←Back to IT Information System Technician — overview, pay, training, civilian translation, reviews
ITE4
Information System Technician
E-4 (Specialist/Corporal) · Coast Guard
HEADS UP
IT3 is the first paygrade where your name is on the maintenance logs and the STIG compliance reports. The Security+ CE is the DoD 8570.01-M IAT Level II baseline and it is not optional — a billet that requires IAT Level II without the cert is a compliance gap, and the IT1 will name who the IT3 on that billet is. Get the cert, then get the CySA+ study guide out before the next SWE cycle.
The Honest MOS Read
IT3 (Petty Officer Third Class — E-4) is the first rated paygrade in the Information Systems Technician rating, and the shift from striker to IT3 is more substantial than it appears from the outside. The crow on the sleeve means Petaluma certified you to perform the work; it does not mean the IT1 thinks you are ready for the work unsupervised on day one. The first three to six months at an IT3 billet are about demonstrating that the A-school training translates to the specific systems and the specific compliance requirements of your unit, and about learning the difference between book-trained and floor-qualified.
You are performing network administration tasks that your name goes on. Active Directory account creation and deactivation — the account audit trail names the technician who administered each change, and an orphaned account with domain access after a member has departed is a DoD 8570.01-M compliance finding with your account as the last modification entry. DISA STIG compliance checks on assigned Windows workstations and servers — you are using the current benchmark files from the DISA STIG portal, running the STIG Viewer against those benchmarks, identifying open findings by Finding ID and severity category, and documenting them accurately enough that the Information Systems Security Officer can review the report without calling you to explain what you wrote. Patch management — you are executing the IAVM cycle on assigned systems, applying patches through the command's approved management console, and documenting completion in the compliance tracker before the window closes.
The Security+ CE is the credential the IT3 billet requires under DoD 8570.01-M for IAT Level II. If you do not hold it, the billet is a compliance gap and the IT1 is accountable for the gap along with you. The IT3 who completes the Security+ within the first year of the rated billet is meeting the requirement; the IT3 who has the cert done before reporting to the first billet is ahead. The Security+ study overlaps substantially with the STIG work you are already doing — the Security+ domain framework maps directly to the NIST SP 800-53 control families that the STIGs implement — which means the two reinforce each other in practice. Study the control families; the STIG findings make more sense, and the Security+ exam domain knowledge deepens the STIG work.
The Servicewide Exam for IT2 is on the calendar now. The March and August SWE cycles are the gate to E-5, and the final multiple that determines whether you make the advancement list is built from the SWE score, the EER mark, the performance mark average, and any applicable bonus points. The SWE draws from the Coast Guard Institute's published bibliography for the IT rating — rating knowledge, military requirements, and leadership topics. The certification prep book that got you through the Security+ is not the same as the bibliography; supplement the cert prep with the actual bibliography materials the CG Institute publishes.
The IT3 is also the training pipeline for the IT strikers below you. The non-rate IT strikers working toward their A-school designation are watching how you handle a help-desk ticket, how you read a STIG finding, how you write a resolution note. What you model is what they learn. The IT2 who watches you train the non-rate is making the first observations about whether you have the mentoring instinct that the IT2 paygrade requires.
Career Arc
- 01IT3 crow pinned following Petaluma A-school completion. First rated IT billet — sector CIS shop, cutter C4I division, district information management office, or small boat station.
- 02DISA STIG compliance checks independently executed on assigned systems within the first 90 days. First change tickets with your name on them as the technician of record.
- 03CompTIA Security+ CE examination completed within 12 months of reporting to first IT3 billet. DoD 8570.01-M IAT Level II baseline met.
- 04IT3 EER first period closed. The IT2's input and the IT1's mark are the first formal evaluation record at this paygrade; the EER narrative should reflect measurable STIG compliance output and help-desk ticket resolution, not general performance descriptors.
- 05Servicewide Exam for IT2 taken on cycle. Bibliography-driven study plan, military requirements prep, and SWE final-multiple math done honestly before the registration window.
- 06Network+ CE and Security+ CE both current (renewal due on three-year cycles per CompTIA CE requirements). CompTIA CySA+ study initiated as the next credential step for IT2 advancement competitive posture.
- 07IT2 SWE advancement list or next SWE cycle preparation depending on cutting score. CGPSC advancement message reviewed for current IT2 SWE cutoff and final-multiple distribution.
Common Screwups
- ×Making a production network change — VLAN configuration, ACL modification, DNS entry update, account permission change — without a documented change ticket reviewed by the IT1 or IT2. The change that breaks the watchfloor network at 0200 is traced to the last entry in the change log. 'I was just checking something' is not a defense when the outage generates an incident report.
- ×Closing a STIG finding as Not a Finding or Not Applicable without a documented technical justification reviewed by the Information Systems Security Officer. The ISSO reviews POAM status quarterly; an unjustified closure on a CAT I finding is a compliance violation that generates a new, worse entry in the POAM with your name on the last status change.
- ×Fitness failure at IT3. The PFT cycle and body composition standards are identical for a technical rate as for an operations rate. An IT3 who fails the PFT at a sector CIS shop in a unit that has two or three ITs is failing in front of the entire shop, the OIC, and the sector command. The CGPSC advancement message does not distinguish between ratings when processing PFT failures.
- ×Financial mismanagement — debt collection, command notification of unpaid obligations, garnishment — at E-4. Security clearance adjudication at the next reinvestigation cycle will surface financial issues that developed at this paygrade. The IT rating is clearance-dependent; a financial issue that creates a reportable security concern at IT3 compounds at IT2 and potentially terminates at IT1 if the clearance is suspended.
- ×Unauthorized access to government systems — even curiosity-driven, even 'just to see what was there' — that generates an IT security incident report. The DoD 8570.01-M workforce framework puts the IT shop in a position of trust that is not consistent with curiosity-driven access. One incident report at IT3 permanently changes what the service record says about the member's reliability in a trusted IT role.
A Day in the Life
- 0530-0600Personal morning routine. Uniform inspection before leaving the room — the IT3 who shows up to PT in a squared-away uniform and to work in a squared-away work uniform is the IT3 the IT2 trusts with an independent STIG scan.
- 0600-0700Unit PT. The IT3 is in formation with the rest of the unit. No exceptions because of a compliance deadline or a pending ticket.
- 0700-0800Hygiene, breakfast, uniform change. In the shop by 0750 for the day's work brief from the IT1 or IT2.
- 0800-0900Open the STIG compliance tracker and the help-desk ticketing system. Review overnight tickets for urgency. Check the IAVM compliance calendar for any patch deadlines in the current week. Brief the non-rate striker on the day's tasks.
- 0900-1130Primary work block: STIG compliance scan on assigned systems, Active Directory account audit, patch management cycle, or help-desk ticket resolution depending on the day's priority. All change tickets opened before console sessions; all resolution notes written before closing tickets.
- 1130-1300Lunch. If there is a PQS item with a striker that needs to be done today, this is also when the brief walkthrough happens before or after the meal.
- 1300-1430Continued work block or documentation: STIG scan results entered in the POAM tracker, IAVM patch completion documented, EER input notes updated if there was measurable output in the morning block.
- 1430-1600Help-desk ticket queue cleanup: all open tickets in progress reviewed, status updated, escalations routed to the IT2 with complete diagnostic documentation. Brief the IT2 on any tickets that hit the escalation ceiling today.
- 1600-1700End of day: equipment secured, server room door checked, workstation locked, tickets logged. Brief the IT1 on the day's compliance output — what was scanned, what was found, what was remediated, what is pending.
- 1800-1900Personal time, dinner, unwinding.
- 1900-2000Security+ study or SWE bibliography review — 45 to 60 minutes, one domain or one source text section. Practice exam question set at the end with wrong-answer review.
- 2000-2130Personal time, call home, physical recovery. On heavy-workload weeks, some POAM documentation or ticket documentation that does not require access to the unit's classified systems can happen here from personal notes.
- 2130-2200Prep for the next day — uniform laid out, personal gear staged. The IT3 who shows up to the 0600 PT formation without having to scramble for the 0550 alarm is starting from a better position than the one who does not.
Weekly Cadence
The IT3's week is organized around two simultaneous tracks: the shop's operational and compliance obligations, and the IT3's own professional development cadence. Both run simultaneously and neither excuses the other.
The shop's operational track follows the unit's compliance calendar and help-desk demand. Heavy STIG scan weeks — typically tied to the command's quarterly ISSO review preparation — look like concentrated scans, POAM updates, and CAT I remediation work. IAVM patch weeks look like patch baseline verification, applied patches, and completion documentation. The help-desk demand is the continuous baseline underneath both; the IT3 is the first-responder on most tickets and the queue does not pause for compliance cycles.
Monday is the week's plan day — the IT1 or IT2 sets the compliance priority, the IT3 reviews the ticket queue, and the non-rate striker gets their task assignments. Friday is the documentation close-out day — all open tickets are either resolved with notes or escalated with complete diagnostic records before the end-of-day brief. Mid-week, the STIG compliance tracker and the IAVM calendar are the governing documents.
Professional development runs on a separate schedule the IT3 manages without prompting. Security+ study is a daily evening commitment. SWE bibliography review starts 90 days before the exam registration deadline. EER input notes are updated weekly — not the week the input cycle opens. The IT3 who treats professional development as the IT1's responsibility to schedule is the IT3 who does not make the IT2 advancement list on the first SWE attempt.
Key Skills — How to Drill Each
- 01Administer Active Directory user and computer accounts — create, modify, disable, and audit accounts per the unit's account-management SOP and DoD account-management requirements; no orphaned accounts left open after member departure.The AD account lifecycle is the most auditable trail in the IT shop. Build the habit of running a weekly orphaned-account check against the current personnel roster — cross-reference the active computer object list against the current unit personnel manifest. The policy is that accounts are disabled within 24-48 hours of a member's departure; the audit trail shows the exact timestamp of the last modification. The IT3 who can demonstrate a clean audit trail at every quarterly ISSO review is the IT3 the IT1 promotes to change-authorization independent status earliest.
- 02Perform a DISA STIG compliance check on an assigned Windows workstation or server using current benchmark files and STIG Viewer — identify open findings, document them with the correct Finding ID and status, and route them to the IT2 with a clear explanation of severity.Download the current benchmark files from the DISA STIG portal before every scan — do not use benchmark files from the previous quarter without verifying they are still current. In STIG Viewer, run the checklist against the system, document each finding with a status (Open, Not a Finding, Not Applicable, Not Reviewed), and write the finding comment with enough specificity that the ISSO can understand the finding without running the scan themselves. For a CAT I finding (severity category I — high), the comment must include the specific misconfiguration identified, the STIG rule title and discussion summary, and the proposed remediation path. Do not close a CAT I as Not Applicable without the IT2 and ISSO reviewing the technical justification.
- 03Execute a routine patch management cycle on assigned systems — verify baseline patch levels against current IAVM requirements, apply patches through the command's approved management console, and document completion in the compliance tracker.The IAVM cycle is not just about running Windows Update. DISA publishes IAVM notices that map CVEs to specific system baselines and define compliance windows. The IT3's job is to verify that each assigned system's patch level satisfies the IAVM notice requirement before the window closes and document the verification result in the command's IAVM tracking system. A system that is patched but not documented is indistinguishable from a system that was not patched in the compliance tracker. Write the completion note the same day the patch cycle runs.
- 04Configure and troubleshoot a managed switch port — assign a VLAN, verify port status, read the MAC address table to identify where a connected device lives, and clear a port error without guessing.For every switch configuration change, open the change ticket before you open the console session. Write the current configuration in the 'before' field, write the intended change, execute, verify the result, and write the 'after' configuration. If the change produces an unexpected result, do not immediately revert — document the symptom first, then escalate to the IT2 with the documentation. A revert without documentation produces a situation where the same change gets made again by the next IT3 without the institutional memory of what happened the first time.
- 05Respond to a help-desk ticket at the first-responder level — diagnose standard workstation faults, resolve within authorization, escalate with complete documentation when the ceiling is reached.Your ceiling as an IT3 is defined by the IT1's change-authorization authorization matrix. Anything inside your authorization, you resolve and document. Anything outside — firewall rule changes, server configuration modifications, domain-wide group policy changes — you escalate with a complete diagnostic record. The escalation document should include: the system, the symptoms, the physical-to-application diagnostic steps you completed and what each one found, the specific configuration or change you believe is required, and why you believe it is outside your authorization level. The IT2 who receives an escalation with this documentation can act on it; the IT2 who receives 'it doesn't work' starts from zero.
- 06Train IT non-rate strikers on PQS items, help-desk ticket intake, cable management standards, and physical security requirements for the server room.The IT3 who trains non-rates well is demonstrating IT2 aptitude. Run the non-rate through the PQS task with you at the console or in the closet — not from memory in a chair. The training session for help-desk ticket intake is you watching the non-rate take a ticket, not you taking a ticket while they watch. At the end of each training session, ask the non-rate to brief back what they understood and what questions they have. Their gaps are yours to fill; you signed onto them by accepting the PQS line responsibility.
Manuals & References — What Chapters Matter
- COMDTINST M5500.13 (current series) — Coast Guard Information and Life-Cycle Management ManualThis is the publication your daily maintenance actions and compliance activities root in. At IT3, the sections you need to know are the ones that define what changes require IT1 or ISSO approval versus what the IT3 is authorized to execute independently — the change management policy, the account management policy, and the incident reporting requirements. The specific sections vary by series revision; verify the current revision against the CG Directives System.
- DoD 8570.01-M — Information Assurance Workforce Improvement Program and DoDD 8140.01 — Cyberspace Workforce Management (current revision)The Security+ CE is the DoD 8570.01-M IAT Level II baseline certification your billet requires. Understanding the workforce management framework behind the requirement — why the DoD maps billets to work roles, what the certification is asserting about your technical baseline, and what the next certification tier (IAT Level III) looks like — makes the certification feel like professional development rather than a bureaucratic compliance item. At IT3 the practical work is meeting the IAT Level II requirement; reading the document takes a half day and provides context the Security+ study guide does not.
- DISA Security Technical Implementation Guides (STIGs) — current release from the DISA STIG portalCurrent benchmark files from the DISA STIG portal are the tool you run your compliance checks with. Old STIGs are non-compliant — DISA updates benchmark files regularly as new vulnerabilities are addressed and new requirements are published. The STIG portal at public.cyber.mil publishes the current benchmark files by platform (Windows 10, Windows Server 2019, network infrastructure, applications). Bookmark the portal, not a specific benchmark file — the portal is always current, a saved bookmark to a specific STIG file becomes stale.
- NIST SP 800-53 (Rev 5) — Security and Privacy Controls for Information Systems and OrganizationsThis is the federal security control framework that DISA STIGs implement. Every STIG finding maps to one or more NIST SP 800-53 control families — AC (Access Control), AU (Audit and Accountability), CM (Configuration Management), IA (Identification and Authentication), SI (System and Information Integrity). When you understand which 800-53 control a STIG finding is implementing, the remediation requirement becomes logical rather than arbitrary. This context also makes the Security+ exam domain framework click into place; the Security+ covers the same control framework from a practitioner angle. NIST SP 800-53 Rev 5 is publicly available at csrc.nist.gov.
- COMDTINST M1000-series — Personnel Manual, advancement and SWE sectionsThe SWE final-multiple formula, the EER mark structure, the advancement list publication timeline — read this before you sit the IT2 SWE, not after you have a question about your final multiple. The CGPSC ALCGENL advancement messages that are published each cycle are the current, specific authority on the IT2 SWE cutting score and advancement statistics; the Personnel Manual is the structural reference the ALCGENL messages implement.
- CIM 1610-series — Enlisted Employee Review (EER), current revision from the CG Directives SystemYou are receiving EERs from the IT2 and IT1 now. Read the EER policy instruction carefully — the mark structure, the supervisor narrative requirements, the final multiple calculation — so you understand what the IT1's evaluation of your work actually means in terms of advancement and how the narrative informs the advancement board reading your record. Understanding the EER system at IT3 is also how you learn to write EERs accurately when the IT3s below you start requiring inputs from you at IT2.
Standards — How to Hit Each
- CompTIA Security+ CE completed within 12 months of reporting to the first IT3 billet — DoD 8570.01-M IAT Level II baseline met.Register for the exam with a test date 90-120 days after A-school graduation or billet check-in, whichever comes first. Build a study schedule that covers one Security+ domain per week across the CompTIA domain structure (attacks/threats/vulnerabilities; architecture/design; implementation; operations/incident response; governance/risk/compliance). The STIG work you do in the shop reinforces the governance and configuration management domains; the theoretical framework of the exam reinforces what the STIG checks mean technically. One domain per week at 45-60 minutes per study session is a sustainable pace that does not crowd out the SWE prep.
- DISA STIG compliance checks performed on assigned systems on the command's required cycle; open findings documented and tracked in the POAM — not closed without remediation or ISSO-approved status.Build a personal tracking sheet for your assigned systems that shows the last scan date, the current open findings by CAT level, and the planned remediation date for each. Review it weekly and update it the same day you run a scan or complete a remediation. The IT1 who reviews the POAM at the monthly ISSO sync should never be learning about an overdue CAT I finding from the ISSO rather than from you.
- Servicewide Exam for IT2 taken on cycle — March or August — with a bibliography-driven study plan, not a certification-prep study plan.Pull the current IT rating bibliography from the Coast Guard Institute and identify the source texts for each SWE domain. Build a study schedule that covers the bibliography sources methodically over the 90-day pre-SWE window. Track the topics by source text, not by study hours. The SWE is drawing from specific Coast Guard publications on IT systems management, military requirements, and leadership topics; it is not drawing from the CompTIA Security+ domain framework. Both are worth knowing, but the SWE preparation plan is bibliography-driven.
- EER marks at or above the unit average for IT3s, with a supervisor narrative that reflects specific, measurable output — ticket resolution counts, STIG finding closure counts, training tasks completed.Keep a running log of your work output in a personal notebook: help-desk tickets closed by category, STIG findings identified and remediated, non-rate training events conducted with outcomes. At EER input time, you can provide the IT2 with a factual summary of your output rather than hoping the IT2 remembers what you did six months ago. A factual input from the IT3 is the foundation the IT2's narrative is built from; a vague input from the IT3 produces a vague narrative.
- Zero security incidents or unauthorized access findings attributable to administrative or maintenance actions during the IT3 paygrade.The standard is maintained by asking one question before every IT action: 'Do I have explicit authorization for this specific change on this specific system at this specific time?' Not 'Do I generally have authorization to work on this system?' The change ticket and the IT1 approval are the documentation of explicit authorization. The audit trail names you; the authorization documentation protects you.
Technical Mistakes — Concrete Consequences
- Closing a STIG finding as Not a Finding or Not Applicable without documenting the technical justification and routing it through the ISSO.The ISSO reviews POAM status during the Authority to Operate review cycle. A CAT I finding closed with no justification — or with a justification that does not hold up against the STIG rule's technical discussion — is a compliance violation that reopens the finding with a higher-severity POAM entry, generates a corrective action request to the command, and names the technician who made the unauthorized status change. The AO review outcome is affected; the IT1 is briefing a problem they did not create.
- Making a production network change — port configuration, ACL modification, DNS entry, account permission change — without a documented change ticket reviewed by the IT1 or IT2.The change that causes a network outage or a compliance finding is traced to the last entry in the change log. There is no ambiguity. A change made without documentation is an unauthorized change regardless of technical outcome; if it causes an outage, the incident report notes the absence of a change ticket as an additional finding. The IT3 who makes undocumented changes and gets lucky three times in a row eventually makes the change that does not get lucky.
- Leaving an Active Directory account active after a member's departure — allowing the account to remain enabled and domain-accessible past the 24-48 hour policy window.Orphaned accounts with domain access are a DoD 8570.01-M compliance finding and a real attack surface; every inactive account with valid credentials is a credential that can be used by someone who should no longer have access. The ISSO's quarterly account audit identifies orphaned accounts by the technician who administered the last modification. At IT3, two orphaned account findings in a single review period is a POAM entry with IT3 named as the responsible technician.
- Using an out-of-date STIG benchmark file for a compliance scan — running the STIG Viewer against a superseded benchmark that was current three months ago.A STIG scan against a superseded benchmark produces a compliance report that does not reflect the current DISA requirement. The ISSO who receives the report and checks the benchmark version against the DISA STIG portal will identify the discrepancy immediately. The scan has to be rerun, the POAM has to be updated, and the IT3 who submitted a compliance report built on an outdated benchmark has created extra work and a documentation gap that the ISSO notes in the next ATO review package.
- Sharing network configuration details, system vulnerability findings, IP addressing schemes, or POAM status information with anyone outside the unit's need-to-know boundary — including via text message or phone calls to ITs at other commands.The IT shop's awareness of the unit's network vulnerabilities and configuration details is operationally sensitive information. Sharing it outside the authorized boundary is an OPSEC incident regardless of whether the recipient is also a cleared IT professional. The incident report names the source of the disclosure, generates a COMDTINST M5500-series compliance finding against the command, and puts the IT3's reliability in a trusted IT role under review.
Career Decisions at This Rank
- Pursue CompTIA CySA+ as the next credential after Security+ versus moving immediately to higher-tier certifications like CASP+ or CISSP.The CySA+ (Cybersecurity Analyst) is the most natural next credential for an IT3 who has completed the Security+ and is working toward IT2 SWE competitiveness. It maps to the analytical and incident-response work the IT2 paygrade actually does — log analysis, threat intelligence integration, incident response procedures — in a way that CASP+ (which is more architecture and enterprise security design) and CISSP (which requires five years of qualifying experience and tests at program-management depth) do not at this career stage. The CySA+ is also on the DoD 8570.01-M approved cert list for IAT Level II and CSSP Analyst work roles, which makes it a credential the billet-management system recognizes. Study the CySA+ after the Security+ CE is in hand and before the IT2 SWE; having it done before pinning IT2 puts you ahead of the curve at the next paygrade.
- Request a C-school billet in networking or server administration during the IT3 paygrade versus waiting until IT2 to pursue C-school.C-school availability for IT3s depends on billet authorization at the command level and on the current CG IT C-school pipeline schedule. The IT3 who identifies the C-school that matches their technical gap — a Cisco networking course, a Microsoft server administration course, a DoD network architecture course through DINFOS — and requests it through the proper chain before the selection window is the IT3 who gets considered for the seat. Waiting until IT2 to think about C-school is not wrong, but the competition for C-school billets increases at IT1 and ITC; building the C-school profile early is a career asset, not an indulgence. The conversation with the IT1 about which C-school is appropriate for the IT3's current technical gaps is the right starting point.
- Apply for sea duty versus accepting a shore billet for the first reenlistment period.The CG sea-duty assignment for IT3s — typically afloat billets on National Security Cutters or Offshore Patrol Cutters with C4I divisions — carries a different career texture than shore duty. Sea time builds toward the Permanent Cutterman device, which is a recognized career credential in the CG. The work is genuinely different from shore IT: you are maintaining the cutter's specific C4I systems under operational tempo, and the IT work is closer to the operational mission than it typically is at a shore unit. The downside is that shore-side technical breadth — the diversity of system types, the deliberate STIG compliance program, the mentorship environment at a larger IT shop — is compressed in an afloat assignment. Neither is wrong. If you want the cutterman device and the operational experience, go afloat. If you want the technical depth and mentorship pipeline, stay shore. The decision is worth having explicitly with the IT1 rather than letting the detailer make it by default.
- Reenlist versus separating after the first enlistment contract.The IT3 who is performing well and holds the Security+ CE is positioned for a reenlistment that makes sense financially and professionally. The civilian IT job market is not indifferent to a CG IT3 who holds an active secret clearance and a DoD 8570.01-M IAT Level II certification — the cleared contractor market pays well and the clearance is a real door opener. But the career IT3 who stays, advances to IT2, and eventually carries an IAT Level III cert and ten years of federal network administration experience is in a substantially stronger civilian market position than the one who separates at four years. The honest calculus: if the technical work and the service environment are engaging, the reenlistment ROI is strong over a ten-to-twelve year career. If neither is engaging, four years with an active clearance and a Security+ is a solid foundation for a civilian IT career. Do not let either the recruiter pitch or the 'get out now' peer pressure decide for you — run the math and compare the career trajectories honestly.
How the Seat Varies by Unit Type
- Sector communications and information systems (CIS) shopThe most common IT3 billet type and the broadest learning environment in the rating. A sector CIS shop runs a small team across a multi-system environment — NIPR and SIPR network segments, enterprise workstation and server infrastructure, physical access control systems, communications equipment — with the IT3 as the first-responder technician and STIG compliance executor under the IT2 and IT1. The daily rhythm is help-desk, STIG work, patch management, and infrastructure maintenance. The IT3 at a sector shop gets the widest exposure to the tools and compliance requirements the IT rating lives in.
- District information management office or CAMSA larger, more complex IT environment with a more formal change management structure. District IT offices manage enterprise infrastructure across multiple subordinate commands; the IT3 in this environment is working with more complex network architecture, more formal change-ticket approval chains, and often more senior ITs to learn from. The supervision is more formal and the independent action is more limited at IT3; the learning ceiling is higher if the IT3 is proactive about understanding the district-level context of the work.
- Afloat unit — National Security Cutter or Offshore Patrol CutterThe IT3 in an afloat C4I division is working in an operationally driven environment where system availability directly affects mission capability. The STIG compliance work happens, but it competes with operational tempo — underway schedules, deployment cycles, drills. The technical work is focused on the cutter's specific C4I system set rather than a diverse shore-side system inventory. Sea time accumulates toward the Permanent Cutterman device. The mentorship environment depends heavily on the experience level of the ET and the IT1 afloat; this varies significantly by hull.
- Integrated support command (ISC) or communications and electronics maintenance facilityA less common IT3 billet that sits at the intersection of IT and communications systems maintenance. ISC billets and electronics maintenance facilities may involve different system types than a typical sector CIS shop — communications infrastructure, radio systems, satellite terminals — and may require familiarity with FCC GMDSS or satellite communications systems beyond the standard IT network administration toolkit. Verify with the IT1 what the specific system responsibilities are at the billet before assuming the work matches the typical sector-IT environment.
What Good Looks Like at This Rank
The good IT3 is the petty officer the IT2 assigns to the quarterly STIG compliance sweep and trusts to deliver a clean, documented, defensible result. The findings are accurately identified — the CAT I items are called CAT I, the Not Applicable items have technical justifications written that the ISSO can read without asking questions, and the benchmark files are current. The IT2 does not need to do a second pass before the report goes to the ISSO; the IT3's documentation is that complete.
The good IT3's Active Directory house is clean. Every account reflects a current member. Every modification has a timestamp and a rationale. The weekly orphaned-account check happens because the IT3 built it into the routine — not because the IT1 asked for it. The non-rate strikers in the shop know the ticket intake procedure because the IT3 told them on day one and checked their tickets for the first two weeks. The help-desk queue does not age because the IT3 closes tickets with complete resolution notes, not with 'fixed' and a signature.
What the good IT3 is doing at home in the evenings is not ambiguous: the Security+ study guide is out, the SWE bibliography is printed and annotated, and the exam registration confirmation email is in the inbox for a date 90 days out. The IT1 who asks 'where are you on the Security+?' receives a date, a score estimate, and a study schedule — not 'I'm working on it.' That precision, that self-management, is what the IT1 is writing in the EER narrative that decides the IT2 SWE final multiple. The advanced IT3 does not wait to be managed; they show the IT1 what managed looks like from the inside.
Preview — The Next Rank
IT2 (E-5) is the senior working IT at most units in the rating. The IT1 sets the program; the IT2 runs the daily execution. The change tickets the IT2 signs are not subject to IT1 pre-approval for most of the standard network administration actions; the IT2 is the technical authority on the deckplate for everything below the IT1's escalation ceiling. That independence comes with the accountability that goes with it — the IT2's name is on the POAM, the STIG report, the incident documentation, and the EER inputs for the IT3s and strikers below.
The credential requirement shifts at IT2. The Security+ CE is the floor; the second baseline credential — CySA+, CASP+ CE, or the credential the current ALCGPSC advancement message identifies as competitive for IT1 — is the active professional development item. The IT2 who walks into the IT1 SWE cycle without a second credential on the record is in the same position the IT3 was in without the Security+: behind the curve on a billet requirement that the command notices.
The EER writing responsibility is the new load at IT2 that does not exist at IT3. Writing clean, defensible EER inputs for the IT3s below you is a leadership skill, not an administrative task. The inputs you write on IT3s are the bullets the IT1 uses to build the IT3's advancement case; inputs that do not describe observable behavior and measurable output are discounted by the SWE advancement list process and noticed by the CGPSC personnel board. Start building the habit of keeping running notes on the IT3s' measurable output now — before you pin IT2 — so the EER input cycle at IT2 does not surprise you.
FAQ
IT E4 — Frequently Asked Questions
Q01What does a E4 IT (Information System Technician) actually do?
You came back from TRACEN Petaluma with the IT rating badge and reported to a sector, a district information management office, a communications and information systems facility, a cutter, or a Coast Guard unit's IT shop as a working IT3.
Q02What's the most important thing to know as a E4 IT?
IT3 is the first paygrade where your name is on the maintenance logs and the STIG compliance reports.
Q03What does a typical day look like for a E4 IT?
Time-blocked day at the E4 IT rank tier: 0530-0600 Personal morning routine. Uniform inspection before leaving the room — the IT3 who shows up to PT in a squared-away uniform and to work in a squared-away work uniform is the IT3 the IT2 trusts with an independent STIG scan, 0600-0700 Unit PT. The IT3 is in formation with the rest of the unit. No exceptions because of a compliance deadline or a pending ticket, 0700-0800 Hygiene, breakfast, uniform change. In the shop by 0750 for the day's work brief from the IT1 or IT2,…
Q04What mistakes get E4 IT soldiers fired or relieved?
Making a production network change — VLAN configuration, ACL modification, DNS entry update, account permission change — without a documented change ticket reviewed by the IT1 or IT2. The change that breaks the watchfloor network at 0200 is traced to the last entry in the change log. 'I was just checking something' is not a defense when the outage generates an incident report;…
Q05What career decisions matter most at the E4 IT rank tier?
Pursue CompTIA CySA+ as the next credential after Security+ versus moving immediately to higher-tier certifications like CASP+ or CISSP — The CySA+ (Cybersecurity Analyst) is the most natural next credential for an IT3 who has completed the Security+ and is working toward IT2 SWE competitiveness. It maps to the analytical and incident-response work the IT2 paygrade actually does — log analysis, threat intelligence integration,…
Q06What's next after E4 for a IT (Information System Technician) in the Coast Guard?
IT2 (E-5) is the senior working IT at most units in the rating.
Q07What manuals and regulations does a E4 IT need to know cold?
COMDTINST M5500.13 (current series) — Coast Guard Information and Life-Cycle Management Manual. Your daily maintenance actions and compliance activities root in this publication.; DoD 8570.01-M — Information Assurance Workforce Improvement Program and DoDD 8140.01 — Cyberspace Workforce Management (current revision). The baseline certification requirements (CompTIA Security+ CE at minimum for IAT Level II) that govern your billet and your next career step.;…
Based on 14 tips from 0 contributors
Published by the Honest MOS Editorial DeskVerified against DoD/.gov sourcesUpdated May 2026Editorial standards