After stepping down in July from his role as West Virginia’s chief information officer, Joshua Spence took a CIO role with a small managed service provider in his home state, he told StateScoop in a recent interview.
Spence, who continues to serve in the West Virginia National Guard, said his departure from his state CIO job generated interest from large tech companies, but he selected instead to work for a small firm called Alpha Technologies, which has chiefly provided managed IT services to federal agencies and private companies. Spence said he plans to draw on the experience he accrued during his nearly eight-and-a-half years with the state government as the firm branches out to serve more state and local government customers.
“We’re looking to realign the company into a stronger position for MSPs, for security and for advanced technologies,” he said. “Most organizations, I don’t care if they’re large Department of Defense organizations, because I’m still in the Air National Guard and I see what big Air Force does from an IT perspective, and then I went to rural West Virginia for eight years and saw what state government does, and neither of them get it right.”
Spence is one of just a few former state CIOs nationally who began their tenure as their state’s chief information security officer. After nearly four years as West Virginia’s top cybersecurity official, Spence was appointed as chief technology officer in 2018 before the state replaced that role in 2021 with the CIO title.
Throughout his time with the state, Spence said, cybersecurity was a focus. The passage of a cybersecurity breach reporting requirement pushed the state and local agencies to disclose more attacks and fix more security flaws. He said the technology office working with local governments and smaller state agencies also raised awareness of services like cybersecurity insurance, which he said in some cases agencies didn’t even know they had.
“We went after security,” Spence said. “We took a very structured approach to understanding the risk and we allocated our limited funding and resources to ways to mitigate critical risk. You can’t mitigate all risk and you can’t mitigate it all the way to zero, so it’s so important to do that risk calculation, and where most people fail to do that risk calculation properly is they don’t properly equate impact.”
By prioritizing the services that would have the greatest negative impact if disrupted, he said, his office was able to ensure cybersecurity resources weren’t being needlessly wasted on less important systems.
“That was one area that resulted in significant increases in capability to prevent and improvements in how we respond and we expanded capabilities to support broader than what we had,” he said.
During Spence’s tenure, West Virginia also introduced new procurement methods and new contract models to support state agencies as they purchased essential technology to run their backend infrastructure. Spence said the new models allowed for economies of scale, reduced paperwork and other benefits that come from an enterprisewide IT model.
Beyond procurement, Spence said he was also proud of how the technology office grew as a centralized service provider to the 20,000 state employees who needed everything from firewalls to email.
“We definitely wanted to bring up our game on service delivery and being responsive, listening to the customer, understanding their needs and trying to move away from a rigid approach, the approach of ‘no’, the approach of only one path to how to balance everything,” he said.
Spence said he plans to bring the same approach to Alpha Technologies, which he said may venture into emerging technologies, like generative AI.
“Where I think it’s really going to change is with artificial intelligence,” he said. “I think that’s going to create haves and have-nots that we haven’t seen in a long time, because companies that just don’t have a high digital proficiency and don’t move with speed because of that, they’re going to be so far left behind.”