←Back to 35T Military Intelligence (MI) Systems Maintainer/Integrator — overview, pay, training, civilian translation, reviews
35TE1-E3
Military Intelligence (MI) Systems Maintainer/Integrator
E-1 to E-3 (Junior Enlisted) · Army
HEADS UP
Your TS/SCI — almost always with CI poly for the seat you are about to sit — is the most valuable thing in your wall locker, and it is on probation every day for the next twenty years. The 35T job content can be re-taught; the clearance cannot. Treat it like the rifle you signed for in BCT and the COMSEC line you will sign for next week. One cell phone past the SCIF mantrap, one shared JWICS password, one undeclared foreign contact, and you are out of the SCIF the same afternoon.
The Honest MOS Read
You enlisted, finished BCT (Fort Jackson, Fort Sill, Fort Moore, or Fort Leonard Wood depending on cycle), and shipped to Fort Huachuca, AZ — the U.S. Army Intelligence Center of Excellence (USAICoE) — for 35T10 Military Intelligence Systems Maintainer / Integrator Advanced Individual Training. The course is run by the 111th Military Intelligence Brigade and is one of the longer enlisted AITs in the Army at roughly six months, because the syllabus has to take a civilian or BCT-fresh soldier through Windows and Red Hat server administration, networking (TCP/IP, routing, switching, VLAN), basic cybersecurity, COMSEC handling familiarization, and MI-specific platform integration — DCGS-A (Distributed Common Ground System – Army), the Trojan family of strategic SIGINT systems, Prophet Enhanced and the tactical SIGINT collection variants, and the JWICS / NSANet / SIPR infrastructure layers the MI workforce rides on top of. You will sit in a classroom. You will rack and re-cable gear in a lab. You will image a server off an approved baseline and join it to a test domain. You will troubleshoot a query node that the cadre broke on purpose. You will also do the unglamorous side — STP 34-35T checklist signoffs, ICD 705 SCIF familiarization, the IAT-II prerequisites under DoDM 8140, and the Security+ exam most cohorts are pushed through during the course because Sec+ is the DoD cyber workforce baseline for the seat you are about to occupy.
Before you ever sat down in a Huachuca classroom you went through the Single Scope Background Investigation (now restructured under Trusted Workforce 2.0 / Continuous Vetting per Security Executive Agent Directive 4), and for the 35T seat the requirement is TS/SCI almost always with CI polygraph because the systems you maintain carry SCI compartments and connect to NSA / CSS infrastructure at Fort Meade and forward sites. The TS/SCI access is your job-enabling credential — and it is read-in inside the SCIF by a Special Security Officer (SSO) when you arrive at your unit. You do not get to talk about what runs on the iron you maintain. You do not get to talk about the customer agencies your systems connect to. You do not get to put the specific platforms on your LinkedIn at ETS in any way that compromises the program. AR 380-5 (Department of the Army Information Security Program), AR 381-10 (US Army Intelligence Activities), and AR 380-67 (Personnel Security Program) are the governing regs; you sign read-in paperwork on top of them. AR 380-40 (Safeguarding and Controlling COMSEC Material) is the reg that runs your daily life from the first day you touch a key load.
You will land at one of three kinds of seats coming out of Huachuca. The most common: a BCT Military Intelligence Company (MICO) maintenance section or a brigade S2 systems cell at one of the BCTs around the Army (1st AD at Bliss, 1st CAV at Cavazos, 1st ID at Riley, 3rd ID at Stewart, 4th ID at Carson, 10th MTN at Drum, 25th ID at Schofield, 82nd ABN at Bragg, 101st AAB at Campbell, 173rd at Vicenza, 2nd Cav at Vilseck, the Stryker BCTs at JBLM and Wainwright). Less common but real: a divisional MI battalion or MEB MI element, a theater MI brigade slot (470th MI BDE at JBSA-Fort Sam Houston for SOUTHCOM, 500th MI BDE at Schofield Barracks for INDOPACOM, 501st MI BDE in Korea, 66th MI BDE at Wiesbaden for EUCOM, 513th MI BDE at Fort Eisenhower — formerly Fort Gordon, renamed in 2023 — supporting CENTCOM, 207th MI BDE for Africa), an INSCOM unit at Fort Belvoir, or one of the named MI brigades with a national-mission slice — 780th MI Brigade at Fort Eisenhower (the cyber-MI formation), 706th MI Group at Fort Meade co-located with NSA / CSS. The national-detail seats at NSA, CIA, DIA, or FBI are uncommon for E-1 to E-3 and almost always go to soldiers with a specific skill identifier, a language, a follow-on school, or a HRC-directed assignment.
The day-to-day job at PV2/PFC level in a BCT MICO maintenance section or a brigade S2 systems cell is not the recruiter pitch. You will spend a real percentage of your week shadowing the senior 35T (an SPC or SGT who is JQR-signed on the work-role you are headed toward), racking and re-cabling gear, running cable through a Prophet Enhanced shelter in the motor pool with a roll of CAT-6 and a toner, sitting next to the senior maintainer while he troubleshoots a DCGS-A query-tier node that stopped ingesting at 0300, and grinding the unglamorous workforce of an MI shop: COMSEC inventory under AR 380-40, the EKMS / KMI log discipline, classified destruction runs (SF 153 transfer / receipt, DA 3964 cover sheets, two-person integrity), SF 700 / SF 701 / SF 702 container and end-of-day forms, IAVA closure ticklers on the systems you are signed off to touch, clearance reinvestigation paperwork that the SSO chases you about, and the standing morning system-uptime SITREP nobody told you was on you when you in-processed. You are also doing the typical BCT garrison soldier work — formations, motor pool, sensitive-item layouts, mandatory training, sergeant of the guard rotations on light weeks — because no matter what your AIT cost the Army to put you through, the company commander still owns you for unit readiness.
The other reality of the SCIF: you do not work in an open building. The MI SCIF is a hardened, ICD 705-accredited space with controlled physical access (mantrap, badge reader, often a biometric reader on top), no personal electronics beyond the door, no cameras, no recording devices, no smart watches, no fitness trackers, no wireless earbuds, no anything with a microphone or a radio. The SSO inspects on this. The brigade S2 OIC reads the SSO's report. The Defense Counterintelligence and Security Agency (DCSA) reads the report two echelons later. Walking a cell phone through the mantrap — even by accident — is a security incident, and the response is a documented out-brief from the SSO, often immediate access suspension while a TARP (Threat Awareness and Reporting Program, AR 381-12) review runs. The DoDM 5105.21 SCI Administrative Security Manual is the day-to-day plumbing that governs the inside of the SCIF; it is on the SSO's wall and you should read the soldier-facing chapters in your first month.
A note on the IAT credentialing path under DoDM 8140 (the DoD Cyber Workforce framework, which replaced DoD 8570.01-M). The 35T billet is almost always coded IAT-II at the maintainer / integrator level, with IAT-III work roles waiting for the SPC / SGT who picks up the senior credentials. CompTIA Security+ (the SY0-701 exam at current cycle) is the most common entry credential funded by the unit; Network+ and A+ stack on it for the broader CompTIA baseline. The exam fees and vouchers are typically funded through unit training funds or the Army Credentialing Assistance (ACA) program (distinct from Tuition Assistance, capped at the published annual amount in the current ACA MILPER, and routed through ArmyIgnitED). The 35T who walks into a unit without Sec+ is the 35T whose first months in the SCIF are spent studying for it on top of the JQR pipeline — pass it in AIT if your cohort offers the test, or sit it inside your first six months if it did not.
A note on pay and money the recruiter probably blurred. 35T does not carry an MOS-specific special pay. You are on the standard enlisted base pay table with BAS and BAH for the duty station. What does exist: Foreign Language Proficiency Bonus (FLPB) under DoDI 1340.27 if you carry a current DLPT score on a controlled language at the required levels (uncommon for 35T-only soldiers, but real for soldiers with a heritage language or prior DLI time); Critical Skills Retention Bonus (CSRB) in cycles for specific intel and cyber skill identifiers — pull the current HRC MILPER message before assuming any number; assignment-specific incentive pay for some hard-fill billets. The Blended Retirement System TSP match (1% automatic, up to 4% additional matching on a 5% contribution) is the largest financial decision of your first enlistment. Junior 35Ts make more on the civilian side once they get out and the clearance is current — talk to the senior maintainer about the IC contractor market — but the soldiers who maxed TSP from PV2 forward leave with a balance that compounds for the next thirty years.
Career Arc
- 01BCT (one of the Army's basic-training installations), then ship to Fort Huachuca, AZ for 35T10 AIT (~6 months under the 111th MI Brigade at USAICoE).
- 02TS/SCI with CI polygraph adjudication completes; SCI read-in at AIT and again at the gaining unit's SCIF by the SSO.
- 03First duty assignment: BCT MICO maintenance section / brigade S2 systems cell, divisional MI battalion, MEB MI element, theater MI brigade, named MI brigade (780th, 706th, 470th, 500th, 501st, 66th, 513th, 207th), INSCOM unit, or national detail (rare).
- 04Sec+ on the wall by month 6 if not earned in AIT; IAT-II compliance under DoDM 8140 locked in.
- 05First JQR / OJT work-role signoff under STP 34-35T — typically inside 12-18 months at the unit.
- 06Month ~6 TIS: E-2 automatic per AR 600-8-19; month ~12 TIS / 4 mo TIG: E-3 / PFC.
- 07First Foundry / vendor / Army training course slots consumed — DCGS-A familiarization, COMSEC user, baseline networking; the warrant on the team tracks slot utilization.
Common Screwups
- ×Taking a personal electronic device — phone, smart watch, wireless earbuds, fitness tracker — through the SCIF mantrap. Even once. SSO pulls access that afternoon, generates a security incident report, and DCSA reviews; your seat sits empty for weeks or months while the investigation runs.
- ×Failure to self-report a foreign contact, foreign travel, marriage to a foreign national, unexplained financial event, or a criminal indicator under AR 381-12 (TARP) and SEAD 3. Continuous Vetting will surface it before you do and the conversation moves from SSO administrative to CI investigative.
- ×DUI / drug pop / off-post arrest with a TS/SCI and CI poly on the line — the clearance suspension runs in parallel with the AR 635-200 chapter 14 separation paperwork. You will leave the SCIF the same afternoon and the access never comes back.
- ×ACFT fails, body comp fails, or HT/WT taping under AR 600-9 going the wrong way — flagging stops your Foundry / vendor school slots, IAT credentialing test funding, your promotion-points stack, and your TS reinvestigation paperwork.
- ×Talking shop off-post. To a roommate, a girlfriend, a bartender, the squad in the parking lot. Spillage is a CI investigation; CI investigations close some clearances and end some careers in this MOS.
A Day in the Life
- 0500Wake. Coffee. Phone check for any overnight maintenance page that would have rolled to the on-call rotation (most BCT MICOs run an on-call for the senior maintainer, but the cherry maintainer checks the alerts as a habit). PT uniform on, badge in pocket.
- 0530PT formation. The MICO or HHC takes accountability of the platoon. The senior maintainer and the warrant typically PT with the company.
- 0545-0700Unit PT. The maintenance shop tends to be average on PT — not bad, not elite — and a cherry 35T who runs a strong 2-mile stands out at the brigade S2 senior NCO read.
- 0700-0900Hygiene, DFAC or barracks breakfast, change into OCPs. Walk to the MICO maintenance bay or the SCIF systems room.
- 0900First formation / morning stand-up. The senior maintainer or SSG NCOIC briefs the day — open tickets, IAVA status, any incidents from overnight, the day's priority work. You stand behind the senior maintainer and pick up the priority items.
- 0915-1130Maintenance work. Shadow the senior maintainer on a DCGS-A query node troubleshoot, rack cable in the SCIF, run a STIG hardening pass on a workstation batch, sit second-position on a COMSEC key load. The JQR signoff opportunities live in this window — ask for them when the task is the one you need.
- 1130-1300Chow. The SCIF empties for chow; the watch hands off to whoever is staying behind. You eat with the other cherry maintainers in the MICO or the brigade S2.
- 1300-1500Afternoon section work. JQR signoff drills, vendor / Foundry course prep if you have a slot coming up, IAVA closure on workstations the team has assigned to you, cable plant cleanup in the SCIF, destruction line if it is your day on the rotation.
- 1500-1630Final huddle. SF 702 walk-around begins; SF 701 end-of-day SCIF checklist starts. Sensitive items, classified materials, COMSEC containers all accounted for. Hand-receipt reconciliation on any property you signed for during the day. Sensitive items (CACs, classified media, COMSEC) checked in.
- 1630Released, most days. If the SCIF has a contested-network exercise running or a real-world contingency, the rotation changes by hours or days.
- 1700-2000Personal time. Gym, study (Sec+ if not yet on the wall, then Net+ / A+ / CCNA in sequence), college via TA / CLEP / DSST, correspondence courses for promotion points. The cert stack at this rank compounds the most for soldiers who use the evening hours.
- 2000-2200Sleep prep. Tomorrow starts at 0500. If you carry a language, an hour of DLPT-band sustainment reading is the cheapest FLPB you will ever earn.
- Watch / shift rotationMI shops run 24-hour watches during exercises and contingencies. The night shift is 12-hour blocks; you sleep when the watch hands off; the morning SITREP on system uptime is briefed by whoever has the picture at 0530 regardless of which shift owns it.
- CTC rotation (NTC, JRTC, JMRC) or field problemYou move to the SCIF tent or the BCT TOC SECRET enclave with the brigade. The clock collapses; the watch runs 24/7; the senior maintainer and the warrant are watching how you sustain the iron at hour 200 of a 14-day rotation. You run cable in tents, you re-image servers on generator power, you sit second-position on COMSEC re-keys at 0200, and the morning the brigade BUB happens at 0530 the COP is up because the iron stayed up.
Weekly Cadence
The Mon-Fri rhythm in a BCT MICO maintenance section or brigade S2 systems cell runs on the brigade staff battle rhythm, not the company training schedule. Monday is the heaviest planning day for the shop — the senior maintainer and the warrant triage the week's tickets in the 0900 stand-up, the IAVA queue gets walked, the patch-cycle schedule is published, and the priority work assignments come down. As a cherry maintainer your Monday is dominated by the shadow assignments the senior maintainer hands you and the JQR signoff opportunities that live in the priority queue.
Tuesday and Wednesday are typically the maintenance-heavy days. Patch deployments fall on planned maintenance windows (often Tuesday night or Wednesday after-hours for the SCIF enclaves), STIG remediation is queued through the week, cable plant cleanup and rack work happens during business hours. The senior maintainer pulls you through the technical drills — service restart procedures on DCGS-A, log scrape on a query-tier node, the order-of-operations for a federation handshake. The good cherry maintainer uses Tue-Wed to build the JQR pipeline the SSG NCOIC will grade on at the next signoff cycle. Thursday is often the brigade-process day — the S2 / S6 working group, the IA governance review, the cyber-readiness brief preparation. Friday is the company-level event day (PT, awards, safety stand-down, mandatory training) and release; the maintenance shop tries to clear the queue and close the IAVA tickets by Friday EOD.
The week's second rhythm is administrative and compliance. Mandatory training cycles (SAEDA / TARP, cyber awareness, OPSEC, insider threat, COMSEC user, SHARP, EO) run on schedules the brigade S2 SGM publishes; non-compliance roll-ups come out monthly. Continuous Vetting under SEAD 4 runs in the background and your part is self-reporting under AR 381-12 / SEAD 3 inside the published windows. The SSO's quarterly SCIF walk-arounds, the annual CCRI / CORA cyber inspection, the semi-annual COMSEC inventory under AR 380-40, and the periodic ICD 705 SCIF accreditation re-validation are events the SSG will pull the section together to prepare for. CTC train-ups, real-world contingencies, and named exercises collapse the rhythm — when the brigade is in a train-up cycle the maintenance bay stays at high-tempo for weeks and the garrison rhythm rebuilds on the other side.
Key Skills — How to Drill Each
- 01Operate inside an MI SCIF to AR 380-5 and ICD 705 standards — badge discipline, two-person integrity on classified, escort protocols, classified discussion only inside spaces rated for it, SF 700 / SF 701 / SF 702 cycle clean every duty day.SCIF discipline is the most-inspected and least-glamorous part of the job. AR 380-5 and DoDM 5105.21 govern; ICD 705 is the physical-security standard for the room itself. Read the soldier-facing chapters in your first month. Build the muscle memory on your container forms: SF 700 (container information — the names and contact info inside the front of the safe), SF 701 (activity security checklist — the end-of-day SCIF walk), SF 702 (security container check sheet — open/close log with initials, time, witness). Two-person integrity on classified material means two people with their own credentials witnessing the action; one person and a counter-signature later is not two-person integrity, and the IG will note it. The SSO walks the room quarterly; the cherry maintainer who built the habit early is the cherry maintainer the SSO does not chase.
- 02Trace a CAT-5 / CAT-6 / fiber run from the wall jack through the patch panel to the switch port — and punch down a 568B on copper or splice a fiber jumper if the SCIF cable plant breaks at 0300.Cabling is the first thing you will do alone and the most common thing you will do for the rest of your enlistment. Carry your own toner / tracer / cable tester in your bag from day one — do not borrow the senior maintainer's. Practice the 568B punchdown pattern on scrap cable in the shop on slow days; the first time you do it for a real run during a CTC train-up is not the time to be learning. For fiber, learn the connector types your enclave uses (LC, SC, MTP) and the polarity rules before you touch the patch panel. Label every patch you make on the panel with the date, ticket number, and your initials — the next 35T who inherits your cable mess is either the warrant on your team or the contractor who has to bill the unit to fix it.
- 03Image, patch, and STIG-harden a Windows / Red Hat workstation off the approved baseline image and rejoin it to the domain without breaking the GPO that the next echelon up enforces.Every MI enclave runs an approved baseline image — the AIE-2 (Army Intelligence Enterprise) or local enclave equivalent for the system you are touching. Read the unit S6 / G2 SOP twice before you image your first machine, and watch the senior maintainer walk through a full image-and-join cycle before you run yours. Validate post-image that the workstation pulled the right OU's GPOs (run gpresult /r on Windows, check the equivalent in your Red Hat config-management tool) before you push the machine to a user. The DISA STIGs are on public.cyber.mil — download the current checklist for the OS and run a CAT-I hardening pass on every machine before it leaves the bench. The CCRI auditor will run STIG Viewer against random workstations during inspection week — the workstation with your initials on the asset tag is the one that goes in the report.
- 04Drive the basic admin console on DCGS-A (Distributed Common Ground System – Army) at the maintainer level — service status, log scrape, restart procedures, escalation to the senior maintainer before you start guessing.DCGS-A is the Army's primary analyst-platform stack and has the steepest learning curve in the 35T iron inventory. Take the Foundry DCGS-A operator / maintainer courses your unit pushes you to in your first 12 months. Learn the service inventory — query tier, ingest tier, federation layer, dissemination — and the order-of-operations to restart them. Read the runbook the senior maintainer keeps inside the rack door. Pair with the SPC running the DCGS-A node for the first month; watch over his shoulder before you take the console solo. When the analyst pages you at 0200 because the COP dropped, your first move is to confirm the service state and check the log timestamps — not to type sudo systemctl restart on something you do not understand. Escalate to the senior maintainer before you guess.
- 05Inventory and handle COMSEC under AR 380-40 — EKMS / KMI workflow, two-person integrity, the LCMS / DTD log discipline, the destruction line — every page accounted for, every signature witnessed, no floating keys.COMSEC is the line nobody in this MOS gets to cross twice. AR 380-40 (Safeguarding and Controlling COMSEC Material) governs everything from key handling to inventory to destruction. The KMI (Key Management Infrastructure, which replaced EKMS as the strategic system but the field still uses both terms) is the digital backbone; LCMS (Local COMSEC Management Software) is the unit-side tool; the DTD (Data Transfer Device) is the loader. Two-person integrity means two cleared people physically present with their own credentials for every key handling event. Page-count, signature, witness signature, log entry, container locked, SF 702 stamped — the same five steps every time. The Officer of the Watch / SSG NCOIC will witness your first key load; do not skip a step because you are tired. The semi-annual COMSEC inventory is the inspection the senior NCO loses sleep over; the cherry maintainer who treats every daily log entry like it is going to be audited is the cherry maintainer who never has to explain a finding.
- 06Pass the IAT-II prerequisites — CompTIA Security+ is the most common entry credential funded by the unit under the DoDM 8140 Cyber Workforce framework. Stack Network+ and A+ on it inside the first 18 months.Sec+ is the DoD cyber workforce baseline for the 35T billet. If your AIT cohort sat the test, you walk in with the cert; if not, sit it inside your first six months at the unit. Use Professor Messer's free YouTube series and the official CompTIA SY0-701 objectives PDF as your study spine; sit a practice exam from a reputable bank (Boson, Jason Dion) before you schedule the real test. Net+ before Sec+ is the easier ramp if you are weak on networking from AIT; A+ rounds out the CompTIA baseline. The Army Credentialing Assistance (ACA) program funds the exam fees and vouchers through ArmyIgnitED — submit early in the fiscal year before the annual cap fills. The senior maintainer on the team will quiz you on weak domains if you ask.
Manuals & References — What Chapters Matter
- AR 25-1 — Army Information Technology; AR 25-2 — Army CybersecurityAR 25-1 is the policy roof for everything on the Army network — authorities, governance, IT investment. AR 25-2 is the cyber side — account management, incident reporting timelines, training compliance, system authorization. You will be quoted out of both during your first CCRI prep; at minimum read the table of contents in each so you know which document the answer lives in. The senior maintainer redlines tickets back to specific paragraphs in AR 25-2.
- AR 380-5 — DA Information Security Program; AR 380-40 — Safeguarding and Controlling COMSEC; AR 380-67 — Personnel Security ProgramYou sign for material under AR 380-5 every duty day — classification levels, storage and accountability (SF 700/701/702/153), transmission rules. AR 380-40 governs your COMSEC life; this is the reg the inventory inspection is run from. AR 380-67 governs your continued eligibility to be in the SCIF at all. Read AR 380-5 and AR 380-40 cover-to-cover in your first 60 days; reread the storage and accountability chapters quarterly.
- AR 381-10 — US Army Intelligence Activities; AR 381-12 — Threat Awareness and Reporting Program; DoDD 5240.01 — DoD Intelligence Activities; EO 12333AR 381-10 governs Army intelligence activities and the Procedures 1-15 oversight rules that the Army Intelligence Enterprise operates under. AR 381-12 (TARP) tells you what to report, when, to whom. DoDD 5240.01 is the DoD-level governing directive; EO 12333 is the executive-order baseline for all US intelligence activities. The CI office, the SSO, and the IG inspect on all of these. Read AR 381-12 before you arrive at the unit — the reporting windows are non-negotiable.
- DoDM 8140 — Cyberspace Workforce Qualification (replacing DoD 8570.01-M)The workforce-qualification chart that gates which IAT-coded billet you are allowed to sit. IAT-II for the maintainer work you will do; IAT-III for the senior integrator roles. Read enough of the manual to know which IAT level your billet maps to and which credentials (Sec+, CCNA-Security, CySA+, CASP+, CCNP-Security, CISSP) satisfy each level. Sec+ is the entry baseline for the seat you are about to occupy.
- ICD 705 — SCIF Accreditation Standards; DoDM 5105.21 — SCI Administrative Security ManualICD 705 is the physical-security standard for the SCIF — construction, access control, alarm systems, TEMPEST considerations. DoDM 5105.21 is the day-to-day SCI administrative-security plumbing — read the soldier-facing chapters in your first month. The SSO inspects on both. The DCSA and the cognizant authority re-accredit the SCIF on a published cycle and the maintainer who knows where the diagrams live is the maintainer the SSO calls when the inspector walks in.
- STP 34-35T — Soldier Training Publication for the 35T MOS; DISA STIGs at public.cyber.milSTP 34-35T is the JQR / OJT signoff document — the tasks, conditions, and standards the senior maintainer signs you off against for work-role qualification. Keep your STP signoff book in your bag every duty day. The DISA STIGs are the hardening checklists the CCRI auditor reads against your systems — download the current checklist for every platform you touch and run STIG Viewer against a test workstation early in your time at the unit. You want to know what a finding looks like before the inspection week makes it official.
Standards — How to Hit Each
- AIT graduate from the 35T course at Fort Huachuca; JQR / OJT signoff on the first work-role inside the published timeline — most teams expect first-position qualification inside 12-18 months.The JQR pipeline is the senior maintainer's gate — work-role-by-work-role, signoff-by-signoff, against STP 34-35T tasks. Carry the signoff book; ask for the next signoff opportunity when the senior maintainer is running the task you need. Volunteer for the hard work; the maintainer who only takes the easy signoffs is the maintainer whose JQR book takes three years to fill. Be honest about what you do not yet know — the senior maintainer would rather sign you off when you are actually ready than re-sign you when you broke something you should not have touched.
- IAT-II baseline credential on the DoDM 8140 list (CompTIA Security+ CE is the most common entry credential funded by the unit; A+ and Network+ stack on it).Start the Sec+ study during AIT or your first 60 days at the unit — sooner is better because the exam voucher is funded under unit training funds or ACA. Use the official CompTIA SY0-701 objectives PDF as your spine; sit a practice test before you schedule the real one. Pass it inside the first six months and the senior maintainer starts assigning you the IAT-II work the team needs done. A lapsed Sec+ (3-year credential, CEU-maintained) removes you from the IAT-II billet — track the expiration in ATCTS.
- TS/SCI with CI poly where the billet requires it, maintained without a flag — one mishandling incident on a SAP / SCI document and the SSO pulls your access that afternoon.Continuous Vetting under SEAD 4 runs in the background; financial, foreign, criminal, and behavioral indicators surface as flags. Self-report under AR 381-12 (TARP) and SEAD 3 inside the published reporting windows — foreign contacts, foreign travel, name changes, marriage to a foreign national, unexplained affluence, attempted elicitation, suspicious cyber activity. Self-report early, document everything, and the conversation stays administrative. Hide something and the conversation moves to CI. The CI poly cycle for the seat — typically a re-poly every five years, sooner if the seat moves — is the gate that catches what self-reporting did not.
- ACFT 500+ floor — the SCIF is sedentary by nature and senior NCOs notice the 35T who skates on PT.The MI community has worked hard to shed the soft-soldier stereotype. ACFT 500 is roughly average across the events; build it with lift days (deadlift, hex-bar carry, push-up volume), interval runs (the 2-mile is the score-killer), and grip/core work. The MICO 1SG and the brigade S2 SGM both notice the maintainer who out-PTs the line-platoon SPCs of the same rank. The good cherry 35T is not the soldier who scores 525; he is the soldier whose 525 makes the platoon's line infantry SGT say the intel guys are not soft.
- Annual SAEDA / TARP / cyber awareness / OPSEC / insider-threat / COMSEC user training complete before the suspense — your name on the brigade non-compliance roll is the wrong way to be noticed.Every mandatory training has a tracker (ATCTS, DTMS, IA Training, the unit-specific dashboard). The brigade S2 SGM publishes non-compliance roll-ups monthly. Set calendar reminders 30 days before each training expires. Do the trainings on a Wednesday afternoon when the shop is quiet, not the Friday before suspense. Print the certificates; submit them through your team lead and verify on the dashboard the next day. The cherry maintainer whose name is on the roll-up is the cherry maintainer whose next school slot is the one revoked.
Technical Mistakes — Concrete Consequences
- Taking a phone, smartwatch, wireless earbuds, or any personal electronic into the SCIF.The SSO pulls your access that afternoon, generates a security incident report, and DCSA reviews. The incident sits on your security file for the rest of your career. Your seat sits empty for weeks or months while the investigation runs. You will not be the first 35T this happened to in your shop, but you will be the last one the warrant trusted with the after-hours DCGS-A page for at least a quarter.
- Plugging a personal USB or unapproved external media into an MI system.The endpoint monitoring catches the device-class violation on the next pull. By the time you walk out of the SCIF the brigade S2 has a security incident report on the OIC's desk and the 1SG is in the captain's office by 1500. If the USB had any flagged content the matter is now a CI referral and your TS/SCI adjudication restarts from zero. The cleanup paperwork lives in your security folder for the rest of your career.
- Sharing a SIPR / JWICS / NSANet credential — even with your own team lead, even for thirty seconds, even to log a quick fix.Account sharing is logged in the audit trail. The next quarterly cyber audit or CCRI inspection finds it. AR 25-2 calls it a non-repudiation violation — once the password leaves your control, every action signed by your credential is no longer attributable to you. The SSO writes the finding; the SSG writes a counseling; the cherry maintainer's record carries the audit hit for the rest of the assignment.
- Closing a maintenance ticket without confirming the analyst can actually run the workflow again.The senior analyst reopens it at 0600 the next morning as ticket reopened, system still down, with cc to your team lead, the warrant, and the brigade S2 OIC. The morning BUB happens with a stale read because the COP did not refresh. The cherry maintainer's read in the shop flips from useful to box-checker, and the next escalation the warrant trusts you with is months away.
- Skipping a destruction log line or signing a buddy's COMSEC inventory you did not personally witness.AR 380-40 violations are the line nobody in this MOS gets to cross twice. A missing page on the SF 153 or a witness-signature without an actual witness becomes a 15-6 investigation that costs the company a month and the SSG NCOIC a counseling statement. The two-person-integrity violation goes in the unit security file; the SSO does not forget who was on the destruction shift that day; neither does the brigade S2 SGM.
Career Decisions at This Rank
- Security+ first vs Network+ first — which IAT-II baseline to sit when both are funded.Sec+ is the DoD 8140 IAT-II baseline — without it you cannot sit the IAT-II billet the team needs you to sit. Most 35Ts take Sec+ first because it is the gate. Net+ is the more technical exam and easier to absorb if your AIT was strong on the networking content; some maintainers find Net+ a better warm-up because the content overlaps with the Sec+ networking domain. Default is Sec+ first; flip the order only if your AIT performance was strong on networking and weak on compliance. The Army Credentialing Assistance pipeline funds both — the question is sequencing, not affordability. Stack A+ third for the broader CompTIA baseline.
- Volunteer for the tactical SIGINT / Prophet maintenance team vs the garrison SCIF enclave team.The BCT MICO and the brigade S2 maintenance footprint usually have both — a garrison-enclave team that runs the SCIF's fixed iron (DCGS-A nodes, domain controllers, storage, switching) and a tactical team that draws the Prophet Enhanced shelters, the BCT tactical SIGINT extension, the deployable analytic kits for CTC rotations and FTXs. The tactical team is harder, less predictable, and physically more demanding (you are in tents on generator power for two weeks at JRTC, not in an air-conditioned SCIF). The career payoff is real: the tactical-maintenance experience is what the post-service defense-contractor field-engineer market and the warrant officer (255S signals systems / 352-series MI technician) packets both weight. The garrison-enclave experience is tenure without the same skill compounding. Default: volunteer for the tactical slot when it opens.
- TSP enrollment under the Blended Retirement System (BRS).Every soldier enlisted after January 2018 is on BRS by default. The government auto-matches 1% and matches up to 4% additional on a 5% contribution. At PFC base pay the 5% contribution is real money out of a small paycheck, but it is the single highest-return decision of your first enlistment. The MI / cyber community holds 35Ts longer than line MOSes do; soldiers who maxed TSP from PV2 forward and stayed in for a full career retire with balances that compound for thirty years afterward. Talk to S1 in your first week. Default to 5%; raise it to the IRS limit when you can. The cleared-contractor market post-service typically continues 401(k) matching at a comparable or better rate — the habit compounds across both careers.
- Express interest in 35Q (Cryptologic Cyberspace Intelligence Collector) or 17C (Cyber Operations Specialist) reclass early — or stay 35T for the maintainer arc.The Army has been actively recruiting 35-series and other technical MOS soldiers into 35Q (the cryptologic / SIGINT-cyber collector path) and 17C (the cyber-warfare operator path). TS/SCI is already in place; the school pipelines at Fort Eisenhower and Fort Huachuca run several months and the wash rates are real. Most reclasses happen at SPC or SGT because the chain wants you to have basic 35T competence first. The honest test at PFC is whether you are interested in operating systems (35T maintainer arc — strong civilian IC contractor / sysadmin market) or interested in the offensive / defensive cyber operator side (17C arc — different post-service market, longer pipeline). You do not say yes or no at PFC; you express interest, you build the maintainer fundamentals, and the chain reads your work product when the reclass window opens.
- Off-post move and clearance / lifestyle math.Junior 35Ts in the barracks often want off-post the moment BAH math allows. The honest considerations: the TS/SCI with CI poly does not appreciate roommates with messy lifestyles (recreational drug use in your residence is a TARP / SEAD 3 reporting matter regardless of who is using); foreign-national roommates or romantic partners require self-reporting under SEAD 3 and can complicate Continuous Vetting and the CI poly cycle; off-post residence in a high-crime area surfaces in financial / criminal indicators that hit CV before you self-report. None of this means you cannot have a life — it means your lifestyle is part of the job. The married 35T with on-post housing has the cleanest CV profile; the single 35T off-post with a stable lease and a clean financial pattern has the second-cleanest. The single 35T chain-rotating roommates in a party-house off-post is the soldier the SSO will see most often.
How the Seat Varies by Unit Type
- BCT MICO maintenance section / brigade S2 systems cell (IBCT, SBCT, ABCT)The most common first assignment. You sit on the BCT MICO maintenance bench or in the brigade S2 systems cell, supporting the BCT's training and operational rhythm. The CTC rotation (NTC for ABCT/SBCT, JRTC for IBCT/light at Fort Johnson, JMRC at Hohenfels for Europe-stationed BCTs) is the most informationally-dense event of your first enlistment. The maintenance problem is tactical — Prophet Enhanced field fits, BCT-level DCGS-A nodes, deployable SIGINT extension kits, tactical Wi-Fi for the BCT TOC. The shop is small enough that everyone knows your name by month two; the reps come fast. The good news: broad exposure. The honest news: you sit at the tactical-maintenance end of the MI enterprise, and the strategic-systems experience comes later.
- Divisional MI battalion / MEB MI elementSlightly above the BCT — the divisional MI battalion supports the division G2 across the brigades, and the MEB (Maneuver Enhancement Brigade) MI element covers a different operational slice. The work is broader than a single BCT but the OPTEMPO is comparable. You will see more variety in the iron — different vehicle fits, different SCIF footprints — and you will rotate between BCTs as the division supports each one in turn. The senior maintainer bench is deeper, which means more JQR signoff opportunities but also more competition for the priority work.
- Theater MI Brigade (470th JBSA / SOUTHCOM, 500th Schofield / INDOPACOM, 501st Korea, 66th Wiesbaden / EUCOM, 513th Fort Eisenhower / CENTCOM, 207th Africa)The operational-strategic seat. You are working theater-level MI systems for a CCMD J2, not BCT-level systems for a brigade S2. The iron is heavier — the Trojan family of strategic SIGINT systems, theater-level DCGS-A integration, COCOM-level cross-domain solutions, federated query infrastructure to national agencies. The analytic standards the systems support (ICD 203 / 206) are applied with the rigor the IC publishes. Less common for a cherry first assignment but possible — typically requires a specific skill identifier or a HRC-directed slot. The trade-off: less tactical OPTEMPO, more system depth, slower pinning rhythm on average but a different career arc.
- 780th MI Brigade (Fort Eisenhower — formerly Fort Gordon, renamed 2023) / Cyber-MI formationThe cyber-MI elite track. The 780th is the Army's cyber-MI brigade and includes formations supporting offensive and defensive cyber operations. TS/SCI with CI poly is the floor; mission work is highly compartmented. Most 35Ts do not arrive directly into the 780th as a PV2 — the typical path is BCT MICO / brigade S2 maintainer → strong performance → 780th levy at SPC or SGT with a 35Q or 17C reclass conversation already on the table. If you land the slot as a cherry maintainer, the senior NCOs there are mentoring you toward the cyber-side career arc.
- 706th MI Group at Fort Meade (NSA / CSS-adjacent) / INSCOM HQ at Fort Belvoir / national detail (NSA, DIA, CIA, FBI)The national-strategic seat — uncommon at PV2-PFC. The 706th MI Group at Fort Meade operates alongside NSA / CSS infrastructure and supports the cryptologic enterprise; INSCOM HQ at Fort Belvoir runs the above-brigade Army MI architecture. National details at NSA, DIA, CIA, or FBI put an Army 35T on an IC-wide systems problem alongside civilian engineers and contractors. The work is closed-access in ways a BCT shop is not — you may have an access list of three people who can know what you actually work on. Career-defining for the 35T whose career arc is national-IC track; less applicable for the 35T whose career arc is tactical / operational Army.
What Good Looks Like at This Rank
The good cherry 35T is the PFC the senior maintainer brings to the after-hours DCGS-A page because the cabling she ran last week was labeled, the rack diagram she drew is taped inside the rack door, and the analyst who called the outage knew her name. She does not announce herself. She closes maintenance tickets with resolution notes that read like an engineering log — timestamped actions, services confirmed, analyst verification, clean categorization. She runs the SF 702 walk every duty day without anyone asking, and the SSO does not have to chase her on the SF 701 end-of-day SCIF checklist.
By month six the Security+ is on the wall — passed on the first sit because she put in the study during dead hours on staff duty and ran practice tests with the senior maintainer in the shop. The JQR signoff book is filling on schedule; the warrant on the team has started asking what vendor cert she wants to chase next (Network+ first if the COCG offered Net+ funding, CCNA if the brigade S6 has a Cisco-heavy fit). Her COMSEC handling is the kind the SSO holds up in the next user-briefing — every page accounted for, every witness present, every log entry timestamped to the minute.
By month eighteen she is the PFC the senior maintainer pulls into the Prophet maintenance bay for the BCT's CTC train-up, sitting next to the SPCs and the SGT, running an actual install-and-validate cycle on the tactical SIGINT package. The warrant has started asking her about the 255S / 352-series MI warrant officer track as a long-term play. The contractor on rotation has noticed the same things the warrant noticed. She is not pinning E-4 because of the calendar; she is pinning E-4 because the chain looked at her and decided this is somebody we want on the next maintenance bench.
Preview — The Next Rank
Specialist 35T (E-4) is the rank where the cert stack stops being aspirational and starts being your maintainer profile. The garrison-enclave path and the tactical-SIGINT-maintenance path produce visibly different soldiers by the time both are E-4s, and the difference compounds for the rest of the career. At E-4 you are still the technical worker, but you are also the first-line maintainer the new privates in the shop ask the procedure questions of, and the senior NCO will start trusting you with the projects that hurt: WSUS / SCCM patch cycles on the MI enclave, Active Directory user / group / GPO administration in a delegated OU, the DCGS-A query-tier configuration push that touches every analyst in the BCT, the Prophet Enhanced field-install you sign for during the CTC train-up.
The promotion math to SGT (E-5) runs through the semi-centralized AR 600-8-19 system — 36 months TIS, 8 months TIG (waivable in some cases), DA 3355 worksheet at max 800 points, monthly HRC cutoff (pull the current MILPER monthly for the 35T-specific cutoff), chain release. BLC (Basic Leader Course, 22 academic days at the regional NCO Academy) is the STEP gate for SGT — without BLC complete, no pin-on regardless of points. The cert stack you build now is what feeds your promotion points later: Sec+ is the IAT-II floor; CCNA, Network+, CompTIA CySA+, and the vendor stack (Cisco, Microsoft Azure, AWS, Red Hat RHCSA) all compound for the worksheet. The soldiers who pin E-5 on time use the E-3 / E-4 evenings to stack certs.
The other E-4 reality: this is the rank where the 35Q (cryptologic cyberspace collector) or 17C (cyber operations specialist) reclass packet becomes a serious conversation for the soldier who wants the cyber-operator arc; where the warrant officer (255S signals systems technician / 352-series MI technician) conversation begins for the soldier with strong technical depth; where the TS/SCI with CI poly gets a full re-look during the CV cycle if there have been life events; and where the chain starts looking at you for a school slot (Air Assault, Airborne, Foundry advanced catalog, Cyber Center of Excellence senior courses at Fort Eisenhower) that visibly shapes your senior-NCO trajectory. The senior maintainer you are working for now is writing your initial NCOER input — the bullets the centralized board will eventually read. Make the bullets easy to write: JQR signoffs completed, IAVA closures on schedule, COMSEC handling clean, no security incidents, no clearance flags.
FAQ
35T E1-E3 — Frequently Asked Questions
Q01What does a E1-E3 35T (Military Intelligence (MI) Systems Maintainer/Integrator) actually do?
You came out of AIT at Fort Huachuca — the U.S. Army Intelligence Center of Excellence, taught by the 111th MI Brigade.
Q02What's the most important thing to know as a E1-E3 35T?
Your TS/SCI — almost always with CI poly for the seat you are about to sit — is the most valuable thing in your wall locker, and it is on probation every day for the next twenty years.
Q03What does a typical day look like for a E1-E3 35T?
Time-blocked day at the E1-E3 35T rank tier: 0500 Wake. Coffee. Phone check for any overnight maintenance page that would have rolled to the on-call rotation (most BCT MICOs run an on-call for the senior maintainer, but the cherry maintainer checks the alerts as a habit). PT uniform on, badge in pocket, 0530 PT formation. The MICO or HHC takes accountability of the platoon. The senior maintainer and the warrant typically PT with the company, 0545-0700 Unit PT. The maintenance shop tends to be average on PT — not bad,…
Q04What mistakes get E1-E3 35T soldiers fired or relieved?
Taking a personal electronic device — phone, smart watch, wireless earbuds, fitness tracker — through the SCIF mantrap. Even once. SSO pulls access that afternoon, generates a security incident report, and DCSA reviews; your seat sits empty for weeks or months while the investigation runs; Failure to self-report a foreign contact, foreign travel, marriage to a foreign national, unexplained financial event, or a criminal indicator under AR 381-12 (TARP) and SEAD 3.…
Q05What career decisions matter most at the E1-E3 35T rank tier?
Security+ first vs Network+ first — which IAT-II baseline to sit when both are funded — Sec+ is the DoD 8140 IAT-II baseline — without it you cannot sit the IAT-II billet the team needs you to sit. Most 35Ts take Sec+ first because it is the gate. Net+ is the more technical exam and easier to absorb if your AIT was strong on the networking content; some maintainers find Net+ a better warm-up because the content overlaps with the Sec+ networking domain. Default is Sec+ first; flip the order only if your AIT performance was strong on networking and weak on compliance.…
Q06What's next after E1-E3 for a 35T (Military Intelligence (MI) Systems Maintainer/Integrator) in the Army?
Specialist 35T (E-4) is the rank where the cert stack stops being aspirational and starts being your maintainer profile.
Q07What manuals and regulations does a E1-E3 35T need to know cold?
AR 25-1 — Army Information Technology; AR 25-2 — Army Cybersecurity (read both your first month, even if you only read them once).; AR 380-5 — Department of the Army Information Security Program (you sign for material under this reg every day).; AR 380-40 — Safeguarding and Controlling Communications Security Material (COMSEC is half your job).
This playbook has no tips yet. Be the first to share what you know.
Published by the Honest MOS Editorial DeskVerified against DoD/.gov sourcesUpdated May 2026Editorial standards