Higher education security in Minnesota spans everything from a statewide system serving nearly 400,000 students to small liberal arts colleges sharing a single security officer across two campuses. The environments are structurally different, but the pressures are consistent: open networks, transient user populations, research data, student records, and compliance obligations that grow more complex every year. The CISOs in this feature are navigating all of that, with varying resources and remarkably similar levels of commitment to getting it right.
Craig Munson — Chief Information Security Officer, Minnesota State Colleges and Universities
Craig Munson has spent fifteen years at Minnesota State, moving from information security specialist through information security manager before stepping into the system CISO role in July 2016. Before Minnesota State, he spent more than eleven years as application security coordinator at the Minnesota Department of Health, giving him a public sector compliance and application security foundation that shaped how he approaches system-wide governance across 31 institutions. His current mandate is one of the broader higher education security remits in the state: setting strategic direction for a system that serves nearly 400,000 students while co-chairing the system’s Security Advisory Committee and supporting individual campuses in building their own programs. That combination of system-level governance and campus-level support requires a different kind of security leadership than most single-institution CISOs practice.
Michael Menne — Chief Information Security Officer, Minnesota State University, Mankato
Michael Menne has been CISO at Minnesota State Mankato since April 2015, leading information security for the largest institution in the fourth largest college and university system in the United States, serving more than 15,000 students and 2,000 faculty and staff. His path to the CISO seat ran through six and a half years as ITS systems manager and senior systems architect at the same institution, where he designed and delivered enterprise server and storage infrastructure and maintained identity management processes before moving into security leadership. Before higher education, he spent a year at Christensen Farms, where he championed a project converting more than 80 farm sites from dial-up to broadband VPN, projecting $50,000 in annual savings, and achieved $40,000 in hardware savings through VMware virtualization. That operational, cost-conscious approach to technology infrastructure informs how he builds security programs inside a public university environment where every dollar has to be justified.
Michael Jackson — Chief Campus Information Security Officer, The College of St. Scholastica
Michael Jackson came to security leadership through a web development and systems administration background, spending three years building full-stack applications and maintaining the institution-wide emergency alert system at St. Scholastica before moving into information security management and then the CISO role in June 2024. He also teaches undergraduate computer security as adjunct faculty and co-founded Greater Than Three, a nonprofit online community connecting chronically ill adolescents aged 13 to 21 through social networking and peer support. That last detail is not incidental. It reflects a technology leader who views his work as connected to human wellbeing in ways that extend well beyond the campus network perimeter. His security program is built by someone who has spent years thinking about how technology serves vulnerable communities, and that orientation shapes how he approaches security at a Benedictine liberal arts institution with deep commitments to care and community.
Chris Gregg — Associate Vice President for Information Security and Risk Management and Chief Information Security Officer, University of St. Thomas
Nearly twenty-one years at the University of St. Thomas precede Chris Gregg’s current role, covering a progression from technical support through application consulting, client services, director of information security, director of IT, interim VP and CIO, and finally CISO and AVP for information security and risk management since January 2016. He organized the initial IT security team at UST in 2006, a two-person operation, and has watched it evolve into a mature enterprise security and risk management function over nearly two decades. His current responsibilities extend into ITS financial planning, forecasting, benchmarking, and metrics tracking, giving him an unusually integrated view of how security investment connects to institutional resource allocation. That breadth of institutional leadership, from help desk management to C-suite advisory, is the kind of organizational credibility that makes security programs actually land with academic leadership.
Kendall George — Information Security Officer, Carleton College and St. Olaf College
Kendall George holds a genuinely unusual position: he serves as information security officer for two independent liberal arts colleges simultaneously, Carleton and St. Olaf, under a shared services model that creates economies of scale neither institution could achieve alone. His background spans military, commercial, and international higher education environments, including Texas A&M University’s international campus in Qatar and the University of Oklahoma, where he served as the first shared services operations manager and then security manager across a three-campus cloud initiative. That experience building shared security infrastructure across geographically distributed environments is exactly what the Northfield model requires. He has also contributed to AI exploration and governance committees at both campuses, helping shape each institution’s response to a technology shift that higher education is still working out how to handle responsibly.
What Minnesota’s Higher Education Security Leaders Share
The range of institutional scale in this feature is striking. Craig Munson oversees security governance for 31 campuses. Kendall George serves two colleges from a single role. Between those extremes sit a flagship regional university, a private Catholic liberal arts institution, and a Benedictine college with deep community commitments. What connects all of them is a security leadership philosophy grounded in the mission of the institution rather than the demands of a compliance checklist. In higher education, that distinction matters considerably.
Discover more CISOs securing the education sector:
