Higher education security sits at an unusual intersection of openness and obligation. Universities are built on the principle of academic freedom and open collaboration, yet they hold some of the same sensitive data categories found in healthcare and financial services: student records protected under FERPA, health information for campus clinics, research data tied to federal grants and sometimes classified contracts, and the personal information of tens of thousands of students, faculty, and staff. The CISOs in this feature are building security programs inside institutions that were never designed with centralized control in mind, and their work reflects what it means to protect an environment built on openness without compromising the trust that environment depends on.
Nicholas M. Tella — CISO, Johnson and Wales University
Nicholas M. Tella has served as CISO at Johnson and Wales University since July 2023, having spent more than eleven years before that as director of information security at the same institution. His path to higher education security ran through more than two decades in law enforcement, having served as a detective lieutenant and commander of the Computer Crimes Unit and Internet Crimes Against Children Task Force at the Rhode Island State Police for twenty-one years. He has been consulted by and provided expert testimony before the Rhode Island General Assembly on data security and privacy legislation, and helped state legislators author and enact computer crime laws protecting children from cyberbullying and internet predators through the Rhode Island Safe Schools Act. He also serves as an adjunct professor in the university’s College of Engineering and Design teaching information security management, software security testing, and cloud infrastructure security, and is frequently sought by local and national media for expert commentary on privacy issues, cyberattacks, and data breaches. That background in computer crime investigation and child protection law enforcement, combined with more than a decade of university security leadership, gives him a perspective on digital threats that few campus CISOs share.
Surendra Persaud — CISO, Baruch College
Surendra Persaud stepped into the CISO role at Baruch College in July 2025, bringing a career built primarily in network engineering at major defense contractors. Before Baruch, he spent more than four years as a senior network engineer at Peraton and more than eight years at Northrop Grumman, progressing from systems administration engineer to senior principal network engineer. His earlier career includes five and a half years as network administrator at Patrina Corporation, more than four years as IT infrastructure manager at Guyana’s Ministry of Education, and senior network engineer and systems manager roles in Guyana spanning the late 1990s and early 2000s. That progression from network engineering and infrastructure management across government and defense environments into higher education security leadership reflects a practitioner whose technical foundation in network architecture and systems administration now underpins how he approaches security governance at a public college serving New York City’s diverse student population.
Robert J. King — Director of Information Technology and CISO, University of Saint Joseph
Robert J. King has spent more than ten years at the University of Saint Joseph, progressing from associate director of IT infrastructure to director of information technology and CISO in March 2023, holding both functions simultaneously. Before his current role, he managed the university’s network and server infrastructure, developed and enforced policies protecting critical systems, and played a key role in developing the IT strategic plan for the institution’s NEASC accreditation review. Before Saint Joseph, he spent more than two and a half years as technical director at the University of Bridgeport, where he virtualized aging hardware into a VMware environment, decreasing the data center footprint by more than 50 percent and reducing service outage risk by more than 80 percent through clustering and failover techniques. His earlier career spans systems administration, NOC management, and IT director roles across XL Capital, Helicopter Support, and Continuum Performance Systems, building deep hands-on infrastructure and security administration experience including firewall management, intrusion detection, disaster recovery, and SOX compliance. That combination of dual IT and security leadership reflects how many smaller institutions structure their technology governance, requiring a single executive fluent in both infrastructure operations and security strategy.
Steven Jensen — CISO, University of Maine System
Steven Jensen joined the University of Maine System as CISO in August 2025, building and governing an enterprise cybersecurity program across a multi-university academic and research environment that includes identity and access governance, Zero Trust implementation, cloud security strategy across AWS, Azure, and GCP, and AI security governance addressing shadow AI and LLM data exposure risks. He is governor-appointed to the Maine Cybersecurity Advisory Council. Before UMS, he spent three years as CISO and VP of information security and identity governance at Magellan Health, building an enterprise cybersecurity program aligned to healthcare and digital health strategy, operationalizing compliance across HIPAA, HITRUST, ISO 27001, SOC, SOX, CMMC, and FedRAMP, and serving as incident commander overseeing containment and regulatory reporting for security incidents. He also advised executive leadership on AI security risks in a HIPAA-regulated environment, adopting generative AI tools into daily security workflows from 2023 onward for policy drafting, risk documentation, and incident report structuring. That recent healthcare CISO experience, built on a foundation of enterprise risk management and regulatory compliance at scale, now shapes how he approaches the multi-institution governance challenge of securing an entire state university system.
Leo Nelson — AVP and CISO, Villanova University
Leo Nelson has served as AVP and CISO at Villanova University since July 2022, leading the information security and risk management program for the institution. Before Villanova, he spent more than four years as AVP and CISO at Rowan University in New Jersey, and before that nearly six years at Temple University across university privacy officer and director of information technology roles, also teaching as an adjunct professor for more than two years. That progression through privacy officer, IT director, and successive AVP and CISO roles at two New Jersey and Pennsylvania institutions before arriving at Villanova reflects a security leader whose career has been built specifically within the higher education sector, giving him sustained institutional fluency in how universities balance academic openness with the risk management obligations that come with protecting student and research data.
Higher Education Security Protects an Open Environment
Universities cannot operate the way a bank or a hospital does. Students need open access to research tools, faculty need academic freedom to collaborate across institutions and borders, and the entire mission of higher education depends on a degree of openness that most other sectors do not have to accommodate. The leaders in this feature are building security programs that respect that openness while still protecting the sensitive data, research integrity, and operational continuity that their institutions depend on. That balance, between academic freedom and risk management, is the defining challenge of higher education security, and it shapes every decision these leaders make.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.