Day One Agenda
Tuesday, October 3

8:00   REGISTRATION & WELCOME COFFEE

8:50   CHAIRPERSON’S OPENING REMARKS
Shlomi Ashkenazy, CYBELLUM

9:00   OPENING ICE BREAKER: OVERCOMING CYBERSECURITY CHALLENGES THROUGHOUT THE MEDICAL DEVICE LIFECYCLE
This interactive ice breaker will open the event with an opportunity for all participants to move around the conference room with the goal of meeting other delegates and engaging in swift discussions. The audience is encouraged to briefly exchange perspectives on the daily challenges of cybersecurity, particularly associated with the importance of cybersecurity strategies across the product life cycle from launch to legacy status. Furthermore, participants in this warm-up session are also given the opportunity to directly build contacts.
Phil Englert, VP Medical Device Security
HEALTH-ISAC

9:30   FBI PERSPECTIVE: CATALOGING CYBER CRIME IN HEALTHCARE TO BETTER MITIGATE RISK
• Lessons learned from 2022 specific to healthcare sector
• FBI targeted actions to improve healthcare security
• Insight into how the industry can better protect itself
Kyriakos Vassilakos, Supervisory Special Agent
FBI

10:15   COFFEE & NETWORKING BREAK

10:45   TRANSITIONING TO NIST CSF 2.0 IN MEDICAL DEVICE TECHNOLOGY
In a landscape where cybersecurity is paramount to business enablement, the transition to NIST CSF 2.0 in medical device technology poses both challenges and opportunities. This engaging panel discussion, a live adaptation of Access Point’s Virtual CISO Happy Hour podcast, details the intricacies of this transition. Hosted by Rick Leib of Access Point Advisory, and featuring a panel of seasoned experts in Chris Hamblin and Geoff Hancock, the discussion will shed light on the practical strategies, common pitfalls, and the roadmap toward a seamless transition to NIST CSF 2.0. Attendees will gain insights on how the updated framework aligns with evolving cyber threats, and how it can be leveraged to bolster cybersecurity resilience in medical device technology. Through interactive discussion, this panel aims to equip professionals with the knowledge and tools necessary for navigating the complex terrain of cybersecurity compliance in the healthcare sector.
Rick Leib, Virtual Chief Information Security Officer
Geoff Hancock, Chief Information Security Officer
Chris Hamblin, IT Director
ACCESS POINT TECHNOLOGY

11:30   CAPTURING CRITICAL DETAILS OF REGULATORY COMPLIANCE WITHIN LEGACY PRODUCT POLICIES
• Important steps in development of legacy product strategy
• Incorporation of recent IMDRF guidance in legacy management
• Review of HSCC recommendations & toolkit HIC-MaLTS
Ramakrishnan Pillai, Sr. Director & Head of Product Security
LIVANOVA

12:15   LUNCHEON FOR ALL SPEAKERS, SPONSORS & ATTENDEES

1:15   PANEL DISCUSSION: EXAMINATION OF SBOMS IN PRACTICE & CONCERNS WITH ADDITIONAL EXPOSURE
• Industry perspectives on practical aspects of SBOM execution
• Product administrative controls & impact on SBOM relevance
• Protecting proprietary information when delivering SBOM
• Ensuring information securely reaches only intended recipients
Scott Van Eps, DANAHER
Jacob Combs, TANDEM DIABETES
Sivaram Rajagopalan, BAXTER
Matt Wyckhouse, FINITE STATE

2:30  A MULTIDISCIPLINARY APPROACH TO CYBERSECURITY FOR MEDICAL DEVICES
This session will provide an overview of the latest regulatory updates on medical device cybersecurity, as well as common pitfalls to avoid in the supply chain and development lifecycle. It will also discuss real-world use cases for significantly reducing cybersecurity risks in medical devices. It will include a review of the FDA’s latest cybersecurity regulations for medical devices, how to mitigate risks from the medical device supply chain, best practices for SBOM management, vulnerability management, and vulnerability triage and real-world examples of how organizations have successfully implemented medical device cybersecurity.
John Auld, General Manager NA
CYBELLUM

3:15   COFFEE & NETWORKING BREAK

3:45   SMALL GROUP DISCUSSIONS: OPTIMIZING THE MANAGEMENT OF CLIENT SECURITY ASSESSMENTS
• Reaching a consensus on what assessments must include
• Opportunities to streamline review & execution of assessments
• Prompting hospitals to develop assessments in a standardized format
Rick Leib, Virtual Chief Information Security Officer
Geoff Hancock, Chief Information Security Officer
Chris Hamblin, IT Director
ACCESS POINT TECHNOLOGY

4:30   BUILDING A MORE CAPABLE & EFFICIENT RISK MANAGEMENT PROGRAM
• Illustration of problems discovered in traditional approach
• Calculating exploitability with FDA postmarket formula
• Defining what patient safety profile cyber risk score means
Oleg Yusim, Sr. Director, Product Security – IT
EDWARDS LIFESCIENCES

5:15   Closing Remarks & End of Day 1

Day Two Agenda
Wednesday, October 4

8:00   REGISTRATION & WELCOME COFFEE

8:20   CHAIRPERSON’S OPENING REMARKS
Rick Leib, ACCESS POINT TECHNOLOGY

8:30    BEST PRACTICES IN CONTINUOUS VULNERABILITY MONITORING & MANAGEMENT
• Methods to build continuous monitoring into operations
• Automation opportunities to scan for vulnerabilities
• Safety considerations for products connected to patients
• Enacting a triage plan when vulnerabilities are detected
Robert Smigielski, CISSP, B. BRAUN MEDICAL
John Auld, CYBELLUM

9:15   AND THEN THERE WAS POSTMARKET
• Postmarket starts with premarket – aligning with regulators’ expectations
• Key elements of a workable postmarket program
• Turning surveillance into communication
• Not all risks are created equal – key decisions during postmarket response
• Managing EOL/EOS and risk transfer
Axel Wirth, CSS
Seth Carmody, VP of Regulatory Strategy
MEDCRYPT

10:00   COFFEE & NETWORKING BREAK

10:30   TRAINING CYBERSECURITY TEAMS ON KEY ELEMENTS OF THE OMNIBUS APPROPRIATIONS BILL
• Clarification of premarket expectations for covered devices
• Answers to common questions on software bill of materials
• Inclusion of vulnerability management in new submissions
• Plans to exercise authority in a rapidly-changing, complex field
Jessica Wilkerson, Senior Cyber Policy Advisor
CENTER FOR DEVICES & RADIOLOGICAL HEALTH, US FDA

11:15    HARNESSING OFFENSE FOR DEFENSE: PROACTIVE SECURITY FOR NEW AND LEGACY DEVICES
• Hacking Insights: See medical device security threats from a hacker’s perspective.
• Modernizing Security: Rethink traditional approaches for MDMs.
• Revolutionizing Safety: Explore proactive controls beyond SBOM and Risk Management for both new and legacy devices
Robert Pisano, GTM Lead, Medical Device, STERNUM

12:00   SMALL BUSINESS PERSPECTIVE: DEEP DIVE INTO MINIMUM SECURITY PROTOCOLS
• Funding challenges specific to a small-to-midsize medtech firm
• Strategizing how to make things highly secure at a low cost
• Outlining a fundamental security policy to ensure compliance
Vimal Subramanian, PhD, Vice President, Information Security & Privacy
CUE HEALTH

12:30   LUNCHEON FOR ALL SPEAKERS, SPONSORS & ATTENDEES

1:30   FORGING A PATH TOWARD FULL PROTECTION OF DEVICES WITH ARTIFICIAL INTELLIGENCE
• Considerations for continuous safety of an evolving device
• Limitations to AI safety within existing regulatory frameworks
• Minimum requirements for an AI-enabled product’s security
• Outlook into the future of artificial intelligence safeguarding
Lee H. Rosebush, Partner
BAKERHOSTETLER

2:15   USE OF ARTIFICIAL INTELLIGENCE IN THREAT MODELING
• Expediting analysis of different risks to product security
• Proactive identification & remediation of perceived threats
• Impact of ChatGPT on threat modeling practices
Diah Ramesh, Manager, Cybersecurity
ABBOTT

3:00   HARMONIZING CYBERSECURITY & SOFTWARE ENGINEERING TEAMS TO LEAD A NEW CONNECTIVITY PROJECT
• Transforming departments into cloud-based operations
• Piloting & establishing advanced practices in connectivity
• Establishing security practices throughout project lifecycle
Roman Ivanenko, Product Security Architect
EDWARDS LIFESCIENCES

3:45   Closing Remarks & Conference Conclusion

A Special Thanks to Our Sponsors