Ryan Brown

Most security teams protect data. Mine protects patients. I run cybersecurity operations at a top-ten children's hospital, where a system going down is not an inconvenience, it is a clinician without the record they need and a family waiting on an answer. That is the standard the work is held to here, and it is the reason I have built my career in healthcare and nowhere else.

Twenty-one people across five teams: threat detection and incident response, identity and access management, security engineering and automation, IoMT security, and vulnerability and exposure operations. A $1.9 billion, 326-bed pediatric academic medical center ranked among the nation's top ten. I report to the Chief Information Security Officer. The work is the function. The function is the team.

The target ahead is a CISO seat at a health system where the stakes are clinical, not commercial. I am building toward it through the Executive MBA at Kennesaw State's Coles College of Business and through the operations function I am building at Children's National.

Twice now I have walked into a security operations function and rebuilt it. At Piedmont across thirteen years and three roles, building the SOC and the leadership layer underneath. At Children's National since 2024, where the team has reduced the enterprise Cyber Exposure Score by more than 150 points, stood up a documented operating spine (the SecOps Handbook as charter, the SecOps Hub as documentation system, SecOps Next as the five-year strategy), and earned the 2025 Splunk Innovation Award for analytics-driven cybersecurity work.

I love this work. Cybersecurity is the discipline I have made my career. Healthcare is the only place I have ever wanted to practice it, and the reason runs older than the career. My grandmother spent thirty-six years as a nurse, and her idea of care did not stop at the hospital door. She took in children who needed shelter, fed people when food was scarce, and helped grow the community she lived in. She also lived by a motto that shaped me.

I am not clinical, but I carry the same motto into the technology side of healthcare. Due diligence. Careful thinking before we act. Honest accounting of what happens when we do. The stakes here are not abstract; in healthcare, the consequences of getting security wrong reach patient care. Inside Children's National, I help defend a system at the top of the field, so that every parent and every child who walks through the front door has a chance at quality care and the systems behind it hold. Outside the day job, I work to bring the same caliber of expertise, prevention, recovery, and HIPAA-grade compliance to the clinics and practices that have no security team to call when ransomware hits.

The same instinct runs in another direction, toward people. There is a steady share of operators who belong in this profession and have no clear path into it. What they need is opportunity and direction, the right introduction, the right conversation, the person who said: try this, here is how. I am an advocate for this profession. The gap between what large institutions can afford and what the rest of healthcare needs is one part of the work I want to keep doing. Bringing more of those operators into the field is the other part of the work.