Jennifer Mahoney has over 16 years’ regulatory compliance experience in both consulting and enterprise environments. Her experience ranges from small businesses to Fortune 50 corporations particularly in the technology, state and local, manufacturing and pharmaceutical verticals. She now works as a Senior Consultant in Data Governance and Privacy Protection at information security company Optiv.   

Piano – my first piano recital ~age 7

NCA: Thanks for joining us today! What was your educational journey and earlier career path like?  

Jennifer: I was a double major in chemistry and biology in college. I applied to medical school and decided I did not want to go to school for another eight to 12 years. So, I got a job and I went into consulting fairly early on, bounced around a little, but went into consulting pretty early on in chemical regulatory compliance and worked with companies on OSHA regulations, EPA, some FDA, international chemical companies that were doing transportation and import/export, for example. 

NCA: What attracted you to the privacy field?    

Jennifer: A question from a person at a former workplace. I have always been a person to say yes when faced with a challenge. As a consultant, you are not necessarily an expert in all the things your client needs, and every client is different. So, you're researching applicability to individual client needs in every single engagement and being adaptable along the way. The US privacy business partner at my previous company reached out to me because of completing an activity that was required for individuals who are in charge of applications that handle personal information. I completed the record of processing activity for the activities that my team was doing per company guidelines. 

He reviewed my entry and reached out to me under the guise of asking questions about it. At the end of our conversation, we talked for about 20 minutes, and he said, "How would you like to do this full-time?" And I said, "Do what?" And he said, "Join privacy." He said, "I'm hiring on my team."  

And I said, "Okay, what does that mean?" Because I'm a consultant, right? I am doing this totally different area for the first 15 or so years of my career, and this question is posed to me, do you want to learn this entirely new different thing? I said, "Send me a job description." I said, "I don't know, but it sounds challenging." One of the things that was attractive to me about the privacy field, like when I got into chemical regulatory consulting, it was at a moment of explosion of regulation. 

There's a lot of parallels, even though I just picked up and dropped into this totally different regulatory realm. When I read the job description that he sent me, I was honest with them and I said, "I don't know what any of this is." Lot of acronyms I'd never heard of before, frameworks that I wasn't familiar with.  

I was honest with him. I said, "This sounds interesting, and I'm willing to help where there's need." Because that was a conversation about changing from consulting into corporate. And my company had a need that they were asking me to fill. And I was like, "I'm happy to help, but I don't know how helpful I would be." And he said, "I can teach you." 

He outlined the things that he recognized in my background and in talking to me. He was interested in capitalizing on those things and the rest could be learned. And so that's how I got here. I eventually felt that I wanted to return to a consulting environment. And, eventually, I left that company and came over to Optiv. I stayed with that privacy scope into re-engaging in the consulting space. 

I tried to present myself as being teachable. I knew how to read regulations. I knew how to communicate regulations and how to break things down and apply it to a situation. That was the foundation of what helped to present me as a candidate for the role. 

NCA: What's something you're working on right now that you're excited about? 

Jennifer: Right now, my primary project is a multi-phase engagement with a global company. Right now, we are focused on the U.S. regulatory changes with California, Virginia, Connecticut, Utah, and Colorado having come into force and going into force later this year. 

In this engagement, all our conversations are about the consumer, being transparent in data handling practices, how to utilize privacy as a benefit, and how to show respect to the consumer. Privacy is not simply overhead and it's not just a regulatory compliance thing. Especially here in the last couple of years, privacy has evolved to a benefit – if you can give consumers choice, give them transparency, they're more likely to do business with you and to keep their business with you. And luckily, our clients are privacy minded. 

NCA: What advice would you give to people seeking a career in cybersecurity?

This is my first computer, purchased with HS graduation gift money

Jennifer: Be curious. There are a lot of opportunities that you can't imagine. I never would've thought my career would lead me to where I am right now but be curious about things and say yes. When those unique questions are asked or the road splits, don't be afraid to go the new way and see what's down that path. If you're not burning your bridges along the way, you can always go back if you decide it's not a direction you want to go but say yes. 

Find a mentor. I have been very lucky to have amazing mentors, amazing bosses along the way. Having someone to help you with some perspective of who you are and also what your goals might be and help you to mold yourself against opportunities that might come up in front of you, find that relationship -- and those will change over time. The world can be a little bit scary, but there's so much opportunity there as well. 

NCA: How do you think that the cybersecurity industry can work to close the workforce gap it currently faces? 

Jennifer:  Look for non-traditional candidates that you can teach. They might not have the knowledge that you might be seeking coming into a role, but they can learn. They might have other things that make them a wonderful candidate. You just need to be a little more patient with them and give a little more guidance early on.

Firefighter – my first “real job” after college, I worked at a chemical plant and was on the Emergency Response Team – I earned State of Ohio Volunteer Firefighter certification

NCA: Thank you so much for sharing your wisdom with us today! 

The Mahoney Dogs -Redwood National and State Parks in California

Karma (M) – Black Lab/Golden Retriever mix – passed away in February from cancer at age 11

Carlin (M) – Chocolate Lab/Golden Retriever mix – Karma’s littermate – age 11

Sequoia (F) – Newfoundland/Great Pyrenees mix – age 6