AdvaMed Cybersecurity Summit

Edison Alvarez, Sr. Director, Regulatory Strategic Planning for Cybersecurity

Edison Alvarez is a Senior Director in Regulatory Affairs and is responsible for strategic cybersecurity regulatory leadership at BD, a global medical technology company that is advancing the world of health by improving medical discovery, diagnostics, and the delivery of care. 
 
Edison brings over 15 years of experience in product management, cybersecurity, risk management and team building. At BD, Edison has established several teams and enterprise capabilities including Portfolio and Product Management, Product Security Engineering, and Information Cybersecurity Governance. 
Since 2016 he has built and matured the BD cybersecurity risk organization into an industry-leading healthcare cyber risk management program, fostering the adoption of product security risk assessments, penetration testing and remediation planning for the company’s R&D and Quality organizations. Edison also participates and collaborates with industry working groups including the Medical Device Innovation Consortium, the Health Sector Coordinating Council and MITRE. 
 
Edison holds a B.S. in Business Administration from Centenary University and M.B.A. from Fairleigh Dickinson University. He was previously responsible for the strategy, development, and overall product health for select medical devices in the Siemens Healthcare product portfolio. 

Joe Bartos, CISSP, CISA, Senior Manager, Deloitte & Touche LLP

Joe Bartos is Senior Manager in Deloitte’s Risk & Financial Advisory practice with over 13 years of experience providing Information Security assessment and readiness services to global technology companies, healthcare organizations, and government contractors. 
 
Joe leads Deloitte’s Third-Party Assessment Organization (3PAO) program, which is responsible for maintaining the quality of our assessment and advisory services related to the Federal, State, and Texas Risk and Authorization Management Programs (FedRAMP, StateRAMP, and TX-RAMP), as well as the Department of Defense Cloud Security Requirements Guide (DoD Cloud SRG). He spends the majority of his time helping commercial clients achieve authorizations with the US Government and otherwise assisting with complex technical compliance issues. 

Matt Hazelett, Cybersecurity Policy Analyst, Clinical and Scientific Policy Staff; Digital Health Center of Excellence Program Director, OPEQ, CDRH, FDA

Matthew Hazelett started at the Food and Drug Administration as a biomedical engineer within the Implantable Electrophysiology Devices Branch (IEDB) at the Center for Devices and Radiological Health (CDRH). His review areas included pacemakers, defibrillators, leads, and supporting devices (programmers, home monitors, etc.). Since starting at FDA, he developed a review focus in cybersecurity, participates in cybersecurity guidance development, and supports cybersecurity vulnerability assessments and premarket reviews across CDRH. He started his position as the Cybersecurity Policy Analyst in the Office of Product Evaluation and Quality (OPEQ) in February 2020. His role is focused on premarket and postmarket cybersecurity policy development and implementation across the clinical review offices. He also serves as a Digital Health Center of Excellence Program Director for the OPEQ Cybersecurity Focal Point Program. 
 
Matthew earned a B.S. in biomedical engineering from the University of Rochester where he focused in electrical signals and systems. After graduation, he worked for a medical device research and development company in New Hampshire as a Test Engineer and then Test Manager overseeing device verification and validation testing.

Randy Horton, Chief Solutions Officer, Orthogonal

Randy Horton is Chief Solutions Officer at Orthogonal, a software developer for Software as a Medical Device (SaMD), digital therapeutics (DTx) and connected medical device systems. Randy (and Orthogonal’s) mission is to improve patient outcomes faster by accelerating the development of of SaMD by fusing the best of modern product development and software engineering practices with deep MedTech expertise in device compliance, safety and effectiveness. 
 
Horton co-chairs for AAMI Software Management Working Group #10 and the associated Technical Information Report #115 committee working on guidance for the Appropriate Use of Public Cloud Computing in Support of Medical Device Functions. 
 
Much of Randy’s career has been centered on working with healthcare and life sciences organizations from a digital transformation angle to tackle the problems summarized in The Quadruple Aim: Improving the individual experience of care, improving the health of populations, reducing the per capita costs of care, and improving the work life of those who deliver care. 
 
Horton regularly speaks on SaMD and related topics at a variety of industry conferences and webinars including ones hosted by RAPS, AdvaMed, AAMI, KENx, HLTH/VIVE, the Healthcare Products Collaborative (f.k.a. Xavier Health) as well as numerous for-profit conferences. Horton has also guest lectured at Yale, Northwestern, the University of Michigan, University of Chicago and University of California – San Francisco/Berkeley.  An undergraduate of the University of Michigan who was then in the first graduating class from Michigan’s School of Information, Randy credits much of his passion for creative thinking and being a connector of people and ideas to his years as a Montessori preschool student.

Jim Jacobson, Chief Product and Solution Security Officer, Siemens Healthineers

Jim Jacobson is the Principal Cybersecurity Officer for Siemens Healthineers. Since 2012, he has been responsible for the global security program for the medical devices and associated IT systems, solutions and services that Siemens Healthineers develops, sells, maintains and supports. 
 
Jim also sits on the Siemens Product and Solution Security Council responsible for governance and guidance for the security of the company’s products, solutions and services in all sectors including industrial, power, energy, renewables and mobility, in addition to healthcare. He leads the board’s work team responsible for the curriculum and training program in this area for Siemens employees worldwide. Prior to these roles, Jim has led medical device-related software development teams in ultrasound, laboratory diagnostics and informatics since 1990 at Siemens and other companies. Jim has a degree in physics from Oberlin College.

Michelle Jump, MS, RAC, CEO, MedSec LLC

Michelle Jump is the CEO at MedSec, where she is responsible for providing strategic leadership, training and advisory services to the medical device industry in the area of cybersecurity compliance, global regulations, standards, product security program development, and security risk management. Ms. Jump has a passion for bringing technology-based solutions to healthcare, actively participating in a variety of domestic and international standards, as well as relevant industry and governmental initiatives to support security within the healthcare industry. Ms. Jump holds a Master of Science in Regulatory Science from the University of Southern California and a Master of Science in Biotechnology from California State University. She is also RAC certified and a Certified HIPAA Administrator.

Colin Morgan, CISSP, CISM, GPEN, Managing Director, Apraciti, LLC

Colin Morgan, Managing Director at Apraciti and Founder/CEO of Product Security Hub, has been working in the medical device cybersecurity industry for over 10 years. He has helped medical device manufacturers of all sizes build secure devices, provided cybersecurity education and training to multiple regulatory authorities around the world and build product security programs at some of the largest medical device companies. He is extremely passionate about working to help ensure medical devices are safe and cybersecurity for patients. 
 
Colin authored the cybersecurity chapter of the Global Medical Device Regulatory Strategy (second edition) book published by the Regulatory Area Professionals Society and co-author of the Medical Device and Health IT Joint Security Plan, a voluntary framework for medical device cybersecurity released in 2019 by the US Healthcare and Public Health Sector Coordinating Council. Colin was also an expert trainer and facilitator for the US FDA driven Medical Device Innovation Consortium (MDIC) Medical Device & Diagnostic Threat Modeling Bootcamp training program. 
 
Colin is a former Network & Security Engineer at the Central Intelligence Agency and contractor for a National Oceanic and Atmospheric Administrations’ supercomputing program. 

Anita Nosratieh, PhD, Vice President, Technology & Regulatory Affairs, AdvaMed

Chris Reed, MA, CISSP, HCISPP, GCIA, Vice President, Product Security, Medtronic

Chris Reed is Vice President of Product Security at Medtronic reporting to Medtronic’s Chief Quality Officer. Chris joined Medtronic in Jan 2021 as the Director of Regulatory Policy for Product Security where he led multiple industry initiatives including impactful engagement on the PATCH act as well as supporting successful resolution of cybersecurity deficiencies across multiple businesses. Chris assumed the role of VP, Product Security in May 2023 and is leading the continued maturity of Medtronic’s product security capabilities. Previously Chris spent over 21 years with Eli Lilly and Company including building a product security program for Lilly’s Digital Health initiative. Chris is very active and helping lead healthcare industry cybersecurity efforts across Health-ISAC, MDIC, HSCC, AdvaMed and more including assuming the chair of AdvaMed’s Cybersecurity Working Group in 2023. Chris is passionate about building capabilities and resources that effectively manage cybersecurity risk through stakeholder collaboration and ultimately support connected MedTech innovations in a secure and safe manner that benefits patient health outcomes. 

Aftin Ross, PhD, Deputy Division Director (Acting), Division of All Hazards Response, Science and Strategic Partnerships (DARSS), CDRH, FDA

Dr. Aftin Ross is the deputy division director for the Division of All Hazards Response, Science and Strategic Partnerships (DARSS) in the Office of Strategic Partnerships and Technology Innovation (OST) at the FDA’s Center for Devices and Radiological Health (CDRH). In this role, she provides strategic leadership and coordination within the Center in the areas of emergency preparedness and response, patient science and engagement, standards, health equity, and medical device cybersecurity. 
 
Aftin has been a lead in CDRH’s medical device cybersecurity efforts developing national and international cybersecurity policy, spearheading the execution of three FDA public workshops, supporting numerous cross-stakeholder efforts (e.g., the 2017 healthcare cybersecurity task force), and developing public communications to raise awareness of medical device cybersecurity. 
 
Aftin earned a B.S. in mechanical engineering from the University of Maryland Baltimore County where she was a Meyerhoff Scholar. She completed her graduate work at the University of Michigan earning a master’s and PhD in biomedical engineering. After her graduate work, she completed a post-doctoral fellowship as a Whitaker International Fellow at the Karlsruhe Institute of Technology in Karlsruhe, Germany. In 2016, she completed the National Preparedness Leadership Initiative, an executive education program in the Harvard School of Public Health and Kennedy School of Government and in 2019 she became a certified Six Sigma Green Belt. Aftin has received numerous awards for her public health service, including recognition from the FDA commissioner for her work in medical device cybersecurity and incident response.

Naomi Schwartz, MS, CQA, Senior Director of Cybersecurity Quality and Safety, MedCrypt

Naomi is the Vice President of Services at Medcrypt, a medical device cybersecurity firm. Naomi was a premarket reviewer and consumer safety officer in CDRH for 6.5 years focused on software, interoperability, cybersecurity and wireless coexistence for connected diabetes devices. 
Prior to that, Naomi was a defense contractor (for. 15 years) developing radar systems for the US DoD. 
 
While at FDA, Naomi reviewed a first-of-kind automated insulin dosing system; helped develop Class II Pathways for 3 separate connected diabetes devices (iCGM ACE pump and iAGC) to support innovation in diabetes device development with clear regulatory expectations; helped craft standards including IEEE P2621.1-.3: standards and recommended practice for wireless diabetes device security assurance evaluation, security requirements and use of mobile devices in control contexts; and managed postmarket triage for cybersecurity vulnerability disclosure in diabetes devices and IVDs. 

Kate Upton, Senior Consultant, Deloitte & Touche LLP

Kate Upton is a Senior Consultant in Deloitte’s Risk & Financial Advisory practice who specializes in US Federald and State Govt. information security laws and regulations. Kate is a subject matter expert in NIST 800-53, NIST 800-171, StateRAMP, FedRAMP, and federal data designations, such as controlled unclassified information (CUI). She currently supports hyperscale cloud service and data visualization providers in highly regulated markets, including life sciences.