Student Profile

Mark Follo

Security Risk Manager , Spotify

U.S. Navy

Class of 2025

By the time Mark Follo arrived for his first job in the private sector, he had spent five years in the Navy post-college where he had experience in managing customized security tools, defending against advanced persistent threats (APTs), and collaborating with US Cyber Command. “I worked on massive IT enterprises and networking systems that supported everything from warships to naval bases, government agencies, and even joint partnerships with other nations,” he said. “Operating, maintaining, and securing these systems was a significant daily challenge. Serving in the Navy not only helped me grow as a leader and serve my country, but also provided a huge opportunity to learn about technology.”

Currently a security risk manager at Spotify, he is responsible for ensuring the protection of Spotify’s music, podcasting, and audiobooks businesses through security governance, risk, and compliance. “My work spans multiple aspects of cybersecurity, from leading incident response teams to developing NIST-based security frameworks, to assessing the risk associated with our third-party partners. I face challenges like dealing with ever-changing privacy regulations such as GDPR, managing the attack surface associated with hundreds of millions of users, and protecting a complex technical architecture that supports a global audio-streaming business.”

Follo credits the Navy with helping him develop the communication and collaboration savvy needed in the private sector, as well as technical skills. “On one day at Spotify, I might be chatting with security red-teamers, and on another, I might be working with contract lawyers or a music label partnership team. What I love about security at Spotify is how it touches so many parts of the business, giving me a lot of variety.”

Still, despite his solid technical foundation from certifications, previous education, and work experience, Follo found himself wondering how to further expand his learning. “Since I’ve worked in leadership roles that involved managing security risk, I was interested in a program that approached security from a more strategic lens. Programs I considered other than the NYU Master’s in Cybersecurity, Risk, and Strategy (MSCRS) also offered solid technical content, but the topics often felt more academic and less applicable to real-world organizational security. What stood out to me about this program was how it combined practical technical security knowledge with an understanding of the legal and regulatory landscape.

“One unique and major strength of the MSCRS program is the week-long in-person session held at NYU’s campus. Having a week entirely dedicated to security learning, open discussions, and deep thinking on complex security issues has been incredibly helpful in expanding my understanding of the security landscape. These in-person discussions are invaluable, and they’re enriched by the wide variety of speakers.

“The way the MSCRS curriculum is designed, through a mix of practical security knowledge and experienced instructors who have held senior security and legal roles across various industries, has given me a well-rounded perspective that well-equips me to meet the challenges demanded by my job. The information I’ve learned is immensely valuable, and the discussions I’ve been able to participate in, along with the professional networks I’m building, will yield a huge return on investment as I look towards advancing my career. I see this degree as helping me grow both in technical proficiency and in developing a broader strategic understanding of security.”