This month we are excited to feature Nia Mack, a Senior Risk Advisor at First Citizens Bank. In this role, she is responsible for identifying and managing information technology (IT) risk, which is the chance that technology problems, like system failures or cyber attacks, could disrupt business operations or cause data loss. Prior to First Citizens Bank, she held roles at American Family Insurance and Bank of America in areas including IT Policy Management, Ransomware Risk Oversight, and Cybersecurity Resiliency. Nia is a mental wellness advocate and even established a virtual mental wellness chapter at one of her former companies!

Thank you, Nia, for sharing your insights and being such a passionate advocate for mental wellness, which is essential in a demanding field like cybersecurity, where resilience and balance are so important.

‍

1. How did you get your start in cybersecurity?

My interest in cybersecurity began as a kid. I’ve always loved computers and cell phones, and even used my laptop to hack into a neighbor’s WiFi. I pursued formal education in the field, earning a Bachelor of Science in Cybersecurity in three years from a science and technology focused university, followed by a Master’s in Homeland Security with a focus on Computer Forensics. My passion grew with my studies, leading me to launch a career in cybersecurity that began when I helped build a triage team to direct cybersecurity events to the appropriate cyber incident response team.

I am always eager to learn and rarely turn down an opportunity to try something new. This approach has significantly benefited my career.

‍

2. You recently moved out of a cybersecurity role into an IT Risk Officer role. Can you describe the role and how it relates to cybersecurity?

I help our teams identify and manage risks, which are events that could go wrong and hurt our company. This is connected to cybersecurity because the risks we find affect how well we can protect important company data from cyber attacks. We often discuss different types of cyber attacks, and whether certain configurations (how a computer or system is set up) or changes (updates to a system or application) could either reduce or increase the chance for a cyber attack to be successful.

‍

3. What was your experience transitioning from cybersecurity into a risk management role?

The transition was seamless because technology risk and cybersecurity risk are closely related. The formula is simple: the better your technology controls (protections) are, the better your cybersecurity is. The better an organization's cybersecurity is, the more secure its data is. All of this helps reduce the “attack surface,” which means there’s a smaller chance for a cyber attack to succeed.

The difference with each position is the type of risk I help identify and manage. In my current role, I look for things that can go wrong with technology, which can lead to harm to the company’s operations, reputation, regulatory compliance, and even finances. In my previous role, I helped keep the organization safe by creating cybersecurity-related rules and making sure everyone followed them. Before that, I ensured we had the right protections in place to keep the organization safe from ransomware attacks.

Each job focused on identifying different risks, but all involved the use of technology to protect an organization from cyber threats.

‍

4. Is there anyone who inspired your career journey, and in what way?

Many people have inspired me throughout my career journey, starting with my mother, who remains my role model. Her determination and ambition taught me to pursue my potential without limits.

I've been fortunate to have mentors who taught me valuable lessons from their experiences. I sought out people whose traits and lifestyles I admire - some for their ability to lead with compassion, others for their determination to advance their careers. I also found inspiration in women I relate to as an assertive, driven minority female, learning from them how to achieve my career goals while staying true to myself. I appreciate learning from others’ experiences.

Lastly, I’m inspired by people who give grace and prioritize relationships over work. It’s easy to become so focused on reaching a goal - like completing a project - that we overlook meaningful connections along the way: learning about others, showing empathy, or simply connecting beyond work. These connections are small but meaningful blessings that make our journey richer.

‍

5. Looking back, is there anything you would have done differently earlier in your career and why?

Achieving work-life balance is both delicate and essential. I’ve learned not to prioritize work above all else and to be guarded with my emotions. In a prior role, I saw significant risks and felt determined to make an impact. I threw myself into a heavy workload, but it eventually became overwhelming. I was exhausted and anxious, but kept pushing forward because I was committed to the team. Then, the project was suddenly stopped and a year’s worth of hard work was dismissed without a second thought. Additionally, not only was I not considered for a promotion, but my salary adjustment was below the industry average.

Although it was a hard lesson, I’m grateful for it. I learned to recognize my worth and when to speak up. Most importantly, I realized that while an organization will replace you, your family and loved ones will miss you. It’s essential to prioritize experiences that nourish your soul. While excelling at work is important, it’s equally vital to focus on fun, self-care, and relationships outside of work.