Mardecia Bell, CISO at NC State University, has 40+ years in IT. She believes appropriate security controls should follow the data wherever it lives. A frequent conference presenter, she serves on the Regulated Research Community of Practice advisory board. She’s a founding member of NC State’s Women In Technology Interest Group and co-chairs the AI Advisory Group. Mentoring female students interested in the cybersecurity field is a key passion.
Recently, in an exclusive interview with CIO Magazine, Mardecia shared insights into her remarkable 40-year career in IT, her passion for cybersecurity, and her vision for a more secure and inclusive digital future. She also shared her personal hobbies and interests, future plans, pearls of wisdom, and much more. The following excerpts are taken from the interview.
Hi Mardecia. Can you tell us about your career path and how you ended up in the cybersecurity field?
My journey into the cybersecurity field began somewhat unexpectedly. When I was applying to universities, I was unsure of a major until my high school advanced math teacher suggested Computer Science, given my strength in mathematics. I followed his advice and was accepted to NC State University.
After earning my B.S. in Computer Science from NC State in 1983, I began my career in the textiles industry as a COBOL programmer at WestPoint Pepperell in Lumberton, NC. This early experience broadened my skills significantly, as I was also responsible for learning PC applications and training administrators on their use across different plant locations—a critical time when PCs were first being adopted in industrial settings.
In 1985, I returned to Raleigh to join NC State University’s Administrative Computing Services department. My career progression at NC State was extensive, beginning as a COBOL applications programmer. I then transitioned into an applications analyst programmer role, initially providing desktop support, and later specializing in mainframe and then client/server security support. This trajectory led to management roles, including manager of distributed systems and security, assistant director of systems/database/distributed systems & support, director of administrative computing services, and director of enterprise technology services and support. This journey reached its peak in 2007 with the establishment of the Office of Information Technology (OIT), where I was appointed as the Chief Information Security Officer/Director of Security & Compliance.
What do you love the most about your current role?
What I love most is operating within a higher education environment, dedicated to providing a more secure setting that enables students to excel and reach their full potential.
What role do you think artificial intelligence and machine learning will play in cybersecurity in the next 5 years?
In the next 5 years, artificial intelligence and machine learning will have a dual impact on cybersecurity. While attackers will use these tools to create highly sophisticated threats, their most crucial role will be on the defensive front. AI is rapidly becoming essential for automated threat detection, significantly enhancing our ability to detect and block widespread threats, such as the phishing attacks common in university environments. Furthermore, AI and machine learning will be instrumental in proactive defense strategies, including analyzing user behavior and modeling potential attack paths. I’m hoping these technologies will ultimately better protect users from making their own mistakes.
What do you think is the biggest misconception about cybersecurity, and how do you address it?
The most prevalent misconception about cybersecurity is that it operates as a roadblock to business operations, leading to security teams being unfairly labeled as the “team of NO.” To counter this perception, cybersecurity professionals must proactively seek to be collaborative partners with their stakeholders. At NC State, the Security & Compliance (S&C) leadership has institutionalized this approach by scheduling collaboration meetings across all units in the Office of Information Technology, as well as with key campus partners such as Internal Audit, the Office of General Counsel, Emergency Management, and Mission Continuity. Furthermore, S&C ensures representation on both the IT and data governance committees and working groups. The primary objective of this effort is to focus on building trust and establishing the S&C team as a valuable partner, dedicated to helping the campus community execute its mission in the most secure means possible. Cybersecurity is a team effort.
How do you think we can encourage more women and underrepresented groups to pursue careers in cybersecurity?
We have to start introducing cybersecurity in K-12 education, especially in middle and high schools with cybersecurity curriculums and inclusion in career fairs.
If you could have dinner with anyone, dead or alive, who would it be and why?
I would choose to have dinner with my first-grade teacher, Mrs. Elizabeth James. I’d want to thank her for the profound impact she had on me, specifically for stopping my classmates from laughing when I read my first book out loud with a speech impediment. Her single act of kindness and support was a crucial motivator, showing me that I could achieve anything, regardless of any challenges I faced.
Can you share a book or resource that inspires you and why?
Devotional books by Sarah Young are a significant source of inspiration. Her distinctive interpretation of scripture clarifies biblical truth in a manner that yields encouragement for me. I am currently reading her book, Living Hope.
What are some of your passions outside of work? What do you like to do in your time off?
Machine quilting is my passion. I’m most proud of making quilts for our great nieces and nephews as well as godchildren. I have one more to make and then I’ll start making quilts for our nieces and nephews.
I also love to travel. Our daughter lives in London and our son lives in New Orleans, so these are two places we visit often. Other places we have traveled include Amsterdam, Paris, Australia and Germany. One of my favorite trips was driving cross country to California and stopping at the Grand Canyon at sunset – an absolute must to see.
What is your biggest goal? Where do you see yourself in 5 years from now?
My biggest goal right now is my retirement, which will become effective on January 1, 2026, concluding an incredible 40-year career journey at NC State. Looking ahead to the next five years, I see myself actively engaged in providing cybersecurity sessions to senior citizens to help them protect themselves from scams and phishing attacks. Additionally, I plan to volunteer to mentor women and underrepresented groups to encourage and support their pursuit of careers in cybersecurity.
What advice would you give to other CISOs or cybersecurity professionals looking to advance in their careers?
Become a Collaborative Partner, Not a Roadblock: Proactively seek to partner with stakeholders across your organization. Dispel the “team of NO” misconception by engaging in collaboration meetings with key stakeholders and serving on organizational governance committees. The core objective is to help the business execute its mission and protect information in the most secure way possible.
While technology is an enhancement, be sure to prioritize the people and processes that are needed. Cybersecurity awareness and basic cybersecurity processes are crucial foundations.
Focus on Data-Centric Security: Adopt the philosophy that appropriate security controls must follow the data wherever it resides. This belief in pervasive security controls is a core principle for advanced cybersecurity leaders.