The IAPP’s “Profiles in Privacy” series features a monthly conversation with a notable privacy professional to discuss their journey in privacy, challenges and lessons learned along the way, and more.
Scuba diving might not be the first thing that comes to mind when privacy professionals think of an incident response plan. But there are parallels and Melanie Ensign, an avid diver certified in rescue and prevention, draws on them in her work in both areas.
“I bring a lot of the concepts that I learned through rescue diving into things like incident response and executive coaching. When I work on an incident response plan, I’m thinking about what is going to cause certain executives to panic. Panic compromises our judgment and makes things hard for people around you,” said Ensign, founder and CEO of Discernible, a specialized security and privacy communications firm. “There are a lot of crisis communications firms that make a lot of money off people being scared and I desperately want to reduce that panic and that fear. We can acknowledge something is urgent and important without pushing a panic button.”
Ensign, who lives in Tulum, Mexico, found her personal passion for marine biology — particularly sharks — at just 8 years old. While she continues to harness that enthusiasm through scuba diving, Ensign’s early career experience introduced her to her professional passion — cybersecurity.
“I took to cybersecurity,” said Ensign, who led global corporate communications strategy for AT&T Managed Security Services and the AT&T Chief Security Office while working for global PR and marketing agency FleishmanHillard. “It just fit me so well. It was the thing that I didn’t know I was really passionate about. Not only was it really challenging because I had to learn so many new things, but I also found it incredibly meaningful and impactful. It mattered.”
Ensign worked on the AT&T account for six years, leading the company’s security communications during the Snowden revelations and as security became a “brand pillar” for AT&T’s consumer products. The experience took her to Facebook where she worked as security communications manager for a year before becoming global head of security, privacy and engineering communications at Uber in 2016.
Throughout her career, Ensign said she saw “really well-intentioned and smart privacy teams stumble when it came to gaining legitimacy and influence in the organizations they worked for.” So, she set out to help security and privacy professionals be more effective communicators.
In 2020 she launched Discernible, a communications consultancy for privacy and security organizations. It is “intentionally not a PR shop,” Ensign said, but helps professionals foster relationships with stakeholders, handle incident preparedness and response — including public and internal communications — teams and product management and more.
“We are communications consultants for privacy and security organizations,” Ensign said. “We’re a one-stop shop for everything a privacy team might need in terms of human interaction.”
Ensign’s work ranges from individual and team coaching — assisting privacy professionals who want to take their careers to the next level and helping teams with conflict resolution or negotiation training — to helping companies in how they talk about privacy at every level and advising clients on products and features to mitigate risks and implement creative solutions.
For the past two years, Ensign has shared her insights as a member of the IAPP Publications Advisory Board.
She is Discernible’s sole full-time employee, surrounded by a dozen practicing contractors, including engineers, lawyers, writers, designers and product managers who each lend their expertise as needed.
“One of the smartest things I’ve done with Discernible is to bring in other smart people with me. I am not a lawyer, so I cannot and will not give people advice on how to comply with regulations. So I bring in lawyers that can give that counsel,” she said. “One of the great things about having this type of consultancy is that the folks on my team are not dealing with a million other things that are happening with a business the way in-house folks are. This is what we do all day, every day. So the lawyers that work with us, this is what they do. They are constantly keeping up with new regulations.”
In her area of expertise, Ensign said she stays up to date on the latest research, information and practices on effective communications. She values the contributions of Discernible’s contractors and the size and scope of the company, saying she wants to maintain the intimacy it currently offers.
“One of the reasons I started this company was to give honest people with integrity a reliable source of income with work that they enjoy doing. I want to stay small enough that I personally know every person that works at the company, and we are a small team of experts,” she said. “I think we will stay boutique and sharp because we want to stay involved in the client work.”
So what advice can a privacy professional, who has worked for some of the most recognized companies in the tech space before leading a consulting business, share?
“Go where you are valued,” Ensign said. “If you don’t feel valued you are not in the right place and once you find your place it’s totally worth it. Change can be scary and I think sometimes we fight really hard to try to convince people to value us. I think we would be better served if we spend more energy on finding the place that already values us.”
She also wants privacy professionals to know: “You cannot fix privacy at a company that does not want to be fixed.”
“I see a lot of really smart, well-intentioned professionals working at companies where they are unnecessarily swimming upstream when they could go somewhere else and be rewarded and compensated for everything they can contribute to an organization,” she said. “You are not responsible for saving a bad company from itself.”