About Joshua Spencer

Joshua Spencer Appointed to the position of Chief Information Security Officer for UT Southwestern Medical Center in 2011. His background includes strategic planning, regulatory compliance, vulnerability management, and process improvement. Since joining UT Southwestern in 2010, Mr. Spencer served within the Information Security department.

He received a Bachelor’s of Management in Information Systems from the University of Texas at San Antonio and received a Master’s in Business Administration, with a focus in IT Management. Mr. Spencer has gone on to earn major healthcare and information security certifications, such as CISSP, C|EH, CISA and CPHIMS. He shares a passion for information security with that of his department and is highly active within his local information security community.


University of Texas Southwestern Medical Center

AVP of Information Security & CISO

UT Southwestern is a world renowned academic medical center, distinguished for its cutting edge research and widely respected for its teaching and training, as well as for the quality of clinical care its faculty and staff provides to patients at UT Southwestern University Hospitals & Clinics and affiliated hospitals. The schools train about 3,700 medical, graduate, and health profession students, residents, and postdoctoral fellows each year. Ongoing support from federal agencies, such as the National Institutes of Health, along with foundations, individuals, and corporations, provides approximately $422.6 million per year to fund more than 5,700 research projects. Faculty and residents provide care to more than 100,000 hospitalized patients and oversee approximately 2.2 million outpatient visits a year. UT Southwestern has approximately 14,000 employees and an operating budget of nearly $2.5 billion.

Responsible for establishing the enterprise Information Security strategy and program that ensures the universities critical information resources are protected. Joshua is supported by his team of elite information security managers, enterprise information security architects, analysts and administrators. The Information Security department defends the University against daily attacks that attempt to compromise the private information of our patients, students, faculty, and staff and ensures that our community can continue to place the utmost trust in UT Southwestern’s ability to safeguard their information.

More information can be found at the UT Southwestern Information Security page.

This website reflects only the views of Joshua Spencer and is not a publication of UT Southwestern, which bears no responsibility for its content.



University of Texas at San Antonio

College of Business - Information Systems

Management of Information Systems (MIS)

  • BBA in Management of Information Systems
  • Graduation Cum Laude with 3.6 GPA
  • Lecturer for the Computer Security Assn.
  • Completed 100% Coursework at UTSA


UTSA has been designated a Center of Academic Excellence in Information Assurance Education and a Center of Academic Excellence in Information Assurance Research by the National Security Agency and Department of Homeland Security. Only 47 programs in the nation have achieved this designation.



Information Systems SecurityInternational Information Systems
Security Certification Consortium


Membership in (ISC)² creates an elite, global network of dedicated information security professionals – preeminent experts in their field - who have committed themselves to the highest ethical standards and best practices. Through their certification, they have demonstrated superior competency and devoted themselves to making the cyber world a safer place for all. Its mission is to support the valuable, highly skilled professionals throughout their careers by providing them with industry information, vast networking and collaboration opportunities and professional development tools.


Information Systems Audit and Control Association

Information Systems AuditAs an independent, nonprofit, global
association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. ISACA provides practical guidance, benchmarks and other effective tools for all enterprises that use information systems. Through its comprehensive guidance and services, ISACA defines the roles of information systems governance, security, audit and assurance professionals worldwide. The COBIT, Val IT and Risk IT governance frameworks and the CISA, CISM and CGEIT certifications are ISACA brands respected and used by these professionals for the benefit of their enterprises.


Community Involvement

As a member of my community, I feel that it is important to give back to the community. Through the activities in the Dallas Junior Chamber of Commerce, we hope to serve as role models for Dallas's young professionals. We also contribute to a number of charities actively working to improve the community such as the North Texas Food Bank, State of Texas Division for Blind Services, Dallas Police Department Assist the Officer Foundation, Ronald McDonald House Charities, and Circle of Support.

Personal Activities

In my off time, I enjoy exploring the cutting edge of Information Security, Information Systems, and Information Technology. To get a true idea about the capabilities of the latest security solutions, the vendors sales materials are often the worst place to look. There is no substitute to learning like getting hands-on with the actual technology in a real environment. This provides a no-spin awareness of the actual capabilities and limitations to the software or hardware solution. Most of this research occurs in my personal test lab. This lab includes:

    Information Security Testing
  • Cisco IOS emulation through GNS3
  • VMware vSphere ESXi
  • Microsoft Server 2008 R2 Domain
  • SYSLOG server running Kiwi & Splunk
  • IDS utilizing Snort
  • File Integrity Monitoring using Tripwire FIM
  • Device Automation utilizing Infineon & X10


Professional Memberships

  • Information Systems Security Association (ISSA North Texas Chapter)
  • Federal Bureau of Investigation - InfraGuard Alliance
  • Dallas-Fort Worth Security Professionals
  • Dallas Junior Chamber of Commerce (DJCC)
  • Healthcare Information and Management Systems Society (HIMSS)
  • International Information Systems Security Certification Consortium (ISC)2
  • System Administration, Networking, and Security Institute (SANS) Alumni Association