This workshop is a member and by-invite-only event. Questions? email

Tickets: $800, early bird rate closes on April 20th. 

We are using the Iris Registration platform for this year's conference. Click here for instructions on creating an online account and reserving your spot.

For registration questions, contact the University of Michigan’s Event Services at or 734-764-2000.

Discussion Leaders & Experts 

AJ Aspinwall
Medical Device Systems Security Specialist
Norton Healthcare

AJ Aspinwall is a medical device security specialist in clinical engineering at Norton Healthcare in Louisville KY. Norton Healthcare is a hospital delivery organization that is working to develop and implement strategies specifically geared towards network and device security. For the past year, AJ has been spearheading the development of a security risk management program focused exclusively on medical device systems. AJ specializes in mitigating security vulnerabilities without compromising safety or patient care.



Curt Blythe

Manager, Medical Device Security
Abbott Medical Devices

Curt Blythe is a Manager in the Medical Device Security team at Abbott Medical Devices in St. Paul, Minnesota. Curt focuses on improving medical device security through hardware and software testing. In this role, Curt focuses on identifying and addressing security risks throughout the product development lifecycle. He has a background in Application Security, Vulnerability and Risk Management. Curt received his bachelor’s degrees in MIS/Spanish from the University of Northern Iowa and is CISSP certified.


Adam Brand
Director of Security and Compliance

Adam Brand is the director of security and compliance at Protiviti, where he leads the medical device security practice. With more than 17 years of experience in information technology and security, Adam has been heavily involved with the "I am The Cavalry" movement, a group of security researchers focused on cybersecurity issues that can affect human life and safety.



Debra Bruemmer, BS, MBA, CISSP

Senior Manager, Clinical Information Security, Office of Information Security
Mayo Clinic

Debra Bruemmer is the manager of the Clinical Information Security team at Mayo Clinic’s Office of Information Security in Rochester, Minnesota. In this role, Debra leads efforts to assess and improve the security of medical devices, facility systems, and clinical support systems used within the Mayo Clinic environment. She is responsible for understanding medical devices in the Mayo Clinic environment, assessing the vulnerability of medical devices, and partnering with vendors and internal staff to improve security. During her 17-year career at Mayo Clinic, Debra has worked in finance, information technology, and the Office of Information Security. Debra received her bachelor’s degree in finance from Winona State University, a master’s degree in business administration from Cardinal Stritch University, and is CISSP certified.



Dr. Thomas Carrigan 
Cardiac Electrophysiologist
St Elizabeth Healthcare

Dr. Thomas Paul Carrigan is a practicing Clinical Cardiac Electrophysiologist and Co-Director of the Atrial Fibrillation Program at St. Elizabeth Healthcare in Cincinnati OH. He spends his clinical time managing heart rhythm disorders which include radiofrequency ablation and the surgical management of pacemakers and defibrillators. He earned a Bachelor of Science in Biochemistry, Master of Health Services Administration and Doctor of Medicine from the University of Kansas. Subsequently completed clinical training in Internal Medicine at the Cleveland Clinic, Cardiovascular Medicine at Case Western Reserve and Clinical Cardiac Electrophysiology at the University of Michigan. Additionally, he completed a Medical Staff Fellowship in the Pacing Defibrillation and Leads branch at the United States Food and Drug Administration. He is board certified in Clinical Cardiac Electrophysiology, Cardiovascular Medicine, Internal Medicine and Adult Echocardiography. He is actively involved in clinical research as Principal Investigator and Sub-Investigator on several medical device IDE trials, investigator-initiated studies and product surveillance registries. In spare time he supports humanitarian organizations whose objectives are to create sustainable pacemaker implantation centers in developing countries.


Kevin Fu

Dr. Kevin Fu is Associate Professor of Computer Science & Engineering at the University of Michigan, where he conducts research on computer security and healthcare as part of the National Science Foundation’s Trustworthy Health and Wellness ( Frontiers project. He also directs the Archimedes Center for Medical Device Security, whose mission is to improve medical device security through research and education, and he co-founded Virta Labs, a healthcare cybersecurity company based in Ann Arbor, Michigan. Over the last decade, Kevin has given nearly 100 invited talks on medical device security to industry, government, and academia—including Senate and House hearings, the Institute of Medicine, and National Academy of Engineering events. Beginning with his 2006 security seminar at FDA CDRH, Kevin’s medical device security efforts were recognized with a Fed100 Award, Sloan Research Fellowship, NSF CAREER Award, MIT TR35 Innovator of the Year award, and best paper awards on medical device security by organizations such as IEEE and ACM. Kevin earned a Ph.D., master’s degree, and bachelor’s degree from MIT and he also holds a certificate of achievement in artisanal bread making from the French Culinary Institute.



Lev Frayman
Senior Manager, Medical Device Security
Abbott Medical Devices

As an experienced information security professional, Lev has overseen development and implementation of information security strategy at St. Jude Medical to mitigate information security risks through comprehensive risk assessment and lead team responsible for evaluation and implementation of various security capabilities. In his current role Lev works closely with R&D and Quality organizations on incorporating cybersecurity guidance and requirements into existing and new medical devices. In addition, Lev leads a team responsible for developing and delivering cybersecurity training to the developers of medical devices. Lev has received his bachelor’s degrees in MIS/Finance from the University of Minnesota, and is CISSP certified.


Craig Directory Photo-LT-smile-1


Craig Hyps
Principal Engineer
Cisco Secure Policy and Access Group

Craig has over 25 years of security and networking experience.  As a Principal Engineer for Cisco's Secure Policy and Access Group, Craig is defining Cisco's next-generation policy and access control solutions. Craig serves as a technical lead for ISE architecture Performance and Scale and is a driving force behind ISE Super Scaling architecture.  Craig is also actively driving the advancement of network access control (NAC) for the Internet of Things (IoT) with a focus on Healthcare including the advancement of IETF standardization for Manufacturing Usage Description (MUD).  Craig is the author of the Cisco Medical NAC Whitepaper and speaker at the NIST workshop “Enhancing Resilience of the Internet and Communications Ecosystem”.


Previously Craig has held senior positions as a customer Consulting Engineer, Systems Engineer and Product Trainer.  He joined Cisco in 1996 and has extensive experience with NAC, Identity-Based Networking Services (IBNS), Secure Wireless access and software-defined segmentation.  Craig holds a Bachelor's degree from Dartmouth College and certifications that include CISSP, CCSP, and CCSI. 



Gary McGraw
Vice President of Security Technology 

Gary McGraw is the vice president of security technology at Synopsys (SNPS). He is a globally recognized authority on software security and the author of eight bestselling books on this topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a periodic security column for SearchSecurity, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Max Financial, NTrepid, and Ravenwhite. He has also served as Advisor to Dasient (acquired by Twitter), Fortify Software (acquired by HP), and Invotas (acquired by FireEye). He holds a dual PhD in Cognitive Science and Computer Science from Indiana University where he serves on the Dean’s Advisory Council for the School of Informatics. Gary served on the IEEE Computer Society Board of Governors and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy Magazine (syndicated by SearchSecurity).



Michael McNeil
Global Product Security & Services Officer

Michael C. McNeil is the current Global Product Security & Services Officer for Royal Philips. In this capacity, McNeil is responsible for leading the global product security program for the company and insuring consistent repeatable processes are deployed throughout their products and services in the Healthcare market. Prior to this assignment, McNeil was the former Global Chief Privacy & Security Officer at Medtronic responsible for the development and design of their initial product security and incident response management programs; Chief IT Security Officer at Liberty Mutual Group; Global Chief Privacy Officer at Pitney Bowes, and Vice President, Chief Privacy Officer of Data Services for Reynolds & Reynolds. McNeil is a noted security and privacy expert, he has conducted in-house training and presentations for industry, customers and clients and has presented at several security and privacy conferences worldwide. Michael is a current member of the Department of Health & Human Services (HHS) Healthcare Industry Cybersecurity Task Force, a Governance Board Co-Chair for the annual Summit, Boston CISO Executive Summits presented by Evanta. He is an active member of the Association for the Advancement of Medical Instrumentation (AMMI), Medical Device Safety & Security Consortium (MDISS), and the NH-ISAC. Michael has held the chair position for the Medical Device Privacy Consortium (MDPC) and currently holds the chair position for the MDPC Device Security Working Group; AdvaMed Cybersecurity Working Group and the Medical Device workstream of HHS Cybersecurity Taskforce. He was recently named an inaugural, 2013 Top 10 Breakaway Leader of Chief Information Security Officer (CISO), and was also awarded in 2013 as the First Minneapolis CISO Visionary Award, in addition to these accomplishments, he was also awarded the 2011 Outstanding MBA of the Year by the National Black MBA Association. Michael is married to Devita McNeil and they are the proud parents of two children (Danielle and Vincent) and grandfather of Jadyn.


Suzanne Schwartz

Associate Director for Science & Strategic Partnerships Center for Devices & Radiological Health

Suzanne Schwartz, MD, MBA is the Associate Director for Science & Strategic Partnerships at FDA’s Center for Devices & Radiological Health (CDRH). Her portfolio includes medical device cybersecurity and efforts that span incident response, increasing awareness, outreach, partnering, policy, and coalition-building. Suzanne chairs CDRH Cybersecurity Working Group. She also co-chairs the Government Coordinating Council for Healthcare & Public Health. Suzanne earned an MD from Albert Einstein College of Medicine, trained in General Surgery & Burn Trauma at the New York Presbyterian Hospital-Weill Cornell Medical Center; an executive MBA from NYU Stern School of Business; and she completed the National Preparedness Leadership Initiative at the Harvard School of Public Health & Kennedy School of Government.


Ben Ransford
Virta Labs

Ben Ransford, Ph.D., is co-founder and CEO of Virta Labs, a company that focuses entirely on making approachable tools for cyber security workflows in health care. Ben believes health care cybersecurity needs more empathy and better tools, not snake oil and FUD. He published the first in-depth security analysis of an implantable medical device in 2008 with Kevin Fu and collaborators, and has had his ears open since then. Ben has spoken about anomaly detection for medical devices at previous Archimedes workshops.