{"id":206510,"date":"2026-04-27T19:08:00","date_gmt":"2026-04-27T23:08:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/27\/state-cyber-leaders-name-salesmanship-listening-as-keys-to-success\/"},"modified":"2026-04-27T19:30:08","modified_gmt":"2026-04-27T23:30:08","slug":"state-cyber-leaders-name-salesmanship-listening-as-keys-to-success","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/27\/state-cyber-leaders-name-salesmanship-listening-as-keys-to-success\/","title":{"rendered":"State cyber leaders name salesmanship, listening as keys to success"},"content":{"rendered":"<p><a href=\"https:\/\/statescoop.com\/state-cyber-leaders-nascio-2026-keys-success\/\">State cyber leaders name salesmanship, listening as keys to success<\/a><\/p>\n<p><a href=\"https:\/\/statescoop.com\/state-cyber-leaders-nascio-2026-keys-success\/\">https:\/\/statescoop.com\/state-cyber-leaders-nascio-2026-keys-success\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-27 19:08:00<\/a><\/p>\n<p>Source Domain: <a href=\"statescoop.com\">statescoop.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>When it\u2019s time to choose a new security feature to roll out inside the Michigan state government, Rex Menold, the state\u2019s chief security officer, isn\u2019t the one who decides. It\u2019s not because he\u2019s new to the role (he started in January), and it doesn\u2019t seem to matter that he\u2019s been with the state since the late 1990s. The way it works, he told a conference audience in Philadelphia on Monday, is that the agencies decide.<\/p>\n<p>The system, Menold said, derives from a self-awareness by the state\u2019s technology bureau that it doesn\u2019t have all the answers: \u201cA lot of times we think we can make decisions for the agencies about priorities when we don\u2019t necessarily really understand their business,\u201d he said. Sometimes, he continued, even after all his years with the state, he\u2019ll pitch an idea that he thinks an agency head will love and get a response like: \u201cThat interests us zero percent.\u201d<\/p>\n<p>His description of the democratic process used to prioritize security upgrades was a response to a prompt by organizers of a session at the National Association of State Chief Information Officers\u2019 midyear conference. The topic was \u201cthe business of cybersecurity.\u201d And the business of cybersecurity, according to those who practice it, is less a matter of technical details than saying the right things to the right people.<\/p>\n<p>When talking to state legislators, Menold said, it helps to frame cybersecurity funding in practical terms: \u201cIf you explain how does that impact their town, how does that impact their email system\u2026 a lot of legislators would love to say they cut $10 million. Almost none of them want to say that we cut these three projects that make it more risky for you to log in and get services.\u201d<\/p>\n<p>Michael Watson, who was Virginia\u2019s chief information security officer until he was this month named the state\u2019s CIO, said there\u2019s a piece of universal business wisdom he\u2019s long employed: \u201cunderstanding how to hit that one thing that\u2019s important to everybody. Everybody has their own thing that they really don\u2019t want to let happen.\u201d Whether that\u2019s a department of motor vehicles registration system going offline or mainframe services becoming unavailable, couching cybersecurity in such tangible and frightening terms is apparently more persuasive than asking for funding to address some arcane technical challenge.<\/p>\n<p>Tony Sauerhoff, Texas\u2019 CIO and former CISO, told a story in which he\u2019d made an impression on a county judge, during an event, who griped that cybersecurity was \u201cexpensive.\u201d Sauerhoff said he encouraged the judge to consider that each time he purchased something ostensibly important, such as a maintenance truck, he was choosing not to invest in something else, like cybersecurity, which was an implicit decision to increase his organization\u2019s risk. The punchline was that the judge later lost his train of thought during a speech at the event and wondered aloud about what other important things he wasn\u2019t investing in.<\/p>\n<p>Sauerhoff also relayed a strategy that he used as the state\u2019s security chief, to reduce the stress of his job. Because it\u2019s impossible to eliminate risk, he said, his goal instead was to communicate what he\u2019d done: \u201cIt\u2019s my job to do the best that i can, with the resources that have been provided to me \u2026 implement the hell out of all those things \u2026 and there\u2019s a gap, and then it\u2019s my job to make sure that gap is understood by leadership.\u201d<\/p>\n<p>With some satisfaction, Sauerhoff explained that whenever he issued his reports detailing potential vulnerabilities, they were no longer his problems. It helped him sleep at night, he said, and it also \u201cputs pressure on the folks that now have that information\u201d to do something about it. \u201cYou start to get resources you didn\u2019t get before,\u201d he said.<\/p>\n<p>But he also observed that that particular strategy has limits. It was effective when he was the state\u2019s CISO, apparently reporting those security concerns to Amanda Crawford, who until January was the state\u2019s CIO. \u201cNow that\u2019s me,\u201d Sauerhoff said ruefully.<\/p>\n<p>\t\t\tWritten by Colin Wood<br \/>\n\t\t\tColin Wood is StateScoop&#8217;s editor in chief. Contact him at colin.wood@statescoop.com or cwood.64 on Signal.\t\t<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>State cyber leaders name salesmanship, listening as keys to success https:\/\/statescoop.com\/state-cyber-leaders-nascio-2026-keys-success\/ Publish Date: 2026-04-27 19:08:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":206511,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2026\/04\/2805c5e4-aa3b-4f5f-b090-940559a0cb981-2.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-206510","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/206510"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=206510"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/206510\/revisions"}],"predecessor-version":[{"id":206512,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/206510\/revisions\/206512"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/206511"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=206510"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=206510"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=206510"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}