Mary N. Chaney, Esq., CISSP, CIPP/US, has always been an achiever in her academic and professional life. Her drive is evident in the awards and recognitions she has received, in the positions she has had, and in the businesses she has created. She’s a senior executive leader with more than 25 years of strategic development and operational experience in cybersecurity, privacy and risk management. Over the course of her storied career, Chaney has advised, led and managed teams responsible for privacy, third-party risk management, cyber incident management, incident response, cyber network defense, forensics, discovery, internal threat, information security and privacy awareness, database security management, and data leak prevention.
Chaney began her career as a Special Agent in the Federal Bureau of Investigation (FBI), working on the cybercrime squad before moving into the private sector — holding several cybersecurity executive positions at GE Capital, Johnson & Johnson and Comcast prior to starting her own cybersecurity law firm. She’s currently the Director of Information Security and Privacy for Esperion Therapeutics. Chaney is also Co-Chair of the NIST — Privacy Workforce Public Working Group; a member of the (ISC)² Global Diversity, Equity and Inclusion Taskforce; a Professor at the University of Cincinnati, covering topics within cybersecurity; and Chairwoman, CEO and President of the nonprofit Minorities in Cybersecurity.
Every piece of Chaney’s education and professional career is made up of bumps, bruises and triumphs that have helped mold her path and develop her entrepreneurial skills, leadership skills and drive to help other people. While pursuing her undergraduate degree in Information Systems, Chaney says she received her “worst grade ever” on a paper in a business law class. Believing the grade was a comment on her ability to pursue law as a career, the experience motivated Chaney to go to law school, “with the sole purpose of proving that teacher wrong,” she laughs. During law school, the FBI held a recruiting event and, in June 2002, as a direct result of the events of September 11, 2001, she found herself training for the FBI in a class of 50 students — 25 women and 25 men, of which she was the only African American.
“On the cybercrime squad, I was investigating hacking, DoS [denial-of-service] attacks and more,” she shares. After the FBI, she started her first company, an information security consulting firm. From there, Chaney ended up at GE Capital as Director of Incident Response, leading the incident response team but also responsible for security awareness, database security and data leak prevention. She credits the position as one where she was able to develop and hone critical team building and leadership skills.
“The FBI gave me the foundation to be an individual leader, and GE Capital was really an exploration for me in developing my leadership skills and identifying how I lead. Building teams is not easy, and the company really did a great job of developing leaders and giving me a further, solid foundation for my career,” Chaney says.
Eventually, Chaney started her own cybersecurity law firm, advising organizations and other lawyers on cybersecurity issues, before joining Esperion Therapeutics as Director of Information Security and Privacy, where she’s focused on GDPR, data transmission privacy and security, security awareness, supply chain security, and third-party risk management.
Chaney is also a teacher and a mentor. Over the years and along the way, she realized that the conversations she was having with her mentees and others at conferences and speaking engagements often surrounded non-technical issues that hindered career growth.
“I saw that so many minorities and women were knowledgeable on the technical side of the industry as they usually are, but the challenges came with workplace culture and leadership challenges — all things that can take away from successfully doing the day-to-day job,” Chaney says. “In my experience, I have found that it’s not the hardness of cybersecurity that makes people leave; it is challenges in culture or a gap in other skills such as leadership. We can transition out of this [industry] skills gap if organizations commit to hiring for diversity and minorities gain the skills they need to succeed.”
So, in 2019, Chaney founded Minorities in Cybersecurity (MiC), a not-for-profit organization dedicated to the leadership and career development of cybersecurity professionals. The organization offers tools, events, resources and job postings to support, develop and help prepare others to excel within cybersecurity while achieving personal career success. In January 2022, MiC began its first six-month, all-virtual leadership development program, the cost of which is covered by corporate sponsor Bloomberg.
“The purpose of MiC is to nurture other women and minorities in this space. We won’t transition out of this industry skills shortage without creating and hiring diverse managers. When you are a diverse hiring manager, you are more likely to focus on hiring diverse people, and then it is possible to move the needle. At the same time, we need to focus on the gap in knowledge women and minorities may have on becoming effective leaders by providing additional training and support,” Chaney says.
In the future, MiC will offer leadership and development programs for all levels of cybersecurity professionals, from those graduating college to those already at director levels within their careers.
And, while helping minorities and women within the industry is Chaney’s passion or “purpose project,” as she calls it, the route to a more diverse, equitable and inclusive security industry is not a completely straight one, she says. “It’s important to understand that there is no silver bullet to diversity, equity and inclusion, just like there is no silver bullet for cybersecurity defense. Each step is a strategy, but there is not just one way. What is important is for organizations to have a plan,” she says. “Organizations say they want to tackle diversity, but when asked what actions they are taking, they come up short. It’s about having a goal, taking action and executing a strategy. Everyone in business knows that if you have a goal, you have to have a strategy behind it and a way to measure that progress.”
For young professionals and students, Chaney’s most important career advice is, “Don’t ever give up. The choices you make will lead you down a particular path. Remember that, and don’t let anybody stop you from pursuing what you want to do in life.”