Healthcare and Med Device Series

Remaining Events in the Series






“Table Stakes” in the Development and Deployment of Secure Medical Devices

Monday, October 22, 2018 1-5PM
Location: Minneapolis Convention Center as a pre-event workshop before Cyber Security Summit 2018

1:00-1:15   Welcome and Introduction

1:15-2:00   Basic Threat Modeling and Risk Assessment

Speaker: Fotios Chantzis, Principal Information Security Engineer, Mayo Clinic

2:00-2:30   What are the chances? Lessons learned from 50 years of predicting risk.

Speaker: Douglas Clare, Vice President, Cyber Security Solutions, FICO (Fair Isaac Corporation)

2:30-3:15   Panel: Cyber-Hygiene – How Do You Harden a Legacy Medical Device?

Moderator: Jay Radcliffe, Cyber Security Researcher, Thermo Fisher Scientific

Speaker: Adam Brand, Managing Director, PwC; Michael McNeil; Global Product Security & Services Officer, Philips Healthcare

3:15-3:30   Break

3:30-4:15   Patching Best Practices

Speaker: Michael McNeil, Global Product Security & Services Officer, Philips Healthcare

4:15-5:00   Panel: What are the basic requirements for security testing and how best to get that done?

Moderator: Ken Hoyme, Director, Product and Engineering Systems Security, Boston Scientific

Speakers: Danilo Clemente, Senior Information Security Engineer, Mayo Clinic; Garrett Sipple, Managing Consultant, Synopsys; JT Tyra, Principal IT Security Technologist – Red Team, Medtronic



Regular – $225.00

Onsite – $275.00

Register Now


Supported by:



Past Events in the Series






















Healthcare System Management of Medical Devices

Thursday, July 26, 2018 1-5PM

Location: Optum (13625 Technology Dr., Eden Prairie, MN 55344)

1:00-1:15 – Welcome

1:15-2:00 – How to work with vendors to best design a secure medical device network

Speaker: David Clapp, Sr. Principal Solutions Systems Engineer, Symantec

2:00-3:00 – Panel: How to get a seat at the procurement table to ensure secure devices are purchased

Moderator: Debra Bruemmer, Senior Manager, Cybersecurity Care Process Resiliency, Office of Information Security, Mayo Clinic

Speakers: Gary Moore, Supply Chain Director, Mayo Clinic; Mike Seeberger, Systems Engineer, Boston Scientific; Matthew Werder, Chief Technology Officer, Hennepin Healthcare

3:00-3:30 – Break

3:30-4:15 – How security properties get integrated with your inventory management systems

Speaker: Dino Balafas, VP of Product Management and Marketing, Great Bay Software

4:15-5:00 – Panel: Device discovery techniques – what do you have, what does it contain, and where is it?

Moderator: Jay Radcliffe, Cyber Security Researcher, Boston Scientific

Speakers: Joel Cardella, Director, Product Security, Corporate Information Security (CIS) Program, Thermo Fisher Scientific;
Denis Foo Kune, Principal Information Security Engineer, Office of Information Security, Mayo Clinic; Craig Hyps, Principal Technical Marketing Engineer, Cisco Systems


Facility Host:






















Post-Market Management of Fielded Medical Devices

Thursday, April 26, 2018 1-6PM (Registration is now closed)

Location: Medtronic (Mounds View, MN, Campus)


1:00 – 1:15 – Welcome and Introduction

1:15 – 2:15 – Panel: Leveraging a “Bill of Materials” to Improve Patient Safety Today
What is a “software bill of materials,” how is it generated, how is it best communicated, and could it help improve patient safety?

Moderator: Ken Hoyme, Director, Product and Engineering Systems Security, Boston Scientific

Panelists: Scott Hanson, Product Security Program Manager, Medtronic; Sarah Jopp, Senior Security Analyst, Mayo Clinic; Jennifer Reicherts, Information Security Analyst, Fairview Health Services

2:15 – 3:00 – How Can Automation Help?
What tools are available to support monitoring 3rd party software for new reported vulnerabilities?

Speaker: Jim Jacobson, Chief Product and Solution Security Officer, Siemens

3:00 – 3:15 – Break

3:15 – 4:15 – Panel: What Are the Options for Keeping Bad Code From Getting a Foothold on the Device?
What is the best approach to device hardening and how do you ensure that only the appropriate code is executed?

Moderator: Debra Bruemmer, Senior Manager, Clinical Information Security, Mayo Clinic

Panelists: Todd Carpenter, Chief Engineer – Systems and Architecture, Adventium Labs; Jim Sievert, Principal Software Engineer, Boston Scientific; Ryan Wick, Cyber Risk Services, Deloitte

4:15 – 5:00 – Shoring up the Patch Management Process
How can we get to a place where end users can apply 3rd party patches directly?

Speaker: Keith Whitby, Healthcare Technology Management (HTM) Section Head, Mayo Clinic

5:00 – 6:00 – Networking Reception

Facility Host:

Medtronic Logo (blue)

Healthcare & Med Device Security Series Committee

2018 CHAIR
Ken Hoyme, Director, Product & Eng. Systems Security, Boston Scientific

Bonnie Anderson Maxey, Information Security and Privacy Officer, Hennepin County Medical Center
Bob Bennett, Co-Founder, NaviLogic
Curtis Blythe, Manager – Medical Device Security, Abbott Medical Devices
Deb Bruemmer, Senior Manager, Mayo Clinic
Todd Carpenter, Chief Engineer – Systems and Architecture, Adventium Labs
Scott Erven, Managing Director, PwC | Cybersecurity & Privacy
Bill Hagestad, Field Experienced Cyber Security Professional
Brian Isle, Co-founder, Adventium Labs; Senior Fellow, University of Minnesota Technological Leadership Institute
Eileen Manning, Executive Producer and Co-Creator, Cyber Security Summit
Dan Mooradian, PhD, Honeywell/James J. Renier Chair in Technology Management, Senior Fellow, Director of Graduate Studies – MDI, Technological Leadership Institute, University of Minnesota
Dale Nordenberg, Executive Director and Co-Founder, Medical Device Innovation, Safety, and Security Consortium
David Notch, Sr. Enterprise Security Architect, Medtronic
Tom Parker, Sr. Director – Information Security and Controls, Starkey
Matt Russo, Senior Director, Product Security, Medtronic
Nita Shah, Co-founder and CTO, TLT
Chris Tyberg, Division Vice President, Information Security, Abbott Medical Devices


Register Now