Skip to main content
HonestMOS
InvestigationsCongress made VA disability claims free to file. An entire industry charges veterans anyway — and nobody can stop them.
Back to 35Q Cryptologic Network Warfare Specialist — overview, pay, training, civilian translation, reviews
35QE6

Cryptologic Network Warfare Specialist

E-6 (Staff Sergeant) · Army

HEADS UP

SSG 35Q is where the joint cryptologic workforce stops treating you as a service-uniform decoration and starts treating you as a senior operator with a vote. You own a 6-12 soldier Army-side element on a Cyber Mission Force team, a senior watch NCO seat inside an NSA-tasked analytic line at Fort Meade or NSA Georgia or NSA Hawaii or NSA Texas, or a section NCOIC seat at the 780th MI Brigade or the 706th MI Battalion. ALC is in the rearview; SLC at the Cyber Center of Excellence at Fort Eisenhower is the packet to build now. The IC-civilian conversion conversation — GG-13 / GG-14 at NSA-CSS, DIA, CIA, USCYBERCOM — starts being a serious option at this rank, not just a hallway joke. Start the conversation early; the credential stack you build between SSG and SFC is what determines the post-service tier you land in.

The Honest MOS Read
Staff Sergeant 35Q is the first rank where the joint cryptologic workforce — the Service Cryptologic Component (SCC) that NSA-CSS runs, the Cyber Mission Force (CMF) team architecture that USCYBERCOM operates, and the Army's piece of both through INSCOM and ARCYBER — treats you as a senior operator with institutional weight. The cherry on the team copies how you log a query; the SGT in your section runs his watch shift off the SOPs you maintain; the team chief at NSA names you in the Service Cryptologic Element shift turnover; the supported O-4 or O-5 reads the products your element signed. You are not just sitting a position anymore — you are responsible for the position, the people on it, the qualification pipeline behind it, and the products that leave it. The team chief at NSA, the MI battalion CDR back at Fort Meade or Fort Eisenhower, and the brigade S2 SGM all read your element through the JQR currency rate, the IAT credential currency rate, the work-role qualification pipeline, the SCIF accreditation posture under ICD 705, the IC IT compliance posture under ICD 503, and the analytic / operational product quality the supported command actually uses. The dual-billet reality at SSG is the structural piece nobody briefs hard at ALC. You have a joint work-role at NSA or USCYBERCOM that is graded against the joint workforce qualification framework — the DoDM 8140 cyber workforce qualification standards, the JQR / OJT signoff regime the senior operator chain runs, the work-role-specific instructor and operator and supervisor qualification tiers — and you have an Army NCO seat that is graded against AR 623-3 NCOER standards, AR 600-8-19 enlisted promotion math, ACFT under the current standards, the brigade enlisted-management cell at the 780th MI Brigade or the 706th MI Battalion or wherever your TRADOC paperwork actually parks. The CWO at NSA cannot write your NCOER; the team chief at NSA cannot defend you at the brigade enlisted-management cell; the brigade CSM cannot pull a position for you inside the joint workforce. You are accountable to both chains simultaneously, and the SSG who hides from the Army side of the house because "the team chief at NSA is who matters" is the SSG whose NCOER profile collapses at the brigade SGM read. The element you own at SSG is typically 6-12 soldiers — junior PVT/PFC operators in the JQR pipeline, qualified SPC operators driving the second and third work-roles, one or two SGT watch-NCO seats running the daylight or midnight shift under your overall section authority. The work runs on a 24/7 watch cycle in most NSA-tasked spaces and most CMF team architectures; you are accountable for the section's coverage even when you are not on the floor. You sign for SCIF accreditation tasks alongside the SSO, you sign for IT compliance tasks alongside the senior signal NCO or the ISSO, you sign for the work-role qualification pipeline alongside the team chief at NSA and the brigade S2 SGM at the Army end. The audit cycles are real — DoDM 8140 cyber workforce qualification audits, ICD 705 SCIF accreditation inspections, ICD 503 IC IT compliance reviews, internal Army cybersecurity reviews under AR 25-2 — and the senior-NCO-attributable findings on any of these end up in the NCOER's senior rater commentary and in the brigade SGM's slate read at the next SLC slot conversation. The SLC at the Cyber Center of Excellence at Fort Eisenhower is the next institutional gate. The course is the SFC-equivalent senior leader course for the 35-series career field, run by the USAICoE-affiliated cadre at the Cyber Center of Excellence — multi-week resident, with the technical / cryptologic / cyber-aligned curriculum that the SFC bench needs to compete for E-7 selection. Build the packet 12-18 months out from your projected SLC slot — institutional credentials, the Foundry catalog continuing-education seats relevant to your work-role, the IAT-III credential in hand if your work-role requires it (CISSP, CASP+, CCNP-Security, or the platform-specific equivalents on the DoDM 8140 list), a defensible NCOER profile under AR 623-3, and a senior rater conversation that has named you for the SLC slot in writing. The IC-civilian conversion conversation at SSG is no longer a hallway joke; it is a serious career option with a real timeline and a real credential stack behind it. The senior cleared-contractor world — Leidos, Booz Allen Hamilton, MITRE, CACI, ManTech, SAIC, the long tail of cleared contractors sitting at NSA Fort Meade and NSA Georgia and NSA Hawaii and NSA Texas — bids on senior 35Q operators with 2-3 work-roles qualified, IAT-III credential current, ICD 203 / 206 / 208 fluency demonstrated through actual product portfolio, and a clean TS/SCI with polygraph maintained through retirement. The direct IC-civilian conversion path — GG-13 / GG-14 IC civilian analyst billets at NSA-CSS, DIA, CIA, USCYBERCOM, with the work-role-aligned credential stack and the joint-duty credit on the record — is the highest-tier post-service path for 35Q operators. Start the conversation 24-36 months ahead of the inflection (re-up window, ETS window, retirement window) and the offers compound; start it at the orders date and the offers narrow. The senior NCO bench inside the 35Q community is small and tight. The 35Q force generation cycle through the 334th MI Battalion at NIOC Corry Station in Pensacola produces a few hundred operators per year; the senior NCO promotion math at SFC and above runs on that small inventory, and the brigade CSMs at the 780th MI Brigade and the 706th MI Battalion and the INSCOM major subordinates read every NCOER personally. The SSG who runs an element that produces clean products, qualifies its soldiers on schedule, and mentors honestly into the warrant-officer-technician slate (352N SIGINT Analysis Technician, where applicable) and the 17A Cyber Warfare Officer commissioning slate is the SSG whose name is named in the brigade SGM bench conversation before he sits his SLC packet review. The one who phones it is the one whose NCOER profile reads thin at the next slot read.
Career Arc
  • 01E-6 pin-on: post-ALC at NCOLCoE Fort Bliss (or the regional NCO Academy), post-centralized HRC SSG board selection.
  • 02Mission Element NCOIC / senior operator tour — 6-12 soldier Army-side element on a CMF team, NSA-tasked analytic line, or 780th MI Brigade / 706th MI Battalion section, typically 24-36 months.
  • 03Third work-role qualification in hand; IAT-III credential current (CISSP, CASP+, CCNP-Security, or the work-role-equivalent on the DoDM 8140 list).
  • 04Foundry catalog continuing-education seats consumed; cryptologic / cyber school instructor-qualified seat if the differentiator path is available.
  • 05SLC packet build at the Cyber Center of Excellence at Fort Eisenhower — 12-18 months out from the slot.
  • 06Senior rater commentary on the NCOER builds toward Top Block / Most Qualified for the SFC board.
  • 07352N warrant officer accession or 17A Cyber Warfare Officer commissioning conversation crystallizes (yours or your mentee soldiers').
  • 08IC-civilian conversion conversation opens — senior contractor recruiters and NSA / DIA / CIA HR begin the relationship-building cycle for the SFC inflection.
Common Screwups
  • ×DUI / Article 15 / drug pop / financial issue surfacing on the SF-86 reinvestigation. At SSG in this MOS the clearance pull is structurally more terminal than in line-MOS career fields because the TS/SCI with polygraph is the credential the joint workforce and the post-service market both run on. Separation under AR 635-200, clearance revocation, IC-civilian conversion path closed, the senior cleared-contractor market closed, and the team chief at NSA cannot defend you because the Army chain owns the action.
  • ×Phoning the dual-billet by hiding from the Army side. The SSG who treats the joint work-role as the whole job and lets the NCOER profile, the ACFT, the soldier counseling under DA 4856, the promotion packet routing, and the brigade enlisted-management cell coordination drift is the SSG whose senior rater commentary at the SFC board read collapses. The CWO at NSA does not write your NCOER; the team chief does not defend you at the brigade SGM read.
  • ×Missing the SLC slot at the Cyber Center of Excellence at Fort Eisenhower. SLC is the SFC promotion gate under the centralized HRC board math; the SSG who lets the SLC slot lapse or shows up without the packet built is the SSG whose SFC pin-on date slips and whose IC-civilian conversion window narrows by 18-24 months.
  • ×Treating the warrant-officer-track or 17A commissioning conversation with subordinates as a transactional check-the-block. The 352N warrant officer accession and the 17A Cyber Warfare Officer commissioning pipelines are among the highest-leverage technical career paths in the cyber-intel community; the SSG who pitches the packet without the honest selection-rate conversation, the family-separation cost analysis, and the post-service market analysis is the SSG who burns soldier trust when the SPC or SGT he mentored does not get selected.
  • ×Underestimating the IC-civilian conversion planning window. The SSG who starts the conversation at retirement-orders date lands at the senior analyst tier; the SSG who started it 24-36 months ahead lands at the GG-13 / GG-14 IC civilian principal-analyst tier or the senior cleared-contractor program-manager tier. The credential stack and the relationship-building cycle compound over years, not weeks.

A Day in the Life

  • 0500Wake. Phone check — overnight section emergencies. Soldier in jail? Family deathgram? Team chief at NSA needs a back-brief on the overnight CMF tasking? Clearance flag on a section soldier needing the SSO and senior officer chain coordinated? You are the senior Army NCO the element looks to first. The platoon sergeant or 1SG hears about it as you walk in.
  • 0530-0630PT formation. You report element accountability to the platoon sergeant. Unit PT — the SCIF schedule means the section may run early PT in shifts (the midnight-shift soldiers PT before going home; the daylight-shift soldiers PT before going to the floor). You run with the section when the schedule allows.
  • 0630-0800Hygiene, change to OCPs or appropriate access-uniform. Coffee with the platoon sergeant or the 1SG, 15-20 minutes — the day's priorities, the BN BUB items, the brigade S2 SGM's items. Walk to the SCIF; badge in; review the overnight shift turnover from the senior SGT watch NCO.
  • 0800Section shift turnover. The midnight-shift senior NCO briefs the daylight-shift senior NCO; you sit in as the section NCOIC, validate the readiness picture, and surface any concerns to the team chief or the senior officer chain. JQR currency by soldier, IAT credential expiration timeline for the next 30 days, work-role currency log audit findings, position-coverage gaps.
  • 0830-1130Section operations. You walk the floor — every position, every soldier on the JQR cycle, every product the section has in the dissemination queue. Product review for the section's analytic writers — apply ICD 203 / 206 / 208 to every product before it leaves the section. RFI dialogue with the supported analytic cell on the brigade S2 staff or the team chief's tasking queue.
  • 1130-1300Chow. You eat with the platoon sergeant or the 1SG or the other section NCOICs; sometimes with the senior NCO at the team chief's shop if the day's tasking warrants. Conversation is section- and platoon-level: training, slates, JQR pipeline, IAT credential currency, the upcoming SLC slot list, the IC-civilian conversion conversation with the SFC bench in the platoon.
  • 1300-1500Afternoon section work. NCOER drafting for the SGT watch NCOs (you write the NCOERs that pick the next SSG slate). Soldier counseling under DA 4856 — the SPC who missed an IAT credential renewal window, the SGT whose work-role currency lapsed, the PVT whose JQR signoff timeline slipped. Foundry catalog slot review with the senior SGT — prerequisite tracking by soldier and by slot, post-course JQR follow-through.
  • 1500-1630Final formation or end-of-day section close-out. Sensitive items accounted, classified material sign-out / sign-in audited, SCIF closure protocols with the senior signal NCO and the SSO if applicable, shift turnover to the swing-shift or midnight-shift senior NCO. The senior NCO who closes out the day with the team chief and the senior officer chain is the senior NCO whose section's next tasking does not surprise either chain.
  • 1630-1800Element close-out with the platoon sergeant — AAR on the day, prep for tomorrow, brigade S2 SGM coordination if needed. SLC packet build work if your slot is in the next 12-18 months — Foundry catalog continuing-education seat applications, IAT-III credential study session, senior rater commentary conversation with the platoon sergeant or the 1SG.
  • 1800-2000Personal time. Married SSGs: family. Single SSGs: gym, study (CISSP / CASP+ / CCNP-Security continuing education, ICD update reads, USAICoE senior leader publications, Strategic Intel Course pre-work if the slot is on the horizon). If the IC-civilian conversion conversation is in motion, the AFCEA / INSA conference research, the senior cleared-contractor recruiter relationships, the NSA / DIA / CIA HR pipeline research runs in this window.
  • 2000-2200After-hours coordination — the senior NCO's phone is on. Family-emergency calls, after-duty Article 15 notifications on a section soldier, the team chief's late-night tasking on a contingency build-out, the SSO's coordination on a PERSEC issue. The SSG who lets the phone go to voicemail at this rank is the SSG the team chief and the 1SG both stop trusting.
  • 2200Lights out.
  • Operational tempo / real-world contingencyThe clock collapses. The section runs 24/7 watch coverage; you may be on the floor through the night for a contested operational tempo event or a real-world contingency tasking. The team chief at NSA and the senior officer chain at USCYBERCOM read the section's readiness through your reporting; the brigade SGM reads your senior rater commentary off this period.

Weekly Cadence

The Mon-Fri rhythm at SSG in an MI section is the senior-NCO version of the SGT watch-NCO rhythm — same week, different load. Monday is the heaviest planning day. You read the Friday release from the platoon sergeant and the 1SG, the brigade S2 SGM's weekly tasking, the team chief at NSA's weekend RFI queue, and the section's weekly readiness picture from the senior SGT. By mid-morning you have the section's plan for the week aligned: which soldiers are on which JQR signoff windows, which Foundry catalog slot applications are due, which IAT credential renewals are due in the next 30 days, which work-role qualification audit findings need closure, which NCOERs are due in the platoon sergeant's review queue. Brief it to the senior SGT watch NCOs by mid-morning; brief it down to the SPCs in their respective positions. Tuesday-Wednesday are section operations execution. The senior SGT watch NCOs run the watch shifts; you observe, product-review, and surface concerns to the team chief and the platoon sergeant. Thursday is institutional / administrative — NCOER review with the senior SGTs, the section training calendar update, the Foundry catalog slot review with the senior SGT, the monthly platoon sergeant office call, the quarterly brigade S2 SGM office call if you are on the SLC slate. Friday is the section-level event close-out and the BN-level release if the section is on a deployable readiness cycle. The week's second rhythm is the brigade-level work: the monthly senior NCO call with the platoon sergeant and the 1SG, the quarterly brigade S2 SGM office call (SLC slate conversation, NCOER profile review, warrant-officer-track / commissioning slate update on the platoon's SGT bench), the quarterly Foundry catalog slot rebalancing with the brigade S2 SGM, the SCIF accreditation under ICD 705 internal-audit cycle (quarterly) with the SSO, the IC IT compliance under ICD 503 review (quarterly) with the ISSO and the senior signal NCO. The SSG who is on the SLC slate is at the brigade S2 SGM's office at least quarterly. The SSG who is not is missing the briefing he needs to compete for the next slot. The week's third rhythm is the senior NCO institutional packet work — the SLC packet build at the Cyber Center of Excellence at Fort Eisenhower (12-18 months out from the projected slot), the IAT-III credential continuing-education cycle (CISSP CPE accumulation, CASP+ CompTIA CE renewal, CCNP-Security recertification), the Foundry catalog continuing-education seat applications, the ICD update reads and USAICoE senior leader publication reads, the IC-civilian conversion conversation network-building (AFCEA / INSA conference research, senior cleared-contractor recruiter relationships, NSA / DIA / CIA / USCYBERCOM HR pipeline research). This work runs in the evening and weekend hours over months; the SSG who treats it as the "after-hours" job is the SSG whose SFC slot read and IC-civilian inflection both compound. The one who doesn't is the SSG whose senior rater commentary reads thin at the next slate.

Key Skills — How to Drill Each

  1. 01
    Run an Army-side element through a Cyber Mission Force readiness cycle, an NSA-tasked operational tempo, or a real-world contingency without losing JQR currency or the products.
    The senior NCO who owns a CMF element or an NSA-tasked analytic section is accountable for 24/7 watch coverage, work-role qualification pipeline velocity, and product quality the supported command actually uses — through the readiness cycle, the operational tempo, and any real-world contingency the team is tasked with. Run the section's weekly readiness review with the SGT watch-NCO seats — JQR currency status by soldier and by work-role, IAT credential expiration timeline, work-role qualification audit findings, position-coverage gaps for the next 30 days. Brief the team chief and the senior officer chain on the section's readiness in language that scales — the senior NCO who can deliver the brief at every echelon without losing the analytic precision is the senior NCO the team chief and the brigade SGM both name.
  2. 02
    Defend the element's readiness picture to the supported team chief, MI battalion S3, or brigade S2 OIC — say 'this position is not currently qualified' when the room wants a different answer, and back it up.
    The hardest senior NCO skill at SSG is honesty under pressure. The team chief at NSA or the senior officer at USCYBERCOM wants the position covered for the supported command's tasking; the SSG who knows the JQR signoff is incomplete or the IAT credential is lapsed or the work-role currency has slipped owes the team chief the honest answer. The fix is the deliberate readiness review — quarterly internal element audit against the DoDM 8140 framework, JQR pipeline status by soldier, IAT credential expiration tracker maintained by the section's senior SGT, work-role currency log audited by you personally. The SSG who can quote the DoDM 8140 paragraph, the ICD 705 section, or the AR 25-2 chapter that backs the call is the SSG whose call survives the senior officer pushback.
  3. 03
    Build a six-month training plan that produces one work-role-instructor-qualified NCO, two ICD 203 / 206 / 208 compliant analytic writers, and three certified operators on the team's second-most-demanded work-role.
    Six months is the planning horizon at SSG — quarter-aligned, mapped to the Foundry catalog, the team's internal training capacity, and the regional Cyber Center of Excellence school slot windows. Identify the soldier with the depth and the time to develop into the work-role-instructor-qualified seat (the section's senior SGT is the typical target). Identify the two soldiers with the analytic writing depth who need the ICD 203 / 206 / 208 tradecraft sharpening — pair them with the senior NCO at NSA who teaches the Strategic Intel Course tradecraft module or the equivalent at the Cyber Center of Excellence. Identify the three SPC operators whose first work-role qualification is solid and who can pick up the section's second-most-demanded work-role — sequence them through the JQR signoff cycle alongside the senior operator chain. Brief the plan to the team chief and the senior officer chain quarterly; revise as the team's inventory shifts.
  4. 04
    Run the unit's Foundry / cryptologic-school slot program — slot management, prerequisite tracking, post-course JQR follow-through.
    Foundry (the Army Intelligence Enterprise's continuing-education catalog) and the cryptologic-school slot catalog (the institutional pipeline NSA and the 706th MI Battalion / 780th MI Brigade run) are the SSG's most visible institutional contribution. Foundry slots wasted are the SSG's on the next inspection; the brigade SGM reads the section's Foundry utilization rate at the quarterly QTB. The fix is the deliberate slot management cycle — quarterly Foundry catalog read with the section's senior SGT, prerequisite tracking by soldier and by slot, post-course JQR signoff follow-through (the slot is worthless if the soldier returns to the section and never closes the JQR signoff the slot enabled), and slot-availability conversations with the brigade S2 SGM monthly.
  5. 05
    Mentor SGTs on NCOER writing, board prep, and the 352N warrant-officer-track or 17A Cyber Warfare Officer commissioning conversation honestly.
    The SSG's most consequential mentor work is the SGT-to-SSG slate conversation. NCOER writing — action-result-impact bullets per AR 623-3, defensible at the senior rater profile level, no 'demonstrated exceptional cryptologic performance' filler. Board prep — the centralized HRC SSG board reads paper, so the NCOER profile and the institutional credential stack do the work; the SGT's first re-enlistment / re-class conversation should be honest about the warrant-officer-track option (352N SIGINT Analysis Technician — selection-based, sub-50% in some cohorts per the published HRC accession board results, with the technician WOBC at Fort Huachuca after WOCS at Fort Novosel), the 17A Cyber Warfare Officer commissioning option (Green-to-Gold, OCS, direct commissioning programs where applicable), and the IC-civilian conversion option (GG-13 / GG-14 entry tier at NSA / DIA / CIA / USCYBERCOM with the SSG / SFC credential stack). Quarterly formal counseling with the SGT bench; weekly informal check-ins on packet timeline.
  6. 06
    Translate cryptologic / cyberspace uncertainty into a recommendation a supported commander can act on without losing the uncertainty in translation.
    The IC tradecraft skill — applying ICD 203 / 206 / 208 to a product the supported O-4 or O-5 or O-6 reads at the BUB. Confidence statement under ICD 203 (the sourcing line, the alternative analysis, the dissent captured if the analytic team disagreed); sourcing requirements under ICD 206; utility under ICD 208. The SSG who can write the BLUF the supported commander can act on without the senior operator chain rewriting it is the SSG the team chief names in the SCE shift turnover and the supported O-5 reads first at the morning brief. The fix is deliberate practice — read the senior products the team produces, study the IC tradecraft updates at the USAICoE senior leader publications, attend AFCEA / INSA tradecraft workshops when the slot opens, and write more products under senior-operator review than the section quota requires.

Manuals & References — What Chapters Matter

  • FM 2-0 — Intelligence; JP 3-12 — Cyberspace Operations; JP 2-0 — Joint Intelligence; JP 3-60 — Joint Targeting.
    The doctrinal spine the senior cryptologic / cyber NCO owns cover-to-cover at SSG. FM 2-0 is the Army's intelligence doctrine — the senior NCO quotes it in the section training reviews and the NCOER bullet writing. JP 3-12 is the joint cyberspace operations doctrine — the team chief at NSA and the senior officer chain at USCYBERCOM quote it in the operational planning cycles. JP 2-0 and JP 3-60 are the joint intelligence and joint targeting doctrine — the supported command's analytic and targeting cells run off these.
  • ICD 203 — Analytic Standards; ICD 206 — Sourcing Requirements for Disseminated Analytic Products; ICD 208 — Utility of Disseminated Analytic Products.
    The IC tradecraft standards the senior NCO at SSG teaches to the section's analytic writers and grades against in the NCOER bullet review. ICD 203 is the analytic-tradecraft standard the IC reads every disseminated product against; ICD 206 is the sourcing-requirements standard the senior NCO enforces on every product the section signs; ICD 208 is the utility standard the supported command reads the product against. Senior NCOs at SSG quote these by paragraph in the section training reviews.
  • ICD 503 — IC IT Systems Security Risk Management; ICD 705 — Sensitive Compartmented Information Facilities.
    The IC-level physical and IT security standards the unit runs under. ICD 705 governs SCIF accreditation — physical security, TEMPEST, access control; the senior NCO at SSG signs the unit's compliance posture alongside the SSO. ICD 503 governs IC IT systems security risk management — the cybersecurity framework the classified IT footprint runs under; the senior NCO at SSG signs the unit's compliance posture alongside the senior signal NCO and the ISSO.
  • AR 380-5 — Department of the Army Information Security Program; AR 381-10 — US Army Intelligence Activities; AR 381-12 — Threat Awareness and Reporting Program (TARP); AR 25-2 — Army Cybersecurity.
    The Army-side compliance regs the unit lives under. AR 380-5 is the classified material handling reg; AR 381-10 is the US persons / intelligence activities reg — the one the IG inspects against in cryptologic units; AR 381-12 is the TARP indicator-and-warning reporting requirement (the senior NCO at SSG is in the chain when a TARP indicator surfaces on a soldier); AR 25-2 is the Army's cybersecurity reg. Re-read all four annually; the senior NCO at SSG signs the unit's compliance roll-up.
  • DoDM 8140 — Cyberspace Workforce Qualification and Management Program.
    The DoD-level cyber workforce qualification framework the IAT-II / IAT-III / CSSP credentials live under, and the framework the senior NCO at SSG defends the section's readiness against in the audit cycle. The senior cryptologic NCO at this rank quotes DoDM 8140 by paragraph in the senior officer brief and the senior staff readiness review.
  • AR 623-3 — Evaluation Reporting System; AR 600-8-19 — Enlisted Promotions and Reductions; AR 600-20 — Army Command Policy; AR 27-10 — Military Justice.
    The Army personnel-management regs the senior NCO at SSG owns alongside the platoon sergeant and the 1SG. AR 623-3 is the NCOER reg — the senior NCO at SSG writes 4-6 NCOERs per cycle and the senior rater profile he builds compounds across the SFC slot read. AR 600-8-19 governs the enlisted promotion math. AR 600-20 is the command policy umbrella — SHARP, EO, anti-extremism, military justice — and AR 27-10 is the military justice reg the senior NCO at SSG navigates when an Article 15 packet runs through the company orderly room.

Standards — How to Hit Each

  • ALC graduate; SLC packet built at the Cyber Center of Excellence at Fort Eisenhower; consider a cryptologic / cyber-school instructor-qualified seat or an advanced certification as the differentiator.
    ALC is the SSG promotion gate under the centralized HRC math; you cleared it on the way in. SLC at the Cyber Center of Excellence at Fort Eisenhower is the SFC promotion gate; build the packet 12-18 months out from the projected slot — institutional credentials, Foundry catalog continuing-education seats relevant to your work-role, IAT-III credential current, senior rater commentary that has named you for the SLC slot in writing. The instructor-qualified seat (work-role-instructor-qualified, Foundry catalog instructor-qualified, or cryptologic-school instructor-qualified at the regional NSA cryptologic school) is the differentiator that compounds at the SFC slot read.
  • Three or more work-role qualifications across your career; IAT-III credential current (CISSP, CASP+, CCNP-Security, or the work-role-equivalent on the DoDM 8140 list).
    The work-role qualification stack is the senior NCO's institutional credential at this rank. Three or more qualifications across the career — typically your initial work-role from AIT-plus-OJT at the first unit, a second work-role qualified at E-4 / E-5, a third qualified at E-5 / E-6 — gives the senior NCO the depth to mentor the SGT bench across multiple work-roles and the brigade SGM the depth to defend the senior rater profile. The IAT-III credential current is the DoDM 8140 baseline for senior operator and supervisor tier seats; the credential cycle (the CompTIA CE for CASP+, the (ISC)² annual maintenance for CISSP, the Cisco CCNP-Security recertification cycle) is the senior NCO's responsibility to maintain.
  • Element JQR pipeline velocity at or above the team's average; IAT-credential currency rate at or above 95%; zero work-role-qualification audit findings during your tenure.
    The senior NCO at SSG defends the section's readiness through the metrics the team chief and the brigade SGM read. JQR pipeline velocity — the rate at which the section's soldiers qualify on assigned work-roles inside the published timeline — measured against the team's average. IAT-credential currency rate at or above 95% — the section's IAT-II and IAT-III credential renewals tracked by the senior SGT and audited by you personally. Zero work-role-qualification audit findings — the DoDM 8140 audit cycle, the internal section audit, the team chief's spot-check. The senior NCO whose tenure includes a CAT-1 audit finding on the section's readiness carries it into the NCOER's senior rater commentary.
  • NCOER bullets on the official achievement list — action-result-impact, measurable, no 'demonstrated exceptional cryptologic performance' filler.
    AR 623-3 is the reg; the bullet format is action-result-impact with measurable specifics. Senior raters at the MI brigade and INSCOM read every 35Q NCOER personally and remember the SSG who inflated the SGT who could not drive a position. The fix is honest writing — quantify the work-role qualification velocity, quantify the IAT credential currency rate, quantify the section's product output the supported command actually used, quantify the Foundry catalog utilization rate. The senior rater profile builds over the SSG-to-SFC tour through the consistency of the bullet writing.
  • Element ACFT pass rate at or above brigade average — the cryptologic guys do not get to skip the test.
    The 35Q PT culture problem is real and visible. The brigade CSM at the 780th MI Brigade or the BCT CSM at a line BCT reads the cryptologic company's or section's ACFT pass rate against the brigade average; the senior NCO whose element underperforms is the senior NCO the brigade CSM names in the wrong way. The fix is the deliberate section PT plan — run by the senior SGT on a published schedule, monitored by you, with remediation for the soldiers on the bubble. The senior NCO who runs serious PT is the senior NCO the brigade CSM and the team chief both name; the one who skates because 'the SCIF is a sedentary environment' is the senior NCO whose senior rater commentary reads thin.

Technical Mistakes — Concrete Consequences

  • Letting a junior operator push a product to the supported command without your sign-off when the SOP requires senior-operator review.
    You signed for the element; you own every product that leaves the floor. The product that goes out the door without your review and lands in front of the supported O-5 with an analytic error, a sourcing gap, or an ICD 203 / 206 / 208 compliance issue is the product that surfaces in the team chief's office the next morning, in the brigade S2 OIC's quarterly product-quality review the next month, and in the senior rater commentary on your NCOER the next cycle. The fix is the deliberate sign-off discipline — every product the section produces under your tenure passes your review before dissemination, no exceptions.
  • Writing an NCOER as a wish-list.
    Senior raters at the MI brigade and INSCOM read every 35Q NCOER personally and remember the SSG who inflated the SGT who could not drive a position. The inflated NCOER lands the SGT on the SLC slot list at the next centralized HRC board, the SLC course reveals the gap, the senior rater profile collapses, and the senior NCO who wrote the inflated bullets is the senior NCO whose own SLC slot conversation gets harder. The fix is honest writing — write to the reg (AR 623-3), not to inflation; the senior rater profile that survives the SFC board read is the one built on bullets the senior rater can defend.
  • Confusing tactical / Army-internal analysis with strategic / IC-level analysis.
    The skills overlap; the standards do not. The senior NCO who treats the Army-internal RFI cycle (a brigade S2 OIC asking for a one-paragraph BLUF for the supported O-5's BUB slide) and the IC-level analytic product cycle (an NSA-disseminated assessment that lands at the senior IC-civilian senior advisor at NSA-CSS or at the supported COCOM J2) as the same product is the senior NCO whose IC-level product survives the next echelon's read with embarrassing tradecraft gaps. The fix is the deliberate tradecraft discipline — apply ICD 203 / 206 / 208 to every product, not just the IC-level ones; the senior NCO who treats the Army-internal product to the IC tradecraft standard is the senior NCO whose IC-level product survives.
  • Bypassing the SSO on a physical-security, IT-compliance, or PERSEC finding.
    The SSO outranks you on SCIF compliance, and the SSO's report rolls up the chain you cannot influence. The senior NCO who tries to handle a SCIF compliance finding inside the section without coordinating with the SSO is the senior NCO whose section's next ICD 705 accreditation cycle catches the finding the SSO would have helped fix early. The fix is the deliberate SSO partnership — quarterly SCIF readiness review with the SSO, monthly IT-compliance review with the ISSO and the senior signal NCO, immediate notification on any PERSEC finding (foreign contact, financial distress, unreported travel, behavioral change on a section soldier) per AR 381-12.
  • Letting the warrant-officer / commissioning conversation be transactional.
    The 352N SIGINT Analysis Technician and the 17A Cyber Warfare Officer paths are among the most consequential career moves in this MOS — mentor them like it is, including the honest parts about commute, family, and clearance maintenance. The SSG who pitches the packet without the honest selection-rate conversation (sub-50% in some cohorts per the published HRC accession board results), the family-separation cost analysis (WOCS at Fort Novosel + technician WOBC at Fort Huachuca = months of family separation; 17A path varies by accession route), and the post-service market analysis is the SSG who burns soldier-trust when the SGT or SPC who built an 18-month packet does not get selected. The fix is the honest mentor conversation — the packet is worthwhile because the cert stack and the NCOER bullets compound either way, but selection is not guaranteed, and the alternate path (stay enlisted and target the IC-civilian conversion at SFC) is also valid.

Career Decisions at This Rank

  • Re-enlistment timing — first window after E-6 pin-on, with the 35Q-specific bonus tier and the IC-civilian conversion conversation both in play.
    The first re-enlistment window after E-6 pin-on is the most consequential financial and career decision of the SSG tour. The MOS-specific retention bonus for 35Q is published in the current SRB MILPERs and varies by retention tier and time in service; pull the current MILPERs before the conversation. The competing inflection is the IC-civilian conversion at GG-13 / GG-14 (NSA-CSS, DIA, CIA, USCYBERCOM) or the senior cleared-contractor inflection at the principal-analyst / program-manager tier (Leidos, Booz Allen, MITRE, CACI, ManTech, SAIC). Both inflections require 24-36 months of relationship-building lead time; the SSG who starts the conversation at this window is the SSG who lands in the higher tier at retirement.
  • 352N warrant officer accession packet — yours, not just your soldiers'.
    The 352N SIGINT Analysis Technician warrant officer accession is the technical career move that compounds for 20-30 years. Selection-based via the HRC warrant officer accession board (sub-50% in some cohorts per the published board results); requires WOCS at Fort Novosel and technician WOBC at Fort Huachuca after selection. The decision at SSG is whether the packet is yours to build — the cert stack you have, the senior rater endorsement you can secure, the family-separation cost you can absorb. The alternate path is stay enlisted, target the SFC slot and the SLC graduate credential, and inflect through the IC-civilian conversion at SFC. Both paths produce strong senior careers; the warrant track compounds the technical authority, the enlisted track compounds the institutional credential and the SGM / CSM bench access.
  • 17A Cyber Warfare Officer commissioning packet — yours, not just your soldiers'.
    The 17A Cyber Warfare Officer commissioning path is the officer career move. Green-to-Gold (active-duty option, scholarship option, non-scholarship option), OCS at Fort Moore, direct commissioning programs where applicable. The decision at SSG is similar to the warrant decision but the structural shift is bigger — you trade the senior NCO bench access (1SG / SGM / CSM) for the company / field-grade officer track (CPT / MAJ / LTC). The senior NCOs who commission as 17A typically do so at SSG / SFC and the inflection compounds across 15-20 years of officer service. The alternate path is the senior NCO inflection through 1SG / SGM / CSM and the IC-civilian conversion at the senior tier; both produce strong careers, but the structural shift is permanent once made.
  • SLC slot timing and Cyber Center of Excellence at Fort Eisenhower.
    SLC at the Cyber Center of Excellence at Fort Eisenhower is the SFC promotion gate under the centralized HRC math. The slot is selection-based via the senior rater commentary on your NCOER and the platoon sergeant / 1SG's HRC conversation. Build the packet 12-18 months out from the projected slot; the institutional credentials, the Foundry catalog continuing-education seats, the IAT-III credential current, the senior rater commentary that has named you for the slot in writing all compound into the slot decision. The SSG who lets the SLC slot slip is the SSG whose SFC pin-on date slips and whose IC-civilian conversion window narrows by 18-24 months.
  • Joint duty / IC-detail assignment — NSA / DIA / CIA / USCYBERCOM senior NCO seat.
    Joint duty and IC-detail are the broadening assignments that compound at the SFC slot read and the IC-civilian conversion conversation. The senior NCO seat at NSA-CSS Fort Meade, the DIA detail at the DIAC at Joint Base Anacostia-Bolling, the CIA detail at Langley, or the USCYBERCOM senior NCO seat at Fort Meade is typically 2-3 years out of the line-MI-brigade or CMF team track. The cost is the time out of the brigade enlisted-management cell's senior rater pipeline; the upside is the institutional credential, the joint-duty credit on the record brief, and the post-service market value of the IC-detail experience. The senior NCOs who land the strongest IC-civilian conversion inflections usually have at least one joint-duty / IC-detail tour on the record.

How the Seat Varies by Unit Type

  • Cyber Mission Force (CMF) team element NCOIC at NSA Fort Meade / NSA Georgia / NSA Hawaii / NSA Texas / NSA Colorado
    The CMF team architecture USCYBERCOM operates is the primary 35Q operational seat. The SSG NCOIC on a CMF team element owns a 6-12 soldier Army-side element inside a joint workforce that includes Navy CTNs, Air Force 1Ns, Marine 0651s, and IC-civilian operators from NSA-CSS and the senior cleared-contractor cohort. The work-role qualification framework runs under DoDM 8140 and the joint workforce qualification standards; the team chief at NSA reads the element's readiness through the JQR currency rate, the IAT credential currency, and the product output the supported command uses. The senior NCO bench at this billet runs through the 780th MI Brigade or the 706th MI Battalion enlisted-management cell on the Army side.
  • 780th MI Brigade (Cyber-Aligned) section NCOIC at Fort Meade or the brigade's operational subordinates
    The 780th MI Brigade is the Army's cyber-aligned MI brigade — the senior MI NCO bench for the cyber-intel community. The SSG section NCOIC at the 780th runs an Army-side analytic or operational section inside the brigade's task organization, supporting USCYBERCOM and NSA-tasked missions. The OPTEMPO is contested-network operational; the senior NCO trajectory runs through the brigade CSM's slate at the 780th and the INSCOM senior NCO chain. TS/SCI with polygraph is universal; the credential stack and the IC-civilian conversion network are structural advantages.
  • 706th MI Battalion section NCOIC at the Cyber Center of Excellence at Fort Eisenhower
    The 706th MI Battalion (legacy 706 MI Group at NSA Georgia, now reorganized and aligned with the Cyber Center of Excellence at Fort Eisenhower per recent restructuring) supports the cyber-intel mission set and is co-located with the SLC schoolhouse for the 35-series and 17-series career fields. The SSG section NCOIC at the 706th runs an Army-side section inside a workforce that interfaces directly with the Cyber Center of Excellence cadre and the senior cyber-NCO bench. The OPTEMPO is operational; the institutional credential of a 706th tour reads heavy at the SFC slot conversation.
  • INSCOM major subordinate command section NCOIC (902nd MI Group at Fort Meade for CI / security-investigations adjacency, NGIC at Charlottesville for technical intel adjacency, other INSCOM ops subordinates)
    INSCOM's major subordinate commands each run distinct cryptologic / intel mission sets. The senior NCO trajectory at these billets runs through the INSCOM senior NCO chain at Fort Belvoir; the credential stack and the joint-duty credit at these billets compound at the SFC slot read and the IC-civilian conversion inflection. The cryptologic-specific seats at INSCOM are smaller in number than the line-MI billets; the senior NCO bench is tight and the read propagates fast.
  • USCYBERCOM senior enlisted detail / joint-duty NCOIC at Fort Meade
    The USCYBERCOM senior enlisted detail is the joint-duty NCO seat at the unified command headquarters for cyberspace operations. The SSG (and SFC, MSG, SGM) senior enlisted seat at USCYBERCOM is the joint workforce institutional seat; the credential is one of the strongest on the senior NCO record brief and the IC-civilian conversion inflection compounds materially. The decision to seek this assignment is typically made through the brigade SGM and the INSCOM senior NCO chain; the slot is selection-based and the timing aligns with the SLC graduate / SFC promotable window.

What Good Looks Like at This Rank

The good SSG 35Q runs an element the team chief at NSA names in the Service Cryptologic Element shift turnover and the MI battalion CDR at the 780th MI Brigade or the 706th MI Battalion names in the brigade slide. His SGTs are SLC-board-ready; his SPCs are on the SGT-board slate when their time comes; his element's product portfolio survives the next echelon's read and the supported command actually uses it. He has three work-role qualifications across his career, IAT-III current, Foundry catalog continuing-education seats consumed, ICD 203 / 206 / 208 tradecraft fluency demonstrated through his actual product portfolio, and a senior rater commentary on his NCOER profile that has named him for the SLC slot at the Cyber Center of Excellence at Fort Eisenhower in writing. He runs the section's training plan honestly — quarter-aligned, mapped to the team's inventory, sequenced to produce one work-role-instructor-qualified NCO and three certified operators on the team's second-most-demanded work-role every six months. He defends the section's readiness picture to the team chief and the senior officer chain even when the answer the room wants is different — the SSG who can say 'this position is not currently qualified' and quote the DoDM 8140 paragraph, the ICD 705 section, or the AR 25-2 chapter that backs the call is the SSG whose call survives the senior officer pushback. He runs serious PT with the section; the element's ACFT pass rate is at or above the brigade average. He has the warrant-officer-track and IC-civilian conversion conversation honestly with each of his soldiers before their next re-enlistment window closes. The 352N SIGINT Analysis Technician path, the 17A Cyber Warfare Officer commissioning path, the IC-civilian conversion path at GG-13 / GG-14 at NSA-CSS / DIA / CIA / USCYBERCOM, the senior cleared-contractor path at Leidos / Booz Allen / MITRE / CACI / ManTech / SAIC at the principal-analyst or program-manager tier — he names them all, with the honest selection-rate conversation, the family-separation cost analysis, and the post-service market analysis. The soldier who re-enlists under his counsel walks into the next inflection with credentials the cleared-contractor sitting across the SCIF is bidding on, or with the clearance and JQR jacket that translates directly to the federal civilian seat. The soldier who ETSs under his counsel walks out with the post-service plan built 18-24 months ahead, not started at the orders date.

Preview — The Next Rank

The next level at SSG is SFC — the senior cryptologic / cyber NCO seat at a Cyber Mission Force team, an MI company analytic platoon, a brigade S2 cell, or an INSCOM major subordinate command operational element. The structural shift from SSG to SFC is the shift from running a 6-12 soldier section to running an entire enlisted workforce — 20-40 soldiers, the platoon's training plan, the warrant officer accession pipeline, the IAT-II / IAT-III credential pipeline, the NSA / USCYBERCOM detail assignment slate, retention, discipline, and the senior rater commentary that picks the next SSG / SFC slate at the brigade level. The brigade CSM and the team chief at NSA stop reading you as the section senior NCO and start reading you as the platoon's institutional voice. The SLC graduate credential is the SFC promotion gate; the senior rater commentary on the NCOER is the slot read; the IC-fluency credential stack (Foundry senior catalog, ICD 203 / 206 / 208 fluency demonstrated through actual product portfolio, joint-duty credit at NSA / DIA / CIA / USCYBERCOM, language proficiency where applicable) is the institutional credential that compounds at SFC and inflects at the IC-civilian conversion conversation. The SFC tour is typically 24-36 months at a CMF team or MI company analytic platoon, with the senior rater profile that names you for the MLC slot at NCOLCoE Fort Bliss and the 1SG / MSG bench conversation that opens at the next centralized HRC board. The IC-civilian conversion conversation moves from "serious option" at SSG to "structural inflection point" at SFC. The senior cleared-contractor world bids on SFC 35Q operators with 3+ work-role qualifications, IAT-III current, SLC graduate, Foundry senior catalog credentials, and a clean TS/SCI with polygraph at the principal-analyst / program-manager / senior-advisor tier ($180-250K base depending on the metro and the senior-tier seat). The direct IC-civilian conversion at NSA-CSS / DIA / CIA / USCYBERCOM (GG-13 / GG-14 entry tier, with GG-15 / SES inflection over 5-10 years) is the highest-tier path. The senior NCOs who start the conversation at SSG and compound through SFC are the senior NCOs who land in the higher tier at the SFC inflection or the retirement inflection; the ones who don't land in the senior analyst tier — still strong, still six figures, but a tier below what the planned senior NCO landed at.
FAQ

35Q E6 — Frequently Asked Questions

Q01What does a E6 35Q (Cryptologic Network Warfare Specialist) actually do?
You own a 6-12 soldier Army-side element on a joint team or platoon-equivalent of operators.
Q02What's the most important thing to know as a E6 35Q?
SSG 35Q is where the joint cryptologic workforce stops treating you as a service-uniform decoration and starts treating you as a senior operator with a vote.
Q03What does a typical day look like for a E6 35Q?
Time-blocked day at the E6 35Q rank tier: 0500 Wake. Phone check — overnight section emergencies. Soldier in jail? Family deathgram? Team chief at NSA needs a back-brief on the overnight CMF tasking? Clearance flag on a section soldier needing the SSO and senior officer chain coordinated? You are the senior Army NCO the element looks to first. The platoon sergeant or 1SG hears about it as you walk in, 0530-0630 PT formation. You report element accountability to the platoon sergeant.…
Q04What mistakes get E6 35Q soldiers fired or relieved?
DUI / Article 15 / drug pop / financial issue surfacing on the SF-86 reinvestigation. At SSG in this MOS the clearance pull is structurally more terminal than in line-MOS career fields because the TS/SCI with polygraph is the credential the joint workforce and the post-service market both run on. Separation under AR 635-200, clearance revocation, IC-civilian conversion path closed, the senior cleared-contractor market closed,…
Q05What career decisions matter most at the E6 35Q rank tier?
Re-enlistment timing — first window after E-6 pin-on, with the 35Q-specific bonus tier and the IC-civilian conversion conversation both in play — The first re-enlistment window after E-6 pin-on is the most consequential financial and career decision of the SSG tour. The MOS-specific retention bonus for 35Q is published in the current SRB MILPERs and varies by retention tier and time in service; pull the current MILPERs before the conversation. The competing inflection is the IC-civilian conversion at GG-13 / GG-14 (NSA-CSS, DIA, CIA,…
Q06What's next after E6 for a 35Q (Cryptologic Network Warfare Specialist) in the Army?
The next level at SSG is SFC — the senior cryptologic / cyber NCO seat at a Cyber Mission Force team, an MI company analytic platoon, a brigade S2 cell, or an INSCOM major subordinate command operational element.
Q07What manuals and regulations does a E6 35Q need to know cold?
FM 2-0; JP 3-12 — Cyberspace Operations; JP 2-0 — Joint Intelligence; JP 3-60 — Joint Targeting.; ICD 203 — Analytic Standards; ICD 206 — Sourcing; ICD 208 — Utility of Analytic Products.; ICD 503 — IC IT Risk Management; ICD 705 — SCIF Standards.

This playbook has no tips yet. Be the first to share what you know.

Published by the Honest MOS Editorial DeskVerified against DoD/.gov sourcesUpdated May 2026Editorial standards