Key Takeaways
- Rex Menold was appointed Michigan’s Chief Security Officer (CSO) in January 2026 after nearly three decades of state service, most recently as Chief Technology Officer.
- While most state security chiefs hold the title Chief Information Security Officer (CISO), Michigan’s CSO role uniquely blends cybersecurity with physical infrastructure protection.
- Menold’s career began in Medicaid compliance and identity management, and he thrives in high‑change, chaotic environments where cyber incidents demand rapid response.
- The Office of Infrastructure Protection under Menold oversees key‑card systems, locksmiths, cameras, fire alarms, emergency response, and statewide security training.
- Integrated training programs simultaneously address cyber hygiene (e.g., phishing awareness) and physical security practices (e.g., preventing tailgating).
- Noelle Knell, executive editor for e.Republic, directs editorial strategy across multiple government‑focused platforms and brings extensive government and publishing experience.
- Lauren Kinkade, managing editor of Government Technology magazine, holds a UC Berkeley English degree and over fifteen years in book and magazine publishing.
Background and Appointment of Rex Menold
Rex Menold was named Michigan’s Chief Security Officer (CSO) in January 2026, culminating a career that spans almost thirty years of service to the state. Prior to this appointment, Menold held varied roles in application development, enterprise services, and infrastructure, most recently serving as the state’s Chief Technology Officer. His promotion to CSO reflects the state’s confidence in his broad technical expertise and leadership abilities. Menold’s trajectory illustrates a pattern of upward mobility within Michigan’s government IT hierarchy, where deep operational knowledge is rewarded with strategic security oversight. The CSO position places him at the nexus of both digital and physical security domains, a responsibility he embraced with enthusiasm.
Common Trends Among State Security Leaders
Across the United States, the majority of state‑level security chiefs bear the title Chief Information Security Officer (CISO), reflecting a predominant focus on protecting information assets. A few states, however, have opted for titles that explicitly incorporate risk management, such as North Carolina’s Chief Risk Officer Torry Crass and Massachusetts’ dual‑role holder Tony O’Neill, who serves as both CISO and Chief Risk Officer. These variations signal an emerging recognition that security extends beyond pure cyber threats to encompass broader organizational risk. Nonetheless, the core mission—safeguarding state data, systems, and citizen privacy—remains consistent nationwide. Menold’s Michigan appointment aligns with this national trend while introducing a distinctive structural twist.
Michigan’s Unique Integrated Security Model
Michigan’s approach diverges from the typical CISO‑centric model by integrating cybersecurity with traditional facility security under a single CSO umbrella. Menold explained that, as CSO, he also heads the Office of Infrastructure Protection, which manages key‑card access, locksmith services, camera networks, fire‑alarm systems, emergency‑response coordination, and statewide security training. This consolidation enables the state to treat physical and digital safeguards as complementary rather than siloed functions. By aligning these domains, Michigan aims to create a more holistic security posture where vulnerabilities in one area are promptly identified and mitigated through cross‑disciplinary actions.
Insights from Menold’s Interview: Passion for Cybersecurity and Chaos
In a video interview captured at the National Association of State Chief Information Officers conference, Menold shared personal reflections on his security journey. He noted that he has been involved in security for roughly thirteen or fourteen years, beginning with compliance and safeguarding Medicaid systems before shifting focus to identity management. Menold described himself as someone who “does better with chaos,” asserting that high‑pressure, rapidly evolving situations sharpen his focus and drive. He expressed enthusiasm for the constant change inherent in cybersecurity, viewing intense incidents as opportunities to make a substantial impact on the state’s overall security posture. This mindset underscores his readiness to lead Michigan’s security efforts amid an ever‑shifting threat landscape.
The Role of Infrastructure Protection Office
Menold elaborated that the Office of Infrastructure Protection, under his command, performs all the functions typically associated with facility security. This includes issuing and managing key‑cards, employing locksmiths, maintaining video surveillance and fire‑suppression systems, directing emergency‑response procedures, and delivering comprehensive security training to state employees. By housing these responsibilities within the CSO’s office, Michigan ensures that physical security measures are continuously updated, audited, and aligned with cybersecurity initiatives. The office’s broad mandate allows for coordinated responses to incidents that may involve both physical breach attempts and cyber intrusions, such as unauthorized access to data centers followed by attempts to exfiltrate information.
Training Integration: Cyber and Physical Security
A notable advantage of Michigan’s unified model is the ability to conduct joint training sessions that address both cyber and physical security topics. Menold highlighted that the same team responsible for infrastructure protection also delivers cyber‑awareness education, helping staff recognize phishing attempts and practice good password hygiene. Simultaneously, these sessions reinforce physical safeguards, such as reminding employees not to allow strangers to tailgate them through secured doors when using key‑cards. This dual‑focus training fosters a culture where employees view security as a single, interconnected responsibility rather than a set of isolated rules, thereby reducing human‑error risks across both domains.
Profile of Noelle Knell, Executive Editor
Noelle Knell serves as the executive editor for e.Republic, where she sets the overall editorial direction for platforms including Government Technology, Governing, Industry Insider, Emergency Management, and the Center for Digital Education. Having been with e.Republic since 2011, Knell brings decades of writing, editing, and leadership experience to the role. A California native, she has worked in both state and local government contexts and holds a bachelor’s degree from the University of California, Davis, with majors in political science and American history. Her background equips her to guide content that informs public‑sector leaders about technology trends, policy developments, and best practices.
Profile of Lauren Kinkade, Managing Editor
Lauren Kinkade is the managing editor of Government Technology magazine, a flagship publication of e.Republic. She earned her degree in English from the University of California, Berkeley and possesses more than fifteen years of experience in book and magazine publishing. Kinkade’s expertise lies in shaping editorial content, overseeing production workflows, and ensuring that articles meet the high standards expected by government technology professionals. Her contributions help maintain the magazine’s reputation as a trusted source of news, analysis, and insight for state and local IT leaders.