We are using the Iris Registration platform for this year's conference. Click here for instructions on creating an online account and reserving your spot.

For registration questions, contact the University of Michigan’s Event Services at or 734-764-2000.

Confirmed Speakers and Panelists


AJ Aspinwall
Medical Device Security Specialist
Norton Healthcare


AJ Aspinwall is a Medical Device Security Specialist in clinical engineering at Norton Healthcare in Louisville KY. Norton Healthcare is a hospital delivery organization that is working to develop and implement strategies specifically geared towards network and device security. For the past year, AJ has been spearheading the development of a security risk management program focused exclusively on medical device systems. AJ specializes in mitigating security vulnerabilities without compromising safety or patient care.

 Jonathan Bagnall head shot

jonathan bagnall
Senior Manager, Product Security & Services
Royal Philips Healthcare

Jonathan R. Bagnall is the Sr. Manager, Product Security & Services for Royal Philips Healthcare. Mr. Bagnall has extensive experience in consulting, designing, and implementing cyber-security & risk management programs for fortune 500 companies, conducting operational coordination, information sharing, and collaboration among government and the private sector. In his position as Sr. Manager, Product Security & Services he oversees the communications and client facing support for all products and services, education and global outreach awareness encompassing Critical Internal Stakeholders, Clients, Industry Cyber Engagement (HIMSS 2018, NH-ISAC, MITA, Academy Health) and Federal Government and Regulators.


Daniel Beard
Chief Technology Officer
Promenade Software

Daniel is the technology enthusiast. He is passionate about technologies in web and application development, particularly in security and communication. Daniel works closely with the FDA and medical device security groups to create and promote standards to protect the public against cyber-attacks. Daniel runs MedISAO, our industry information sharing and analysis organization.

‍Daniel holds a B.S. in Computer Science from the University of California, Irvine.


bb 2
Brandyn Blunt
Sr. Clinical Engineering System Administrator 
Trinity Health

Brandyn Blunt is a Sr. Clinical Engineering System Administrator (CESA) with Trinity Health, responsible for medical device cybersecurity. The responsibilities of his current role include collaboration with IT, OEM, and Clinical Engineering staff to implement cybersecurity strategy for medical devices within the organization. Trinity Health has approximately 70,000 network capable medical devices in over 50 hospitals located across 22 states. Brandyn has been with Trinity Health for 3 years and began his current position after transferring from the IT department of St. Joseph Health Center (Syracuse, NY), a Trinity Health managed hospital. He currently holds multiple educational credentials from The Pennsylvania State University in Security Risk Analysis and Cybersecurity.

In the State of New York, Brandyn is also a registered medical professional with over 10 years in EMS as an AEMT-Critical Care Technician. In addition to his clinical background, Brandyn brings years of experience in healthcare information technology and with a diverse background of knowledge in EMR systems, cybersecurity, and identity management. He also serves as an active Co-Chair for the Healthcare Sector Coordinating Council workforce development TG-3 group.



edward Brennan
Senior Risk Analyst

Edward Brennan is the Senior Risk Analyst for the Health Information Sharing and Analysis Center (H-ISAC) headquartered near Kennedy Space Center Florida.  He has served as U.S. Marine Corps Flight Crew - Navigator over a ten-year service career. He has a 27-year career as a Space Shuttle Engineer and Test Conductor serving as well in the performance of Emergency Management functions.

In support of the nation’s Healthcare and Public Health sector cyber-security efforts over the past 5 years, he has been coordinating and collaborating directly with the healthcare private sector, U.S. Department of Health and Human Services (HHS), U.S. Department of Homeland Security (DHS), and other U.S. Agencies.

Ed’s passion within H-ISAC is fostering information sharing and outreach within the Healthcare and Public Health community and government as well as steering and operational roles in the National Exercise Programs to help improve cyber-resiliency. 

He is a graduate of Embry-Riddle Aeronautical University with a Masters in Aeronautical Science specializing in safety systems and human factors.



Seth carmody
Cybersecurity Program Manager

Dr. Carmody joined the FDA’s Center for Devices and Radiological Health in 2011 as a Staff Fellow in the Office of In Vitro Diagnostics and Radiological Health. Currently, Seth is a device reviewer in the Division of Chemistry and Toxicology Devices where his duties are focused mainly on premarket clearance/approval of diabetes-centric devices and software-related recalls. As a subject matter expert with CDRH’s Cybersecurity Working Group, Seth is involved in Center policy development.



penny chase

Information Technology & Cybersecurity Integrator 
MITRE Corporation

Penny Chase is the Information Technology and Cybersecurity Integrator in the Information Technology Technical Center at The MITRE Corporation. She has led MITRE and government-sponsored projects in applying natural language processing to medical device adverse event reports, developing structured representations for malware and threat information, security visualization, software assurance, malware analysis, reverse engineering, software architecture and design pattern recovery, network penetration testing, legacy database encapsulation, machine learning, and discourse-based natural language interfaces. Penny currently supports MITRE’s FDA/CDRH project on medical device cybersecurity (leading the effort to develop a Common Vulnerability Scoring System rubric tailored to medical devices). Previously, she was Principal Investigator of the Sharing Healthcare Fraud Data MITRE Sponsored Research project; led the Malware Attribute Enumeration Characterization (MAEC) project for DHS; served as the Deputy Director of the ARDA Northeast Regional Research Center, managing workshops that addressed Intelligence Community challenge problems; and was a member of the NASA Advisory Council’s subcommittee on Avionics, Software, and Cybersecurity. Penny received her master's degrees in the History of Science and Computer Science from Harvard University.


Christian Dameff
Emergency Medicine Physician and Researcher

Dr. Christian Dameff is an Emergency Medicine physician and researcher. He is currently a Clinical Informatics fellow at the University of California San Diego. Published clinical works include post-cardiac arrest care including hypothermia, novel drug targets for acute myocardial infarction patients, ventricular fibrillation waveform analysis, cardiopulmonary resuscitation (CPR) quality and optimization, dispatch-assisted CPR, tele-toxicology and medical education topics using Google Glass.

Dr. Dameff is also an ethical hacker and security researcher interested in the intersection of healthcare, patient safety, and security. He has spoken at some of the world’s most prominent hacker forums including DEFCON, Blackhat, RSA, Derbycon, and is one of the co-founders of the CyberMed Summit, a novel multidisciplinary conference with an emphasis on medical device and infrastructure cyber security. Published security topics include hacking 911 systems, HL7 messaging vulnerabilities, and malware's effects on patient care.



Kevin Fu Headshot

Kevin Fu
Founder and Chief Scientist

Dr. Kevin Fu is Associate Professor of Computer Science & Engineering at the University of Michigan, where he conducts research on computer security and healthcare as part of the National Science Foundation’s Trustworthy Health and Wellness ( Frontiers project. He also directs the Archimedes Center for Medical Device Security, whose mission is to improve medical device security through research and education, and he co-founded Virta Labs, a healthcare cybersecurity company based in Ann Arbor, Michigan. Over the last decade, Kevin has given nearly 100 invited talks on medical device security to industry, government, and academia—including Senate and House hearings, the Institute of Medicine, and National Academy of Engineering events. Beginning with his 2006 security seminar at FDA CDRH, Kevin’s medical device security efforts were recognized with a Fed100 Award, Sloan Research Fellowship, NSF CAREER Award, MIT TR35 Innovator of the Year award, and best paper awards on medical device security by organizations such as IEEE and ACM. Kevin earned a Ph.D., master’s degree, and bachelor’s degree from MIT and he also holds a certificate of achievement in artisanal bread making from the French Culinary Institute.


Hagestad_William (1)
Bill hagestad II
Senior Principal Cyber Security Engineer

Bill Hagestad is a Senior Principal Cyber Security Engineer at Medtronic providing medical device product cybersecurity engineering advisory, guidance and practice to the Cardio Vascular Group (CVG).

Bill is also an internationally recognized and respected authority on the People’s Republic of China’s use of computer and information network systems as a weapon. He wrote the book “21st Century Chinese Cyber Warfare” published March 2012. He speaks internationally on the subject of China’s hegemony in the information age. He served nearly three decades in the US Marine Corps, retiring as a Lieutenant Colonel. Bill continues to provide current cyber threat assessments to international defense, intelligence, and law enforcement entities. His recent experience included military cyberwarfare capacity building for a Middle Eastern military in the Gulf Cooperation Council (GCC) LtCol Hagestad holds a Master of Science in Security Technologies from the College of Science & Engineering, University  of Minnesota, a Master of Arts from the USMC Command & Staff College and a Master of Science in the Management Of Technology from the Technological Leadership Institute, University of Minnesota.


 dr kapa final

Dr. Suraj Kapa
Mayo Clinic

Suraj Kapa, M.D., is a consultant in the Division of Heart Rhythm Services, Department of Cardiovascular Medicine at Mayo Clinic in Rochester, Minnesota. Dr. Kapa serves as director of the Augmented and Virtual Reality innovations group. He is also the Medical Director for Marketing and Communications in Cardiovascular Medicine as well as CV divisional conferences. He joined the staff of Mayo Clinic in 2013 and holds the academic rank of assistant professor of medicine, Mayo Clinic College of Medicine and Science.

Dr. Kapa earned his B.A. at Drew University in Madison, New Jersey, and his M.D. at New Jersey Medical School in Newark, New Jersey. He completed an internal medicine residency and internship at Mayo Clinic. He continued his training at the
University of Pennsylvania in Philadelphia, where he completed a fellowship in cardiovascular disease and a fellowship in clinical cardiac electrophysiology.

Dr. Kapa is a member of several professional organizations, including the American Heart Association; the American College of Cardiology, where he serves on the Best Practices and Quality Improvement Subcommittee; and the Heart Rhythm Society, where he serves on the Scientific and Clinical Documents



John McGee

Manager of Security Operations 

John McGee has been working in healthcare IT for over 15 years, 8 of those years focused on information security. John has experience working for both blue teams and red teams, in healthcare. Currently he is the Manager of Security Operations at AdventHealth.

colin morgan
Director of Product Security
Johnson & Johnson
Colin Morgan, Director of Product Security at Johnson & Johnson, is responsible for leading the company’s Global Product Security Program. The Product Security Team’s mission is to ensure all products of the Johnson & Johnson Family of Companies are built on Cybersecurity best practices and Cybersecurity Risks in marketed products are properly managed to support customer’s safety and security. Colin has worked in the Cybersecurity field for a number of organizations including the Central Intelligence Agency and as a contractor for the National Oceanic & Atmospheric Administration. He is a featured speaker on Cybersecurity and is passionate about the integration of the competency across all industries. Colin has his Bachelor’s degree in Computer Engineering from The College of New Jersey, a Master’s degree in Telecommunications from George Mason University, and is CISSP, CISM and GPEN certified. 


Jay Radcliff, CISSP
Cyber Security Researcher
Thermo Fisher Scientific

Jay Radcliffe (CISSP) has been working in the computer security field for over 20 years. Coming from the managed security services industry as well as the security consultation field, Jay has helped organizations of every size and vertical secure their networks and data. Jay presented ground-breaking research on security vulnerabilities in multiple medical devices and was featured on national television as an expert on medical device cyber-security. As a Type I diabetic, Jay brings a lifetime of being a patient to helping medical facilities secure their critical data without compromising patient care. Not only is Jay a prolific public speaker, but also works with legal firms on expert witness consultation related to IoT and cyber security issues. Jay holds a Master's degree in Information Security Engineering from SANS Technology Institute, as well as a Bachelor's degree in Criminal Justice/Pre-Law from Wayne State University. SC Magazine named him one of the Top Influential IT Security Thinkers in 2013.



chris reed
Chris Reed
Director of Product Cybersecurity
Eli Lilly and Company

Chris Reed is Director of Product Cybersecurity at Eli Lilly and Company, where he’s establishing the Product Cybersecurity Program for a new class of digital health products. He has been with Eli Lilly over 19 years and has been an information security practitioner for over 15. Chris is also an active member of the H-ISAC Medical Device Information Sharing Council working group and the Healthcare Sector Coordinating Council MedTech Cybersecurity Risk Management Task Group 1B.



Matt Russo
Matt Russo
Senior Director of Product Security

Matt Russo is the Senior Director of Product Security for Medtronic, which is among the world’s largest medical technology, services and solutions companies. Matt leads the Global Device Security Program, helping to ensure Medtronic products and solutions remain safe and secure for patients and customers. He is focused on the evolving device security landscape and how Medtronic can respond and assist in shaping next generation products by offering governance, testing, assurance, and preparedness services to his various R&D partners across the organization. Matt collaborates with cross functional teams to develop common standards and processes, manages and mitigates product security risk, and engages with critical external partners, with the goal of enhancing and evolving Medtronic’s Device Security Program while supporting the Mission of alleviating pain, restoring health, and extending life.


Suzanne Schwartz

Associate Director for Science & Strategic Partnerships Center for Devices & Radiological Health

Suzanne Schwartz, MD, MBA is the Associate Director for Science & Strategic Partnerships at FDA’s Center for Devices & Radiological Health (CDRH). Her portfolio includes medical device cybersecurity and efforts that span incident response, increasing awareness, outreach, partnering, policy, and coalition-building. Suzanne chairs CDRH Cybersecurity Working Group. She also co-chairs the Government Coordinating Council for Healthcare & Public Health. Suzanne earned an MD from Albert Einstein College of Medicine, trained in General Surgery & Burn Trauma at the New York Presbyterian Hospital-Weill Cornell Medical Center; an executive MBA from NYU Stern School of Business; and she completed the National Preparedness Leadership Initiative at the Harvard School of Public Health & Kennedy School of Government.


Hans-martin von Stockhausen
Senior Product Manager Cybersecurity
Siemens Healthineers

Dr. Hans-Martin von Stockhausen holds a position as Sr. Product Manager Cybersecurity at Siemens Healthineers. In this position he leads the company in developing the security requirements for all products gathered from international regulations and customers around the globe. Inside the Siemens security community, he leads a team that that works on improving and maintaining the security posture of products and security related customer communication. He has extensive domain knowledge from 20+ years of work experience in the medical device industry holding various positions throughout the product lifecycle from SW developer to SW platform architect. In the last seven years, his focus has been on cyber security while holding a position as product security officer for medical IT systems and image acquisition devices. Hans-Martin participates in expert workshops held by European and internationally recognized organizations.



timothy walsh, CISSP
Principal Information Security Analyst
Mayo Clinic

Tim Walsh is a Principal Information Security Analyst at Mayo Clinic. Mr. Walsh performs security design analysis of medical devices and consults with multidisciplinary teams to implement secure and effective environments to promote quality health care. Prior to this role, Tim spent nearly 20 years in Information Technology developing web based and desktop applications while leading teams in the delivery of IT solutions in a clinical treatment environment.



whitby 2
Keith Whitby
Healthcare Technology Management (HTM) Section Head
Mayo Clinic

Keith has worked at Mayo Clinic for 20 years in several different support and leadership roles.  He is currently the Section Head of Healthcare Technology Management Cybersecurity and Business Operations.  Keith has also had several other positions in HTM, starting as a Unit Manager of the X-Ray equipment service group and most recently as the Section Head for Enterprise Lab, Research, and Ophthalmology Service. Prior to his roles in HTM, he worked in Surgical Services as a Core and Prosthesis Supervisor, and as a Surgical Process/Systems Analyst.

During his time at Mayo, Keith has had extensive experience collaborating on several multidisciplinary teams.  He has demonstrated a commitment to customer service, strong leadership skills, and experience with process analysis, project management, and technical support. During his tenure in Surgical Services and HTM, he has been exposed to the depth and breadth of medical equipment in a large healthcare organization. This includes the use of, service and support on, and the operationalization of cybersecurity for a wide range of medical equipment.

Keith has a Master’s degree in Business Administration/Healthcare Administration and a Bachelor of Science in Information Technology


Invited Expert

Anita Finnegan
Nova Leah


Anita Finnegan is the CEO of Nova Leah, the first provider of intelligent software solutions for addressing cybersecurity risk management compliance requirements for connected medical devices. She is an internationally recognized expert in the field of medical device cybersecurity risk management and is an active member of a number of International Standards Communities and taskforces developing best practices for medical device cybersecurity . Her PhD research focused on developing an assurance framework to assist medical device manufacturers demonstrate confidence in the security of connect devices. Anita authored and was the international project leader for two technical reports (IEC/TR 80001-2-8 and IEC/TR 80001-2-9) and is now the security lead for the revision of ISO/IEC 80001-1. She represents NSAI as Ireland’s medical device security expert at International Standards meetings


Gnanaprakasam Pandian
Co-founder and Chief Product Officer

Pandian has more than 20 years of product and engineering leadership experience and is also a serial entrepreneur. Before founding CloudPost, he was the Chief Development Officer at Aruba, responsible for all of engineering and product management functions. Aruba, an enterprise mobile wireless company, was acquired by HPE for $3 Billion in March 2015. Before Aruba, Pandian served as the head of engineering for Cisco’s multi-billion-dollar Wi-Fi business unit and before that as VP of engineering for low-end switching product lines. He graduated with a master’s degree in Electrical Engineering from IIT, Chennai, India and holds several patents to his credit in various networking technologies.


Sagar Patel
Cybersecurity Lead

Sagar Patel is CyberSecurity lead for Battelle’s DeviceSecure® Services, which is aimed towards helping medical device manufacturers identify and resolve potential cyber security threats at various stages of product development. Apart from working with device manufacturers, he is also responsible for development of new testing tool-sets, conducting research into novel penetration testing techniques, and collaborating with software engineering teams for security aspects of internal product development. He is a voting member of the AAMI Device Security working group, contributing to security guidance and standards for medical devices. Sagar holds a Bachelor's degree and a Master's degree in Electrical & Computer Engineering from Nirma University and Drexel University respectively.