Skip to main content
HonestMOS
InvestigationsCongress made VA disability claims free to file. An entire industry charges veterans anyway — and nobody can stop them.
Back to CWT Cyber Warfare Technician — overview, pay, training, civilian translation, reviews
CWTE1-E3

Cyber Warfare Technician

E-1 to E-3 (Junior Enlisted) · Navy

HEADS UP

The clearance and the pipeline are the job at this rank, not the keyboard. CWT runs a long cyber schoolhouse (verify current course and location — historically the Center for Information Warfare Training and Corry Station, Pensacola) plus a TS/SCI investigation and CI polygraph that gate every seat you will ever sit. Until it adjudicates, you are not read into anything. The highest-leverage thing you do at CWTSN is keep that clearance clean — financial discipline, reported foreign contacts, honest paperwork — because in this rating the clearance is the career.

The Honest MOS Read
You enlisted into the Navy's newest enlisted cyber rating — Cyber Warfare Technician — and the Navy is still building the road under your feet as you walk it. CWT consolidated the networks-and-cyber operator role formerly carried under the Cryptologic Technician (Networks) community, and it exists to put enlisted Sailors on the keyboards of the Cyber Mission Force supporting US Cyber Command, Fleet Cyber Command / Tenth Fleet, and the Navy information-warfare enterprise (NAVIFOR). Because the rating is new and moving, half of what your buddy told you about NECs, pipelines, and work-role names is already stale. Treat structure as a moving target and verify everything against the current source-rating NAVADMIN. After Recruit Training Command Great Lakes (~8-10 weeks of boot camp) you go into the long cyber pipeline — months of network and cyber training at the information-warfare schoolhouse (verify the current course and location; historically the Center for Information Warfare Training family and Corry Station, Pensacola). You learn the OS and networking fundamentals the rating assumes — TCP/IP, DNS, ports and protocols, command line on Windows and Linux — plus the foundational defensive cyber skill set and the work-role framework the joint cyber force runs to. None of it matters operationally until the second gate clears: the TS/SCI investigation and the CI polygraph. That starts at boot camp or in the schoolhouse and finishes during the pipeline or at your first command for many Sailors. Until it adjudicates, you are not read into the mission. You study, you sit foundational PQS and quals, and you do the unglamorous work the team needs filled. When you check aboard, the deckplate mental picture goes out the window. Cyber duty is heavily shore and joint — a Cyber Mission Force team supporting US Cyber Command's Navy component, a Fleet Cyber Command / NAVIFOR element, a Cryptologic Warfare Activity, or a joint-duty site, often inside a SCIF on a watch floor that looks nothing like a carrier. You will not see the sea-and-shore rhythm a Boatswain's Mate lives. You will see a clearance, a watch bill, and a work-role qualification track. The tier-one tasks you draw at CWTSN — monitoring, log review on the team's stack, the foundational analytic the work role defines — happen under a senior CWT or a CTN-legacy senior who has been in the cyber fight since before the rating had its own name. You learn the team's tools, study the qualification track, and keep your security paperwork so clean it never delays the team. The advancement math runs on the Navy Enlisted Advancement System (NEAS) under MILPERSMAN. E-2 and E-3 come on a time-in-service track; the first real gate is the Navy-Wide Advancement Examination (NWAE) for CWT3 (E-4). It runs twice a year, and your Final Multiple Score (FMS) combines the exam, your evaluations, time-in-rate, awards, and education. The exam is built straight off the NWAE Bibliography for Advancement (BIB) — pull the current CWT BIB and own it; the cutoff is published per NAVADMIN after each cycle and moves with rating manning, so do not quote a number, pull the message. The DoD 8140 cyber-workforce framework gates which work roles you can hold and which baseline certification you must earn before the team lets you sit a position. Navy COOL funds the voucher — do not leave it on the table. And the reason any of this is worth the long pipeline and the clearance grind: a CWT who exits with a clean TS/SCI, a work-role track, and the cert stack is one of the most hireable enlisted Sailors the Navy produces, and the cleared cyber contractor and federal-civilian world hires that profile aggressively. The window starts at CWTSN, and the way you protect it is boring on purpose — pay your bills, report your contacts, never lie on the paperwork, and never carry the mission out of the space.
Career Arc
  • 01RTC Great Lakes — Navy boot camp, ~8-10 weeks.
  • 02Long cyber pipeline at the information-warfare schoolhouse (verify current course / location — historically CIWT and Corry Station, Pensacola) — OS/networking fundamentals, foundational defensive cyber, work-role framework.
  • 03TS/SCI investigation + CI polygraph initiated and adjudicated — the second, harder gate. Until it clears, you are not read in.
  • 04First assignment: Cyber Mission Force team (US Cyber Command's Navy component), Fleet Cyber Command / NAVIFOR element, Cryptologic Warfare Activity, or joint-duty cyber site — heavily shore and joint, not sea/shore.
  • 05Tier-one tasks under a senior CWT or CTN-legacy senior; foundational PQS and work-role quals; baseline DoD 8140 certification earned (Navy COOL funded).
  • 06First NWAE cycle for CWT3 (E-4) — twice yearly, FMS / NEAS, BIB-built exam, NAVADMIN-published cutoff.
  • 07Clearance hygiene becomes a lifelong habit — financial discipline, foreign-contact reporting, continuous-evaluation responses, never lying on the paperwork.
Common Screwups
  • ×Letting clearance behavior drift in the barracks. Financial irresponsibility, undisclosed foreign contacts, a drug pop, a security incident — at CWTSN/CWT3 these are clearance-killers, and in this rating losing the clearance is losing the career and foreclosing the post-service cleared cyber market for years. Reinstatement timelines run multi-year if you ever get it back at all.
  • ×Lying or shading the truth on the SF-86, a foreign-contact report, or a continuous-evaluation question. The investigators find it, and the lie kills the clearance faster than the underlying fact ever would have. Disclose the awkward thing; it is almost always survivable. The cover-up is not.
  • ×DUI or drug pop — separation under MILPERSMAN, clearance revocation, and the cleared cyber market shut to you for years. There is no version of this rating where you keep the career after this.
  • ×Phoning the Navy COOL window and the BIB study. The baseline cert is funded, the post-service market reads the stack directly, and the NWAE is built off the BIB — coasting through the apprentice tier leaves measurable salary and the first advancement on the table.
  • ×Talking shop outside the SCIF — at the barracks, online, on a dating app, to family. OPSEC is the product in this rating. A stray sentence is the negligent discharge of cyber, and at this rank it happens to the careless, not the malicious.

A Day in the Life

  • 0500-0600Wake in the barracks (most CWTSN are single junior enlisted at a shore command). Phone check — overnight notes on the watch chat, watch-bill changes, anything the LPO needs you to know before quarters. Hygiene, PT gear on. In a clearance-gated rating, the phone stays out of the space — build that habit now.
  • 0600-0700Command or section PT on the schedule the LCPO published — cardio days, strength days, the section's plan. Cyber is heavily shore, so PT looks like a normal command's morning, not a deckplate's. Train toward the PRT cycle, not just the test.
  • 0700-0800Chow, change into the uniform of the day, walk to the cyber spaces or the watch floor. Pre-quarters: read the watch turnover log, check overnight tickets and alerts the team handled, review status feeds before the LCPO puts out plan-of-the-day. Phones go into the bin before you cross into the SCIF.
  • 0800-0830Quarters. The LCPO puts out plan-of-the-day; the cyber officer or department head briefs anything driving the day; the LPO assigns rotations and tasking. As CWTSN you stand at the back, take notes, and ask the LPO your questions after quarters — not during.
  • 0830-1130If your clearance has adjudicated and you are read in: tier-one tasks on a qualified-by-supervision basis — log review and monitoring on the team's stack, the foundational analytic the work role defines, PQS line-item drill with the CWT3 assigned to qual-sign you. If the clearance is still pending: study, foundational quals you can complete uncleared, schoolhouse follow-on coursework, and the work the team needs filled. The apprentice tier is heavy on PQS, study, and watching the seniors work.
  • 1130-1230Chow. You eat with the other CWTSNs and junior CWT3s, not with the LPO or LCPO. Quick check of the watch chat and the afternoon watch-bill changes. Nothing about the mission gets discussed in the galley line — OPSEC follows you out the door.
  • 1230-1500Afternoon block — section training (defensive cyber fundamentals refresher, tool familiarization, OPSEC and security-incident-reporting brief, NEC familiarization), PQS line-item drill, and at well-run teams a defended block for DoD 8140 baseline-cert study. The CWTSN who lets the day eat the study block has already lost the next exam window.
  • 1500-1600DoD 8140 baseline-cert / BIB study block. Navy COOL funds the voucher; the cert sheet is what the LPO and LCPO see at section sync. Pull the official study material, the practice resources the command's learning center stocks, and build a documented daily study log the LCPO can read.
  • 1600-1630End-of-watch turnover. The on-coming watch reads the log; you walk them through any open items, ongoing activity, and pending escalations from your seat — clean, complete, no gaps in the timeline. Turnover discipline at the apprentice tier is the habit that defends every paygrade after.
  • 1630-1800Released, most days at a shore command. Watch rotations, real-world tempo, higher-echelon assessments, and joint-site surge periods reshape this window. PRT prep, gym, study, family time for the married Sailor, barracks time for the single junior enlisted.
  • 1800-2100Personal time. Single CWTSN in the barracks — gym, study at the rack, NEC catalog browsing for the work-role conversation, off-duty social with the section's junior enlisted. Married CWTSN — family time. Whatever you do, the mission stays in the SCIF; this is where careless shop-talk and unguarded online posts end clearances.
  • 2100-2200Study-log maintenance, PQS flash-card drill, cert-exam practice questions, next-day pre-quarters prep. The LPO who texts at 2130 with a section question expects an answer from the watch even at the apprentice tier.
  • Standing watch (cyber watch-floor rotation, joint-site watch bill, real-world tempo)Sit the watch as the junior operator under the CWT3 or CWT2 watch-stander on the rotation. Monitor the team's dashboards, escalate any degradation or anomaly to the supervisor on the watch correct and on time, log every action, and hand off cleanly to the on-coming watch. Cyber watch rotations are shore-and-joint and follow the team's standing watch bill, not a ship's clock.
  • Real-world event / higher-echelon assessmentWhen the team works a real event or a higher-echelon assessor walks the floor, the CWTSN covers tier-one tasking under direct supervision, keeps the documentation tight, and stays in his lane — qualified and authorized only. The seniors run the hard pieces; the apprentice keeps the boring parts boring so the team can focus on the fight.

Weekly Cadence

The Mon-Fri rhythm at CWTSN runs on the LPO's training plan and the LCPO's plan-of-the-week, both published off the department head sync at the end of the prior week. Monday morning is heaviest on planning — the LPO puts out the week's PQS drill calendar, the section training topics the LCPO blocked, the watch rotation, and any tasking the team needs filled. As CWTSN your Monday is reading the watch bill, confirming your PQS line-item appointments with the CWT3 assigned to qual-sign you, and asking the operator above you what the week's priority items are. If your clearance is still pending, Monday is also where you confirm what coursework and uncleared quals you can knock out while the investigation runs. Tuesday through Thursday are the working core. If you are read in, the watch runs at the team's tempo — monitoring, log review, the foundational analytic your work role defines, all under a senior operator's eye. Section training falls on the days the LCPO and the cyber officer blocked: defensive cyber fundamentals, tool familiarization, the security-incident-reporting and OPSEC briefs that never stop in this rating, and NEC familiarization for the work-role conversation coming at CWT3. PQS line-item drill happens whenever the watch does not need you, and the DoD 8140 baseline-cert study block has to defend itself against the day's tasking — the CWTSN who lets it slide is the one who watches his peers get the school seat. Friday is plan-of-the-week-out for the next week. The LCPO publishes the next week's watch bill; the cyber officer and department head sync confirms next week's training and assessment calendar; the LPOs align at section sync; and the LCPO walks the floor for the weekly readiness look. As CWTSN you bring your PQS status, your cert-study log, any open items from the current week, and any questions about next week's rotation. Real-world tempo, joint-site surge periods, and higher-echelon readiness assessments collapse the Mon-Fri rhythm entirely — the team operates to the event calendar, training and PQS time get crammed into the off-windows, and the cert-study block has to fight for the hours that are left.

Key Skills — How to Drill Each

  1. 01
    Live inside the clearance reality from day one — handle classified spaces, materials, and conversations like the career-ending matter they are.
    Nothing leaves the SCIF — not on a phone, not on a personal device, not on a scrap of paper, not in a hallway conversation. Learn your team's spill, store, and destroy procedures cold in the first month and follow them even when nobody is watching, because the one time someone is watching is the audit. Report the awkward thing — the foreign contact at the gym, the relative who moved overseas, the credit-card problem — to your security manager early; the rating survives disclosure and dies on the cover-up. The senior CWT does not babysit a CWTSN whose paperwork is a liability, and the LCPO reads clearance discipline as the first signal of whether you belong in the rating at all.
  2. 02
    Read network traffic and system logs well enough to tell normal from not-normal on the team's monitoring stack.
    This is the foundational defensive skill every junior operator drills, and you build it by reps on a quiet watch under a senior operator's eye, not by reading about it. Learn your team's baseline first — what normal looks like for the networks you watch — because you cannot spot the anomaly until you know the boring. When something looks off, escalate correct and on time: what you saw, when, why it caught your eye, and what you did. The senior CWT trusts the CWTSN whose escalations come right; the slow or noisy escalator is the one who gets the busy-work instead of the watch.
  3. 03
    Operate confidently across OS and networking fundamentals — TCP/IP, DNS, ports and protocols, command line on Windows and Linux.
    The schoolhouse assumes this and the team will not re-teach it. Drill the basics on your own time — spin up a home lab on cheap hardware or a VM stack, work the public training paths Navy COOL and the cyber-workforce ecosystem point at, and build muscle memory on the command line until you stop reaching for the GUI. The CWTSN who has to look up basic syntax in front of the watch loses credibility he spends months earning back; the one who is fluent on the fundamentals is the one the senior operator hands the harder task to first.
  4. 04
    Document what you did cleanly — action, timestamp, result — to a standard the team lead can defend at turnover and a work-role evaluator can sign.
    Write it so the next operator can repeat your steps without calling you, and so a higher-echelon assessor reading the log six months later understands exactly what happened. Plain English, no shorthand only you understand, no gaps in the timeline. The sloppy log is the one that turns a routine event into an investigation because nobody can reconstruct what was done. Build the documentation habit at CWTSN and it carries every paygrade after; skip it now and you are the operator the team lead reworks at every turnover.
  5. 05
    Knock out PQS and the foundational work-role qualifications on the LCPO's timeline.
    Walk the PQS book to your LPO the week you check aboard and get the qualification sequence for your billet — foundational watch quals, the work-role line items, the team's tool quals. Drill line items with the CWT3 or CWT2 the LPO assigns you; never ask for a sign-off you cannot demonstrate cold. The sign-off pace is the LPO's defended timeline, not yours, and FMS reads a caveat. The slow CWTSN becomes the slow CWT3 candidate, and the team that is short qualified operators remembers who closed PQS on time and who let it drift.
  6. 06
    Earn the baseline DoD 8140 cyber-workforce certification your billet requires before the team lets you sit the position.
    Pull the work-role requirement for your billet off the DoD 8140 chart, find the baseline cert it gates on, and start the study the same week you check aboard. Navy COOL funds the voucher — schedule the exam, build a documented daily study log, and sit it before the timeline your billet sets. The team will not slot you on a position without the cert in compliance; the watch bill works around your cert status, and the CWTSN who has the baseline on the sheet early is the one the LCPO names first when the next school message drops.

Manuals & References — What Chapters Matter

  • DoDD 8140 / DoDM 8140.03 — Cyberspace Workforce Qualification.
    The DoD-wide chart that gates which cyber work roles you can hold and which certifications you must keep to hold them. Read the work-role definitions your billet maps to and learn where the baseline cert sits — the LCPO checks the chart against your cert sheet at position turnover, and an operator out of 8140 compliance does not sit the seat. Pull the current edition; the framework has been actively revised.
  • SECNAVINST 5239 series — Department of the Navy Cybersecurity / IA Program.
    The umbrella every Navy cyber regulation inherits from. You are not expected to quote chapter and verse at CWTSN, but you are expected to know it is the parent document and to operate inside it. Pull the current version from the Navy Doctrine Library before quoting it — the copy on your team's share is usually stale.
  • US Cyber Command Cyber Mission Force work-role / qualification standards.
    The joint training-and-certification framework the Cyber Mission Force runs to — the spine your work-role qualification track is built on. Verify the current standard; the rating and its quals are still maturing, so the names and the gates shift between cycles. Know which work role your seat maps to and what the next one up requires.
  • NIST SP 800-series — 800-53 (security and privacy controls), 800-181 (NICE Framework work-role map).
    The parent documents under the DoD cyber workforce structure. NIST 800-181 maps the work roles the 8140 framework gates; 800-53 is the controls catalog under every accreditation your team operates inside. You are working inside this stack at the apprentice tier, not writing it — but the CWT3 BIB will quote it back to you.
  • NAVPERS 18068 series — the Navy Enlisted Classification (NEC) catalog.
    Read the cyber NEC entries before you fall in love with a code, and pull the current source-rating NAVADMIN alongside it because this rating's codes are still moving. The NEC you stack shapes the rest of your career and the post-service market; the wrong read at CWTSN sends you toward a packet that does not exist anymore.
  • SECNAV / OPNAV personnel-security guidance and the SF-86 / e-QIP process.
    Your clearance is your career — learn the rules that keep it. Know what is reportable (foreign contacts, foreign travel, financial problems, certain associations), the timelines for reporting it, and the continuous-evaluation regime you now live under. The clearance dies of neglected reporting far more often than of any single dramatic act.

Standards — How to Hit Each

  • TS/SCI clearance adjudicated and a CI polygraph completed — without it you do not have a job in this rating.
    Anything that delays the investigation delays everything, so do your part fast and clean: submit a complete, honest SF-86, respond to investigator and security-office requests the same week, and never give the adjudicator a reason to dig. Disclose the awkward thing up front. If a financial or personal issue is brewing, get ahead of it with your security manager before continuous evaluation flags it — the proactive disclosure is survivable; the surprise flag is the one that holds up the seat.
  • Baseline DoD 8140 cyber-workforce certification earned by the timeline your billet sets.
    Navy COOL pays the voucher. Pull the current exam objectives the same week you check aboard, build a 60-90 minute daily study log the LPO can read, and sit the exam before your billet's timeline closes. The team will not slot you on the position without it; the CWTSN with the baseline on the sheet early is the one slotted first when the C-school or follow-on work-role message drops.
  • All NWAE-eligible PQS and foundational work-role quals signed off on the LCPO's timeline.
    Walk the PQS book to your LPO the week you check aboard, get the qualification sequence, and drill line items with the CWT3 or CWT2 assigned to qual-sign you. Never ask for a sign-off you cannot demonstrate cold. The CWTSN who walks into the CWT3 NWAE with PQS unfinished is the one the LCPO defends with a caveat — and FMS reads the caveat against you.
  • PRT Good Low or higher; BCA in standard.
    Cyber is a clearance-and-keyboard rating, but the Navy still runs the Physical Readiness Test under OPNAVINST 6110.1 — train the cycle, do not sprint it the morning of. Build base mileage, work the strength and core events, and stay in BCA standard through chow discipline and the command gym. Falling out is a self-inflicted wound on a record where every other line is clean, and the LCPO does not defend a sharp operator who cannot pass the PRT.
  • Annual cyber-awareness and security-refresher training completed before the deadline, every time.
    Schedule it the same week the notification drops and never let it slip past the deadline. In a rating where a careless lapse is a reportable incident, the annual training is the cheapest compliance you will ever do — and the operator who lets it lapse is the one whose name shows up on a deficiency report instead of a watch bill.

Technical Mistakes — Concrete Consequences

  • Carrying classified out of the space — on a phone, a personal device, a piece of paper, or in a conversation off the watch floor.
    This is the line that ends a cyber career and starts an investigation, and you are at the rank where it happens to the careless rather than the malicious. The incident gets reported up the chain, the security office opens the file, and depending on what was carried and where it went the response runs from a counseling chit all the way to a security incident investigation, clearance action, and administrative separation. The cleared cyber market reads clearance findings directly — do not give the security office a reason to start the file.
  • Plugging unauthorized media into a mission system.
    The incident-response ticket lands on the LCPO's desk that afternoon and your name is on the report up the chain. Depending on the system's classification and what the device touched, the response escalates from spot-training and a counseling chit to a full security incident investigation and clearance action. There is no government workstation in this rating where a personal USB belongs, and the audit that finds the unauthorized device finds it by serial number with your name attached.
  • Lying or rounding up on an SF-86, a foreign-contact report, or a security questionnaire.
    The investigators will find it, and the lie kills the clearance faster than the underlying fact ever would have. A disclosed debt, a reported foreign relative, an honestly-described past mistake — the adjudication system is built to weigh those and clear most of them. A discovered lie is a candor finding, and candor findings are clearance-enders. Disclose the awkward thing; the cover-up is the actual career risk.
  • Touching a system or running a tool you have not been qualified and authorized on.
    In this rating there is no such thing as 'I was just exploring.' Unauthorized action on a mission network is a security incident, not initiative — the monitoring catches it, the finding has your name on it, and the team lead is the one explaining it up the chain. The CWTSN who waits to be qualified and authorized is the one who keeps the clearance; the one who freelances on a live system is the one who becomes a case file.
  • Talking shop outside the SCIF — at the barracks, online, to family, or on a dating app.
    OPSEC is the product in this rating, and a stray sentence is the negligent discharge of cyber. The vague-but-revealing version — what your team works, where, how busy you have been — is still a disclosure, and the person fishing for it on the dating app or in the comments is sometimes exactly who you are trained to assume they are. One careless conversation can open a counterintelligence inquiry that follows your clearance for years.

Career Decisions at This Rank

  • Defensive cyberspace operations versus the network side versus the harder offensive-adjacent track
    At CWTSN this is still a sketch, not a signed packet, but the work-role track you start drifting toward shapes the rest of the career. Defensive operations (the analyst-and-defender path) is the broadest base and travels cleanest to the post-service market. The network-operations side leans on the engineering and infrastructure depth that the cleared network-engineer market pays well for. The harder offensive-adjacent quals open only when the team, your clearance, and your demonstrated depth all support it — they are not something you elect at the apprentice tier. Talk to the senior operators in each track and the career counselor; verify which work roles actually exist in the current cycle before you fall in love with one, because the rating's structure is still moving.
  • Stack the certs and BIB now versus coast through the apprentice tier
    The DoD 8140 baseline cert is funded by Navy COOL and gates your seat; the NWAE is built off the BIB. The CWTSN who has the baseline cert on the sheet and a documented study log by the nine-month mark is the one the LCPO slots first when the next school or work-role message drops, and the one whose CWT3 advancement is on time. Coasting costs the first advancement and measurable post-service salary — the cleared cyber market reads the cert stack directly. There is no downside to stacking early and a compounding cost to waiting.
  • Protect the clearance proactively versus react when something flags
    This is the most important decision in the rating and most CWTSN do not realize they are making it. The continuous-evaluation regime watches your finances, your foreign contacts, and your conduct constantly. The Sailor who reports the awkward thing early — the debt, the foreign relative, the past mistake — almost always keeps the clearance, because the adjudication system is built to weigh disclosed facts. The Sailor who waits for the system to find it converts a survivable fact into a candor problem, and candor problems are clearance-enders. Decide now to be the proactive one; it is the cheapest career insurance you will ever buy.
  • NEC code chase versus stay general at the apprentice tier
    The NEC sub-specialty stack shapes the CWT career arc, and the conversation starts now even though the packet comes later. But this rating's NEC codes are still moving — read the cyber NEC entries in NAVPERS 18068, pull the current source-rating NAVADMIN, and verify what actually exists before you commit a plan to it. At CWTSN the right move is usually to build the foundational quals and cert stack broadly, learn the team's mission, and have an informed question ready for the career counselor — not to lock a specific code that may not survive the next catalog revision.
  • Early read on the post-service market versus heads-down on the day-to-day
    Most CWTSN treat the post-service market as a problem for the end of the contract. The ones who get ahead understand at the apprentice tier that a clean TS/SCI plus a work-role track plus the cert stack is one of the most valuable enlisted exits the Navy produces — cleared cyber contractors and federal cyber components hire that profile aggressively. Knowing that changes how you treat the clearance, the certs, and the documentation today: every clean ticket, every reported contact, every cert on the sheet is also a line on the resume the cleared market reads. You do not have to decide to leave to act like the exit matters.

How the Seat Varies by Unit Type

  • Cyber Mission Force team (US Cyber Command's Navy component)
    This is the operational tip of the spear — work-role-qualified crews executing cyberspace operations under the joint Cyber Mission Force structure. The qualification track is the most demanding, the watch floor is the most mission-driven, and the clearance and OPSEC posture is the tightest. As CWTSN you draw tier-one tasking under a senior operator and you live the joint work-role framework directly. Verify the current team structure and work-role names; this is exactly where the rating is moving fastest.
  • Fleet Cyber Command / NAVIFOR element
    The Navy's own cyber and information-warfare enterprise under Fleet Cyber Command / Tenth Fleet and the Naval Information Forces structure. The mission set runs the defensive and network operations that protect and enable the fleet. The rhythm is shore-and-watch-floor, the qualification track still runs to the 8140 and Cyber Mission Force standards, and the CWTSN here gets a broad foundation in the Navy-specific side of the cyber fight.
  • Cryptologic Warfare Activity / joint-duty cyber site
    A joint or cryptologic-warfare environment where Navy CWTs work alongside the other services' cyber operators and the broader intelligence-and-cyber enterprise. The clearance environment is the strictest, the OPSEC discipline is absolute, and the work is often the most specialized. As CWTSN you learn how the joint cyber world fits together and how the Navy enlisted operator plugs into it — which is a perspective that pays for the rest of the career.
  • Schoolhouse / pipeline (pre-first-command)
    Before any of the above, you are a student in the long cyber pipeline (verify current course and location — historically CIWT and Corry Station, Pensacola) with the clearance investigation running in parallel. Your 'unit' is the schoolhouse; your job is to pass the curriculum, complete the foundational quals you can do uncleared, and keep the clearance investigation clean. The CWTSN who treats the pipeline as the easy part and the clearance as automatic is the one who stalls before he ever reaches a watch floor.
  • Legacy-CTN-heavy team versus newer all-CWT team
    Because the rating consolidated the former CTN networks-and-cyber role, some teams are still senior-heavy with CTN-legacy operators who came up before CWT had its own name, while newer teams are increasingly all-CWT. The legacy-heavy team gives you mentors with a decade in the fight and institutional memory the new rating has not written down yet — lean on it hard. Either way, verify the current rating structure and work-role names against the source-rating NAVADMIN, because what a legacy senior calls a qual may have a different name on the current chart.

What Good Looks Like at This Rank

The good CWTSN is the Sailor whose clearance stays clean, whose paperwork never delays the team, and whom the senior operator trusts to read logs on a quiet watch because the escalations come correct and on time. By the time the pipeline and the investigation are behind him, the baseline DoD 8140 cert is on the sheet, PQS is closed on the LPO's timeline, and the LCPO is asking which work-role track he wants to chase — defensive cyberspace operations, the network side, or the harder offensive-adjacent quals when the team and his clearance support it. He documents every action so the next operator can repeat it cold, he is fluent on the OS and networking fundamentals the schoolhouse assumed, and the senior CWT above him hands him the harder tier-one task because he has earned it. He treats the clearance as the career it is. He reports the awkward foreign contact early, he pays his bills, he never lies on a questionnaire, and he does not talk shop outside the space — not because he is afraid, but because he understands OPSEC is the rating's whole reason for existing. He shows up to quarters in a clean uniform with a haircut the LCPO does not have to correct, he passes the PRT without drama, and he volunteers for the working parties the LPO needs filled. The CTN-legacy senior who has been in the cyber fight for a decade reads the difference between this CWTSN and the one who thinks the crow is owed to him. The good CWTSN is also reading ahead. He has the baseline cert and the next work-role qualification identified; he has flipped through the cyber NEC entries in NAVPERS 18068 and pulled the current source-rating NAVADMIN, and he has a real question for the career counselor about which pipeline fits his endgame. He knows the post-service cleared cyber market is one of the strongest exits in any Navy rating, and he is building the cert stack and the clearance discipline now, at CWTSN, that will pay him at the end of his obligation — whether he stays for twenty or takes the contractor offer at the first EAS.

Preview — The Next Rank

CWT3 (E-4) is where the rating shifts from apprentice to operator. The crow on the sleeve says you sit a qualified work-role position on a mission crew and at least one CWTSN is watching how you carry it. The first 90 days at CWT3 are the credibility window — the LPO is watching whether your apprentice habits carry forward (clean documentation, PQS on the timeline, clearance hygiene that never delays the team, cert-stack momentum) or whether you coast on the crow. The CWT3s who coast become the ones the LPO works around; the CWT3s who run a clean position become the ones the LCPO names for the next work-role and the more capable seats behind it. The work-role qualification conversation that was a sketch at CWTSN becomes a real decision at CWT3. You sit a certified position and execute the analytic or operational task to a standard the team lead can defend, and you start the harder qualification — the next work role up, the certifications that open more capable seats, and the NEC pieces that define the career path. You also start training the brand-new CWTSNs coming out of the pipeline, which is the first real leadership reps the rating gives you. And the clearance becomes fully yours to manage — periodic reinvestigation timelines, continuous-evaluation flags, foreign-contact and financial reporting — because at CWT3 it is no longer someone else handling your paperwork. The NWAE for CWT2 (E-5) is the next gate — twice yearly, FMS-based, built off the CWT3/CWT2 BIB, NAVADMIN-published cutoff. The eEVAL trait average against your peer CWT3s starts to matter materially for the CWT2 slate; sloppy eEVAL narratives at CWT3 compound across cycles and there is no recovery within a board cycle. The cert stack matures too — the next DoD 8140 work-role certs and the cyber credentials Navy COOL funds — and the cleared cyber contractor market is reading your sheet for the next promotion's worth of operational depth. Build the CWT3 the way the LCPO is grooming you to: clean documentation, a work-role cert on the sheet with the next one identified, mentor a CWTSN through PQS, sit the next cert, defend the position.
FAQ

CWT E1-E3 — Frequently Asked Questions

Q01What does a E1-E3 CWT (Cyber Warfare Technician) actually do?
Before you do anything operational you survive the schoolhouse and the clearance.
Q02What's the most important thing to know as a E1-E3 CWT?
The clearance and the pipeline are the job at this rank, not the keyboard.
Q03What does a typical day look like for a E1-E3 CWT?
Time-blocked day at the E1-E3 CWT rank tier: 0500-0600 Wake in the barracks (most CWTSN are single junior enlisted at a shore command). Phone check — overnight notes on the watch chat, watch-bill changes, anything the LPO needs you to know before quarters. Hygiene, PT gear on. In a clearance-gated rating, the phone stays out of the space — build that habit now, 0600-0700 Command or section PT on the schedule the LCPO published — cardio days, strength days, the section's plan. Cyber is heavily shore, so PT looks like a normal command's morning, not a deckplate's. Train toward the PRT cycle,…
Q04What mistakes get E1-E3 CWT soldiers fired or relieved?
Letting clearance behavior drift in the barracks. Financial irresponsibility, undisclosed foreign contacts, a drug pop, a security incident — at CWTSN/CWT3 these are clearance-killers, and in this rating losing the clearance is losing the career and foreclosing the post-service cleared cyber market for years. Reinstatement timelines run multi-year if you ever get it back at all; Lying or shading the truth on the SF-86, a foreign-contact report, or a continuous-evaluation question.…
Q05What career decisions matter most at the E1-E3 CWT rank tier?
Defensive cyberspace operations versus the network side versus the harder offensive-adjacent track — At CWTSN this is still a sketch, not a signed packet, but the work-role track you start drifting toward shapes the rest of the career. Defensive operations (the analyst-and-defender path) is the broadest base and travels cleanest to the post-service market. The network-operations side leans on the engineering and infrastructure depth that the cleared network-engineer market pays well for. The harder offensive-adjacent quals open only when the team, your clearance,…
Q06What's next after E1-E3 for a CWT (Cyber Warfare Technician) in the Navy?
CWT3 (E-4) is where the rating shifts from apprentice to operator.
Q07What manuals and regulations does a E1-E3 CWT need to know cold?
DoDD 8140 / DoDM 8140.03 — Cyberspace Workforce Qualification (the chart that gates which cyber work roles you can hold and which certs you must keep to hold them).; SECNAVINST 5239 series — Department of the Navy Cybersecurity / IA Program (the umbrella every Navy cyber reg inherits from).; US Cyber Command Cyber Mission Force work-role / qualification standards — the joint training-and-certification framework the CMF runs to (verify the current standard;…

This playbook has no tips yet. Be the first to share what you know.

Published by the Honest MOS Editorial DeskVerified against DoD/.gov sourcesUpdated May 2026Editorial standards