About Me

About Joshua Spencer

Chief Information Security Officer (CISO) with faculty appointments at UT Southwestern and UT Dallas. His background includes strategic planning, regulatory compliance, vulnerability management, and process improvement. Since joining UT Southwestern in 2010, Mr. Spencer served within the Information Security department.

He received a Bachelor’s of Management in Information Systems from the University of Texas at San Antonio and received a Master’s in Business Administration, with a focus in IT Management. Mr. Spencer has gone on to earn major healthcare and information security certifications, such as CISSP, C|EH, CISA and CPHIMS. He shares a passion for information security with that of his department and is highly active within his local information security community.


Associate Vice President of Information Security & CISO

University of Texas Southwestern Medical Center

UT Southwestern is a world renowned academic medical center, distinguished for its cutting edge research and widely respected for its teaching and training, as well as for the quality of clinical care its faculty and staff provides to patients at UT Southwestern University Hospitals & Clinics and affiliated hospitals. The schools train about 3,700 medical, graduate, and health profession students, residents, and postdoctoral fellows each year. Ongoing support from federal agencies, such as the National Institutes of Health, along with foundations, individuals, and corporations, provides approximately $422.6 million per year to fund more than 5,700 research projects. Faculty and residents provide care to more than 100,000 hospitalized patients and oversee approximately 2.2 million outpatient visits a year. UT Southwestern has approximately 14,000 employees and an operating budget of nearly $2.5 billion.

Responsible for establishing the enterprise Information Security strategy and program that ensures the universities critical information resources are protected. Joshua is supported by his team of elite information security managers, enterprise information security architects, analysts and administrators. The Information Security department defends the University against daily attacks that attempt to compromise the private information of our patients, students, faculty, and staff and ensures that our community can continue to place the utmost trust in UT Southwestern’s ability to safeguard their information.

More information can be found at the UT Southwestern Information Security page.

This website reflects only the views of Joshua Spencer and is not a publication of UT Southwestern, which bears no responsibility for its content.



Bachelors Degree – Management of Information Systems (MIS)

University of Texas at San Antonio – College of Business

Management of Information Systems (MIS)

  • BBA in Management of Information Systems
  • Graduation Cum Laude with 3.6 GPA
  • Lecturer for the Computer Security Assn.
  • Completed 100% Coursework at UTSA=

UTSA has been designated a Center of Academic Excellence in Information Assurance Education and a Center of Academic Excellence in Information Assurance Research by the National Security Agency and Department of Homeland Security. Only 47 programs in the nation have achieved this designation.

Masters Degree – Business Administration – Information Technology Management

Western Governors University – College of Business

  • Received highest academic performance rating
  • WGU MBA program ranked top 10% nationally by NSSE
  • University designated NSA Center of Academic Excellence



International Information Systems Security Certification Consortium

Information Systems Security

Membership in (ISC)² creates an elite, global network of dedicated information security professionals and preeminent experts in their field – who have committed themselves to the highest ethical standards and best practices. Through their certification, they have demonstrated superior competency and devoted themselves to making the cyber world a safer place for all. Its mission is to support the valuable, highly skilled professionals throughout their careers by providing them with industry information, vast networking and collaboration opportunities and professional development tools.

Information Systems Audit and Control Association

Information Systems AuditAs an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. ISACA provides practical guidance, benchmarks and other effective tools for all enterprises that use information systems. Through its comprehensive guidance and services, ISACA defines the roles of information systems governance, security, audit and assurance professionals worldwide. The COBIT, Val IT and Risk IT governance frameworks and the CISA, CISM and CGEIT certifications are ISACA brands respected and used by these professionals for the benefit of their enterprises.


Community Involvement

As a member of my community, I feel that it is important to give back. I value my opportunities to mentor others looking to develop themselves in the field of healthcare cybersecurity. Through my local community activities with such organizations such as the Dallas Junior Chamber of Commerce, and the North Texas Cyber Security Group, we hope to serve as role models for Dallas’s young professionals. We also contribute to a number of charities actively working to improve the community such as the North Texas Food Bank, State of Texas Division for Blind Services, Dallas Police Department Assist the Officer Foundation, Ronald McDonald House Charities, and Circle of Support.


Personal Activities

In my off time, I enjoy exploring the cutting edge of Information Security, Information Systems, and Information Technology. To get a true idea about the capabilities of the latest security solutions, the vendors sales materials are often the worst place to look. There is no substitute to learning like getting hands-on with the actual technology in a real environment. This provides a no-spin awareness of the actual capabilities and limitations to the software or hardware solution. Most of this research occurs in my personal test lab. This lab includes:

Information Security Testing

  • Cisco IOS emulation through GNS3
  • VMware vSphere ESXi
  • Microsoft Server 2008 R2 Domain
  • SYSLOG server running Kiwi & Splunk
  • IDS utilizing Snort
  • File Integrity Monitoring using Tripwire FIM
  • Device Automation utilizing Infineon & X10

My personal blog is available at thewidthoflife.com (Josh Spencer).


Professional Memberships

  • Information Systems Security Association (ISSA North Texas Chapter)
  • Federal Bureau of Investigation – InfraGuard Alliance
  • Dallas-Fort Worth Security Professionals
  • Dallas Junior Chamber of Commerce (DJCC)
  • Healthcare Information and Management Systems Society (HIMSS)
  • International Information Systems Security Certification Consortium (ISC)2
  • System Administration, Networking, and Security Institute (SANS) Alumni Association