Rob Main, North Carolina’s top cybersecurity official, announced last week that he’s retiring at the end of the month following more than a quarter-century in state government.
In a LinkedIn post, Main wrote that he has been “blessed to work alongside and collaborate with some of the finest human beings one could ever imagine.”
Main was promoted to chief risk officer in October 2021, having served for more than two years as deputy to his predecessor, Maria Thompson. He’d previously worked as chief information officer for several state agencies, including the North Carolina departments of insurance, human resources and military and veteran affairs. He also spent about 25 years in the U.S. Air Force — including eight years on active duty — which he once told StateScoop was his entryway into cybersecurity.
When he was appointed to his current post, Main told StateScoop his focus was on “empowering” his colleagues to strengthen the state government’s partnerships with local entities and other sectors needing to make security improvements, furthering the “whole-of-state” strategy developed under Thompson.
“We have room to grow and expand not just reactive services, but also proactive services,” he said in 2021. “We need to be mindful of local communities and challenges they face in equipping them with the tools to fight off malicious actors, stave off cyber threats.”
One of Main’s top tasks was to lead an interagency task force, which gained greater authority earlier this year under an executive order from Gov. Roy Cooper. In addition to giving statewide agencies, like the North Carolina Department of Information Technology, a greater hand in assisting local governments afflicted by threats like ransomware, the order extended to the state’s critical-infrastructure operators, which Main called the “heart of the matter.”
“It’s important for us to partner will all sectors to make sure North Carolinians are protected from a cyber sense,” Main told StateScoop in May.
North Carolina this year also became the first state to pass a law barring public-sector entities from paying ransomware demands. Main told The Record, a cybersecurity news site, that the ban was “essential” in lowering the incentive for ransomware actors to target government.
The North Carolina Department of Information Technology has not yet responded to requests for comment on Main’s departure.
In his LinkedIn post, Main offered encouragement to other state government cyber leaders: “To my fellow State CISOs, keep fighting the good fight! It has been an honor and privilege to serve alongside each of you. Your respective states are lucky to have each of you on the frontlines of a constantly evolving battlefield.”