My Cyber Success Story – Jennifer Mahoney

May 15, 2023

Jennifer Mahoney has more than 16 years of regulatory compliance experience in both consulting and enterprise environments. Her experience ranges from small businesses to Fortune 50 corporations, particularly in the technology, state and local, manufacturing and pharmaceutical verticals. She now works as a consultant in data governance and privacy protection at Optiv, the cyber advisory and solutions leader.


NCA: Thanks for joining us today! What was your educational journey and earlier career path like?
Jennifer: I was a double major in chemistry and biology in college. I applied to medical school but decided I did not want to go to school for another eight to 12 years. I got a job, and I went into consulting early on, bounced around a little, but went into consulting in chemical regulatory compliance. I worked with companies on OSHA regulations, EPA, some FDA and international chemical companies that were doing transportation and import/export, for example.


NCA: What attracted you to the privacy field?
Jennifer: A question from a person at a former workplace. I have always been a person to say yes when faced with a challenge. As a consultant, you are not necessarily an expert in all the things your client needs, and every client is different. You’re researching applicability to individual client needs in every single engagement and adapting along the way. The U.S. Privacy Business Partner at my previous company reached out to me for completing an inventory record for an application that collected and processed individuals’ personal information. I completed the record of processing activity for the activities that my team was doing per company guidelines.


He reviewed my entry and reached out to me under the guise of asking questions about it. At the end of our conversation, he asked, “How would you like to do this full-time?” I said, “Do what?” “Join privacy. I’m hiring on my team,” he replied.


“OK, what does that mean? I don’t know, but it sounds challenging. Send me a job description,” I replied. I’m a consultant, right? I am focused in the chemical regulatory area for the first 15 or so years of my career, and this question is posed to me – “do you want to learn this entirely new regulatory role?”


One of the things that attracted me to the privacy field, similar to when I got into chemical regulatory consulting, was a moment of explosion of global regulations, especially in the United States. There were a lot of parallels, even though I just picked up and dropped into this different regulatory realm. When I read the job description that he sent me, there were a lot of acronyms I’d never heard of before, frameworks that I wasn’t familiar with. I was honest with him and said, “I don’t know what any of this is. This sounds interesting, and I’m willing to help where there’s a need.” That was a conversation about changing from consulting into corporate, and my company had a need that they were asking me to fill. “I’m happy to help, but I don’t know how helpful I would be.” He said, “I can teach you.”


He outlined the things he recognized in my background and was interested in capitalizing on those; the rest could be learned. That’s how I got here. I eventually felt that I wanted to return to a consulting environment and I left that company and came to Optiv. I stayed with that privacy scope while re-engaging in the consulting space.


I tried to present myself as being teachable. I knew how to read regulations and I knew how to communicate regulations, how to break things down and apply them to a situation. That was the foundation of what helped present me as a candidate for the role.


NCA: What’s something you’re working on right now that you’re excited about?
Jennifer: Right now, my primary project is a multi-phase engagement with a global company. We are currently focused on U.S. regulatory changes in California, Virginia, Connecticut, Utah and Colorado.


In this engagement, all our conversations are about the consumer, being transparent in data handling practices, how to utilize privacy as a benefit and how to show respect to the consumer. Privacy is not simply overhead, and it’s not just a regulatory compliance thing. In the past couple of years, privacy has evolved to a benefit – if you can give consumers choice, give them transparency; they’re more likely to do business with you and to keep their business with you.


NCA: What advice would you give to people seeking a career in cybersecurity?
Jennifer: Be curious. There are a lot of opportunities that you can’t imagine. I never would’ve thought my career would lead me to where I am now, but be curious about things and say yes. When those unique questions are asked, or the road before you splits, don’t be afraid to go the new way and see what’s down that path. You can always go back if it’s not a direction you want to go.


Find a mentor. I have been lucky to have amazing mentors as well as some amazing bosses along the way. Having someone to help you, with some perspective of who you are or what your goals might be, can help mold yourself against opportunities that might come up in front of you. Find that relationship — and those will change over time. The world can be a bit scary, but there’s so much opportunity there as well.


NCA: How do you think that the cybersecurity industry can work to close the workforce gap it currently faces?
Jennifer: Look for non-traditional candidates that you can teach. They might not have the knowledge you seek coming into a role, but they can learn, they might have other things that make them a wonderful candidate. You just need to be patient with them and give guidance early on.


NCA: Thank you so much for sharing your wisdom with us today!


*This article originally appeared on the National Cybersecurity Alliance blog. Reprinted with permission.

Jennifer Mahoney
Jennifer Mahoney has 18 years’ regulatory compliance experience in both consulting and enterprise environments. Her experience ranges from small businesses to Fortune 50 corporations particularly in the technology, state and local, manufacturing and pharmaceutical verticals. Areas of expertise include the General Data Protection Regulation (GDPR), the California Privacy Rights Act (CPRA) / California Consumer Privacy Act (CCPA), the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach Bliley Act (GLBA), the Personal Information Protection and Electronic Documents Act (PIPEDA), and many others.

Optiv Security: Secure greatness.®

Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit