Archimedes Medical Device Security 101 Workshop: $1895
Confirmed Speakers Include:
pat baird
Philips
Pat Baird works at Philips as a Software Standards Specialist, with a focus on the use of AI in healthcare. Pat likes to think of his job as “Policy Engineering” – understanding the unmet needs (and frustrations) of regulators and developers, and developing standards, whitepapers, and training to meet those needs. Past roles have included software developer, engineering manager, project manager, lead engineer, and Director of Risk Management before getting involved in regulatory & standards.
He co-chairs multiple committees related to artificial intelligence at AAMI, ISO, CTA, AdvaMed, and AFDO/RAPS, and is involved with other software committees regarding topics such as agile software development, cloud services for a regulated environment, risk management, cybersecurity, and is a sub-team lead for the IMDRF AI for Medical Devices committee.
lisa Bisterfeldt
St. Luke's Health System
Lisa Bisterfeldt manages the Cyber Resilience program for the St. Luke’s Health System in Boise, Idaho. St. Luke’s is a non-profit health system comprised of 9 hospitals and 200+ clinics providing care to communities across southwest Idaho. The Cyber Resiliency program includes components of incident response, business continuity, and disaster recovery. Prior to transitioning into the Cyber Security arena, Lisa spent eight years working in emergency management in the healthcare and government sectors.
Lisa has a Bachelor of Health Science Studies from Boise State University, a Master of Public Health from Idaho State University, and a Certified Cyber Resiliency Professional (CCRP). In her free time, she enjoys spending time hiking through any of Idaho’s beautiful trails with her husband and Brittany Spaniel.
Stacie Brough
Stacie Brough is the Director of Product Security, Risk and Assurance at Baxter Healthcare Inc. In this role Stacie leads Product Security Operations, Security Certification Programs, and Compliance functions. She has been with Baxter for eleven years, including as Director of Marketing, Product Security. Leveraging an MBA from Syracuse University, Stacie possesses a blend of technical acumen and strategic marketing expertise, driving innovation and market positioning within the realm of healthcare technology.
As a co-inventor on three patents regarding medical device access and authorization, and a co-author of a publication in the Journal of Nursing Administration, Stacie consistently seeks to bridge the gap between technological advancement and practical application, and further the understanding of the intricate interplay between technology, security, and market dynamics, inspiring stakeholders to embrace innovation while safeguarding patient care.
DEBRA BRUEMMER
Debra Bruemmer is a Senior Director of Clinical Security at MedSec where she will partner with small to mid-size hospitals and help them institute security basics within their medical device fleet before investing in expensive tools. Prior to joining MedSec, she had a 24-year career at Mayo Clinic which included 10 years as a senior leader within the Office of Information Security focused on reducing cybersecurity risk to protect clinical workflows and support patient safety.
She has experience developing a medical device security program, addressing cyber securityesilience in all network connected rassets, maintaining secure identity and access management practices, and upholding security principles in network segmentation. Debra received her Bachelor of Science in Finance from Winona State University, a Masters in Business Administration from Cardinal Stritch University, and is CISSP certified.
David brumley
ForAllSecure
David Brumley is the CEO of ForAllSecure and a full professor at Carnegie Mellon University. His research focuses on novel program analysis and verification techniques that prove the presence of bugs and vulnerabilities. He has published numerous academic papers, won several test-of-time and achievement awards, competed and won the DARPA Cyber Grand Challenge, and holds a black badge. ForAllSecure created Mayhem to bring the same technology used by the world’s best hackers into commercial software development pipelines.
gerome burrell
Gerome has over 23 years of IT/Cybersecurity experience in the highly regulated federal government and defense industry, where he has led large, global teams responsible for delivering full-spectrum cyber capabilities and cyber resilient systems for our nation’s defense, intelligence community and global security partners. Prior to joining Abbott, he was responsible for all cybersecurity operations and strategy for a diverse portfolio at Lockheed Martin Corporation.
Gerome has served in a variety of government positions with increasing roles of responsibility at several counterintelligence and security agencies, where he has focused on safeguarding national security assets. Gerome is also a 10-year veteran of the US Navy, where he served as a member of the Information Warfare Community.
He attended South Carolina State University while active duty and received a B.S. degree in Information Computer Systems from Strayer University followed by a M.S. in Management from Florida Institute of Technology. Gerome has also attended Carnegie Mellon and Cornell University, where he obtained executive leadership certificates.
CDr. TJ ChristL
Department of Health and Human Services’ (HHS) Administration for
Strategic Preparedness and Response (ASPR). CIP executes the Sector Risk Management
Agency (SRMA) responsibilities for the Healthcare and Public Health (HPH) Sector
On behalf of HHS, CDR Christl is promoting resilience of the nation’s health infrastructure by leading a dynamic public-private partnership, drawing from all aspects of the Sector, to prepare for future threats, manage risks, and coordinate effective response. As the Director of CIP, CDR Christl leads the SRMA activities and serves as the permanent Co-Chair of the HPH Sector’s Government Coordinating Council.
Prior to joining CIP in 2019, CDR Christl spent 16 years with the Food and Drug Administration as a project manager, emergency coordinator, and most recently the Director of the Office of Drug Security, Integrity and Response where he oversaw strategic and operational activities supporting global pharmaceutical supply chain
integrity including imports, exports, recalls and the detection and prevention of and response to counterfeit or otherwise illegitimate drugs in the U.S. pharmaceutical supply chain.
In his capacity within the Commissioned Corps of the US Public Health Service, CDR Christl had deployed to public health disaster responses on numerous occasions including COVID-19, Hurricanes Irma and Maria, and to the Monrovia Medical Unit Ebola Treatment Unit outside of Monrovia, Liberia. CDR Christl earned Bachelors in Science in Biology and Marine Science from the University of Miami, his M.S. in Biomedical Sciences from the Medical University of South Carolina and his M.S. in Organizational Leadership at Johns Hopkins University.
Dr. Allan Friedman
Dr. Allan Friedman is “the SBOM guy.” He is Senior Advisor and Strategist at the Cybersecurity and Infrastructure Security Agency. He coordinates the global cross-sector community efforts around software bill of materials (SBOM) and related vulnerability and supply chain initiatives, and works to advance their adoption inside the US government and around the world. He was previously the Director of Cybersecurity Initiatives at NTIA, leading pioneering work on vulnerability disclosure, SBOM, and other security topics. Prior to joining the Federal government, Friedman spent over a decade as a noted information security and technology policy scholar at Harvard’s Computer Science department, the Brookings Institution, and George Washington University’s Engineering School.
He is the co-author of the popular text “Cybersecurity and Cyberwar: What Everyone Needs to Know,” has a degree in computer science from Swarthmore College and a PhD in public policy from Harvard University. He is quite friendly for a failed-professor-turned-
Dr. Kevin Fu
Former Acting Director, US FDA CDRH Medical Device Security
Kevin Fu is credited for establishing the field of medical device security beginning with the 2008 IEEE paper on defibrillator security.
Kevin is a former MIT Technology Review TR35 Innovator of the Year and Fellow of the AAAS, ACM, and IEEE. He has testified in the House and Senate on matters of information and medical device security and has written commissioned work on trustworthy medical device software for the Institute of Medicine of the National Academies. He was a member of NIST Information Security and Privacy Advisory Board, the CRA Computing Community Consortium Council, and the ACM Committee on Computers and Public Policy. He received the Dr. Dwight E. Harken Memorial Lecturer Award from the Association for the Advancement of Medical Instrumentation (AAMI) for his leadership on medical device security standardization.
jack kufahL
Michigan Medicine
Jack Kufahl is the Chief Information Security Officer for Michigan Medicine at the University of Michigan, one of the nation’s top academic medical centers that brings together world-class experts from research, patient care, and education to make groundbreaking discoveries that create life-changing medicine.
He has over 20 years of experience in information technology, primarily in leadership roles. He is one of the incorporating officers of the Michigan Healthcare Cybersecurity Council and is a current board member. The MiHCC is a public-private partnership in the State of Michigan and the healthcare industry supporting the citizens, patients, workforce , and students of Michigan. MiHCC seeks to protect the critical healthcare infrastructure and institutions of Michigan by providing relevant knowledge, meaningful relationships, and information security services to the partnering individuals, agencies, organizations , and vendors. Jack is also a graduate of the esteemed FBI CISO Academy and has completed the Masters of Legal Studies program with a concentration in compliance law at Washington University in St Louis.
As the Chief Information Security Officer, he is currently responsible for planning, developing, implementing, and maintaining the Michigan Medicine information assurance program. He directs all information assurance activities across the academic medical center to ensure the confidentiality, integrity, and availability of electronic information resources critical to the tripartite mission of patient care, research, and education at Michigan Medicine.
Dan Lyon
Dan has worked on the full ecosystem of modern medical products, including implanted devices, wearable devices, clinician instruments, surgical systems, mobile and web applications, and cloud services. He also has contributed to standards and guidance for medical devices and healthcare as well as for automotive, aerospace, and consumer technology industries through organizations such as AAMI, MDIC, H-ISAC, IEEE, and CTA.
Brian M. Mazanec, PhD
Brian Mazanec is the Deputy Director, Office of Preparedness within the Administration for Strategic Preparedness and Response (ASPR) at the U.S. Department of Health and Human Services (HHS).
In Brian’s role as Deputy Director of the Office of Preparedness, he helps lead the office responsible for all aspects of preparation for events such as disease outbreaks, natural disasters, and intentional attacks with chemical, biological, radiological, or nuclear (CBRN) weapons. This work is closely coordinated with other offices within ASPR, as well as other related components within HHS, such as CDC's Office of Readiness and Response, other U.S. government departments and agencies, and international allies and partners.
Brian’s responsibilities include oversight and management of the following component offices: Security and Intelligence; Information Management, Data and Analytics; Critical Infrastructure Protection; Health Care Readiness; Medical Reserve Corps; Planning and Exercises; Continuity; and the Secretary’s Operations Center.
Prior to joining ASPR, Brian served at the U.S. Government Accountability Office (GAO), where he was the senior executive responsible for leading the agency’s Strategic Warfare and Intelligence portfolio. He led and managed numerous teams evaluating a variety of national security programs and activities related to biological and other emerging threats; intelligence community management; security and counterintelligence; sensitive activities and programs; personnel vetting; and space policy and operations. In addition, Brian led GAO’s efforts to establish an Insider Threat Program and other internal security-related initiatives. Prior to GAO, Brian worked on WMD issues at the Defense Intelligence Agency, Office of the Secretary of Defense for Nuclear Matters, and the Joint Staff J5 Combating WMD directorate.
Brian received his Ph.D. in Biodefense from George Mason University’s Schar School of Policy and Government and holds a B.A. in political science from the University of Richmond and a M.S. in defense and strategic studies from Missouri State University’s Department of Defense and Strategic Studies. In addition to his work in government, Brian’s teaches graduate level courses at several local universities, and he has authored or co-authored multiple academic books on cyber issues. He lives in Fairfax, Virginia with his wife and four children.
Jeremy Milburn
Abbott Laboratories
Prior to Abbott, Jeremy led teams of security analysts and engineers on the Cyber Risk, Cyber Solutions, and Cyber Defense teams at Target. Jeremy’s teams provided cyber risk insights and cybersecurity services during a period of transformation, innovation, and 45% revenue growth, supporting the secure deployment of payment technologies, the modernization of mobile applications, and the migration of target.com to the Google Cloud.
After a widely publicized data incident, Jeremy was responsible for rebuilding the Target Payment Security program, the selection of a new Qualified Security Assessor (QSA), and the delivery of the organization’s first post-incident Payment Card Industry Data Security Standard (PCI DSS) Report on Compliance.
Prior to joining Target, Jeremy served as an information risk executive with Ernst & Young (EY). Starting as a security penetration tester, Jeremy transitioned to leadership and spent seven years leading cybersecurity and IT risk advisory initiatives at a Fortune 10 diversified investment company and five years leading IT risk advisory initiatives at a Fortune 10 managed health care organization.
Over his career, Jeremy has led successful business, information technology, or cybersecurity implementation, transformation, or advisory projects at twelve different Fortune 100 organizations.
david nathans
Siemens Healthcare
David Nathans currently serves as a Product Security Manager for Siemens Healthcare, where he specializes in building cybersecurity programs and security operation centers. Having previously held prominent positions in the defense, retail, managed security and healthcare industries, Nathans has a wealth of cybersecurity knowledge which he shares to help protect companies from this growing threat.
His experiences and lessons learned also stem from his time building security programs at one of the largest breached retail companies in history as well as working all over the world as a Cyber-Operations Officer for the US Air Force.
Justin Post
Policy Analyst (Cybersecurity)
Center for Devices and Radiological Health (CDRH)
U.S. Food and Drug Administration (FDA)
Office of Product Evaluation and Quality (OPEQ)
Immediate Office (IO) – Digital Health
Justin Post is currently a Policy Analyst (Cybersecurity) in the Immediate Office – Digital Health within CDRH’s OPEQ. The Immediate Office – Digital Health contributes to FDA’s digital health policy and to digital health related programs and activities. It also provides leadership and support to OPEQ staff with premarket and postmarket reviews in alignment with FDA guidance documents with digital health content. As part of the Immediate Office – Digital Health, Justin is focused on premarket and postmarket cybersecurity policy development and implementation across OPEQ’s Office of Health Technology (OHT) 1 through 8.
Prior to this role, Justin was a lead reviewer in OPEQ’s OHT7 (Office of In Vitro Diagnostics) supporting pre-market and post-market review activities. He was also OHT7’s lead representative supporting FDA’s Digital Health Center of Excellence where he was a contributing author to FDA guidance documents with digital health content and an active participant in digital health related programs and activities.
Prior to the FDA, Justin spent 12 years at a global IVD manufacturer holding positions in R&D, Regulatory Affairs and Quality Assurance where he supported the commercialization and maintenance of regulated IVD products in US and ex-US markets.
chris reed
Chris Reed leads the corporate Product Security Office at Medtronic providing governance, centralized product security services and coordination of systemic security risk management across Medtronic’s product portfolio. He reports to Medtronic’s Chief Quality Officer and is a member of the Medtronic Quality Leadership Team.
Chris spent 2 years prior as Medtronic’s Director of Regulatory Policy for Product Security and Digital Health working on key regulatory legislation and initiatives such as the PATCH act. He also advised Medtronic businesses through various cybersecurity related product issues both with submissions and with deployed products.
Chris spent over 21 years with Eli Lilly and Company including building Lilly’s product security program supporting Digital Health including connected diabetes management products.
He is actively engaged as a leader in many medical device security and digital health
industry initiatives such as the MDIC Cybersecurity Working Group, Health-ISAC Medical Device Security Information Sharing and Coordination’s Advisory Committee and as co-lead for the Healthcare Sector Coordinating Council’s MedTech Cybersecurity Task Group.
Bill Reid
Google Cloud
Bill is a member of Google Cloud’s Office of the Chief Information Security Officer (CISO), where he advises Health and Life Sciences customers on ways to achieve their business goals while adopting a high security bar.
Prior to Google, he was VP and Chief Security Officer for National Resilience, a bio-manufacturing company, where he established and ran the Security and Privacy organization, including physical, IT, and OT/ICS systems. Before Resilience, Bill was the CISO for Amazon Care, a telemedicine and in person care service. Also at AWS, Bill led the AWS Security Solution Architecture team. Earlier, Bill held CISO roles at healthcare technology and medical device companies, and was Director of Product Management for Microsoft’s Health Solutions Group and member of their Trustworthy Computing initiative.
Bill began his career in healthcare administration for Group Health Cooperative (now Kaiser). He has a Masters from Tufts University and Bachelors from the University of Pennsylvania.
hector Rodriguez
Principal Industry Specialist & Executive Security Advisor
AWS World-Wide Public Sector Security Team
His work covers topics such as “Modern Disaster Recovery and Ransomware Mitigation”, “Cybersecurity and the Trusted Healthcare Cloud”, “Blockchain in Healthcare” and “Healthcare’s Digital Front Door and IoT/IoMT Devices”. Hector has an M.B.A. in Management Finance and Entrepreneurship and a Bachelor’s in Computer Science from Rutgers University.
ADAM SHOSTACK
Adam is a leading expert on threat modeling, and a consultant, author and game designer. He's focused on enabling great threat modeling programs, and is the author of "Threat Modeling: Designing for Security" and "Threats: What Every Engineer Should Learn from Star Wars."
Skip Sorrels
Ascension Technologies
Skip Sorrels is a distinguished cybersecurity professional, widely recognized for his leadership
in developing robust cybersecurity programs. Armed with a Master of Science in Cybersecurity
and Information Assurance, he possesses a unique blend of technical expertise and a solid
foundation in healthcare cybersecurity.
Skip has come full circle in his career, starting in the nursing profession in Texas. He worked
across intensive care and trauma units, as well as with transplant teams. Despite his roots in
healthcare, computers and technology always intrigued him, eventually leading him to Dell. At
Dell, he contributed to the architecture and solutioning work for Department of Defense
contracts, different branches of the military and civilian divisions of the government.
Currently, he serves as one of the Directors of Cybersecurity overseeing various cybersecurity
needs for Ascension Healthcare, one of the country’s largest non-profit healthcare providers.
His front-and-center experience as both a former nursing practitioner and a security executive
uniquely positions him to contribute to the betterment of healthcare cybersecurity.
Skip currently plays a pivotal role in establishing a medical device cybersecurity program. His
success in this initiative over the past six years has propelled him into broader responsibilities,
including the development of cybersecurity programs for Operational Technologies (OT) and
venturing into the realm of eXtended Internet of Things (XIoT).
Beyond his responsibilities at Ascension, Skip is a devoted advocate for knowledge sharing. He
actively contributes to the cybersecurity community through engaging in webinars, podcasts,
and crafting insightful blog posts. His commitment to sharing experience and knowledge
exemplifies his dedication to advancing the field and nurturing the next generation of
cybersecurity professionals.
Dr. Hans-martin von stockhausen
Siemens Healthineers
Dr. Hans-Martin von Stockhausen holds a position as Principal Key Expert for Cybersecurity at Siemens Healthineers. In this position he leads the company in developing security requirements for all products gathered from international regulations and customers around the globe with a focus on supporting the operational risk management on the operator’s side. Inside the Siemens security community, he leads a team that that works on improving and maintaining the security posture of products and security related customer communication. He has extensive domain knowledge from 20+ years of work experience in the medical device industry holding various positions throughout the product lifecycle from SW developer to SW platform architect to product manager.
For 10+ years, his focus has been on cyber security while holding a position as product security officer for medical IT systems and image acquisition devices. Hans-Martin participates in expert workshops and talks at conferences held by European and internationally recognized organizations. Furthermore, he is a member of the board of directors of Health-ISAC.
nastassia Tamari
US FDA
Nastassia Tamari is the Division Director for Medical Device Cybersecurity within the Division of Medical Device Cybersecurity (DMDC), housed within the Office of Readiness and Response (ORR) in the Office of Strategic Partnerships and Technology Innovation (OST) in FDA CDRH. The Division of Medical Device Cybersecurity provides leadership and strategic direction for medical device cybersecurity policy. As part of DMDC, she leads a team which develops policy related to medical device cybersecurity to advance national preparedness and responds to cybersecurity incidents involving medical devices.
She spent more than a decade at a private medical device manufacture focusing on cybersecurity, security operations and strategic regulatory alignment. She earned a B.A. in Communication from San Diego State University and completed graduate work at Boston University earning an M.S. in Journalism.
Sponsored Presentation
mike nelson
Mike Nelson is the Global VP of Digital Trust at DigiCert. In this role, he oversees strategic market development and champions digital trust across organizations to protect servers, users, devices, documents, software and more.
Mike frequently consults with organizations, contributes to media reports, and speaks at industry conferences about the risks of connected technology, and what can be done to improve the security of these systems.
Before DigiCert, Mike spent his career in healthcare IT including time at the US Department of Health and Human Services, GE Healthcare and Leavitt Partners. Mike’s passion for the industry stems from his personal experience as a type 1 diabetic and his use of connected technology in his treatment.