Skip to main content
HonestMOS
InvestigationsCongress made VA disability claims free to file. An entire industry charges veterans anyway — and nobody can stop them.
Back to 35Q Cryptologic Network Warfare Specialist — overview, pay, training, civilian translation, reviews
35QE4

Cryptologic Network Warfare Specialist

E-4 (Specialist/Corporal) · Army

HEADS UP

SPC is the workhorse rank in the 35Q world. You are unsupervised on at least one work-role, the senior operator hands you the hard problem on Monday because he expects it clean by Wednesday, and the BLC slot you have been chasing is now competing against the second work-role qualification, the IAT-III credential, and the schools the senior NCO wants you in. Two career conversations open in this 24-month window that will define the next decade: the SGT board competitiveness conversation with your section sergeant, and the technician / commissioning / civilian-pipeline conversation with the warrant officer on the team. Treat both honestly. Cherries who pin SPC and coast become Specialists who do not pin SGT; Specialists who pin SGT first-look earned it in this window.

The Honest MOS Read
You are the qualified Army cryptologic / cyber operator on a Cyber Mission Force team, an NSA-tasked analytic line at Fort Meade, NSA/CSS Georgia at Fort Eisenhower, NSA-Hawaii at Kunia, NSA-Texas at San Antonio, NSA-Colorado at Aurora, an INSCOM major subordinate command, or a national-detail seat. You came up through the cherry phase, you closed the first JQR book, you got the IAT-II credential on the wall, you have the TS/SCI with the polygraph in good standing, and the senior operator on the team trusts you to sit a position unsupervised on a real mission. The team chief mentioned you by name at the last Service Cryptologic Element shift turnover. The brigade S2 SGM (or the senior MI NCO on the supported team) is aware of you. The warrant officer on the team has started asking what you are reading on your own time, and you have an answer because you are reading JP 3-12 chapters the senior operator brought up at the last sync. The day-to-day job is the qualified-operator seat. You sit the position from start of shift to handoff; you write the products that go forward in the watch log; you handle the RFI dialogue with the supported tactical or theater customer; you participate in the team huddle alongside the senior operator; and you are the bench when the senior operator is on leave, at a school, or in ALC. The work-role you qualified on is your home seat, but you should be reading toward the next one — the SGT board reads multi-position qualification as the differentiator, and the senior NCO and team chief read it the same way. Second-position qualification typically takes 12-18 months at SPC; the soldier who arrives at the SGT board with one work-role qualification at the cutoff line is the soldier who sits in zone while a peer with two qualifications pins. The promotion math for E-5 SGT runs through the same semi-centralized point system you cleared at E-4 under AR 600-8-19: 36 months TIS / 8 months TIG (waivable), DA 3355 promotion-point worksheet, max 800 points, monthly MOS-specific cutoff per HRC MILPER. The chain of command's recommendation carries materially more weight at the E-5 gate than at the E-4 gate, and the 35-series board competitiveness reads work-role qualification depth, school stack, NCOER recommendation block, and the cryptologic-credential profile alongside the standard Army NCO development markers. BLC is the STEP gate — without BLC, no SGT pin-on regardless of points. Most teams release SPCs to BLC after the first work-role qualification is signed off; some teams wait for the second. The section sergeant and the team chief will tell you when. The IAT-III credential conversation opens at SPC. DoDM 8140 (current edition) governs the cyber workforce credentialing framework, and the work-role you qualified on at the team likely requires or strongly recommends an IAT-III baseline depending on the position. Common IAT-III credentials funded under Army Credentialing Assistance: CISSP (the gold standard, but requires 5 years of demonstrated cyber experience or waiver via CISSP-Associate), CASP+ (CompTIA Advanced Security Practitioner — verify the current name; CompTIA has rebranded the certification), CCNP-Security (Cisco's senior networking-security credential), and platform-specific equivalents (GIAC certifications like GCIH, GCIA, GREM, GPEN, GXPN depending on the work-role and the team's funding posture). The GIAC certifications — administered by SANS / GIAC — are the gold-standard offensive/defensive cyber credentials in the joint workforce, and the senior NCOs and warrants on the team will name them by initials. The Army funds some GIAC vouchers through Credentialing Assistance and others through unit-specific training funds; the team's credential coordinator walks you through the budget cycle and the prerequisites. Plan the IAT-III conversation with your senior operator and the team's IAT compliance officer by month 6 of your time at the team. The NSA enterprise team integration deepens at SPC. As a cherry you sat next to the certified operator; as a qualified Specialist you sit at the position alongside an NSA civilian analyst, a contractor, a Navy CTN, an Air Force 1N4, and a Marine 2651 — and the analytic line you produce is graded against the same ICD 203 / 206 / 208 standards as theirs. The cross-service and cross-component dynamics matter at this rank: the Navy CTN may outrank you in joint-workforce work-role qualification but be a junior in his service's NCO chain; the GS-12 civilian sitting next to you has been on the team for eight years and knows the supported customer better than the team chief does; the contractor across the SCIF may be a former 35Q with an IAT-III credential and an annual salary that is double your base pay. Your job at SPC is to be a credible peer on the analytic line and a credible junior on the Army NCO chain — neither role is optional, and the senior operator and team chief grade you on both. The cross-MOS and cross-component conversation also intensifies at SPC. You sit next to 35N (SIGINT Analyst), 35P (Cryptologic Linguist), 35S (Signals Collector), 35F (Intel Analyst), and 17C (Cyber Operations Specialist) seats every day. Know what each does, where the work-role boundaries are drawn, and how the cryptologic enterprise differs from the cyber operations enterprise — 35-series MOSes are SCC (Service Cryptologic Component) workforce under NSA / SIGINT authorities; 17C is cyber operations workforce under USCYBERCOM authorities. The line is thinner than the briefings suggest, and the senior NCOs and warrants will explain it to you the first time you misframe a product. The reclass conversations open at SPC: 17C reclass for soldiers who want to push deeper into offensive cyber operations; 35-series internal moves; the 350F / 351-series / 352-series / 353-series technician path conversation; the 17A Cyber Warfare Officer commissioning path. None of these is a recruiter pitch — each is a real career-defining decision the team's senior NCOs and warrant officer have made for themselves and are willing to walk you through honestly. The first re-enlistment window typically opens 12-18 months before your contract ends. The Selective Reenlistment Bonus (SRB) per the current HRC SRB MILPER and the Critical Skills Retention Bonus (CSRB) for specific cryptologic / cyber skill identifiers vary by MOS, re-up zone (Zone A is 17 months to 6 years TIS), shortage indicator, and follow-on assignment. Pull both current MILPERs before signing. 35Q soldiers at SPC are often on the CSRB schedule because the MOS is a Critical Skill and the experienced-operator inventory is tighter than the cherry-operator inventory. The trap: signing for a longer contract than you actually want, or signing for a follow-on assignment that breaks your family. Run the math twice. The career counselor's job is to fill slots; your job is to make a decision you will not regret in 18 months.
Career Arc
  • 01E-4 SPC pin-on (post-promotion-point cutoff, post-chain release, BLC complete or scheduled).
  • 02First unsupervised work-role qualification signed off — driving a real position on a real mission.
  • 03Second work-role under JQR / OJT — the differentiator at the SGT board and the senior NCO read of board competitiveness.
  • 04IAT-III credential in motion or in hand — CISSP / CASP+ / CCNP-Security / GIAC depending on work-role and team funding.
  • 05BLC graduate — the STEP gate for SGT under AR 600-8-19; no waivers, no shortcuts.
  • 06First major school slot beyond BLC: Foundry seats, NSA enterprise team training, a Strategic Intelligence Course offering, language-pay-track DLPT brushup if applicable.
  • 07Technician / 17A commissioning / cyber-civilian-pipeline conversation opened honestly with the warrant officer, section sergeant, and team chief — packet timing is real, not theoretical.
  • 08Promotion to E-5 SGT: 36 mo TIS / 8 mo TIG (waivable), DA 3355, BLC complete, cutoff above MOS-specific line, chain release, senior NCO recommendation block defensible.
Common Screwups
  • ×Coasting at the qualified-operator seat for 18 months instead of pushing toward the second work-role. The SGT board reads single-qualification SPCs against multi-qualification peers, and the senior NCO read of the slate names tracks the same metric. Coasting at SPC is the cleanest way to sit in zone at the SGT board.
  • ×Treating BLC as optional or delaying the packet because 'the team needs me at the position.' BLC is the STEP gate — no BLC, no SGT pin, no exceptions under AR 600-8-19. The team will backfill the seat; the chain will not waive the gate. Get the slot.
  • ×DUI / Article 15 / off-post arrest with a TS/SCI on the line. SEAD 4 / DoDM 5200.02 adjudicative guidelines apply — Guideline G (alcohol), Guideline H (drugs), Guideline E (personal conduct). The clearance suspends by default; the SSO pulls access; the team chief writes the counseling that ends the trajectory toward SGT.
  • ×Failing to self-report under AR 381-12 (TARP) and SEAD 3 — foreign contact, foreign travel, marriage to a foreign national, financial events, or any of the published indicators. Continuous Vetting will surface the indicator first if you do not report; the conversation moves from SSO administrative to CI investigative, and the difference is whether the career continues.
  • ×Letting an IAT-II or IAT-III credential lapse on the DoDM 8140 schedule. The audit pulls you off the position; the team is short an operator; and the senior NCO read of you is set by the gap.
  • ×Re-enlisting without reading the current HRC SRB / CSRB MILPER carefully. Wrong contract terms (rank, zone, MOS, follow-on assignment, language-pay reset) lock you in for years. Career counselors fill slots; you live with the contract.

A Day in the Life

  • 0500Wake. Coffee. Phone check — accountability OK, no overnight emergencies, no team-chat from the senior NCO that requires response. Phone goes back in the kitchen because it is not going near the SCIF. PT uniform on.
  • 0530PT formation. The cyber-MI company runs PT on a schedule aligned to the team's watch rhythm. Accountability to the section sergeant; the senior NCO reads the formation; the company 1SG walks the line periodically.
  • 0545-0700Unit PT — cardio, strength, recovery-mobility rotation. The Specialist who shows up at the front of the run is the Specialist the senior NCO and the team chief read as serious about both sides of the seat.
  • 0700-0830Hygiene, breakfast, change into OCPs or the team's uniform of the day. Walk to the SCIF.
  • 0830In-process the SCIF. Badge swipe, SF 702, lock personal electronics, walk to the position. The senior operator from the previous watch briefs the picture or the watch log captures it.
  • 0830-1130Unsupervised position on the home work-role. You drive the position from start of shift to handoff; you write the products that go forward; you handle the RFI dialogue with the supported customer; you log every action under your credentials. The senior operator may sit alongside you on a hard problem but you are driving.
  • 1130-1300Chow. You eat with the team at the DFAC or in the team space. The senior NCO read of you forms around that table; the team chief may pull you aside for a mentor conversation about the morning's traffic or about the IAT-III credential timeline.
  • 1300-1430Second work-role time. You sit alongside the certified operator on the second position; you drive JQR signoff line items; you read the second position's traffic and tooling. The discipline at SPC: do not let the second-position qualification slide because the home position is busy.
  • 1430-1600Position return for any RFI follow-up; team huddle if your shift includes one; cross-domain hygiene checks; sourcing-line cleanup on the morning's products before they go forward. The warrant may pull you aside for a 350F packet conversation if you are in the candidacy window.
  • 1600-1630SF 702 walk-around begins; classified destruction line if your section is on rotation; SF 701 end-of-day SCIF checklist support; sensitive items and terminals secured before lights down.
  • 1630Out-process the SCIF. Lock workstations, sign out, walk to the company area or directly home. Released most garrison days. Watch cycles and contingencies change the hour.
  • 1700-2000Personal time. IAT-III credential study if the test date is approaching. ACFT prep at the gym. BLC packet documentation work if the slot is in motion. Married Specialists get family time; single Specialists in the BEQ rotate gym, books, chow hall. The Specialist who studies on his own time is the Specialist whose SGT board NCOER reads stronger.
  • 2000-2200Wind-down. If a junior soldier (PFC, PV2) called you about a problem — financial, BLC packet, work-role question — you are on the phone. The qualified-operator phase introduces real mentorship duty; the senior NCO read of you tracks how you handle the after-hours calls from the cherries you came up alongside.
  • 2200Lights out. Tomorrow starts at 0500.
  • Watch / shift rotation24-hour watches during exercises and contingencies. The 12-hour night shift becomes your rhythm; you sleep when the watch hands off; the morning brief is briefed by whoever has the picture at the agreed time. The Specialist who runs the night-shift unsupervised cleanly is the Specialist the team chief names in the SCE shift turnover.
  • BLC slot (22 days at the regional NCO Academy)The team backfills your seat; you check into the Academy; you spend three weeks in a standardized leadership course that is the same for every MOS. Show up at standard PT, in clean uniform, with the section-NCO habits already built. The Commandant's List at BLC is a promotion-points line; the SPC who phones it in is the SPC the team chief hears about from the NCO Academy CSM.

Weekly Cadence

The Mon-Fri rhythm at SPC in a 35Q team is structured by the watch cycle, the work-role product cadence, and the JQR / credential pipeline. Monday is the heaviest planning day — the senior NCO publishes the week's watch coverage, the senior operator names the work-role focus areas, the team chief reads the week's deliverables to the supported customer, and the warrant officer may run a synch on a longer-arc analytic project the team is supporting. You spend Monday morning at the unsupervised position closing out any weekend handoff items and scanning the open RFIs; the afternoon is often the first counseling slot for any junior soldier you are mentoring or the credential-study block for the IAT-III test you are chasing. Tuesday through Thursday is the production rhythm. You sit the unsupervised position on the home work-role for the bulk of the day; you rotate to the second-position JQR drive during a published block; you participate in the team huddle alongside the senior operator and the warrant; you write the products that go forward in the watch log. Sergeant's Time Training equivalent in the cyber MOS happens here — senior-operator-led skill blocks (tool refreshers on the team's stack, ICD 203 / 206 writing drills, RFI-handling rehearsals, structured analytic technique drills, cross-domain hygiene reviews). The Specialist who shows up to those blocks with the printed standards and the redlined examples from the previous week is the Specialist the senior operator reads as the SGT-bench name. Friday is the compliance and admin day in most teams. SF 702 walk-arounds, classified destruction log review, JQR signoff session with the senior operator, IAT-III credential progress check, NCOER input cycles if the rating quarter is closing, BLC packet review if the slot is approaching, NCO development tracker review with the section sergeant. The senior operator inspects the JQR book on Friday in most teams — show up with the items you completed that week, ready for signoff, and the senior operator signs through. The week's other rhythm is administrative — Army-internal paperwork (DA 4187 for the BLC slot or schools, DA 3355 for promotion points, leave requests, family-care plans), joint-workforce paperwork (NSA badge maintenance, parking pass renewal, team-specific badging), and the personal-conduct calendar (polygraph re-scope appointments, CV self-reporting under SEAD 3, foreign travel pre-clearance). Real-world contingencies and exercise cycles compress this rhythm; when the team is in a sustained operational tempo, garrison-time is for sleep, watch coverage, and the documentation you owe.

Key Skills — How to Drill Each

  1. 01
    Run a qualified position on a Cyber Mission Force or NSA-tasked analytic line without supervisor over-the-shoulder — log every action, hand off cleanly at shift change, and produce the standard work-role deliverable on time.
    Unsupervised position discipline is the difference between qualified and cherry. Log every action under your credentials; never act on behalf of a credentialed peer; close the watch log at shift end so the next operator reads the picture without re-deriving it. The senior operator graded your shadow phase on technical skill; he grades your unsupervised phase on discipline and consistency. The team chief reads the watch log retrospectively when a mission goes sideways; the operator who logged every action transparently is the operator the team defends. Build the muscle memory: at shift start, read the previous log, scan open RFIs, walk the SCIF physical security (SF 702 status, container check, terminal state), identify the day's priorities. At shift end, write the log the next operator will read first.
  2. 02
    Apply the joint targeting and analytic cycle (JP 3-60, JP 2-0, JP 3-12) end-to-end inside the cryptologic enterprise — not theoretically, in the specific products your team owes the supported command.
    The joint cycle is not a slide deck; it is the framework your team's products travel through. JP 3-60's F2T2EA (find, fix, track, target, engage, assess) is the targeting cycle the working group above your team applies. JP 2-0 is the intelligence cycle that frames the inputs and outputs. JP 3-12 is the cyberspace operations doctrine that shapes the authorities and the deconfliction. As an unsupervised SPC, you are not designing the cycle — you are producing the team's piece of it cleanly, on time, sourced to standard. Read the chapters the warrant or the senior operator references during the team huddle; the cycle becomes second nature as the products accumulate.
  3. 03
    Apply ICD 203 / 206 to every product — sourcing line, confidence statement, alternative analysis when warranted, dissent captured per ICD 203 if you disagree.
    ICD 203 (Analytic Standards) and ICD 206 (Sourcing Requirements for Disseminated Analytic Products) are the IC-wide standards your products are graded against above the team. The five ICD 203 tradecraft elements — properly describes quality and credibility of underlying sources, properly expresses and explains uncertainties associated with major analytic judgments, properly distinguishes between underlying intelligence information and the analyst's assumptions and judgments, incorporates analysis of alternatives, and demonstrates customer relevance and addresses implications — are the lens the senior operator, the warrant, the team chief, and the IC reviewer apply. Build the habit at SPC: every product has a sourcing line, every confidence call is explicit (low / moderate / high with reasoning), and the alternative-analysis line is on the front of the deck if the data supports more than one read. If you disagree with the team's call, ICD 203 has a dissent mechanism — use it through the proper channel.
  4. 04
    Drive cross-domain hygiene — JWICS, SIPR, NIPR — without spillage. One spillage rolls up to Army CI and the SSO closes terminals for a week.
    Cross-domain spillage is the unforced error that ends careers. The terminals on different domains are physically and logically separated; the procedures for moving material between domains are formal and supervised; the discipline of not pasting from one window into another window on a different domain is muscle memory. The senior operator will warn you once, then warn you formally, then write the counseling. The SSO inspects against AR 380-5; the cyber incident reporting chain under AR 25-2 carries the report. The fix is simple in concept: do not paste across domains. The discipline is hard in practice when you are tired, behind on a deliverable, and the data you need is on the wrong terminal. Slow down.
  5. 05
    Operate the team's position-specific tooling well enough to train the next cherry on it — the JQR signoff you collect today becomes the JQR you sign for someone else inside 12 months.
    Teaching is the SPC's hidden differentiator. The senior operator notices the SPC who walks a cherry through the tool stack at 1400 on a Wednesday because the cherry asked. The team chief notices the SPC whose section's product velocity does not collapse when the senior operator is at appointments. Build the teaching reps deliberately: pull a cherry to your position for an hour, walk through a query end-to-end, let her drive while you back-seat, let her teach a PFC the same workflow the next week. The SPC who teaches is the SPC the senior NCO names when the SGT slate comes around.
  6. 06
    Run a request-for-information dialogue with the supported tactical or theater customer — phrase the answer so it survives the next echelon up, and know when to pull the senior operator into the chat.
    The RFI is the team's daily currency. Phrase the answer specifically (named PIR / EEI link, sourced citation, confidence level, gaps named, timeline for follow-up). Route it through the channel the team SOP requires — typically the watch log, the team's RFI tracker, and the supported command's chat channel. Know when to pull the senior operator or the warrant in: anything that crosses an authority line, anything that exceeds your confidence to answer alone, anything that touches a partner element's lane (NSA civilian senior, sister-service equivalent, theater intel brigade analyst). The SPC who runs the RFI dialogue cleanly is the SPC the supported customer asks for by name a quarter later.

Manuals & References — What Chapters Matter

  • JP 3-12 — Cyberspace Operations
    The joint frame for everything your team does. Offensive cyberspace operations, defensive cyberspace operations, DODIN operations, the relationships between Cyber Mission Force teams, NSA, USCYBERCOM, and the supported combatant commands. Read it cover-to-cover at SPC; the warrant on the team will quote from it during the team huddle, and the senior operator will assume you have read it before he assigns you a product that requires it.
  • JP 2-0 — Joint Intelligence; JP 3-60 — Joint Targeting
    JP 2-0 is the joint intelligence doctrine — the framework your analytic products travel through when they cross sister-service lines or move above the team. JP 3-60 is the joint targeting doctrine — the F2T2EA cycle the working group above your team applies. The SPC who can defend a product against JP 2-0 and JP 3-60 is the SPC the team chief brings to the partner-element coordination call.
  • ICD 203 — Analytic Standards; ICD 206 — Sourcing Requirements for Disseminated Analytic Products
    The IC-wide standards your products are graded against above the team. Print the five ICD 203 tradecraft elements and the ICD 206 sourcing requirements; keep them at your position; reread them quarterly. The senior operator, the warrant, the team chief, and the IC reviewer all apply these lenses. The SPC whose products read like ICD 203 standards from the first paragraph is the SPC whose products travel forward.
  • ICD 503 — IC IT Systems Security Risk Management; ICD 705 — SCIF Standards
    ICD 503 governs the IT systems your team uses and the risk management framework the cognizant security authority applies. ICD 705 governs SCIF accreditation — the standard the rooms you work in are built to. As an SPC you are not designing the IT compliance framework or the SCIF accreditation cycle, but you are operating inside both, and the SSO and the IA / cybersecurity team apply these standards to your day-to-day. Skim both at SPC; the team chief and the SSO will reference them in formal compliance cycles.
  • AR 381-10 — US Army Intelligence Activities; AR 381-12 — TARP; AR 380-5 — Information Security
    AR 381-10 is the governing reg for Army intelligence activities including the Procedures 1-15 oversight rules for collection on US persons — the IG inspects the MI community against this reg. AR 381-12 is your self-reporting obligation for foreign contact, foreign travel, suspicious behavior, attempted elicitation, insider-threat indicators. AR 380-5 is the day-to-day classified handling reg. All three are referenced in the annual compliance training cycle; at SPC you should know which reg covers which obligation without looking it up.
  • DoDM 8140 — Cyberspace Workforce Qualification (current edition)
    The framework your IAT-II and IAT-III credentials live under. Verify the current edition — DoDM 8140 superseded DoDM 8570 in the cyber workforce qualification framework, and the manual has been revised. The team's IAT compliance officer references the current DoDM 8140 list when sourcing your credential funding. Read the workforce roles relevant to your work-role; the credential ladder you will climb is published in the manual.

Standards — How to Hit Each

  • At least one work-role qualification signed off and current; second work-role under JQR / OJT.
    Drive the second work-role conversation with your senior operator by month 3 of unsupervised position. The senior NCO and team chief read multi-qualification SPCs as the SGT-bench names. The trade-off: time on the home position vs time learning the second position. The discipline: build a JQR-driving rhythm for the second work-role alongside the production rhythm on the first. The senior operator will respect the SPC who shows up Monday with a list of line items he can demonstrate that week.
  • IAT-II baseline maintained (Security+ CE typical); IAT-III in motion if the team's work-role demands it (CISSP, CASP+, CCNP-Security, GIAC certifications, or platform-specific equivalents on the DoDM 8140 list).
    The IAT-II currency cycle runs on the DoDM 8140 schedule — CompTIA's Continuing Education program for Security+ CE requires CEUs across a three-year cycle. Plan the renewal early. The IAT-III credential path runs through Army Credentialing Assistance and unit training funds; the team's credential coordinator walks you through the budget cycle and the prerequisites. The GIAC certifications (administered by SANS / GIAC — GCIH, GCIA, GREM, GPEN, GXPN, etc.) are the gold-standard offensive/defensive cyber credentials in the joint workforce; if your team funds GIAC seats, treat the opportunity as the priority it is.
  • BLC graduate; promotion points stacked with credentials, college credit (CLEP/DSST/TA), correspondence, and any Foundry / cryptologic-school seat the unit slots you for.
    BLC is the STEP gate for SGT. Once you have BLC, the DA 3355 worksheet becomes the math problem — max promotion points by stacking credentials (IAT-II, IAT-III, GIAC, language pay if applicable), college credit via CLEP / DSST / Tuition Assistance, awards and decorations within the published ceiling, correspondence and DLC, and weapons quals. Foundry seats and NSA-cryptologic-school slots accrue in the military-education column. Review the worksheet with your career counselor or section sergeant quarterly; the cutoff score moves monthly per the HRC MILPER.
  • ACFT 540+ floor — the Army standard does not bend because your duty station is a SCIF.
    540 requires roughly 250+ on three events plus 60+ on the others. The cyber workforce has a reputation problem on PT in some teams; the SPC who shows up at the front of the run is the SPC the senior NCO and the team chief read as serious about both sides of the seat. Lift heavy three days a week, run intervals two days a week, focus on grip and core. The 2-mile run is the score-killer in a sedentary MOS — pull your time below 16:30 and you can afford to score moderately on the lift.
  • Source-citation discipline 100% — the SSO inspects on this and ICD 203 grades on this above the team.
    Every product has a sourcing line that the senior operator, the warrant, the team chief, and the IC reviewer can audit. Cite by enclave (SIGINT, IMINT, HUMINT, OSINT, GEOINT, OPEN), cite the specific source identifier the team's SOP allows, and cite the date. The SPC who short-cuts the sourcing line is the SPC whose first product retraction is the conversation the team chief has with him on a Friday afternoon. ICD 206 (Sourcing Requirements) is the IC-wide standard; print it and keep it at your position.

Technical Mistakes — Concrete Consequences

  • Running on a position you are not currently qualified on because 'I did it last rotation.'
    Currency lapses are auditable. The team's authority on that position gets pulled until the qualification is re-validated; your individual access gets re-evaluated; the senior operator is in the counseling chain because he let it slide; and the team chief reads the gap as a discipline failure. The DoDM 8140 audit cycle finds currency lapses, the JQR review finds them, and the brigade or supported command quality officer finds them. The fix: re-qualify cleanly before sitting the position again, and treat currency as the rolling discipline it is.
  • Plagiarizing a higher-echelon assessment into your product without proper sourcing.
    The supported analyst will catch it. The senior operator will catch it. The warrant will catch it. The IC reviewer above the team will catch it. ICD 206 (Sourcing Requirements) is the standard the IC applies; ICD 203 (Analytic Standards) treats source attribution as load-bearing. The SPC who plagiarizes once never gets the senior NCO trust back; the credibility never comes back inside the same team, and the next team you arrive at hears about it before you do. Cite the source. Even when it feels redundant.
  • Letting the IAT-II credential lapse.
    The DoDM 8140 audit pulls you off the position the day it expires and the team is short an operator until you re-test. The senior operator backfills the seat; the team chief writes the counseling statement; the SGT board NCOER reads the gap. The renewal cycle is published — CompTIA CE for Security+ requires CEUs across a three-year cycle, and Army Credentialing Assistance funds the renewal voucher if you are inside the window. Plan the renewal 6 months out, not 6 days out.
  • Sharing a SIPR / JWICS / NSAnet password with anyone — your team lead, your roommate, the contractor sitting next to you. Two-person integrity is two people with their own credentials.
    The audit log finds it. The cyber incident reporting chain under AR 25-2 carries the report. The SSO and the team chief write the counseling statements; the access closes permanently; and the senior operator who accepted the shared credentials is in the counseling chain alongside you. The discipline at SPC is the same discipline at PV2: every keystroke under your credentials, every time. The 'I was just helping' rationalization is the one the SSO has heard before and the one that ends the trajectory toward SGT.
  • Treating the joint workforce as 'not really Army.' Promotion points, NCOERs, schools, and re-enlistment options run through your Army chain; the Navy chief sitting next to you cannot fix your DA 4187.
    The Army-internal paperwork piles up; the BLC packet does not get built; the DA 3355 worksheet does not get reviewed; the next school slot goes to a peer who maintained his Army chain hygiene. The Specialist who treats the joint workforce as the workforce and forgets the Army NCO chain is the Specialist who shows up at the SGT board with a thin Army-internal record. Both chains matter. The senior operator at NSA cannot write your NCOER; the brigade S2 SGM cannot drive your work-role qualification. Engage both.

Career Decisions at This Rank

  • BLC slot timing and Commandant's List pursuit
    BLC is the STEP gate for SGT; without BLC complete, no SGT pin regardless of points. Most teams release SPCs to BLC after the first work-role qualification is signed off. Plan the slot 6-12 months before you anticipate hitting the SGT board window. The Commandant's List at BLC is a promotion-points line (worth real points on the DA 3355 worksheet) and a known check at the SGT board. Show up at standard PT, in clean uniform, with the section-NCO habits already built. Phoning in BLC is the cleanest way to be remembered by the regional NCO Academy CSM in the wrong way — and the message travels back to your team chief faster than you expect.
  • Second work-role qualification — push for it or stay on the home position
    The SGT board reads multi-qualification SPCs as the bench names; the senior NCO and team chief read the same metric. Second-position qualification typically takes 12-18 months. The trade-off: time on the home position vs time learning the second position. The senior operator will tell you which pace fits the team. Specialists who arrive at the SGT board with one work-role at the cutoff line sit in zone while peers with two qualifications pin. There is no honest version of "I did not have time" — the time is in the schedule if you drive it.
  • IAT-III credential path — CISSP, CASP+, CCNP-Security, or GIAC
    The IAT-III credential path depends on your work-role, the team's funding posture, and your career trajectory. CISSP is the gold standard but requires 5 years of demonstrated cyber experience (or waiver via CISSP-Associate); CASP+ is the CompTIA senior credential; CCNP-Security is Cisco's senior networking-security credential; the GIAC certifications (SANS / GIAC — GCIH, GCIA, GREM, GPEN, GXPN, etc.) are the gold-standard offensive/defensive cyber credentials in the joint workforce. The Army funds some GIAC vouchers through Army Credentialing Assistance and others through unit-specific training funds. Talk to the team's credential coordinator about the budget cycle and the prerequisites. The honest test: which credential matches your work-role and your post-Army trajectory if the second re-enlistment math does not work.
  • Technician (350F / 351-series / 353-series) / 17A Cyber Warfare Officer / cross-MOS reclass
    The technician warrant officer path (350F for All-Source, 351 series for CI, 352 series for HUMINT, 353-series for SIGINT analysis) and the 17A Cyber Warfare Officer commissioning path are the two technical-deep career options that open at SPC. The 350F / 353-series technician is the senior analytic / cryptologic voice in a brigade, theater intel brigade, INSCOM unit, or NSA-co-located detail seat across decades. The 17A is the commissioned cyber warfare officer at USCYBERCOM, the 780th MI Brigade, the Cyber Mission Force, and the joint-staff cyber-strategy seats. The 17C cyber operations specialist reclass is a separate path that pushes you deeper into the offensive cyber operations workforce. Each has different prerequisites, accession timelines, and post-selection trajectories. The honest test: do you want to be the senior technical voice in the room, the senior commissioned officer in the room, the senior offensive cyber operator in the room, or the senior NCO in the room. All four are good; only you can decide. Talk to the warrant, the team chief, the section sergeant, and your spouse if you have one.
  • First re-enlistment — SRB, CSRB, follow-on assignment, ETS, or Active to Reserve
    The first re-enlistment window typically opens 12-18 months before your contract ends. The Selective Reenlistment Bonus (SRB) per the current HRC SRB MILPER and the Critical Skills Retention Bonus (CSRB) for specific cryptologic / cyber skill identifiers vary by MOS, re-up zone, shortage indicator, and follow-on assignment. Pull both current MILPERs before signing. 35Q soldiers at SPC are often on the CSRB schedule because the MOS is a Critical Skill. The ETS-with-clearance option is real — the cleared cyber contractor market (Booz, Leidos, MITRE, CACI, ManTech, SAIC, BAE, and the long tail) hires from the SCC enlisted workforce on the TS/SCI-with-poly profile, and a Specialist with IAT-II / IAT-III / GIAC credentials walks into a strong starting offer. The trap: signing the first bonus contract the career counselor offers without running the math. Run the math twice. Talk to your spouse. Talk to a senior NCO who has been through the cycle.

How the Seat Varies by Unit Type

  • 780th MI Brigade (Fort Meade) — Army cyber brigade, NSA-Washington co-location
    The 780th is the Army's cyber brigade at Fort Meade. The 781st MI Battalion (Vanguard) and the 782nd MI Battalion (Cerberus) sit under the 780th, and the brigade runs Army-side Cyber Mission Force teams alongside the joint enterprise. The OPTEMPO is high; the work-role density is deep; the senior NCO and warrant officer bench is one of the strongest in the Army cyber community. A Specialist at the 780th is on the development bench for the entire Army cyber community — the senior NCOs there are mentoring you toward 17C reclass, 350F technician, or 170A cyber warrant track. The cost: Fort Meade BAH is high, the cost of living in the DMV is high, and the commute inside the NSA campus is real. The benefit: the institutional memory and the senior bench at the 780th is closest to the cyber operations enterprise.
  • 706th MI Group (Fort Eisenhower) — NSA/CSS Georgia co-location
    The 706th is the Army element at NSA/CSS Georgia at Fort Eisenhower (the post was renamed from Fort Gordon in 2023). The 706th supports the Army cryptologic mission at one of the largest NSA campuses outside Fort Meade. The technical work is heavily SIGINT-tilted; the joint workforce is dense; the senior NCO and warrant bench is deep. The cost of living is lower than Fort Meade; the on-post housing inventory is better; the Augusta area is a real military community with the U.S. Army Cyber Center of Excellence on post.
  • Cyber Mission Force team — NSA-Hawaii, NSA-Texas, NSA-Colorado, or other NSA Cryptologic Centers
    CMF teams are joint workforce formations that detach to NSA Cryptologic Centers. The team is a joint formation; your Army NCO chain runs through the parent brigade (often the 780th or 706th); your daily operational chain runs through the team chief at the NSA-co-located site. The work-role focus is mission-set-specific to the team and the supported COCOM. Hawaii is paradise with a brutal cost of living; Texas is San Antonio with the BAMC / Fort Sam Houston military density; Colorado is altitude and proximity to USNORTHCOM. The Specialist experience on a CMF team is more compartmented than at a brigade — you may not know the names of soldiers in the next team space, and the joint workforce is closer to you daily than the Army chain.
  • INSCOM major subordinate command — theater intel brigade or specialty unit
    INSCOM runs the Army's above-brigade intelligence formations. Specialist 35Qs at INSCOM units typically sit on theater intel brigade analytic lines (66th, 500th, 470th, 513th, 207th) or specialty units. The technical work is broader and slower-tempo than a CMF team or the 780th; the analytic-depth side is closer than the operations side; the senior NCO bench is experienced. INSCOM units are scattered globally — Vicenza, Wiesbaden, Hawaii, Fort Belvoir, Fort Bragg, Camp Humphreys — and the assignment is more like a traditional Army staff assignment than a CMF-team assignment. The SGT bench at INSCOM units reads slightly differently from the CMF / brigade bench; the technician / commissioning conversations are common.
  • National detail — NSA / DIA enterprise team alongside civilian analysts
    A small number of Specialists land on national detail seats — embedded on an NSA or DIA enterprise team alongside civilian analysts (GS-12 / GS-13 / GS-14 levels) and contractors. The technical work is IC-wide; the team you sit on has one or two Army uniformed soldiers and a much larger civilian bench. The Specialist experience here is unusual — you are the junior Army member of an analytic line that grades itself against ICD 203 standards every day, and the senior civilian analyst is your senior operator in practice. The Army NCO chain feels distant; the team chief at NSA or DIA is your daily reality. The technician packet candidacy from these seats reads strong on the WORC board when the time comes.

What Good Looks Like at This Rank

The good Specialist 35Q is the operator the senior NCO hands the hardest target line to on Monday because it will come back clean, sourced, and ready by Wednesday. He is sitting two work-roles — the home position he qualified on first and the second position he is driving the JQR for now — and the team chief is reading the multi-qualification trajectory as the SGT-bench signal. His IAT-III voucher is in motion through Army Credentialing Assistance; the team's credential coordinator has him on the funding cycle; the GIAC seat the team applied for is on his record if the team budget supported it. The warrant on the team (a 350F or 17A or 351-series technician) knows his name and has started the honest conversation about the technician / commissioning / civilian-pipeline options. He runs the unsupervised position with the discipline the cherry phase taught him — every action logged, every BLUF sourced to standard, every RFI closed inside the timeline, every shift handoff clean. The senior operator who used to redline his products now signs them through with minor edits; the senior operator who used to walk him to the team huddle now sends him to the huddle alone and reads the rollup later. The supported customer (a tactical O-3 / O-4, a theater intel brigade analyst, an NSA civilian senior, a CCMD J2 enlisted senior) asks for him by name in the chat channel because the answers come back specifically and sourced. The brigade S2 SGM (or the equivalent senior MI NCO on the supported team) mentions him in the slate read at the next quarterly sync. The Army-internal record matches the joint-workforce performance. The BLC packet is in motion 12 months before the SGT board window; the DA 3355 worksheet is reviewed quarterly with the career counselor; the IAT-III credential is on the wall by month 18 at the team; the ACFT is at 560 or above; the annual compliance training is closed before suspense; the polygraph re-scope cycle is on schedule; CV self-reporting under SEAD 3 is current. The Specialist who built clean records on both sides — the joint workforce side and the Army NCO chain side — is the Specialist whose SGT pin moves on the cutoff cycle the points clear. The senior operator and the warrant and the team chief all agree on the read because the record agrees with itself.

Preview — The Next Rank

E-5 SGT is the next gate, and it is structurally tighter than the E-4 promotion gate. AR 600-8-19 governs: 36 months TIS / 8 months TIG (waivable), DA 3355 promotion-point worksheet, BLC complete, command recommendation, cutoff score above the MOS-specific monthly line per the HRC MILPER. The chain of command's recommendation carries materially more weight at the SGT gate than at the SPC gate, and the 35-series board competitiveness reads work-role qualification depth, school stack, NCOER recommendation block, and the cryptologic-credential profile alongside the standard Army NCO development markers. The job content at SGT is the mission element lead or watch NCO — a small Army-side element on a Cyber Mission Force team, a watch shift in an NSA-tasked analytic cell, or a section inside the 780th MI Brigade or the 706th MI Group. You are dual-billeted in a way the Army does not always explain well — you have a joint work-role at NSA / USCYBERCOM and an Army NCO seat, and you are accountable to both. You counsel your soldiers monthly per AR 623-3 on DA Form 4856. You write the section's input to the watch chief's shift turnover. You sit at the team huddle, you defend confidence levels under questioning from a supported O-3 or O-4, and you are the senior Army NCO on the floor when the SSG NCOIC is at sick call or in ALC. The 35-series vs 17C boundary navigation gets harder at SGT — you are explaining the difference to junior soldiers and to supported customers who do not always know. The differentiator at the SGT board is the work-role qualification depth (two minimum, three preferred), the IAT-III credential, the BLC Commandant's List status, the NCOER recommendation block (your senior rater's profile reads as a leading indicator), the ACFT (560+), and the visible mission-element leadership in the SPC seat. The Specialist who built a clean record across both sides of the seat — the joint workforce production side and the Army NCO chain side — is the Specialist whose SGT pin moves on the cutoff cycle the points clear. The Specialist who treated the joint workforce as the entire job is the Specialist whose Army NCO chain reads thin at the board. Engage both sides. The next career-defining conversation is the technician / commissioning / civilian-pipeline decision the warrant has been opening with you; the SGT pin reframes that conversation as a near-term packet rather than a long-arc theoretical.
FAQ

35Q E4 — Frequently Asked Questions

Q01What does a E4 35Q (Cryptologic Network Warfare Specialist) actually do?
You are qualified on at least one work-role under the joint NSA/USCYBERCOM training framework, and you are reading toward the next one.
Q02What's the most important thing to know as a E4 35Q?
SPC is the workhorse rank in the 35Q world.
Q03What does a typical day look like for a E4 35Q?
Time-blocked day at the E4 35Q rank tier: 0500 Wake. Coffee. Phone check — accountability OK, no overnight emergencies, no team-chat from the senior NCO that requires response. Phone goes back in the kitchen because it is not going near the SCIF. PT uniform on, 0530 PT formation. The cyber-MI company runs PT on a schedule aligned to the team's watch rhythm. Accountability to the section sergeant; the senior NCO reads the formation; the company 1SG walks the line periodically, 0545-0700 Unit PT — cardio, strength, recovery-mobility rotation.…
Q04What mistakes get E4 35Q soldiers fired or relieved?
Coasting at the qualified-operator seat for 18 months instead of pushing toward the second work-role. The SGT board reads single-qualification SPCs against multi-qualification peers, and the senior NCO read of the slate names tracks the same metric. Coasting at SPC is the cleanest way to sit in zone at the SGT board; Treating BLC as optional or delaying the packet because 'the team needs me at the position.' BLC is the STEP gate — no BLC, no SGT pin, no exceptions under AR 600-8-19.…
Q05What career decisions matter most at the E4 35Q rank tier?
BLC slot timing and Commandant's List pursuit — BLC is the STEP gate for SGT; without BLC complete, no SGT pin regardless of points. Most teams release SPCs to BLC after the first work-role qualification is signed off. Plan the slot 6-12 months before you anticipate hitting the SGT board window. The Commandant's List at BLC is a promotion-points line (worth real points on the DA 3355 worksheet) and a known check at the SGT board. Show up at standard PT, in clean uniform, with the section-NCO habits already built.…
Q06What's next after E4 for a 35Q (Cryptologic Network Warfare Specialist) in the Army?
E-5 SGT is the next gate, and it is structurally tighter than the E-4 promotion gate.
Q07What manuals and regulations does a E4 35Q need to know cold?
JP 3-12 — Cyberspace Operations (the joint frame for everything your team does).; JP 2-0 — Joint Intelligence; JP 3-60 — Joint Targeting.; ICD 203 — Analytic Standards; ICD 206 — Sourcing Requirements for Disseminated Analytic Products.

This playbook has no tips yet. Be the first to share what you know.

Published by the Honest MOS Editorial DeskVerified against DoD/.gov sourcesUpdated May 2026Editorial standards