State

Virginia’s governor promotes cybersecurity chief Mike Watson to state CIO role

Michael Watson, who's been leading cybersecurity initiatives in Virginia for more than a decade, is the state's new chief information officer.

By Colin Wood

April 16, 2026

Listen to this article

0:00

This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.

Virginia Gov. Abigail Spanberger speaks after being sworn into office at the Virginia State Capitol on Jan. 17, 2026 in Richmond, Virginia. (Win McNamee / Getty Images)

Virginia Gov. Abigail Spanberger, who assumed office in January, on Wednesday named Michael Watson, Virginia’s chief information security officer, as the commonwealth’s new CIO.

Watson fills a slot recently occupied by Bob Osmond, who was last week named as Delaware’s new CIO. After more than 18 years with the Virginia Information Technologies Agency, Watson is tasked with leading the state’s enterprise IT, cloud, artificial intelligence and “digital modernization” efforts, according to a bio posted to the agency’s website. It also notes his reputation “for bridging technical depth with strategic execution.”

The agency says it manages 65,000 users, 2,500 applications and $1.3 billion in annual technology procurement.

According to his LinkedIn profile, Watson started his career by working a variety of technical roles over seven years with the Ajax Electric Company, a Pennsylvania manufacturer of heat treatment furnaces. He spent four years as a senior systems programmer at the University of Pennsylvania and nearly one-and-a-half years doing IT at the Virginia Auditor of Public Accounts. He joined Virginia’s technology agency in 2007, as a director of security incident management, before working his way up to the deputy CISO role in 2011.

Watson is credited with heading numerous cybersecurity initiatives in Virginia, including shifting the commonwealth toward a “whole of state” cyber program, providing greater support for educational institutions and other non-state-government offices. In 2024, the National Association of State Chief Information Officers presented Watson with its Thomas M. Jarrett State Cybersecurity Leadership Award, a recognition of his work advancing cybersecurity policy in Virginia.

He’s credited with implementing a zero-trust strategy and advancing cybersecurity training for state workers, but Watson has also distinguished himself by the length of his tenure. Serving more than a decade in a CISO role puts him in a rare category: According to a 2024 NASCIO report, the average stay of a state CISO is just under two years.