is the cyberspace workforce framework that gates your IAT-II credential and the position-specific qualifications you build on top. Both regs live on the team — the IAT compliance officer references DoDM 8140 weekly, and AR 25-2 is the basis for the cyber awareness training you complete annually.
  • ICD 203 — Analytic Standards; ICD 705 — SCIF Standards; ICD 503 — IC IT Systems Security Risk Management
    The IC-side standards your team operates under. ICD 203 governs analytic tradecraft (the discipline your BLUFs are graded against). ICD 705 governs SCIF accreditation (the standard the rooms you work in are built to). ICD 503 governs the IT systems your team uses and the risk-management framework the cognizant security authority applies. The senior operator will not quote them by paragraph in your first week, but the discipline they describe is the discipline you operate inside every day.

Standards — How to Hit Each

  • JQR / OJT signoff on your assigned work-role inside the published timeline — most teams expect first-position qualification inside 12-18 months.
    The JQR book is the formal record of position qualification. Each line is a specific task signed by the certified operator and dated. The team chief inspects the book monthly; the brigade or supported command quality officer audits periodically. Build the habit of asking for signoffs after specific tasks you have demonstrated, not in bulk at the end of a quarter. Keep your own copy of the JQR tracker so you know which line items remain. The senior operator who watches you sit a position for a year without driving the signoff book is not the operator you blame — that is the cherry's signoff to drive.
  • IAT-II baseline credential on the DoDM 8140 list (Security+ CE is the most common entry credential funded by the unit) inside the published window.
    Most teams give cherries a window — often 6 to 12 months from arrival — to test for the IAT-II credential. Army Credentialing Assistance through the GoArmyEd / ArmyIgnitED portal funds the voucher and prep materials (verify current portal name). The team's IAT compliance officer tracks the timeline. Study early; test once you are ready; do not let the deadline slide because the senior NCO did not personally remind you. The day the deadline passes, the DoDM 8140 audit pulls you off the position until you certify.
  • TS/SCI with the appropriate polygraph maintained without a derogatory flag — one mishandling incident or one personal-conduct flag and the SSO pulls access that afternoon.
    The clearance is maintained through Continuous Vetting (CV) under SEAD 6 and periodic reinvestigation. Self-report under AR 381-12 and SEAD 3 on the published indicators (foreign contact, foreign travel, financial events, marriage to a foreign national, drug or alcohol incidents). The polygraph re-scope cycle is published by your unit's polygraph branch; the senior NCO and the SSO walk you through the rhythm. Live like the clearance matters — because at this rank, in this MOS, it is the credential you carry forward into the rest of the career.
  • ACFT 500+ floor — NSA-detail work is sedentary by nature; the Army standard does not move.
    500 is the bare minimum to be left alone; 540+ is where the senior NCOs stop reading you as a PT problem. Lift heavy three days a week, run intervals two days a week, focus on grip and core. The 2-mile run is the score-killer in a sedentary MOS — pull your time below 16:30 and you can afford to score moderately on the lift. The team chief and the senior NCO will not chase you on PT, but they will read the ACFT score as the discipline metric for the rest of the seat.
  • Annual SAEDA / TARP / cyber-awareness / OPSEC / insider-threat training complete before the suspense — your name on the brigade non-compliance roll is the wrong way to be noticed.
    The training cycle is published by the brigade S2 / SSO / cyber-awareness shop. The portal is JKO / ALMS / the unit's specific compliance tracker — verify which one your team uses. Complete each module before the suspense date; print or screenshot the completion certificate; send it to the team's training NCO if your team requires the manual confirmation. The senior NCO will not personally walk you through every module; he will assume you completed them and will read the non-compliance roll when it comes back from brigade.

Technical Mistakes — Concrete Consequences

  • Taking a phone, smartwatch, fitness tracker, AirPods, or any personal electronic into a SCIF. Even once.
    The SSO pulls access that afternoon. The CI investigation under AR 381-12 and the inquiry under AR 380-5 run months. The incident lives in your security file forever and is read at every clearance reinvestigation for the rest of your career. The team chief explains the gap to the brigade S2 OIC; the brigade S2 OIC explains it to the BCT CDR if you are at a BCT, or to the supported command if you are at a CMF team. The cherry whose first month at the team included a phone-in-SCIF incident is the cherry the team's senior NCOs remember by name when they are pulling slate names two years later. The 30 seconds it takes to lock the device in the SCIF entry container is the 30 seconds that protects the rest of the career.
  • Logging into a SIPR or JWICS terminal on someone else's account because 'they were right here.'
    Account sharing is auditable. The audit closes your access permanently and the senior operator's access for as long as the inquiry runs. The team chief writes a counseling statement, the SSO writes an incident report, and the cyber-incident reporting chain under AR 25-2 puts the event on the brigade S6 / S2 incident dashboard. The senior operator who let you log in under his credentials is also in the counseling chain — and the team's training authority pays through the inquiry window. The discipline: every keystroke under your credentials, every time.
  • Talking about work in the hallway, the smoke pit, the gym, the carpool, or the chow hall.
    Classified discussion outside the rated space is a security incident under AR 380-5 regardless of whether anyone outside the cleared workforce was present. The SSO writes the incident report; the senior NCO writes the counseling statement; the clearance review reads the incident in the next cycle. Foreign collection against the cryptologic workforce is real — open-source overhearing happens, and the senior NCOs have stories about exactly this. The discipline: where you work, what you target, and who you support do not leave the SCIF — not even shorthand to your roommate, your spouse, or your buddy from BCT.
  • Posting OPSEC-relevant content on social media — unit patch, building location, 'first day at Fort Meade' photos, LinkedIn descriptions that name programs by code.
    The brigade S2 OIC runs an OPSEC review of cleared-workforce social media periodically. Your name surfaces on the non-compliance review; the senior NCO and the SSO have a conversation with you that you do not want; the post comes down; and the incident lives in the security file. Foreign collection scrapes LinkedIn and social media for cleared-workforce names and program names — the discipline is not paranoid, it is the operational reality of the workforce you joined. Set the LinkedIn to private, scrub the BCT-graduation Instagram, and do not let the next post happen.
  • Pressing a key on a position you are not signed-off on because 'the senior op stepped out.'
    Unsupervised operator action without qualification gets the team's authority pulled and your career ends before E-4. The audit log catches it; the senior operator is in the counseling chain; the team chief explains the gap to the brigade and supported command. The discipline: if the senior operator stepped out and the position needs action, you call the next certified operator on the watch bill or you tell the senior operator the team needs to backfill the position. You do not press the key. The 'I was just helping' rationalization is the one the team chief has heard before and the one that ends the conversation about your career trajectory.

Career Decisions at This Rank

  • BLC packet timing and slot pursuit
    BLC (Basic Leader Course) is the prerequisite to pin SGT and the first NCO Academy gate. For 35Q soldiers, the BLC slot is harder to get than line-MOS peers expect because the senior NCOs at your team are reluctant to release you for 22 days when you are sitting an unsupervised position the team spent 18 months qualifying you on. Open the packet conversation with your section sergeant 12 months before you need the slot. The trade-off is real: you lose three weeks of position time and the team backfills the seat; the team chief will read whether the packet was driven by you or chased by the senior NCO. Do not skip BLC because the timing is hard — the SGT board moves regardless of your readiness, and the soldier without BLC at the cutoff is the soldier who sits in zone.
  • IAT-II credential study and timing — Security+ CE typically
    The IAT-II baseline credential is the DoDM 8140 gate to most 35Q positions. Most teams give cherries 6-12 months to test. Army Credentialing Assistance funds the voucher and prep materials. Study early — the cherry who treats the credential as a Year One priority is the cherry whose JQR pipeline does not stall when the audit window approaches. Once you pass Security+ CE, the next conversation is the IAT-III credential (CISSP, CASP+, or platform-specific equivalents on the DoDM 8140 list) — for most cherries that conversation is at E-4 or E-5, but the soldier who tests early earns currency with the team and the senior NCO. The trap: failing the test and not retesting promptly. The team chief and the senior NCO read the gap; do not let one failure become a six-month delay.
  • First re-enlistment window — SRB, CSRB, follow-on assignment, ETS, or Active to Reserve
    The first re-enlistment window typically opens 12-18 months before your first contract ends. The Selective Reenlistment Bonus (SRB) per the current HRC SRB MILPER and the Critical Skills Retention Bonus (CSRB) for specific cryptologic / cyber skill identifiers vary by MOS, re-up zone, shortage indicator, and follow-on assignment. Pull both current MILPERs before signing. 35Q soldiers are often on the CSRB schedule because the MOS is a Critical Skill and the experienced-operator inventory is tighter than the cherry-operator inventory. The trap at this rank: signing a 6-year contract to maximize the bonus, then deciding 18 months later you want out. Run the math twice. Talk to your spouse if you have one. Talk to a senior NCO who has been through the re-enlistment cycle. If the re-up math does not work without the bonus, the re-up does not work.
  • JQR pace — push for first qualification fast or build depth slowly
    Some cherries push hard to clear the first work-role qualification inside 9-12 months; some take 15-18 months and build broader technical depth in the shadow phase. The senior NCO and the team chief will tell you which pace fits the team. Pushing fast earns currency and gets you to unsupervised position sooner; building slowly earns broader technical credibility but risks the team chief reading you as not driving. There is no universal right answer — it is team-dependent. Ask the senior operator on your work-role directly: "What pace do you want me at, and how do I know when I am ready to drive an unsupervised position." Then match the pace.
  • Marriage / BAH / housing / family-care planning during the first enlistment
    Getting married as a junior 35Q changes BAH status (barracks-rate to with-dependents) and introduces family-care-plan paperwork, EFMP enrollment if applicable, spouse employment, child care, and the complications of a clearance reinvestigation that now reads marriage status. Marriage to a foreign national is a separate, more involved conversation that requires AR 381-12 and SEAD 3 reporting and additional CI / SSO coordination. The financial math is real (BAH bump, dependent allocations); the logistical math is also real (family-care plan, Tricare, on-post or off-post housing, spouse employment in a high-clearance community). Talk to S1 and ACS in the first week of any major family change. The honest test: if you are getting married for the BAH bump alone, you and your spouse will be in legal aid within two years. If you are getting married because the relationship is real, the Army's family infrastructure makes it workable.

How the Seat Varies by Unit Type

  • 780th MI Brigade (Fort Meade) — the Army cyber brigade
    The 780th is the Army's cyber brigade, co-located with NSA-Washington at Fort Meade. The 781st MI Battalion (Vanguard) and the 782nd MI Battalion (Cerberus) sit under the 780th, and the brigade runs Army-side Cyber Mission Force teams alongside the joint enterprise. The OPTEMPO is high; the technical work is offensive and defensive cyber operations supporting USCYBERCOM; the senior NCO and warrant officer bench is deep. A cherry 35Q at the 780th is on the development bench for the entire Army cyber community — the senior NCOs there are mentoring you toward 17C reclass, 35Q SIGINT analyst, 350F technician, or 170A cyber warrant track. The cost: Fort Meade BAH is high, the cost of living in the DMV is high, and the commute inside the NSA campus is real.
  • 706th MI Group (Fort Eisenhower) — the Army element at NSA/CSS Georgia
    The 706th is the Army element co-located with NSA/CSS Georgia at Fort Eisenhower, Georgia (the post was renamed from Fort Gordon in 2023; senior NCOs treat the sign on the gate as the least interesting thing about the unit). The 706th supports the Army cryptologic mission at one of the largest NSA campuses outside Fort Meade. The technical work is heavily SIGINT-tilted; the joint workforce is dense (Navy CTNs, Air Force 1N4s, Marines, civilians, contractors); the senior NCO and warrant bench is deep. The cost of living is lower than Fort Meade; the on-post housing inventory is better; the Augusta area is a real military community.
  • Cyber Mission Force team detached to NSA-Hawaii / NSA-Texas / NSA-Colorado
    CMF teams are joint workforce formations that detach to NSA Cryptologic Centers at named locations — Kunia (Hawaii), San Antonio (Texas), Aurora (Colorado), and others. The team you sit on is a joint formation; your Army NCO chain runs through the parent brigade (often the 780th or 706th); your daily operational chain runs through the team chief at the NSA-co-located site. The work is mission-set-specific to the team and the supported COCOM. The lifestyle is different — Hawaii is paradise with a brutal cost of living; Texas is San Antonio with the BAMC / Fort Sam Houston military density; Colorado is altitude and proximity to USNORTHCOM. The cherry experience at a CMF team is more compartmented than at a brigade — you may not know the names of soldiers in the next team space, and the joint workforce is closer to you daily than the Army chain.
  • INSCOM major subordinate command — theater intel brigade or specialty unit
    INSCOM (Intelligence and Security Command) runs the Army's above-brigade intelligence formations. Cherry 35Qs at INSCOM units typically sit in support roles on theater intel brigade analytic lines (66th, 500th, 470th, 513th, 207th) or specialty units. The technical work is broader and slower-tempo than a CMF team or the 780th; the analytic-depth side of the job is closer than the operations side; the senior NCO bench is experienced but smaller. INSCOM units are scattered globally — Vicenza, Wiesbaden, Hawaii, Fort Belvoir, Fort Bragg, Camp Humphreys — and the assignment is more like a traditional Army staff assignment than a CMF-team assignment.
  • National detail — NSA enterprise team alongside civilian analysts
    A small number of cherry 35Qs land directly on national detail seats — embedded on an NSA enterprise team alongside civilian analysts (GS-12 / GS-13 / GS-14 levels) and contractors. The technical work is IC-wide; the team you sit on may have one or two Army uniformed soldiers and a much larger civilian bench. The cherry experience here is unusual — you are the junior member of an analytic line that is grading itself against ICD 203 standards every day, and the senior civilian analyst is your senior operator in practice. The Army NCO chain feels distant; the team chief at NSA is your daily reality. Most cherries on national detail go through a TDA training-and-mentorship cycle before they sit unsupervised positions.

What Good Looks Like at This Rank

The good cherry 35Q is the PFC the senior operator brings to the morning brief because the BLUF on his shadow-product was right, the citations were clean, and the alternative-analysis line was on the front of the deck. He showed up to Corry with the academic discipline to grind JCAC, he walked off the bus at Fort Meade or Fort Eisenhower or Kunia with the JQR book in his pocket and the IAT-II prep study guide already half-read, and he treated the first six months as the apprenticeship the senior NCOs say it is rather than the holding-pattern the cherry brain wants it to be. By month nine the JQR book is half done; by month twelve the IAT-II credential is on the wall; by month eighteen he is sitting an unsupervised position and the team chief mentions him by name at the Service Cryptologic Element shift turnover. He is not the loudest soldier in the SCIF. He does not argue with the senior operator in front of the team. He runs the unglamorous work — the classified destruction log, the SF 702 walk-around, the two-person integrity walks, the annual compliance training — without being chased, and when the senior NCO checks behind him the work is done correctly. He asks the question before he presses the key, not after, and the senior operator learns within the first quarter that the cherry will not improvise. The warrant on the team (a 350F or 17A or 351-series technician) starts asking him what he is reading on his own time — and the cherry has an answer, because he is reading the JP 3-12 chapters the team chief mentioned in passing at the last shift turnover. The first re-enlistment window finds him with an IAT-II credential current, a clean JQR book, an unsupervised work-role qualification signed off, an ACFT he can defend to the senior NCO on a ruck, and the BLC packet conversation already opened. The senior NCO read of him at the E-4 board cycle is set in this 18-24 month window — the foundation he lays as a cherry is the resume the brigade S2 SGM will read at his first promotion gate. He has not done anything heroic; he has done the boring thing exactly the same way every day, and the senior workforce notices.

Preview — The Next Rank

E-4 SPC / CPL is the next gate, and it is structurally tighter than the E-3 promotion gate. AR 600-8-19 governs: 24 months TIS / 6 months TIG (waivable), DA 3355 promotion-points worksheet, BLC complete or slotted, command recommendation, cutoff score above the MOS-specific monthly line per the HRC MILPER. For 35Q specifically, the BLC slot is the long pole — the team is reluctant to release you for 22 days, the regional NCO Academy schedule is competitive, and the senior NCO read of you weighs heavily on which soldier gets the next available slot. Plan the packet 12 months out. The job content at E-4 is the qualified operator — you sit unsupervised positions, you drive the team's work-role outputs, you handle the RFI cycle with the supported customer, and you are the bench when the senior operator is on leave or at a school. You are the workhorse on the position. You also become the Army-side mentor for the next cherry who walks off the bus from Corry — the JQR book you are now closing, you will help the next PFC start. The differentiator at E-4: a second work-role under qualification, the IAT-III credential conversation (CISSP, CASP+, CCNP-Security, or platform-specific equivalents depending on the team), and the BLC graduate status that opens the SGT board conversation. The other change at E-4: you start carrying real Army-internal load alongside the joint-workforce position. NCOER input cycles begin (you write input on yourself for your rater); DA 4187 paperwork for school slots, schools, and re-assignments is now your responsibility; the next re-enlistment math arrives; the cross-MOS conversations (35N / 35P / 35S / 17C / 170A / 350F) become more concrete; and the senior NCO and team chief read of you starts forming the slate names that will determine your E-5 board competitiveness. The cherry phase is over by E-4; the SGT-bench phase begins. The Specialists who built clean JQR books, clean compliance records, clean ACFT scores, and clean re-enlistment math at this rank are the Specialists who pin SGT on the next cycle the points clear.
FAQ

35Q E1-E3 — Frequently Asked Questions

Q01What does a E1-E3 35Q (Cryptologic Network Warfare Specialist) actually do?
You came out of AIT at NIOC Corry Station in Pensacola — the 334th Military Intelligence Battalion runs the schoolhouse alongside the Navy, the Air Force, and the Marines, because 35Q is the Army's piece of the Service Cryptologic Component workforce that fills NSA's chairs.
Q02What's the most important thing to know as a E1-E3 35Q?
AIT at NIOC Corry Station in Pensacola is a joint cryptologic schoolhouse — the Army's 334th Military Intelligence Battalion is your Army host, but you sit in the same classrooms as Navy CTNs, Air Force 1N4s, and Marine 2651s, and the senior instructor cadre is a mix of all four services and NSA civilians.
Q03What does a typical day look like for a E1-E3 35Q?
Time-blocked day at the E1-E3 35Q rank tier: 0500 Wake. Coffee. Quick phone check — accountability OK, no soldier emergencies, no overnight team chat from the senior NCO. Phone goes back in the kitchen drawer because it is not going anywhere near the SCIF. PT uniform on, 0530 PT formation at the company area or the team's designated PT pad. Cyber-MI companies often run PT on a slightly delayed schedule to align with the team's watch rhythm. Accountability to the section sergeant; the senior NCO reads the formation, 0545-0700 Unit PT — rotates through cardio days, strength days,…
Q04What mistakes get E1-E3 35Q soldiers fired or relieved?
Bringing a personal electronic device into a SCIF — phone, smartwatch, fitness tracker, AirPods, even once. The SSO pulls your access that afternoon, the CI investigation under AR 381-12 runs months, and the incident lives in your security file forever. The clearance may survive; the senior NCO read of you does not; DUI / Article 15 / off-post arrest with a TS/SCI on the line. Adjudicative Guideline G (alcohol consumption), Guideline H (drug involvement),…
Q05What career decisions matter most at the E1-E3 35Q rank tier?
BLC packet timing and slot pursuit — BLC (Basic Leader Course) is the prerequisite to pin SGT and the first NCO Academy gate. For 35Q soldiers, the BLC slot is harder to get than line-MOS peers expect because the senior NCOs at your team are reluctant to release you for 22 days when you are sitting an unsupervised position the team spent 18 months qualifying you on. Open the packet conversation with your section sergeant 12 months before you need the slot. The trade-off is real: you lose three weeks of position time and the team backfills the seat;…
Q06What's next after E1-E3 for a 35Q (Cryptologic Network Warfare Specialist) in the Army?
E-4 SPC / CPL is the next gate, and it is structurally tighter than the E-3 promotion gate.
Q07What manuals and regulations does a E1-E3 35Q need to know cold?
FM 2-0 — Intelligence (the Army doctrine spine; read chapters 1-3 your first month).; JP 3-12 — Cyberspace Operations (how the Joint Force frames the mission you sit in).; JP 2-0 — Joint Intelligence (you are inside a joint workforce from day one).

This playbook has no tips yet. Be the first to share what you know.

Published by the Honest MOS Editorial DeskVerified against DoD/.gov sourcesUpdated May 2026Editorial standards