Summary
Overview
Work History
Education
Skills
Certification
Affiliations
Timeline
Generic

Matthew DiSano

Narragansett,Rhode Island

Summary

Accomplished Director of Information Security with a proven track record at Brown Physicians Inc., where I led the development and implementation of comprehensive security strategies, safeguarding against sophisticated cyber threats. Expert in defense in depth security architecture and adept at steering cross-functional teams towards achieving stringent compliance goals. Renowned for negotiating with vendors and enhancing incident response capabilities, my leadership significantly bolstered organizational resilience.

Overview

2025
2025
years of professional experience
1
1
Certification

Work History

Director Information Security/IT Security Officer

Brown Physicians Inc.
Providence, RI
11.2019 - Current
  • Leadership role in charge of information security for all of Brown Physicians Inc
  • (BPI) six non-profit doctor organizations
  • Participates with BPI CIO in developing strategy for security needs, systems development, and systems implementation activities in support of BPI\\Foundation mission and goals
  • Responsible for directing all efforts regarding the BPI Information Security Incident Response Plan (ISIRP) and in the event of a security incident, direct and oversee all aspects of BPI's Security Incident Response Team (SIRT)
  • Direct all internal security audits, risk assessments, HIPAA and PCI compliance, and forensics
  • Design, implement, and maintain all information and physical security products, such as endpoint protection, SIEM, vulnerability managers, and network access control
  • Develop security policies and security practices to protect BPI organizations using a "Defense in Depth" strategy
  • Keep senior IS management abreast of current security issues and potential risks
  • Direct regular security testing to determine and remediate vulnerabilities
  • Analyze security system alerts and direct BPI IS staff to investigate as appropriate
  • Conduct annual security awareness training
  • Interview, hire, and direct subordinate staff; provide guidance and counsel to subordinate staff; conduct periodic performance evaluation; recommend personnel actions
  • Reports to CIO

Senior Security Analyst

Brown Emergency Medicine Foundation - Brown Physicians Inc.
Providence, RI
05.2016 - 10.2019
  • IT Security lead for healthcare provider, responsible for HIPAA compliance and security infrastructure
  • Developed strategy for IT security encompassing evaluation and deployment of technologies, risk assessments, awareness training, hardening of infrastructure and development of security policies and standards
  • Manage next-gen firewalls, security information and event manager (SIEM), endpoint protection (AEP), network access control (NAC), vulnerability manager, and awareness training

Lead Security and Network Engineer

Dominion Diagnostics LLC
North Kingstown, RI
01.2007 - 12.2015
  • Lead IT position for a specialty toxicology laboratory, responsible for infrastructure architecture
  • Security officer reporting to VP, safeguarding Protected Health Information (PHI) through security initiatives
  • Designed and maintained security and network infrastructure, consisting of firewalls, switches, routers (HP, Cisco), WAN, VPN, IDS, endpoint protection, SIEM and email security/proxies
  • Remediate vulnerability assessments, implement security best practice controls for network and server platforms
  • Negotiates with vendors for solutions, purchasing, and maintenance renewals of infrastructure software and hardware
  • Supported Red Hat Linux servers, VMware vSphere, NetApp storage and Apache web servers
  • Supervised and mentored network administrators, member of IT leadership Team

Senior Systems Engineer / Team Leader

Computer Science Corporation
Providence, RI
07.2005 - 01.2007
  • Maintained Textron infrastructure following transition (outsourcing) to Computer Science Corporation
  • Supervised technical resources to complete project requirements
  • Remediated security vulnerabilities found in monthly assessments for Textron Financial Corporation

Systems Manager

Textron Financial Corporation
Providence, RI
04.2000 - 07.2005
  • Managed Server and Network Group consisting of eight server and network administrators
  • Hired, evaluated, and supervised direct reports; performed annual employee reviews and career development planning
  • Responsible for major infrastructure projects, negotiation with vendors, project proposals, and management reporting
  • Acted as lead for security enforcement on servers, mitigating exposures from vulnerability reports

  • Developed security programs to cover all six BPI doctor organizations
  • Evaluated and implemented a set of security technologies working with each of the organizations IT staff without operational downtime
  • Controlled and remediated a phishing attack with malware delivery
  • Presented cyber security presentations and awareness to Senior Executives

  • Performed comprehensive security assessment for Emergency Medicine
  • Remediated two ransomware attacks without loss of data
  • Developed complete security program implementing security technologies, security training for employees, Written Information Security Policy (WISP), and related policies

  • Formulated procedures for hardening of internet facing servers based on NIST and NSA standards
  • Designed security program, security technology implementations, processes and procedures
  • Migrated entire network switching and routing infrastructure from HP to Cisco with Nexus (L3) and Catalyst
  • Overhauled internet edge to increase availability for online lab orders and lab results through platform redundancy

  • Successful migration of infrastructure servers for key Textron divisions to CSC Norwich Data Center
  • Created and piloted vulnerability assessment program for Textron internet web servers

  • Promoted to Systems Manager from Sr
  • Systems Administrator in 2001
  • Architected and configured an (n-tier) infrastructure for new financial floor planning system using WebSphere Application Server 5.x on Solaris 8.x
  • ROI of $ 2.8 million
  • Managed project constructing a highly available and secure infrastructure for TFC's first e-commerce-based asset auctioning application producing $ 1.2 million in revenue in its first two years

Education

Brown Leadership Academy Graduate
06.2021

Cyber Security for Managers Training

MIT Sloan
08.2020

Bachelor of Science - Management Information Systems

University of Rhode Island
Kingston, RI

Skills

  • Defense in depth security architecture
  • Firewall/VPN engineer, threat analysis/mitigation, vulnerability assessment network access, remediation, SIEM
  • Develop information security policies, procedures, guidelines, awareness training, and phishing simulations
  • Security Technology analysis, and vendor negotiations
  • Security assessments, Incident response NIST standards, HIPAA Knowledge
  • Design and administration of diverse IT infrastructure platforms (security, storage, servers, network)
  • Management of infrastructure technology professionals
  • Experience in Network infrastructure such as LAN, WAN, Wireless, VPN and related technologies
  • Platforms and Products: Firewalls ( Fortinet, Cisco ASA, Cisco Meraki); VPN; SIEM (AlienVault, Rapid7); NAC (Fortinet, Forescout) Vulnerability Managers (Tenableio, Qualys); Email Security (Proofpoint Enterprise, Barracuda Anti-spam, Cisco Ironport); Endpoint Protection (Carbon Black, Sophos); Google Duo Multi-factor Authentication; Wireless (Aironet, Aerohive); Switches (Cisco, HP); Cisco Routers; VMWare Vsphere; NetApp SAN/NAS; Linux (Red Hat, CentOS); Windows Server; UNIX (Solaris, AIX, HP-UX); NFS/CIFS; Active Directory; Shell scripting; TCP/IP; VOIP; DNS; DHCP

Certification

  • CISSP: August 2004 - Present
  • SANS GIAC: Global Information Assurance Certified, 2012

Affiliations

Member, State of Rhode Island Joint Cybersecurity Task Force (JCTF)

Timeline

Director Information Security/IT Security Officer

Brown Physicians Inc.
11.2019 - Current

Senior Security Analyst

Brown Emergency Medicine Foundation - Brown Physicians Inc.
05.2016 - 10.2019

Lead Security and Network Engineer

Dominion Diagnostics LLC
01.2007 - 12.2015

Senior Systems Engineer / Team Leader

Computer Science Corporation
07.2005 - 01.2007

Systems Manager

Textron Financial Corporation
04.2000 - 07.2005

Brown Leadership Academy Graduate

Cyber Security for Managers Training

MIT Sloan

Bachelor of Science - Management Information Systems

University of Rhode Island

Similar Profiles

  • Eric Torres

    Eric TorresEric Torres

    Network Analyst at Brown Physicians Inc.Network Analyst at Brown Physicians Inc.

  • Lisa Callei

    Lisa CalleiLisa Callei

    Systems Administrator Supervisor at Brown Physicians IncSystems Administrator Supervisor at Brown Physicians Inc

  • Sade Clay

    Sade ClaySade Clay

    Customer Service Representative at Brown and Brown - Mortgage Servicing RemoteCustomer Service Representative at Brown and Brown - Mortgage Servicing Remote

  • Logan Carty

    Logan CartyLogan Carty

    Beach Manager at Wesquage Beach AssociationBeach Manager at Wesquage Beach Association

  • Logan Carty

    Logan CartyLogan Carty

    Roofing Consultant at Rinaldi RoofingRoofing Consultant at Rinaldi Roofing

CREATE PROFILE
Matthew DiSano