Michigan’s Security Chief Has More to Do Than Cybersecurity
Rex Menold’s CSO title is missing the “I” that most of his counterparts across the country have in theirs. That’s due to Michigan’s unique take on the role, which spans both cybersecurity and physical infrastructure.
Rex Menold was named to the chief security officer (CSO) position in Michigan in January 2026. The appointment followed nearly three decades of service to the state, during which he held a variety of roles, including in application development, enterprise services and infrastructure. Most recently, he was the state’s chief technology officer before stepping into the CSO role.
There is a lot of common ground among Menold and his counterparts across the country. The vast majority hold the title of chief information security officer (CISO), though a couple have an explicit mention of “risk” in their titles: North Carolina’s CISO equivalent is Chief Risk Officer Torry Crass, while Massachusetts’ Tony O’Neill is both CISO and chief risk officer. Michigan’s approach, however, is seemingly unique.
We met Menold at last month’s National Association of State Chief Information Officers conference, where he talked about his security background and his domain as chief security officer, which extends beyond the realm of cyber to include physical infrastructure.
Video Transcript: I've been in security for maybe 13 or 14 years. I started in with CMS and Medicaid, doing a lot of the compliance and security for Medicaid systems. And I've kind of stayed with it, with identity and things like that. But the quick change of it fits me personally. I'm better with chaos, like, I’m the guy that you want when everything is falling apart because, I don't know, it focuses me or something. But I love how much change there is in cyber. So everyone's like ‘Oh man, we have to worry a lot.’ I was like ‘Yeah, that's what makes it great.’ We get to do all the really, like if something really intense is happening, it's probably in cyber and that means we get to do something exciting and we really get to have a huge impact on the whole state.
The Michigan Way: Merging facility security with cybersecurity
By being the chief security officer, I'm also in charge of the office of infrastructure protection, which does all the things you would think it does. It does all the key cards. It has locksmiths. It has all the camera systems, all the fire systems, all the emergency response, all the training for the state. So we do all the things that you just imagine would normally be in facility security, but we do it in the state under a general security chief, so a chief security officer. It's actually kind of great because a lot of that stuff overlaps with IT, right? When you're doing testing for like cyber or security, a lot of times you're doing actual physical testing of buildings at the same time. And for me, it's both, right? When we do trainings, that group is also responsible for training, so they're doing our cyber trainings to help people be better to avoid phishing and things like that. But they're also reminding them not to let someone tailgate them through a door when they use their key card.
Noelle Knell is the executive editor for e.Republic, responsible for setting the overall direction for e.Republic’s editorial platforms, including Government Technology, Governing, Industry Insider, Emergency Management and the Center for Digital Education. She has been with e.Republic since 2011, and has decades of writing, editing and leadership experience. A California native, Noelle has worked in both state and local government, and is a graduate of the University of California, Davis, with majors in political science and American history.
Lauren Kinkade is the managing editor for Government Technology magazine. She has a degree in English from the University of California, Berkeley, and more than 15 years’ experience in book and magazine publishing.
