In This Episode

This episode features Andreae Pohlman—Air Force veteran, former Microsoft incident responder, and enterprise security advisor.

You can learn more about the conversation and the guest below.

Tune into the audio version of this episode by clicking the player below:

Tune into the video version of this episode by clicking the YouTube player below:

About the Guest

Andreae Pohlman is a Dallas-based cybersecurity professional with experience spanning hands-on technical delivery to executive-level strategy. She has helped organizations design and implement both proactive and reactive cybersecurity programs, supporting clients across the public sector—from federal to local government—and private sector organizations ranging from startups to global enterprises.

Andreae began her career as a Systems Administrator in the United States Air Force. After her service, she worked internationally helping organizations strengthen their security posture. Her roles have included Security Sales Specialist, advising C-level executives on cybersecurity strategy, and member of Microsoft’s Corporate Incident Response team, where she supported customers during major incidents to restore critical services. She also served on Microsoft’s Compromise Recovery team, leading recovery and remediation efforts following sophisticated cyberattacks.

Throughout her career, Andreae has been instrumental in helping organizations safeguard their most critical assets. Passionate about community impact, she serves on the Board of Directors for the Women’s Society of Cyberjutsu (Cyberjutsu), leading mentorship and STEM initiatives to inspire the next generation of cybersecurity leaders.

Full Episode Transcript

Jess Vachon: 00:33

Hey, hello everyone. Welcome to episode 10 of the Voices of the Vigilant podcast. Our guest today is Andreae Pohlman, Director of Security and a former key member of Microsoft's (this is long), Corporate Incident Response and Recovery Team. Andreae has spent her career in the front lines of cybersecurity, from the Air Force to defending one of the world's largest enterprises. Andreae, welcome. Before we dive into strategy of the high-stakes incident response group that you are a member of, would you quickly share with our listeners the scope of your responsibility at Microsoft and what kept you up at night while you were there?

Andreae Pohlman: 01:10

Oh gosh, that's a great question. Hi, and thank you, Jess.  yes, I'm Andreae Pohlman I go by Dr. Dre, as you see. My standard line is I can't rap and I don't have a doctorate, but I do have the Twitter slash X handle. I had to add some numbers to that. 23. So, Dr. Dre23, if you want to find me there. I don't really post there often anymore. As I was mentioning to Jess, right now I'm on somewhat of a self-imposed sabbatical. I'm taking a break., but currently I serve on the board of directors with Jess. Thank you, Jess, for your ability and volunteerism and being a part of Cyberjutsu. I'm very glad to be joining her on that board of directors’ team. And so that's what I'm currently up to. But as Jess mentioned, and what the question was around with Microsoft. So, I was last there and I actually was last performing as what they called an enterprise security executive slash you know cybersecurity specialist. So, what that really meant is I talked to the CISOs, u so chief information security officer as well as the security leads, security teams, around what Microsoft security tools are available to them and really just educating them on the Microsoft security platform.  you know, when I grew up with Microsoft, I like to say when I grew up because  Microsoft has evolved over the years, and I had joined in February of 2013. , and so over my 10 close to 10-year, 10 year,  well, just over 10 years, , tenure, I  saw Microsoft evolve and we were, you know, even when you know Microsoft Defender for Endpoint  came out, it was like Windows ATP Advanced Threat Protection, it just changed tons of names. That that was another part of that job, was just like keeping up with the name changes of all the different products and educating customers. Oh, yeah, that just changed to this name., and here are the new advancements. But  anyways, I when I grew up with Microsoft,  we moved from seeing a lot of identity-centric security solutions there. , so when I first started off, I focused on Microsoft consulting services, where  I first was kind of bucketed into  the identity  infrastructure and an identity  resource consultant, you could say. , and soon they're moved into more security-focused role from that.  that was very interesting.  it's kind of what why I pause there, because historically at that point in time, the people who were doing the security work were mostly the men and women who started off in the Active Directory world. So again, identity. And as we actually have a great resource for our listeners here, and maybe for you just too, is Mark Simos. He puts together what they call the Microsoft Cybersecurity Reference Architecture. And it used to be one slide, but now it's multiple slides of kind of explaining Microsoft cybersecurity.  and he recently even came out with like this really nice graphic of the history of Microsoft security. And so, kind of parallel to the conversation that we're having and what I'm sharing here is at the time that I was joining Microsoft, there was something called Pass the Hash and Pass the Hash Vulnerability PTH. We came out with the Pass the Hash white paper. Essentially, it's you know, if an adversary grabs, okay, say an adversary, we've seen, I think in recent news, kind of like the social engineering and going after help desk and getting help desk credentials and pivoting into the organization’s environment that way. So, past the hash is kind of like if we take that same sort of scenario, right? with the help desk, they might have administrative privilege. And so, if the adversary then is able to log into the target machine or say not even target machine, maybe they're able to get mess with one of the machines that now user A calls help desk. Help desk now uses their credentials, logs into user A's computer, whatever credentials, including that help desk administrator that's on that local machine, then the adversary would then leverage the password hash to either move laterally or use privilege escalation in the latter of things. So, anyways, a lot of history here., so when I was first joining, historically the security team was very, very hard to join., I had just graduated with my master's degree and there weren't cybersecurity degrees at that time, but most of my focus was cybersecurity related. So, I was very eager to join the cybersecurity team at Microsoft. But unfortunately, that was kind of almost exclusive to people who knew Active Directory in and out., and I even though had familiarity with Active Directory, it wasn't enough senior, I guess, and much many more years of experience with it to really be able to join that team. So MCS, I was doing identity work with and then moved into cybersecurity and cybersecurity. I or on the cybersecurity team, I was doing a lot of work around this past the hash vulnerability and doing things like bash enforce.  so, we called it ESAE, Enhanced Security Administrative Environment, and it was a way to guard those very high level or high-value credentials.  if you're familiar, Microsoft sometimes has a lot of Microsoft talk, , but  high-value  assets, you would put probably like your Active Directory, those domain administrators, the ones that have the most privilege, all the keys to the kingdom, , those would basically be guarded in this bash and forests, the ESAE projects. So, I did that., I also did privilege access workstations. We called them pause. Again, another past the hash mitigation that you could put in place. All of that to say, from doing MCS to then moving into really, I did this compromise recovery team before I joined the incident response team. So, I kind of worked backwards in a way. I like to explain if you were to think of you know, there's incident response, then there's recovery work, and then there's like long-term solutions for organizations. I kind of worked on the long-term solutions for organizations, then I did compromise recovery work or recovery work, and then joined the incident response team. And then lastly, start to educate customers on the Microsoft security solutions., so yeah, anyways, I did compromise recovery work. I had actually gone to APAC, Asia Pacific. I was based out of Singapore for about a year and helped companies and organizations recover from pretty devastating ransomware events or very disruptive events.  from that, I then moved on to the incident response team. And from incident response team, I got tapped as, hey, you would be really good for this enterprise security executive position slash cybersecurity specialists, where educate customers on the security solutions. So coming full circle of answering that question  is when I grew up with Microsoft, it was heavy focus on on-prem identity. , and over these years, I've seen our product stack heavily evolve from not only  you know on-prem identity, we've seen  Entra ID  and  On-prem Active Directory  have solutions like Microsoft Defender for  identity. , we also, or Microsoft also has  its communication-based tools focusing on email and team security solutions, , as well as  Microsoft having  endpoint solutions, Microsoft Defender for Endpoint. And then lastly, CASB Cloud App Security Broker, that that solution being the Microsoft Defender for Cloud Apps. And then there's, you know, and there's such a big portfolio, it it's overwhelming. And that's why I also mention my Mark Simos., I think it's just like I'm going to give you some links here. I think it's Mark's list, www.aka.ms forward slash mark with the K M A R K S list, and it will shoot you over to Mark Simos. There is a Microsoft landing page of the MCRA, which is www.ak.ms forward slash mcra. We'll give you the official mcra documentation, but mark's list. I just for some reason remember that first of how to navigate there. But going back to incident response, I was very fond of that team. I was very fond of it. I was very fond of the compromise recovery team. That's where I felt like I got the realest exposure to cybersecurity, really being in what I joined for.  and what kept me up at night, you know, so many things. I feel like the world is constantly on fire. And, you know, just seeing the ability of what the products were able to detect and give visibility and insight to things that customers might not have seen before. The advancements in a lot of these security tools, because I know I know Microsoft's a leader in a lot of categories, but there's a lot of great tools outside of Microsoft too., it's just amazing the detections that are able to be seen. And the quicker response times, it gives me a lot more hope. Because like there's like the unknown unknown, and ignorance is kind of bliss element to it. But, with these tools, and now you have known, I guess known knowns.   and now recognizing how many known knowns there are, it's like how many known unknowns are there? And I look forward to, I know we're going to talk a little bit later a little bit about AI, but I really look forward to the continuation and progression and where we're going for the future with these tools. So very, very long answer for you, Jess. I apologize. I think I told you I'm a little winded.

Jess Vachon: 14:12

So no, that was great. And I was thinking, you know, as you were talking, Dr. Dre is definitely in the house. Who knew she was a historian for Microsoft?  that's good. You know, I'm of an age where I got to watch the evolution of Microsoft and the security products, and you know, they had some missteps, everyone's aware of that at the beginning. But over the last 10-15 years have really evolved the product choices. What I love about what you just described for us was you gave us a background on how that evolution happened, the people involved, the resources involved, how you played a part in that, which I always find to be valuable in understanding products, right? Yeah, because you can use a product, but not necessarily understand the best way to apply that product or how it was intended to be applied. You just gave us context to go along with that. So, thank you so much. That that wasn't a long-winded reply, that was a very informational reply.

Andreae Pohlman: 15:21

You're very kind, thank you.

Jess Vachon: 15:24

Switching now back to the start of your career in the Air Force, we know it requires a lot of discipline, diligence to defend the cyber solutions that the Air Force and all the armed forces have., by the way, thank you for your service. I appreciate it.

Andreae Pohlman: 15:46

Thank you for yours.

Jess Vachon: 15:48

Yeah, thank you. So, could you tell us a little bit about lessons that you learned in the Air Force without obviously divulging anything that that might compromise national security, but also how you took those lessons and applied those when you went to Microsoft?

Andreae Pohlman: 16:04

Oh my gosh, that's such a great question.  yeah, I it maybe not just Microsoft, just to life.  I'm so grateful. One that I had the opportunity to serve.  a story I like to tell is, you know, I come from a very military family, very government federal work family.  one of the jokes I also like to mention is I was a black sheep in my family because I chose to go into computers and they're all air traffic controllers, , big FAA family, , air traffic controller, dad, air traffic controller, sister,  works for the FAA, , brother-in-law, air traffic controller, brother, air traffic controller. So, I was definitely the black sheep. I think until I said I had a job opportunity at Microsoft, they were like, do you really want to do this computer work? Do you think it's going to, you know, pan out to anything, you fool? No. But, anyways, I the typical story I tell besides the black sheep is, you know, I had told everyone I'm joining the military, I'm joining the military from because that's all I knew. Like, that's what my family told us is oh yeah, you're going to join the military when you graduate high school. And I was like, Yeah, I'm going to do that. Well, come junior year, I got very cold feet., I, you know, my none of my friends were looking at the military. They were like, What? That's not for us. What are you doing this for? I was like, no, I think I need to join., and I really came to the point of like, I can't do push-ups, and I can't get yelled at. Like, what am I thinking? wanting to join the military., and so I had very a lot of second thoughts., I had a very strict upbringing, and so it was, you know, my house, my rules sort of environment and I finally saw my sister.  she had actually I mentioned this too. My sister and my brother, my older siblings. I'm one of five; I'm a middle child and suffer greatly from what about me syndrome. And, anyways, I saw them both kind of try and pursue like their own thing first before joining the military, like try and go to community college, try and figure stuff out of kickstarting their adulthood life. And both of them ended up saying, okay, mom and dad, you're right. I'm just going to join the military. And I saw them kind of start their military career at 20, 21. And I remember my brother coming back from the Navy saying, you know, just join, like rip it off like a band-aid, do it first thing. As soon as you graduate, the sooner you'll be able to start like after that, your adulthood life. And I'm really glad I listened to his advice on that. , because I ended up after having the cold feet, and there's a story to that that maybe I'll talk about later because of one of the topics you brought up. , so I guess I bring that up to answer your question of like one of the things that taught me is  we are all more capable and far more capable than we give ourselves credit for. , it was , like I said, I'm very grateful. I have a younger sister who has asthma, and there's no way she could have even been able to join because of that health condition. And she's she looks up at her older siblings and says, Man, I wish I even had the chance of joining the military. I think the statistic is like 1% of the population serves, and what a great honor it has been to serve our nation, to protect and defend. And really, you know, that's what even pulled me into cybersecurity. It actually, you know, a tech in general, it's not like I had this huge passion for tech. It's a hard field to be in., and it turned out to be a learned passion. But after having served in the military, it was so it was a greater calling, and you could put some sort of impact to the sort of work that you were in that career field. But yeah, I would say like definitely we are far greater capable than what we give ourselves credit for. It gave me actually, we were talking about this, and what I'm most impressed by you is your attention to detail. It gave me a greater appreciation for paying attention to detail.  just a lot. Gosh, there's just so much. Like it helped me with things like caring about laundry, keeping my personal space clean.   not that I do this anymore, but you know, hospital corners, like those sorts of details and just like basic life lessons that I didn't have an appreciation for as a younger person, but now, you know, later into adulthood, I'm like, man, I'm so glad. And honestly, there's a book, and I forget who it's by, it's by a general, but it talks about like success. And one of the keys to success is making your bed first thing in the morning. And I love that. And even though like the military taught me, it took me a little bit longer outside the military to be like, yeah, I'm going to make my bed every single morning and get that kicked kickstart off to the day on the right foot. But, again, another great long answer.

Jess Vachon: 22:12

I love it. And again, thank you for your service. And it's interesting when I get asked, you know, what did I take away from the military? One of the first answers I have is well, I learned that I wasn't the adult that I thought I was until I got done boot camp. And I'm one of these really weird people who not only did I go to boot camp, but then I went to officer candidate school, which is like going to boot camp again. So, I apparently had to learn to be an adult twice, whereas most people learn it the first time.

Andreae Pohlman: 22:42

Like as you say this too, it taught me like respect. It taught, I mean, not that I didn't have respect before, but like understanding the chain of command and how important that is., navigating things from that angle and you know, really corporate world, I feel like is so important., but yeah, so many different lessons. I am, you know, my parents always talked about the military being a steppingstone in life, use it as a steppingstone, and it's the greatest foundational steppingstone. I recommend it to anyone , you know, willing and able to, , I, you know, and too, like when I joined and seeing my sister and my brother kind of flounder, I then realized like, unless you are like so determined in a career path that like I know I want to be  a medical doctor, I want to be a pediatrician, and I have only limited time to achieve this goal. Unless you have that sort of clear vision of what you want for your life and you are determined that's what you're going to be, I think the military is such a wonderful place to start because it gives you enough leeway to kind of figure these things out as you're growing and maturing in your young adulthood.

Jess Vachon: 24:01

That's a great point. Some of the people that I mentor when they struggle to find jobs, you know, they have some of the training, they have some of the certifications saying, consider the military. First of all, you're going to get paid. Second, they'll give you additional training. And if you've got some certifications and you talk to the recruiter and you have the right recruiter, you might be able to choose the military occupational specialty. I use the long name, MOS., that that is related to what you do, and then you spend you know two or four years, you do reserve or you do active duty, and you come out. Now you have experience that you can put on you rese. You've been getting paid to do the work for a number of years. It's a good alternative., so there's options out there, and especially in the job market for cybersecurity as it is now, it might be a really good option to get a roof over your head, three square meals a day, and that experience.

Andreae Pohlman: 25:00

Honestly, I'm jealous of the people joining now, and the exposure that they're getting to the cybersecurity field in the military. Like, I did not have that. I don't even think cybersecurity was an option. It was more, I think my AFSE or Air Force, I forget SC, what that stands for, but basically the equivalent of MOS., so you take the ASVAB. I think you guys had to take everybody, I think military branch agnostic, it takes the ASVAB. So, this is like the SATs for going to college or ACTs going to college, but for the military to help you figure out what sort of career field to go into, at least I believe enlisted., if you go the enlisted route. And I at that time my head was like I mentioned, I did not want to join the military at the time I took the ASVAB, but luckily, I did well enough to get placed into an IT job. So, I think mine was just called computer operator., so I was a computer operator, I'm still a computer operator, but, but I basically did system administration work and helped maintain a European database for aircraft coming in and out of the European theater.

Jess Vachon: 26:28

Great. Okay, I have a question for you. What is GW Cyber Core and what did you do in GW Cybercore?

Andreae Pohlman: 26:36

, so, George Washington University.  so, with cybersecurity encouraging or attracting, rather, I should say, individuals to go work for the government has been, I guess, very difficult because when you look at private sector versus public sector pay, private sector pays a lot more. And so, a way to try and combat that, the government put together these scholarship programs., Cyber Corps was the name of the one that I went to. It's some of the other I've also known the names have kind of changed over the years, but I think the most common one was referred to as scholarship for service. There was also the IASP, which is I was in the Cyber Corps with Scholarship for Service folks and IASP folks. I was in IASP Information Assurance Scholarship Program, is what IASP stood for. And so, it’s it was a way to get individuals that were looking for financial assistance, scholarship opportunities to help with their schooling to help pay for that. And then in an agreement to go when you finished up your undergrad or grad or whatever schooling you got this scholarship for, you would go then to a government agency and you would still get paid your salary, et cetera, but you would be paying back in time working for that organization. Really wonderful program, honestly.  I have probably the best of friends from being through that program.  we still get together. A lot of us ended up getting even married on the same date. So, we have similar anniversaries., we go take a lot of group trips with one another., we have, you know, meeting up at cyber, what do we call it? Hacker Summer camp. I really like Paul Acidorian from Security Weekly, way before it became Hacker Summer Camp. He used to refer to it as the spring break for cybersecurity professionals. And I feel like that's so much more appropriate of calling it that. But I guess Hacker Summer Camp probably sounds a lot more professional versus, you know, I guess spring break in Panama City or whatever. But I digress. So, I guess on that front, Cyber Corps or yeah, Cyber Core Scholarship for Service., yeah, I kind of mentioned my, okay, actually, I'll go back a little bit. So, I had a non-traditional schooling path. I joined the military first. I then went to a local community college when I separated the military in the Panhandle, Florida, then moved up to Washington, DC, where we thought that there would be a lot more opportunities for veterans., and I mean, I think there are opportunities for veterans everywhere. Everywhere but Washington, DC, especially, with our capital being there and as many federal agencies are there. So, and they had a lot of great schooling opportunities. So, I was able to get into George Washington University., I was getting my undergrad degree. I was contemplating do I go to computer science or should I look at, you know, more of a management information systems type degree? , and with the MGI bill, , I was on the old school MGI bill education benefits, , for those who don't know, , from having served in the military. , those were depleting. And so, as I was finishing up my school, schooling there and getting, you know, fortunately, I was eligible for some scholarships as well from George Washington University, because it's a private school and a very, very expensive private school., I was trying to game plan what does my future look like? And it having been so hard as a non-traditional student, like having taken that break from high school and going into the military, , which is a whole other type of education in and of itself. , but to get back into school and specifically college, I thought I don't know if I would want to do this again, , take a break and go back to school. So, I'm just again going to rip it off like a band-aid., they had a master's degree program, and I was going, I was going to be able to do that undergrad and master's in a total of five years altogether. I had already gotten many, much of my schooling, or you know, I guess half of my undergrad schooling through the community college. So, I technically had about three more years. It ended up being four because of the requirements of the scholarship, but it was so good. I'm so glad that I went down the path that I did with it. And anyway, so I'm, I guess, heavily money motivated when it comes to things. And I was like, how am I going to get this paid for? And so, when I decided to get my master’s, I found this scholarship for service opportunity, and I thought, this can cover it. And it did, and it was such a great opportunity., I got to work at the government accountability office, I got to work at the Defense Information Systems Agency, DISA. And I got that was actually through that program was my first exposure to DEF CON because they helped sponsor the first year or in the in-between year to get to go., and that was wow, such an eye-opener getting to see a bunch of nerds gather and congregate. And specifically, I remember visually seeing these two grown men in kilts with lightsabers in like the center of this, you know, hotel conference building just fighting each other. I'm like, what did I sign up for coming into cybersecurity? But then I realized like, wow, these really are my people. Like I said, the nerds. I always say nerds very endearingly because I consider myself a nerd., and maybe that's wrong of me, but or to project on other people that they're nerds or I don't want any negative connotations with that. I want only positive., but I digress. So  this is a really great program, especially if you're looking at ways of trying to help fund your school  or your schooling. , and it was cybersecurity focused. , and that's I mentioned that was supposed to be five years, but ended up being more  going back to like there not being really a cybersecurity degree program at that time. , because of this scholarship, it required you to take a lot more cybersecurity courses and those extra courses. , even though I was able luckily to get them funded, , it extended my duration of graduation. But it was, I feel very blessed that I got that education.

Jess Vachon: 34:14

There is a theme with you where I don't know if it's resilience or determination. You're not daunted by taking the more difficult path. And your reflection on taking that difficult path is I think enlightening for a lot of people. It's a message that look, your career might not be easy, but if you're up to the challenge, it will be rewarding. And that's what I'm hearing over and over from you. It's just it's so lovely to hear your story and the way that you reflect positively on every challenge that was thrown in front of you. So, I just want to make note of that.

Andreae Pohlman: 34:52

Oh, I again I'm so ultra flattered. Thank you so much for that. I think, you know, my mom growing up, she would always talk about this. You can take the hard path and it's going to be much easier later on, even though you think it's going to be so hard up front, or you can take the easy path and it's going to be so much harder later on. And there's been quite a few times I've tried taking the easy path, and I quickly learned, like, man, this was much harder to go down this path., and I appreciate, yeah, the resilience. Like, I yeah, I don't know, maybe that's something from being brought up in a strict family, or maybe the military helped shape that. But I hope that I am. And I mean, I still think I have I have you know, you asked for a fun fact about me, and I gave you one, but another fun fact for you is I'm like a self-help addict., I love the self-improvement books, which is a nicer way of saying self-help.  I guess I'm just like a glutton for punishment, too, of like, oh, I must be doing better. I need to be achieving more, getting this or that. So maybe it's a lot of the self-help books that I've been reading.

Jess Vachon: 36:18

Maybe you mentioned your mom, you mentioned your family. So, let's talk a little bit about that. How do you think how the way you grew up, and the influence of your parents shaped your career choices and shaped who you are and your success in your career?

Andreae Pohlman: 36:36

Oh, that's a great question.  so much., you know, oh gosh. I think that we were brought up very strict in a strict household., for example, I wasn't allowed to go spend the night at even my best friend's house, who was like who lived two streets down the block, wasn't allowed to watch PG 13 movies even. Or I mean, yeah, definitely not R-rated, but even when I became 18, those were still you're not allowed to watch. So, I grew up with understanding there's a lot of rules, and if I chose to break those rules, there were consequences, and consequences I did not like. And so I quickly tried to change, I guess, maybe my mindset around the situation that I was in, and tried to find, you know, happiness thereof, you know, just because I can't watch this movie that all my friends are able to watch, maybe I can watch this other one and just, you know, be fine with that and understand that maybe later in life I might want to watch it and I won't be under these strict rules. And come to find out, you know, there have been like some of those movies that actually, for example, Titanic. I wasn't allowed to watch the Titanic. And still, I don't know. Now that I'm older, I'm like, did I really miss out on much? I know what happens. Like everybody talked about it, and you know, maybe I have two more hours back in my life, or maybe I think it was a long movie, it might be like three, that I didn't have to waste on the Titanic. I'm sure it was, you know, no harm to James Cameron, I think did that movie, but I'm sure it was wonderful, James Cameron. Not that you're watching this, but anyways, I think yeah, they I think they are going back to that resilience. I maybe that's the point of learning to be resilient and just pressing forward and finding other opportunities in life.  I think they greatly shaped who I am.  and I'm very appreciative to them.  like I said, I was the black sheep. They could they kept pushing air traffic control. They were like, are you sure you're the cutoff for going into this career field is you know limiting now if you don't make this move., but I think they're very happy with the career path that I've taken.  and you know, kind of even going back, I remember just begging my parents for a PC.  it was like maybe the late 90s that we finally got a PC. And once I got it, I mean, that was just wow. I for me at a young age, I just thought having a computer would open so many opportunities. Like it was like an artist being given a canvas, right? and then you know, add the World Wide Web with our modems and AOL.  but yeah, I'll just say I'm very grateful to my parents. I'm glad that they bought us that PC or and that helped shape, you know, me going down the computer path that I did.

Jess Vachon: 40:03

That's a beautiful story. I want to pivot now to CyberJutsu because we talked about that prior to going live on the show. You've been involved with CyberJutsu, Women's Society of CyberJutsu for a number of years. You're currently a board member., tell us a little bit about the organization and your involvement prior to being on the board and what you really love about the organization.

Andreae Pohlman: 40:24

Oh, thank you. Yeah. , gosh, I love everything about the organization, but I'll try and come up with something a little bit more specific. , so  Women's Society of Cyberjutsu or Cyberjutsu, we call it for sure, it's much easier to come out that way. , it really is an organization focused on helping individuals advance in cybersecurity. , I would say it's a great community of  individuals. Ideally, or not ideally, originally, I should say, it started off, you know, focused on really like a minority group in a world of the majority in cybersecurity.  the stat I think was one in 11 or one in 10 women represented the cybersecurity workforce. And so having a place that you could go to and ask questions, not feel db. , and just there's something so I don't know, I hate saying the word validating, but yeah, I guess for lack of better words, validating of seeing someone like you and being like, oh wait, they're doing the same thing I'm doing. That's pretty cool. I've not seen that.  so Cyberjutsu originally started out focusing on a minority  group to help them with their career in cybersecurity. , I would like to say, although, because we've even recently put on like a conference  in the local area, I'm out in Dallas, Texas. , and  there were some individuals, some  males reaching out saying, hey, I'm not sure if this is for women only, this conference. And no, everyone and anyone is welcome.  we encourage folks of all paths to be a part of Cyberjutsu too.  and very appreciative of those who join because I always tell people, you know, tech in general isn't for the faint of heart. Like I even going through some issues of backing up an image of my phone, for example, I get into tech issues and I'm pulling out my hair, like, why can't I figure this out? even though it's easy, it's just a space issue. So, but it it's challenging. And I would say cybersecurity is definitely a lot more challenging than just generalize IT. , so I think it's really nice to have this community of folks  that we can come together, we can ask questions. , I right now I'm helping lead  a program called Small Tribes. , and Small Tribes is a peer-to-peer mentorship. So, folks of all different levels in their career path, entry, mid, senior, executive, join this group. And there are there are about groups of 10  folks, and they meet bi-weekly and they talk about different topics, and each person is rotated to be on the hot seat to deliver a certain topic. , we give plenty of resources for them to be able to deliver that topic, but it's a great way to kind of get immersed and  hone in on your   communication skills, professional skills, etc. So, what I love most about Cyberjutsu is really the community, the people, the technical advantage that I feel like this nonprofit offers with a lot of the workshops. I know this, I mentioned the professional and career growth. That's one element, but it leans heavily into the technical side of the house. And I know we're almost at time, so I'm going to be quiet.

Jess Vachon: 44:26

That's okay. I couldn't agree more with the statements that you've made about the organization. When people ask me how it's different than other organizations, I say it's challenging. It's for people with moxie and grit that that are willing to put their nose to the grindstone and work hard to learn. And if that's the type of person you are, you're going to find community in this group. And that community is going to be there for the long term. And we can watch people who join the organization and watch their careers progress and how they come back to the organization and give back. So, it's funny because it really your theme, and I mentioned it earlier, is facing the challenge, not always take an easy path. So, it makes sense that you ended up with this organization as a leader in the organization.

Andreae Pohlman: 45:14

Oh, thank you so much. I really appreciate that.

Jess Vachon: 45:17

You're welcome. I know we had a ton of questions. I'm going to have to have you come back for another episode because you're just a font of information and you have a wealth of knowledge, but I want to get one last question in with you. If you could wave a magic wand and change something about cybersecurity, just one fundamental aspect, what would it be?

Andreae Pohlman: 45:38

Oh gosh. I mean, I know yeah, passwords. I mean to me, that just screams like if we could figure some other way, I don't know. I know that Microsoft has come out with password lists.  we now have pass keys, like it's still something that is so cumbersome to a lot of folks, and we have to make it easier for the majority of users., because yeah, I just I feel like passwords are it, but you know what? In everything in life, where there's a will, there's a way, and adversaries will find a way, so that’s so tough. I love that question.

Jess Vachon: 46:31

Yeah, I think we all have different opinions, and then we start to think about what we've said is our opinion, and then we hear the other voices in our industry saying, Well, but Yeah. You know, you have to stick to some opinions and go forward with them until the majority say, okay, we're just wrong about this. But anyways, thank you for offering that. Thank you for joining me today, Dr. Dre. I love this session. I know the listeners are going to love listening to it and learning more about you and learning about how their careers can evolve and be shaped and learning about Women's Society of Cyberjutsu. So, thank you very much., listeners, if you enjoyed this episode, please take a minute, leave a review, and subscribe to the podcast. It helps me bring more episodes to you. And you know what? I love doing this. I love having great guests like Dr. Dre with me. So please take that minute and do that.

Andreae Pohlman: 47:26

Hit the LIKE button.

Jess Vachon: 47:28

There you go. Hit the like button. Until next time, everyone. Bye. Bye.

Want to get notified when new episodes are released?

Click the button below to subscribe: