←Back to IT Information System Technician — overview, pay, training, civilian translation, reviews
ITE5
Information System Technician
E-5 (Sergeant) · Coast Guard
HEADS UP
IT2 is the moment in the IT rating where you become the senior technical authority on the deckplate for most daily network administration decisions. The IT1 is the program manager; you are the executor. Every STIG finding you document, every POAM entry you update, every EER input you write on an IT3 — those are your professional signature on the unit's compliance posture and on the next generation of the rating. The second cert is not negotiable: verify which credential the current ALCGPSC advancement message identifies as competitive for the IT1 SWE before you choose what to study next.
The Honest MOS Read
IT2 (Petty Officer Second Class — E-5) is the senior working technician in a small-to-medium Coast Guard IT shop — typically one of two or three ITs at a sector, or the second-most senior IT on a cutter's C4I division, or one of several IT2s in a larger district information management office. The IT1 manages the program; you execute the program. The distinction matters and the IT1 enforces it, but the IT2 who waits to be told what to execute every morning is not meeting the expectation.
Your technical authority has expanded substantially from IT3. You perform and sign network administration changes — VLAN management on managed switches, DHCP and DNS administration, wireless infrastructure configuration, group policy verification — without IT1 pre-approval for most standard actions within the documented change-management framework. You own the STIG compliance tracking for an assigned set of systems under the IT1 and the command's ISSO, and you are the diagnostician the shop escalates to when the IT3 hits the technical ceiling on a network fault or a compliance question. The POAM entries for your assigned systems are yours — their accuracy, their currency, their CAT I remediation timelines.
You hold the Security+ CE and you are working toward the second credential. The DoD 8570.01-M and DoDD 8140.01 workforce management framework maps IT billets to work roles at IAT Level II and above; some IT2 billets carry IAT Level III requirements depending on the specific system authorization boundary the billet sits inside. Verify the current ALCGPSC advancement message for which credential is competitive for IT1 SWE before you pick the next exam. The CySA+ is the common next step for IT2s with a network administration background; CASP+ is the more intensive option that maps to the IAT Level III requirement at IT1. The CISSP is viable for IT2s who have accumulated five years of qualifying professional experience in the CISSP CBK domain areas — run the math honestly before registering, because the experience requirement is enforced and an Associate of (ISC)² designation while you accumulate experience is not the same as the full CISSP.
You write EER inputs on the IT3s below you. This is the leadership competency the chief board evaluates first in an IT2 candidate for IT1 advancement. Generic EER bullets — 'performs duties professionally,' 'maintains high standards,' 'dedicated team member' — are not evaluated favorably by the CGPSC advancement process; they signal that the IT2 does not understand the EER system or does not take the training responsibility seriously. Your EER inputs should describe observable behavior and measurable output: ticket volumes, STIG finding closure rates, training events conducted, certification milestones reached. The running log of each IT3's measurable output is a professional discipline you should have built at IT3 and are maintaining at IT2.
You also stand the help-desk escalation role and are the primary responder on network outages, server faults, and account-management incidents that escalate past the IT3's technical ceiling. The incident response at IT2 is diagnostic and systematic: you isolate the fault, document what you found at each diagnostic step, act within your authorization level, and escalate to the IT1 with a complete diagnostic record and a clear recommendation when you reach the ceiling. The IT2 who reboots the server as the first response to a server fault without diagnosing the fault first is not doing IT2-level work.
The C-school pipeline is a real career lever now. The Cisco CCNA, Microsoft server administration, DINFOS network architecture courses, and the CG's own IT career C-school offerings are the technical credentials that differentiate an IT2 competing for IT1 advancement in a small-rating environment. The IT2 who builds the C-school request before the selection window, clears the watch schedule conflict, and submits the request package to the IT1 with the right lead time is the IT2 who gets the seat. The one who mentions it as an idea the week the selection window opens is the one who does not make this cycle.
Career Arc
- 01IT2 crow pinned via Servicewide Exam under COMDTINST M1000-series. Senior working IT at the unit — the IT1 manages the program; the IT2 executes it.
- 02Security+ CE current. Second baseline credential (CompTIA CySA+, CASP+ CE, or equivalent per the current ALCGPSC advancement message) in active study — exam scheduled within 12 months of pinning IT2.
- 03STIG compliance program for assigned systems owned independently — POAM current, CAT I findings remediated within required timelines, ATO documentation currency maintained with the IT1.
- 04EER inputs for IT3s and non-rates submitted on time with observable, measurable content — not generic performance descriptors.
- 05C-school pipeline actively pursued — identify the technical gap, submit the request with appropriate lead time, execute the course, and return with a credential the unit's billet structure recognizes.
- 06IT1 Servicewide Exam preparation underway — bibliography from the Coast Guard Institute, SWE final-multiple math run honestly, current ALCGPSC advancement message pulled for IT1 SWE cutoff and competitive-cert profile.
- 07IT1 EER trend building toward first-in-rating profile across multiple command evaluations. Small-rating reality: the advancement slate for IT1 is tight; a competitive IT2 is known at the district level by name and by the compliance program output their unit runs.
Common Screwups
- ×Granting a user elevated privileges or a group membership exception because the request came from a senior officer and the conversation was easier to end with 'yes' than to explain the policy. Over-privileged accounts are the second entry on every insider threat incident report. The IT1 and the ISSO both sign the compliance posture that your account-management decisions produce; the over-privilege decision that generates an ATO finding is traced to the technician who made the authorization change.
- ×Remediating a STIG finding by disabling the control rather than correctly implementing it — disabling the audit log policy to eliminate the 'log storage size' finding instead of correctly sizing the log. The next STIG scan no longer flags the finding; the ISSO's quarterly POAM review identifies the missing control and generates a new, higher-severity finding with a note that the original finding was administratively closed rather than remediated.
- ×Financial mismanagement — debt accumulation, garnishment, command notification of unpaid obligations — at IT2. The IT rating is clearance-dependent at every paygrade; a security clearance adjudication event at IT2 that surfaces financial issues can result in conditional access suspension while the investigation runs, which creates a billet-availability problem. The rating community is small; a clearance issue at IT2 is known at the district detailing level before the paperwork closes.
- ×Closing a network outage ticket before the root cause is identified and documented. The outage that recurs three weeks later because the symptom was treated rather than the cause generates a second incident report with a note that the first was never resolved — and both reports name the same IT2 as the technician of record on the original remediation.
- ×Treating the C-school pipeline as the IT1's responsibility to schedule. The IT2 who identifies the technical gap, researches the available C-school options, builds the training request, and submits it with the appropriate lead time gets the seat. The one who waits for direction misses the cycle and the competitive posture for IT1 advancement reflects it.
A Day in the Life
- 0530-0600Personal morning routine. Review the STIG compliance calendar and the help-desk queue status on the duty phone if an overnight ticket came in; brief the overnight situation to the IT1 at morning quarters if anything requires command awareness.
- 0600-0700Unit PT. IT2 is in formation with the unit. No exceptions for compliance deadlines.
- 0700-0800Hygiene, breakfast, uniform. IT2 arrives in the shop early enough to have the IT3s' task assignments ready before the post-PT brief.
- 0800-0830Shop brief: IT1 sets the priority, IT2 translates it to task assignments for the IT3 and strikers. Review the POAM for any ATO-cycle deadline in the current week. Pull the current DISA STIG portal for benchmark file currency check if a scan is scheduled this week.
- 0830-1130Primary work block: STIG compliance scans on assigned systems, POAM updates, AD account audit, patch management cycle, or network documentation update depending on the week's compliance calendar. Help-desk escalations handled as they arrive from the IT3. Change tickets opened before any configuration session; resolution notes written before closing any ticket.
- 1130-1300Lunch. EER input notes updated if there was measurable IT3 output in the morning block — specific, dated, in the running log.
- 1300-1400IT3 training or PQS walkthrough if scheduled. This is the block where the IT3's diagnostic practice happens — walk the fault isolation procedure, review the STIG scan output, work through the AD audit results. The IT2 facilitates; the IT3 executes.
- 1400-1530Continued compliance work: POAM entries updated, IAVM patch completion documented, incident reports drafted if any outage or security event occurred in the morning block. ISSO update drafted if anything moved on the POAM in the last 24 hours.
- 1530-1630Help-desk queue cleanup: all open tickets reviewed for status, escalated items briefed to the IT1 with complete diagnostic documentation. End-of-day brief to the IT1 on the day's compliance output and any POAM items that moved.
- 1630-1700Shop close: equipment secured, server room door checked, classified media logged, workstations locked. Brief the duty IT3 or non-rate on the overnight watch responsibilities if applicable.
- 1800-1900Personal time, dinner.
- 1900-2030CySA+ or IT1 SWE bibliography study — 60 to 75 minutes. One domain section or one bibliography source text. Practice questions at the end; wrong-answer review before closing the book.
- 2030-2200Personal time, physical recovery, call home. On heavy-POAM weeks, any documentation work that does not require system access — POAM narrative drafts, EER input log updates, C-school training request drafts — can happen here.
Weekly Cadence
The IT2's week is organized around the compliance calendar the IT1 set at the start of the month and the help-desk demand that arrives daily. Neither is optional; both have to be served simultaneously. The skill the IT2 is developing at this paygrade is sequencing: knowing which compliance deadline is hardest, which help-desk escalation can wait until the end of the day, and which POAM entry needs the IT1's awareness before the quarterly ISSO review rather than at it.
Monday sets the week's compliance priority from the IT1's plan. Tuesday through Thursday is execution — STIG scans, patch cycles, AD audits, outage responses as they arrive. Friday is the documentation day: POAM current, all open tickets either resolved with complete notes or escalated with diagnostic records, the ISSO update drafted if anything moved on the POAM. The IT1 should never be surprised on Friday afternoon by a compliance item the IT2 knew about on Wednesday.
The professional development cadence runs independently of the work week's rhythm. The SWE study session happens in the evenings, five days per week, whether the compliance calendar was heavy or light. The C-school training request moves through the submission process on the IT2's initiative, not on a reminder from the IT1. The EER input log gets updated weekly, not the week the input cycle opens. The IT2 who manages the professional development track independently of the operational track is demonstrating the self-management the IT1 advancement board looks for. The one who waits for the IT1 to schedule everything is the one the IT1 writes a less compelling narrative about.
Key Skills — How to Drill Each
- 01Administer the unit's network infrastructure independently — VLAN management, managed switch and router access-layer configuration, DHCP and DNS administration, wireless infrastructure user management, and network documentation accurate enough that the IT1 can present it to a District CIS staff site visit without apology.Network documentation is the asset that survives personnel turnover. Build and maintain the unit's network diagram with a version-control discipline — when a change is made to the infrastructure, the diagram is updated the same day, the previous version is annotated with a change date, and the IT1 can pull the current diagram and read it without having to ask you to interpret it. The VLAN map, the IP addressing scheme, the switch port assignments, the firewall rule set — every element that a new IT reporting to the unit would need to maintain the network should be documented at a level of detail that means they could do so without interviewing you. That is the IT2 documentation standard.
- 02Own the STIG compliance findings for an assigned system set in the command's POAM — work remediations, update statuses with documented technical justification, and clear CAT I findings before the command's ATO review cycle.Build a POAM management calendar that maps each assigned system's scan schedule, each open finding's planned remediation date, and each ATO review cycle to a single timeline. Review the calendar weekly and update it when milestones are hit or missed. For CAT I findings, the remediation plan must include a specific technical action (the exact configuration change or patch) and a target date; a CAT I finding that is tracked as 'in progress' with no specific action and no date is not a POAM entry — it is a placeholder that will generate a question from the ISSO. When a CAT I finding cannot be remediated before the ATO review cycle, draft the risk acceptance memo for the IT1 and ISSO before the review, not the morning of.
- 03Respond to a network outage or server fault as the senior IT on duty — systematic fault isolation from physical layer through application layer, root cause identification without guessing, and a documented incident report the IT1 can brief to command before the situation escalates.The outage response that the IT1 does not have to sanitize before briefing command is the goal. Build the incident report in real time during the fault isolation, not after the system comes back up. The report structure: when the issue was first observed, what the initial symptoms were, what diagnostic steps were taken and what each one found, what the identified root cause is, what the remediation was, and what the estimated time to restore was versus actual time. The timeline must be consistent with the system's own logs — if the ISSO or the District CIS staff reviews the incident report against the firewall logs, switch logs, and server event logs, they should all tell the same story.
- 04Conduct an Active Directory account audit — identify orphaned accounts, over-privileged service accounts, and group membership anomalies; route findings to the IT1 with a remediation recommendation.Run the AD audit against the current personnel roster and the IT1's account-management SOP simultaneously. For each account, verify: is this a current member, is the account in the correct organizational unit, does the group membership match the member's role and what was authorized in the account provisioning ticket, are there any anomalous logon events in the security event log for this account. The finding report for the IT1 should include the account name, the anomaly type, the recommended action (disable, modify, retain with justification), and the supporting evidence. Do not recommend remediation actions that are outside your authorization level without flagging that they require IT1 approval.
- 05Write clean, defensible EER inputs for the IT3s below you — observable behavior, measurable output, no inflation.The EER input discipline starts with the running log, not with the input cycle. Keep a note for each IT3 that you update after any observable event — a STIG scan with documented results, a help-desk ticket queue week with a specific closure count, a training event you supervised, a certification milestone. When the EER input cycle opens, the draft practically writes itself from the log. The test for a defensible input: if the CGPSC advancement list process asks 'how do you know this about this member's performance?' you have a dated log entry that answers the question. 'Performed all assigned duties professionally' does not pass that test.
- 06Deliver unit-level cybersecurity awareness training — phishing recognition, acceptable use, physical security of IT equipment, social engineering awareness — to the non-IT user population the shop supports.Annual cybersecurity awareness training is a DoD requirement and a Coast Guard compliance item. The IT2 who treats it as a one-hour slide deck that satisfies the compliance checkbox is delivering less value than the IT2 who makes the 30-minute version memorable enough that the XO's yeoman actually hesitates before clicking the phishing link. Tailor the training to the most common threat vectors your unit sees — phishing, physical tailgating into equipment spaces, oversharing on social media, weak password practices. The training that makes someone slightly embarrassed about their password practices is more effective than the training that does not. Document attendance and completion; the ISSO reviews training records during the ATO cycle.
Manuals & References — What Chapters Matter
- COMDTINST M5500.13 (current series) — Coast Guard Information and Life-Cycle Management ManualAt IT2 you are executing the program this manual defines, not learning that it exists. The specific sections you reference daily at IT2: the change management policy and authorization levels (what an IT2 can change without IT1 pre-approval), the account management policy (account provisioning, modification, and deactivation procedures), and the incident reporting requirements (what constitutes a reportable IT security incident and what the reporting timeline is). Verify the current series revision against the CG Directives System; the series letter matters when the ISSO cites a specific provision number.
- DoD 8570.01-M / DoDD 8140.01 (current revision) — Cyberspace Workforce ManagementAt IT2 you are working toward the second credential. The DoD 8570.01-M table maps work roles to approved baseline certifications; the DoDD 8140.01 is the current governing policy that supersedes portions of 8570. Before registering for CySA+, CASP+, or CISSP, verify that the specific exam you are planning is on the approved list for your billet's work role designation and IAT level — the approved list is updated periodically and a cert that was approved in a previous version may not appear in the current mapping.
- DISA Security Technical Implementation Guides (STIGs) — current release from public.cyber.milYou are remediating findings and managing POAM status for assigned systems. The STIG portal at public.cyber.mil publishes benchmark files for all current platforms; the IT2 who knows how to navigate the portal, find the current benchmark for a specific operating system and application version, and download the STIG Viewer configuration file without needing direction is the IT2 who can train IT3s and strikers on the compliance process without the IT1 involved.
- NIST SP 800-53 (Rev 5) — Security and Privacy Controls for Information Systems and OrganizationsAt IT2 you reference the control families when writing POAM remediation justifications, briefing the ISSO, and explaining STIG findings to the IT1. Understanding that a STIG finding maps to the NIST 800-53 CM (Configuration Management) control family means you can write the POAM entry with the correct control reference and frame the risk in terms the ISSO understands. Public document at csrc.nist.gov. Chapter 3 (the catalog of controls) and Appendix D (control summaries) are the daily reference sections.
- CIM 1610-series — Enlisted Employee Review (EER), current revisionYou are writing evaluation inputs on IT3s and non-rates. The EER instruction defines the mark structure, the supervisor narrative requirements, and the final-multiple calculation. Read the sections on narrative standards carefully — the instruction specifies what the narrative can and cannot include, and what constitutes an appropriate versus an inflated evaluation. The CGPSC personnel board reads the EER narrative trend across multiple rating periods; understanding the instruction means you write inputs that hold up under that review.
- COMDTINST M1000-series — Personnel Manual, IT1 advancement and SWE sectionsPull the current CGPSC ALCGENL advancement message for the IT1 SWE cycle and use the most recent advancement statistics — the published cutting score, the final-multiple distribution, the certification bonus points — as your planning baseline. The Personnel Manual provides the structural framework; the ALCGENL message is the current, specific authority on what it takes to make the advancement list in the current cycle. The IT2 who does not run the final-multiple math before registering for the SWE is flying blind on the advancement decision.
Standards — How to Hit Each
- Security+ CE current (within the three-year CompTIA CE renewal window); second baseline credential (CySA+, CASP+ CE, or equivalent per the current ALCGPSC message) in active pursuit — exam scheduled.Do not treat the second certification as a future-self problem. As soon as the IT2 crow is pinned, verify the current ALCGPSC advancement message for IT2 to understand which cert is competitive for IT1 SWE. Register for the exam within 90 days of pinning IT2 with a target test date no later than 12 months after pinning. The IT2 who arrives at the IT1 SWE cycle without a second credential on the record is in a weaker competitive position than the IT2 who holds it — in a small rating where the IT1 advancement list is tight, the second credential is a differentiator.
- STIG compliance status current on all assigned systems; no overdue CAT I findings on the POAM without a documented and ISSO-reviewed risk acceptance or active remediation plan with a date.The CAT I finding that is overdue on the POAM at the ATO review is the finding the AO asks about first. Build the remediation plan for every CAT I finding the same week the finding is identified — specific technical action, specific target date — and update it weekly. If the remediation cannot be completed within the required window, the risk acceptance memo goes to the IT1 and ISSO before the ATO review, not as an explanation during it.
- EER marks at or near the top of the unit's IT2 cohort; the IT1 and IT1-level inputs are the variable, and a rating this small writes EERs that mean something because the district IT staff knows the IT2s by name.The IT2's EER mark is driven partly by the IT1's assessment and partly by the IT1's inputs on observable output. Document the output: STIG findings remediated, POAM items closed, IT3 training events conducted, certifications earned, outage response times. The IT2 who can hand the IT1 a factual summary at EER input time is the IT2 whose EER narrative reflects real performance. The IT2 who does not track their own output is the one whose EER narrative is 'dedicated team player' because that is all the IT1 has to work from.
- IT1 SWE taken on cycle with a bibliography-driven study plan; current ALCGPSC advancement message pulled for the IT1 SWE cutoff and final-multiple distribution.The SWE for IT1 draws from the CG Institute's published bibliography for the IT rating — rating knowledge, military requirements, and leadership topics at the IT1 level. Pull the bibliography from the Coast Guard Institute 120 days before the SWE registration deadline and build the study schedule from that list. The ALCGENL advancement message for the most recent IT1 SWE is available through the CGPSC and gives you the actual cutting score and final-multiple distribution from the previous cycle — use it to benchmark where your final multiple needs to be.
- Permanent Cutterman device earned if sea time on cutters over 65 feet meets the qualification threshold; verify current eligibility criteria against the COMDTINST M1000-series personnel manual.The Permanent Cutterman device is a visible career credential in the CG enlisted community. If you have sea time that counts toward the device from IT3 afloat billets or from current IT2 afloat assignment, verify the current eligibility threshold and application process against the personnel manual and submit the application through the proper chain. The device application does not submit itself; the IT2 who earned the sea time and does not submit the application is leaving a career credential unclaimed.
Technical Mistakes — Concrete Consequences
- Remediating a STIG finding by disabling the control rather than correctly implementing it — most commonly, disabling the audit event log size policy to eliminate the 'log storage insufficient' finding instead of correctly sizing the log.The STIG Viewer will no longer flag the finding on the next scan; the command ISSO runs the POAM review and the ISSO notices that the control is missing rather than correctly configured. The POAM now has a new entry: the original finding was not remediated, it was administratively masked, and the control the STIG was implementing is no longer functioning. The AO review generates a corrective action request against the command. The IT2 who made the change is named in the change log and the incident report.
- Granting a user elevated privileges or a group membership exception without a documented authorization from the IT1 because the request came through a supervisor and the path of least resistance was compliance.Over-privileged accounts are a persistent finding in DoD network security reviews and a common enabler in insider threat incidents. The account audit trail names the technician who made the last group membership modification. The IT1 signs off on the compliance posture that the IT2's account-management decisions produce; the over-privilege exception that generates an ATO finding or appears in an insider threat investigation is traced to the modification record and the IT2 who approved it without documentation.
- Closing a network outage ticket before the root cause is identified and documented, treating the symptom rather than the cause.The outage that recurs three weeks later because the port error-disabled flag reappeared — and the first incident report said the issue was 'resolved' without identifying why the flag appeared in the first place — generates a second incident report with the note that the first was closed without root-cause identification. Both incident reports name the same IT2 as the technician of record on the original remediation. The ISSO's next quarterly review includes a pattern note about repeat incidents on the same system.
- Treating the C-school pipeline as a passive process — mentioning it once and waiting for the IT1 to schedule it.C-school seats for IT2s are competitive within the command and district. The IT2 who does not build the training request, identify the scheduling window, and submit through the proper chain before the selection window closes does not get considered for this cycle. In a small rating with a limited number of IT C-school billets per fiscal year, missing one cycle is a year's delay in building the technical credential profile that the IT1 advancement board reads. The IT2 who has a Cisco CCNA and a Microsoft systems administration course on the record looks meaningfully different from the IT2 who does not.
- Skipping the EER input drafting process for IT3s and letting the IT1 build the evaluation record from memory or from brief observation.The EER narrative that the IT1 writes from memory for an IT3 the IT1 does not observe closely day-to-day is the EER narrative that reads as generic performance descriptors. Generic EERs at IT3 mean that IT3's SWE final multiple is built on an EER mark without a compelling narrative, which weakens the advancement case. The IT2 who did not write the inputs has cost the IT3 advancement credit. The CGPSC advancement process reads EER trends and narrative quality across rating periods; the IT3 with one generic EER period in the record under an IT2 who did not write inputs has a gap that is visible to the advancement board.
Career Decisions at This Rank
- Pursue CySA+ as the second credential versus CASP+ CE versus working toward CISSP eligibility.The right answer depends on which credential the current ALCGPSC advancement message identifies as competitive for IT1 SWE — verify that first, before choosing. As a general framework: the CySA+ is the natural progression from Security+ CE for IT2s with a network administration and STIG compliance background; it tests the analyst skills the IT2 actually exercises (threat detection, incident response, vulnerability management) and typically requires 60-90 days of dedicated study to pass after the Security+. The CASP+ is longer and harder, tests at the enterprise security architecture level that the IT1 and ITC billets actually require, and positions the IT2 for IAT Level III billet eligibility sooner. The CISSP is the credential that unlocks the federal and cleared-contractor senior roles post-service, but the five-year experience requirement is real; count qualifying years honestly before registering. All three are worth doing in sequence at different points in the career. At IT2, the question is which one is the most useful in the SWE final-multiple calculation right now.
- Request a C-school in Cisco networking (CCNA path) versus Microsoft server administration versus a DINFOS network architecture course.The answer depends on which technical gap is most visible in the IT2's current billet work and which credential the IT1's billet structure rewards. The Cisco CCNA is the most recognizable technical credential outside the CG and maps directly to the managed switch and routing work the IT2 does every day. The Microsoft server administration courses are the credentialing path for the Active Directory and Windows Server work that occupies a large fraction of the IT2 compliance workload. DINFOS courses build the DoD network architecture context that the IT1 billet requires for the ATO and ISSO interface. If the IT1 identifies a specific technical gap in the IT2's competency, start there. If the IT1 is silent, pursue the CCNA first — it is the most transferable credential in the commercial IT market and the most visible to the next command's IT1.
- Apply for a broadening assignment — District CIS staff, CGCYBER support billet, IT career C-school cadre, or CG Communications Area Master Station — versus staying in the current line IT billet.Broadening assignments at IT2 are not common because the rating is small and the line billets need to be filled, but they exist and the IT2 who is proactive about identifying them before the detailing window is the one who gets considered. A District CIS staff assignment exposes the IT2 to multi-command compliance oversight and the ISSO-to-AO process at a level that is not visible from a sector CIS shop. A CGCYBER support assignment bridges the IT rating and the CMS rating's operational cyber context in a way that is useful for the post-service cleared-contractor market. C-school cadre at TRACEN Petaluma is the track that positions the IT2 for teaching IT curriculum to the next generation of IT non-rates and IT3s, which is a leadership credential the ITC and ITCS boards read. The line IT billet is not a dead end; it is where the core technical competency is built. The broadening assignment is the career differentiator if the competition for IT1 advancement is tight.
- Make the post-service career decision explicitly — plan the federal civilian or cleared-contractor exit at the 12-year point versus plan the ITC and ITCS track through 20.The IT rating is one of the best-positioned CG enlisted ratings for post-service employment. An IT2 with an active secret or TS clearance, Security+ CE, and CySA+ (or higher) is competitive for cleared-contractor network engineering and cybersecurity analyst roles at $85,000 to $120,000+ depending on clearance level and market. The federal civilian pathway — USCG civilian IT Specialist GS-9 to GS-13, other DHS components, DoD contractors — is also accessible with the service record. The ITC and ITCS track through 20 years adds a retirement benefit and significantly more leadership and program management experience that makes the post-20 federal market access even stronger. The honest calculus: if the service environment is engaging and the technical work is still developing at IT2, the 20-year track has a substantially better post-service ROI than an early exit. If neither is true, a planned exit at the 8-to-12-year mark with a second credential and an active clearance is still a strong foundation. Make the decision explicitly rather than defaulting; the IT2 who plans an exit at year 8 and re-ups twice without re-examining the decision is the IT2 who arrives at year 20 without having made a deliberate career choice since boot camp.
- Leverage the security clearance and DoD 8570 credentials for lateral movement into a CMS or Cyber pathway within the CG versus staying the IT track.The CMS (Cyber Mission Specialist) rating is the CG's operational cyber operator community; it does different work from the IT rating. IT is network administration and cybersecurity compliance; CMS is threat hunting, incident response operations, and cyber protection team missions under CGCYBER. Some IT2s with a security analyst interest and an IAT Level II or III credential will find the CMS track more intellectually engaging than the IT compliance work. The conversion pathway and reclass eligibility requirements vary by year group and command authorization; verify the current process with the IT rating force master chief and the CGPSC detailer before initiating a reclass request. The credential investment you have made as an IT2 transfers to the CMS track; the compliance expertise you have built is different from the CMS watch-floor operational context. If the operational cyber work calls to you, have the conversation early — the window for a productive reclass is narrower at IT1 than at IT2.
How the Seat Varies by Unit Type
- Sector communications and information systems (CIS) shopThe most common IT2 billet and the environment where the IT2 is most often the senior working tech on the deck plate with the IT1 as the program manager above. At a sector CIS shop, the IT2 typically has one or two IT3s and a non-rate striker below — small enough that the IT2's technical decisions are visible to the IT1 daily, and large enough that the IT2 has real supervisory responsibility. The STIG compliance work, the AD administration, the help-desk escalations, and the documentation are all the IT2's direct execution responsibility. The IT1 is the ISSO interface and the command advisory authority; the IT2 is the daily technical driver.
- District information management officeA larger, more hierarchical IT shop where the IT2 is one of several ITs of various paygrades. The IT2 in a district shop is working with more complex multi-command network infrastructure and may have more formal change management requirements — district-level change advisory board processes rather than a simple IT1 approval. The exposure to broader network architecture is an asset; the daily visibility to the IT1 and the direct ownership of the compliance program is more distributed than at a sector shop. The IT2 in a district shop needs to work harder to be visible as a contributor rather than a cog.
- Afloat unit — National Security Cutter or Offshore Patrol Cutter C4I divisionThe afloat IT2 is typically the senior IT on a cutter below the IT1, working in a C4I division with ETs and OSs in a shared operational environment. The STIG compliance and AD administration work is the same, but it runs under operational tempo — sea schedule, deployment cycles, in-port and underway maintenance windows. Network outages on an underway cutter have operational consequences that shore-side outages do not; the IT2's response to a C4I system fault at sea is an operational urgency, not a customer service call. The afloat IT2 accumulates sea time toward the Permanent Cutterman device and works in closer operational relationship with the deck and operations communities than a shore IT2 typically does.
- Coast Guard Communications Area Master Station (CAMS) — Atlantic or PacificCAMS billets (CAMS Atlantic at Chesapeake, VA; CAMS Pacific at Point Reyes, CA) are specialized telecommunications and communications infrastructure facilities that handle CG enterprise communications backbone systems. The IT work at a CAMS is adjacent to but distinct from sector-level network administration — the IT2 in a CAMS environment is working with communications infrastructure, radio systems, satellite terminals, and enterprise-level network architecture at a scale and complexity not found at sector CIS shops. The learning environment is technically demanding and the ITCs and senior ITs are typically the most experienced in the rating. CAMS billets are competitive to obtain and visible in the rating community.
What Good Looks Like at This Rank
The good IT2 is the tech the IT1 sends to the District CIS staff site visit alone. The STIG compliance report comes back clean — not perfect, but documented: the findings are accurately identified, the CAT I items have remediation plans with dates, the Not Applicable items have technical justifications that the site-visit team can read without calling back, and the POAM reflects what is actually open rather than what the IT2 hoped they could close before the visit. The network documentation is current to within the last month, the Active Directory is clean, and the change log shows a pattern of disciplined, ticket-governed work. The site-visit team walks out without a finding, and the IT1 knows it is because the IT2 ran the compliance program the way the IT1 would have run it if the IT1 had been there.
The good IT2's IT3s pass the IT1 SWE on the first attempt, and the EER inputs the IT2 wrote for them are the reason. The inputs describe what the IT3 actually did — STIG finding closure rates, ticket volumes, training events facilitated with specific outcomes, certification milestones — not what the IT3 seemed like. The CGPSC advancement board reads those inputs and they are specific enough that the board can evaluate the IT3's performance against the IT2 paygrade. The IT3s know their SWE bibliography because the IT2 built the study schedule into the watch rotation calendar rather than announcing 'you should study' and leaving it there.
What the good IT2 is not doing is treating technical competence as a substitute for documentation discipline. The IT2 who is technically the most capable tech in the shop but whose POAM has running undated CAT I entries, whose change log has gaps, and whose EER inputs read as generic praise is leaving the most career-visible work undone. In a rating as small as IT, the IT1 SWE advancement list is tight, and the difference between the IT2 who makes it and the one who does not is often documentation discipline and the quality of the IT3 EER inputs — which are both visible, evaluable, and within the IT2's complete control.
Preview — The Next Rank
IT1 (E-6) is the senior IT on the deckplate at most CG commands, and the transition from IT2 to IT1 is the paygrade where the compliance program ownership becomes total. The IT1 does not share the STIG compliance program with the IT2 in the sense of splitting responsibility — the IT1 owns the program, the POAM, the ATO documentation currency, and the ISSO interface at the command level. The IT2 ran the execution under the IT1's authority; at IT1, the IT2's execution is what the IT1 monitors and is accountable for. The IT1 who does not have eyes on the IT2's STIG work is an IT1 who will be surprised at the ATO review.
The credential expectation shifts again at IT1. The Security+ CE is the floor. The IAT Level III credential — CompTIA CASP+ CE or the current equivalent per DoDD 8140.01 — is the credential the ITC billet requires and the credential that the IT1 advancement board treats as competitive. The IT1 who does not have an IAT Level III baseline in progress is running behind. The ITC board is the next gate, and the chief board reads the credential profile hard in a technical rating.
Chief board preparation starts at IT2 — not at IT1. The EER trend the chief board reads at the IT1 SWE cycle is built from IT2 and IT3 evaluation records. The awards stack that a competitive ITC board candidate needs is built from IT2 and IT3 conduct and performance. The chiefs' mess sponsorship conversation that is the informal prerequisite for the ITC board starts with the relationships the IT2 built with the ITCs in the district while running the sector compliance program. The IT2 who thinks chief board preparation is an IT1 problem has already started behind.
FAQ
IT E5 — Frequently Asked Questions
Q01What does a E5 IT (Information System Technician) actually do?
You are typically the senior day-to-day IT technician at a small boat station, a sector communications and IT shop, or a cutter IT division — or one of two or three ITs in a larger district information management office.
Q02What's the most important thing to know as a E5 IT?
IT2 is the moment in the IT rating where you become the senior technical authority on the deckplate for most daily network administration decisions.
Q03What does a typical day look like for a E5 IT?
Time-blocked day at the E5 IT rank tier: 0530-0600 Personal morning routine. Review the STIG compliance calendar and the help-desk queue status on the duty phone if an overnight ticket came in; brief the overnight situation to the IT1 at morning quarters if anything requires command awareness, 0600-0700 Unit PT. IT2 is in formation with the unit. No exceptions for compliance deadlines, 0700-0800 Hygiene, breakfast, uniform. IT2 arrives in the shop early enough to have the IT3s' task assignments ready before the post-PT brief, 0800-0830 Shop brief: IT1 sets the priority,…
Q04What mistakes get E5 IT soldiers fired or relieved?
Granting a user elevated privileges or a group membership exception because the request came from a senior officer and the conversation was easier to end with 'yes' than to explain the policy. Over-privileged accounts are the second entry on every insider threat incident report. The IT1 and the ISSO both sign the compliance posture that your account-management decisions produce;…
Q05What career decisions matter most at the E5 IT rank tier?
Pursue CySA+ as the second credential versus CASP+ CE versus working toward CISSP eligibility — The right answer depends on which credential the current ALCGPSC advancement message identifies as competitive for IT1 SWE — verify that first, before choosing. As a general framework: the CySA+ is the natural progression from Security+ CE for IT2s with a network administration and STIG compliance background; it tests the analyst skills the IT2 actually exercises (threat detection, incident response,…
Q06What's next after E5 for a IT (Information System Technician) in the Coast Guard?
IT1 (E-6) is the senior IT on the deckplate at most CG commands, and the transition from IT2 to IT1 is the paygrade where the compliance program ownership becomes total.
Q07What manuals and regulations does a E5 IT need to know cold?
COMDTINST M5500.13 (current series) — Coast Guard Information and Life-Cycle Management Manual. At IT2 you are executing the program it defines, not learning it exists.; DoD 8570.01-M / DoDD 8140.01 (current revision) — the baseline certification and workforce management requirements that govern your billet designation and your next credential step.; DISA STIGs (current release) — you are remediating findings and maintaining compliance status on assigned systems; current benchmark files,…
Based on 14 tips from 0 contributors
Published by the Honest MOS Editorial DeskVerified against DoD/.gov sourcesUpdated May 2026Editorial standards