December 11-12 | San Francisco

 

Speakers

Expand/Collapse

Greg Garcia
Executive Director for Cybersecurity
Healthcare Sector Coordinating Council

Gregory T. Garcia is Executive Director for Cybersecurity of the Healthcare and Public Health Sector Coordinating Council (HSCC). The healthcare and public health sector is one of 16 critical industry sectors identified under Presidential Policy Directive 21. The HSCC brings together the many subsectors of the healthcare industry in collaboration with the government – principally the Departments of Health and Human Services, and Homeland Security - to develop and implement evolving ways to strengthen the sector’s security and resiliency against cyber and physical threats. Greg was appointed by President George W. Bush as the nation’s first Assistant Secretary for Cyber Security and Communications at the U.S. Department of Homeland Security from 2006-2009, where he led the National Cyber Security Division, the National Communications System and the Office of Emergency Communications. Under Greg’s leadership, DHS was a key driver in developing the Bush Administration’s Comprehensive National Cyber Security Initiative (HSPD 23), the National Emergency Communications Plan, and the precursor to what is now the National Cyber and Communications Integration Center (NCCIC). After DHS, Garcia went on to create and lead Bank of America’s external partnership strategy for cyber security and identity management until December 2011. He then expanded his footprint to head the Financial Services Sector Coordinating Council (FSSCC), an official industry-wide partner to the government, developing policy and operational strategy for the security and resiliency of the financial system against cyber-attacks and other threats. Greg most recently was executive vice president of SIGNAL Group, a Washington, DC-based public policy advocacy and strategic communications consulting firm. Earlier in his career, Greg served as professional staff for the U.S. House of Representatives Committee on Science, where he shepherded enactment of the Cyber Security Research & Development Act of 2002. He also led advocacy for the Information Technology Association of America, American Electronics Association, and 3Com Corporation, a Silicon Valley computer and communications networking company. He is a member of the Information Security and Privacy Advisory Board, a federal advisory committee; CompTIA’s Cybersecurity Advisory Board; was a guest lecturer at the Army War College in Carlisle, PA; and has occupied numerous advisory board positions with high technology startups.

Day One

Tuesday, December 11 2018

17:30 | Chair's Closing Remarks

08:50 | Chair’s Opening Remarks

Day Two

Wednesday, December 12 2018

14:45 | Chair's Closing Comments & End of Conference

09:10 | Keynote: Managing a Shared Challenge: Cyber Risk Management for MedTech & Health Providers

09:00 | Chair's Opening Remarks

Roberta Hansen
Director, Product Cybersecurity
Abbott

Roberta is an industry recognized leader in Product Cybersecurity. Her organization focuses on setting the cybersecurity strategy and governance for all Abbott divisions; including Diabetes Care, Medical Devices, and Diagnostics. In collaboration with internal and external stakeholders her team ensures that product teams design and develop next generation products with security by design throughout its lifecycle. Roberta started her career at Abbott 21 years ago in the Corporate Engineering function and has held positions of increasing responsibility in Disaster Recovery, Business Continuity, Risk Management, Research & Development, Manufacturing, and Quality. Roberta holds a Masters in Business Administration (MBA) from Lake Forest Graduate School of Management. She holds a Bachelor of Arts (BA) in International Business from The University of Michigan – Ann Arbor. She has earned Certified Information Systems Security Professional (CISSP) designation, Certification of Information Security Management (CISM) and Project Management Professional (PMP).

Day Two

Wednesday, December 12 2018

12:10 | Panel Discussion: Implementing Security by Design in Software and Hardware

Alex Kent
Director for Cybersecurity Engineering, Cardiac Rhythm & Heart Failure Division
Medtronic

Dr. Alex Kent is the Director for Cybersecurity Engineering within Medtronic’s Cardiac Rhythm and Heart Failure division with responsibilities for comprehensive medical device and product security spanning premarket engineering through full lifecycle management. Previously, Alex was the Technical Director and Senior Solution Architect for operational IT and cybersecurity at Los Alamos National Laboratory. Other assignments include the science advisor to the U.S. House of Representatives’ Permanent Select Committee on Intelligence and the director and creator of Los Alamos' cybersecurity R&D organization centered on solving current and forward-looking cyber problems for the Nation. His expertise spans operational IT and cybersecurity management at scale, national leadership on cyber security policy, as well as research in cyber security and data analytics with a substantial history of peer-reviewed publications and patents. Alex holds BS, MS, and PhD degrees in Computer Science from the New Mexico Tech and an Executive MBA from the University of New Mexico.  

Day Two

Wednesday, December 12 2018

11:40 | Connected Device Lifecycle Management – When and How Should End-Users Upgrade?

Max McKone
Manager
Darktrace

Day One

Tuesday, December 11 2018

10:00 | Securing Connected Devices: Use Cases of Cyber AI

Neal Bridges
Director of Global Incident Response & Threat Management
Abbott

Neal has over twenty years of experience in information technology and security in numerous technical and functional roles. Neal is skilled at technical security and control assessments including performing advanced penetration testing targeting networks, applications, personnel and physical security controls.  He has extensive experience reviewing information and security systems from the perspective of advanced cyber threats and consulting on industry proven tactics for secure architecture design. Neal has worked in advanced attack and penetration testing roles and consulted with Fortune 100 companies on network defense tactics in verticals including financial services, government, higher education, and healthcare sectors. Neal spent ten years in the United States Air Force where he was hand selected to lead the development of offensive cyber and counter-adversary cyber programs. Certifications: GIAC Security Essentials (GSEC); GIAC Certified Incident Handler (GCIH); GIAC Advanced Penetration Tester (GXPN); Certified Ethical Hacker (CEH); Cisco Certified Network Associate (CCNA); Linux Professional Institute Certification (LPIC); Undergraduate Network Warfare Training (UNWT); Intermediate Network Warfare Training (INWT); NSA Advanced Offensive Cyber Operations Course (AOCOC)

Day Two

Wednesday, December 12 2018

13:45 | Keep Calm: Plan of Action for Incident Response

Erwan Rivet
Chief Technology Officer
Octave Bioscience

Day Two

Wednesday, December 12 2018

12:10 | Panel Discussion: Implementing Security by Design in Software and Hardware

Joern Lubadel
Director of Service & IT Healthcare Support
B Braun Medical US

Healthcare IT executive with 20+ years of experience creating customers success stories in more than 40 countries with innovative Healthcare IT solutions, delivered with a network of 350 service technician, 37 trainer in over 40 countries a performant and cost effective service Contributing in national and international organization to develop better and innovative but importantly secure Healthcare IT solutions. Taking care for all aspects of cyber security issues over the life time of the products which include high involvement in national and global task forces and initiative including organizations such ISO, AAMI, HIMSS and AdvaMed.

Day One

Tuesday, December 11 2018

09:30 | How Are You Handling Your Legacy Products from an Infrastructure Perspective?

Robert Ezzel
Associate Director of Global Regulatory Affairs
Sanofi

Day One

Tuesday, December 11 2018

11:40 | Navigating the Connected Devices Regulatory Landscape

David Scott
Product Security Officer
BD

David Scott brings over 20 years of cybersecurity experience with background in medical device security, cyber warfare and security strategy. He is the Product Security Officer for BD’s Medication Management Solutions business unit, which includes infusion, automated dispensing and informatics technologies.

Day One

Tuesday, December 11 2018

12:40 | Panel Discussion: Security Challenges for Network Connectable Devices in Healthcare Ecosystems

Day Two

Wednesday, December 12 2018

11:10 | Developing a First Class Cybersecurity Program for Your Critical and Connected Devices

Ed Heierman
Product Cybersecurity Architect
Abbott

Dr. Ed Heierman is a Product Cybersecurity Architect at Abbott, a global company that develops in-vitro diagnostic (IVD) instruments and implantable cardiovascular and neurological medical devices. Dr. Heierman assists Abbott product development teams with product cybersecurity risk assessment, development, vulnerability management, surveillance, and incident response activities. Previously he was the technical lead for Abbott’s web-based remote instrument monitoring application (Internet of Things) that provides secure remote access to diagnostic instruments installed at Abbott customer sites worldwide. He began his career with Abbott as a software engineer for Immunoassay and Clinical Chemistry IVD instruments. Dr. Heierman is the Chairholder for the CLSI Consensus Committee for Automation and Informatics. He was the Chairholder for the CLSI Document Development Committee that developed the AUTO11 Standard for the Security of IVD Instruments and Software Systems. He is also the Chief Technical Officer for the IVD Industry Connectivity Consortium (IICC), a nonprofit organization that has accelerated the development of interoperability standards for connectivity between IVD instruments, middleware, and Laboratory Information Systems (LIS). Dr. Heierman holds a Ph.D. in Computer Science from the University of Texas at Arlington, a Master of Computer Science from the University of Texas at Arlington, and a Bachelor of Computer Science and Math from the United States Air Force Academy.

Day Two

Wednesday, December 12 2018

12:10 | Panel Discussion: Implementing Security by Design in Software and Hardware

Mary Ann Smith
Senior Director, Regulatory Affairs
Advanced Cell Diagnostic

Day Two

Wednesday, December 12 2018

14:15 | How to Embrace and Accelerate Partnerships through Robust Due Diligence?

Phil Dang
Director of R&D and Connectivity
Edward Lifesciences

Phil Dang is currently Director of Engineering at Edwards Lifescience, Critical Care business unit. Phil provides technical leadership and combines New Product Development + Digital Transformation expertise (Software, Big Data, Internet of Things, Artificial Intelligence, Cybersecurity) to improve patient standards of care. He operates at the intersection of Connected Products and Healthcare.  He joined Edwards Lifesciences from Johnson & Johnson with 15 years of diverse experience in R&D, IT and Corporate Divestiture. Phil has a Bachelor’s Degree in Economics from the University of California Irvine.

Day Two

Wednesday, December 12 2018

12:10 | Panel Discussion: Implementing Security by Design in Software and Hardware

Deb Muro
Chief Informtaion Officer
El Camino Hospital

Deb Muro is the Chief Information Officer for El Camino Hospital. She joined the hospital in 2014 and during her tenure led the installation and implementation of the hospital’s EPIC electronic health record system. With more than 25 years of combined nursing, clinical, healthcare and technology experience, Deb has held various healthcare IT management positions focused on the delivery of technology solutions and best practices. Prior to joining El Camino Hospital, she served in executive level positions for Unity Point Health and Allina Health System and led large enterprise-wide technology implementations involving multiple acute care hospitals, outpatient/ambulatory clinics and critical access rural hospitals. As CIO, her responsibilities include management and oversight of technology strategy and the Information Services Division. Deb received a bachelor’s degree in nursing from Baylor University and a Master’s in Human Relations and Business from Amber University. In 2012, Deb was nominated as a Finalist for the Iowa Technology Association “Women of Innovation” Award.

Day One

Tuesday, December 11 2018

15:00 | INTERACTIVE WORKSHOP: Cybersecurity For Medical Devices Is A “Team Sport”

David Presuhn
Connected Device Management Expert
Boston Scientific

Dave Presuhn is a member of the Connected Device Management team for Boston Scientific.   He is professionally focused on the security and management of medical devices and medical device controllers, with 15 years experience in device management.   He is a member of the IS Security Association since 2014.

Day One

Tuesday, December 11 2018

12:40 | Panel Discussion: Security Challenges for Network Connectable Devices in Healthcare Ecosystems

Day Two

Wednesday, December 12 2018

10:10 | How to Execute Patching and Why Patch Management Is Important?

Paul Upham
Principal
Roche

Paul is a Senior Principal at Roche / Genentech where he leads the Smart Device Technology Center. Paul has 20 years of experience in medical device R&D, strategic marketing, product management, clinical research, and medical informatics. Prior to Roche / Genentech, Paul was with Becton Dickinson(BD), as Worldwide Director of Strategic Marketing in their Pharmaceutical Systems business. Paul and his team were responsible for all upstream and downstream marketing strategy for BD's self-injection business, including pen injectors, autoinjectors, and wearable patch injectors. Prior to that role, Paul was with WellDoc, Inc. as Director of Product Marketing, where he built and led the marketing team and was responsible for product management activities for WellDoc’s portfolio of mobile health solutions. He was also the Core Team Leader for WellDoc’s landmark BlueStar™ product, a class II medical device and the world’s first reimbursed, prescription-only software for type 2 diabetes. Paul’s prior experience includes 10 years at BD in the Diabetes Care business. Paul was responsible for the development and launch of the award-winning BD InterActiv® Diabetes Software, and was a member of the joint BD / Medtronic core team that launched ParadigmLink®, the world’s first wireless blood glucose meter.   Paul holds an issued patent in medical software and numerous patent applications covering software and medical devices. He is also an author and co-author of numerous peer-reviewed articles in medical informatics and in diabetes. His education background includes undergraduate studies in cognitive science and graduate work in health informatics and finance at the University of Minnesota and New York University.

Day One

Tuesday, December 11 2018

12:10 | A Shift of Mindset – How to Develop a Secured and Compliant Connected Device

Justin Heyl
Cybersecurity Director Business Development, Innovations & Strategic Partnerships
UL LLC

Justin is responsible for the management of UL LLC’s suite of services to support global regulatory approvals for medical device companies. He is a cybersecurity panelist with the FDA, a participant with the VA/UL CRADA for cybersecurity and developing requirements and solutions for several major hospitals and procurement groups in US, EU and APAC. He is a member of the MDS2 committee, AAMI, AdvaMed, FDA Pre-cert workshop and public comment. He joined UL as the Global Account Director responsible for Boston Scientific, Medtronic, St. Jude and supporting the global accounts team with medical related compliance services. Prior to joining UL, he was the program manager for Intertek’ s consulting services, worked as an orthopedic sales representative for Primary Surgical and a mechanical engineer for Crane Engineering and Forensic Services. He has partnered with medical device companies throughout the product development cycle and certification to expedite market access on a global scale. He has successfully managed projects and international submissions with start-ups, VC backed companies as well as many of the top 10 medical companies in the world.  Justin holds a Bachelor of Science degree in Mechanical Engineering from the University of Minnesota and has over twenty-two years of industry experience focusing on medical regulatory solutions and business development with medical companies.

Day One

Tuesday, December 11 2018

12:40 | Panel Discussion: Security Challenges for Network Connectable Devices in Healthcare Ecosystems

David Snyder
Principal Consultant
42tek

David is a Certified Information Systems Security Professional (CISSP), Certified Scrum Master (CSM), and a California-registered Civil Engineer (PE). He is currently researching cybersecurity for network-connected medical devices and ways to use blockchain technology to ensure data quality and security for critical infrastructure devices, including environmental sensors and medical devices. His experience includes companies like Apple, Google, Kaiser, First Data, PayPal, Yahoo!, and various startups for healthcare systems, electronic payments, mobile applications, and data security. 42TEK, Inc. (www.42tek.com) is Mr. Snyder’s consulting company. David is a past board member of the Northern California Chapter of the Healthcare Information Management Systems Society (HIMSS) and has been the organizer, moderator, or speaker for more than 20 conferences and seminars on healthcare, data security, and payments topics.

Day One

Tuesday, December 11 2018

15:00 | INTERACTIVE WORKSHOP: Cybersecurity For Medical Devices Is A “Team Sport”

Matthew Jones
Clinical Engineering Security Specialist
Intermountain Healthcare

Matthew Jones has worked for Intermountain Healthcare for 9 years as a Clinical Engineer. His experience includes: Biomed Technician, Technical Readiness Project Manager, Radiation Safety Council Member, and Medical Device Security Specialist. Matthew’s background in automotive manufacturing, as an Automation Engineer and Quality Assurance Engineer (Black Belt Six Sigma) has helped him design and implement a variety of clinical systems, that include: automation and integration for multi-place hyperbaric chambers, medical telemetry control rooms (144 patients), Enterprise EEG Monitoring Control Room, Enterprise TeleHealth, Enterprise NurseCall architecture, Enterprise EMR medical device integration, EMR to Enterprise Alerting System.

Day One

Tuesday, December 11 2018

15:00 | INTERACTIVE WORKSHOP: Cybersecurity For Medical Devices Is A “Team Sport”

12:40 | Panel Discussion: Security Challenges for Network Connectable Devices in Healthcare Ecosystems

Ed Harshberger
Independent Medical Device Cybersecurity Expert

Ed Harshberger is the Chief Technology Officer (CTO) and Sr. InfoSec Consultant at Cyreonix Cyber Security & Consulting and brings over two decades of information security experience evaluating threats and delivering actionable intelligence to leadership and management teams. Ed’s 24 years of cybersecurity experience includes an extensive background in medical device security, cyber warfare and enterprise IT strategy. Ed started in the healthcare industry at Duke University Health System. He also served as the international performance solutions consultant for the innovative bio-diagnostics company, bioMerieux. Ed has also consulted with industry leading companies BD, Bruker Dalton’s, Instrumentation Laboratory, and Abbott. As the senior technical subject matter expert for Cyreonix, Ed keeps current on security technology advances and well as participates in industry related organizations.  Ed also has a background in Military Counter-Intelligence, physical security, classifying levels of critical data, and Force Protection methodology while in the 1st Cavalry Division of the US Army utilizing warfighter technology.  

Day Two

Wednesday, December 12 2018

09:40 | Developing a Risk Management Framework for Your Connected Device

Andrea Arbelaez
Senior Leader, Cybersecurity
NIST

Andrea Arbelaez is the IT project manager for the Healthcare Portfolio at the National Institute of Standards and Technology. Andrea currently oversees and supports research methods to secure a Picture Archiving and Communication System. Prior to this effort, Andrea supported efforts at the U.S. Department of Health and Human Services developing resources for the Substance Abuse and Mental Health Services Administration. Andrea has a Bachelor of Science degree in Information Systems from Columbus State University and a master’s degree in Healthcare Administration from Colorado State University.

Day One

Tuesday, December 11 2018

09:00 | The Fast Evolving IoT World – How Can You Ensure Your Patients’ Data is Safe?

Jason Johnson
Information Security Officer
Marin General Hospital

Jason Johnson has been in technology for twelve years and has spent the last eight years with hospitals in Northern California. Through the years, he has overseen several specialized areas including Citrix implementations, Help Desk management, software rollouts, data center migrations, telecommunications, UC implementations, network upgrades, and ambulatory clinic overhauls.

 

This breadth of experience provides Jason a unique lens with which to view information security. As Information Security Officer for Marin General Hospital, he has been responsible for rolling out a formal information security program from the ground up. This included passage of organizational security policies, implementing vulnerability management processes, creation of everyday procedures and security awareness training, and implementing a MSSP.

Jason also serves on the Board for Directors for HIMSS Northern California as President-Elect. He holds a B.S. in Business Administration, CISSP and PMP certifications, and a Six Sigma Yellow Belt.

Day One

Tuesday, December 11 2018

15:00 | INTERACTIVE WORKSHOP: Cybersecurity For Medical Devices Is A “Team Sport”

Timothy Berendt
Director of Innovation
Blue Cross Blue Shield of Massachusetts

Day One

Tuesday, December 11 2018

14:30 | How Can a Healthcare Payer Embrace Disruption through Innovation?

Christine Sublett
President & Principal Consultant
Sublett Consulting, LLC

Christine is a security, privacy and cyber protection professional with over 25 years in the healthcare technology industry. Proficient in providing technical consultancy and advisory services to healthcare startup organizations, Christine delivers comprehensive advice on the implementation and development of security and information protection programs and initiatives, and works with Boards and Executive teams to define cost efficient and practical security and privacy strategy. Christine also executes security and data privacy due diligence on acquisitions for equity firms and their portfolio companies, working with those companies through acquisition to mitigate identified risks.

As President & Consultant, she holds board cybersecurity advisory roles with several leading health tech companies, El Camino Hospital Board of Director’s Privacy, Compliance & Audit Committee, and has had several companies she advised acquired by companies such as Apple, Salesforce, Intuit and Kareo. 

Prior to establishing her own company, Christine served in a variety of senior executive Security, Privacy, and Technology roles with healthcare entities including Lucile Packard Children's Hospital/Stanford Children's Hospital. She was also selected in 2016 to participate on the HHS Healthcare Industry Cybersecurity Task Force to provide recommendations to Congress on healthcare cybersecurity.

Day One

Tuesday, December 11 2018

15:00 | INTERACTIVE WORKSHOP: Cybersecurity For Medical Devices Is A “Team Sport”