Cyber Network Defender (25D)

Course Information

  • ​Course Title: Cyber Network Defender (Cert)
  • Course Number: 230-25D30 (CP)
  • College: Signal Leader Development College (SLDC)
  • OPR: Warrant Officer Division
  • Status Change Date: January 2020
  • Training site: USACCoE&FE, Fort Eisenhower, GA
  • Length: 14 Weeks 0 Days
  • Managed: Army Training Requirements and Resources System (ATRRS)


To train Regular Army, National Guard, and Reserve Soldiers about Army networks at various levels, aspects of cyber network defense operations which includes defending cyber networks, performing threat management of new and existing networks, and performing network forensic operations after a network intrusion.

Course Scope:

The Cyber Network Defender deploys, implements, maintains, and administers the infrastructure systems required to effectively provide defense in depth to the network and resources. This may include, but is not limited to routers, firewalls, intrusion detection systems and/or intrusion prevention systems, and other Computer Network Defense (CND) tools as deployed within the network environment (NE) or enclave. Collects data gathered from a variety of CND tools (including intrusion detection system alerts, firewall, network traffic logs, and host system logs) to analyze events for possible attacks that occur within the environment. The environments can be computing network environment (CE), NE or enclave. Validates, investigates, and analyzes all response activities related to cyber incidents within the NE or enclave. These tasks include, but are not limited to: creating and maintaining incident tracking information; planning, coordinating, and directing recovery activities; and incident tracking information; and incidents analysis tasks, including examining all available information and supporting evidence of artifacts related to an incident or event. Performs assessments of systems and networks within the NE or enclave and identify where those systems and/or networks deviate from acceptable configurations, enclave policy, or local policy. Perform limited shared Information Assurance Technical (IAT) Level I & II as required, and all IAT Level III functions.


  • 96 months Minimum Time in Service
  • MOS immaterial
  • Top Secret w/Sensitive Compartmented Information
  • 105 ASVAB GT Score
  • 105 ASVAB ST Score
  • Student must complete the 25D application process to receive approval (Final 25D Acceptance memo) from Office Chief of Signal (OCOS), prior to class seat reservation.

Physical Demands:

  1. Occasionally lift/lower and carry 150 pound of Battle Command Common Services stacks as part of a 2 - 4 Soldier team (prorated 75 pound per Soldier).
  2. Must possess finger dexterity in both hands for computer input requirements.
  3. Must be able to hear a wide range of sound frequencies.
  4. Must be able to speak clearly into a microphone.


A capstone training event is conducted at the end of the course to assess student learning and to evaluate their ability to perform required MOS specific critical tasks in a simulated field environment.

Course Structure:

  • This course is un-phased.
  • The course is structured in modules, lessons, some of which are Commercial off the Shelf (COTS) courses.


A - Introduction to Cybersecurity (80 hours)
B - Intrusion Analysis (120 hours)
C - Security Info and Event Mgmt (SIEM) Analytics (104 hours)
D - Incident Handling (104 hours)
E - Introduction to DoD Tools (80 hours)
F - Capstone (40 hours)
G - Administrative (28 hours)