Cybersecurity Seminar Speaker Bios

Carl E. Landwehr, PhD - University of Michigan

Carl E. Landwehr is an American computer scientist whose research focus is cybersecurity and trustworthy computing. His work has addressed the identification of software vulnerabilities toward high assurance software development, architectures for intrusion-tolerant and multilevel security systems, token-based authentication, and system evaluation and certification methods.

Carl Landwehr has developed and led cybersecurity research programs at the National Science Foundation (2001-2004, 2009-2011), IARPA (2005-2009), Mitretek Systems and the Naval Research Laboratory (1982-1999). From 2007 to 2010, he served as editor-in-chief of IEEE Security & Privacy Magazine as well as associate editor of several IEEE journals. He was a member of DARPA's Information Science and Technology Study Group and has served on several studies for the National Academy of Sciences. Research begun while visiting at the Isaac Newton Institute at Cambridge eventually led to the development of a patent for a secure identification system held by Dr. Landwehr and Daniel Latham.

Carl Landwehr holds degrees from Yale University (BS) and the University of Michigan (MS, PhD). While at Michigan, he worked for the Merit Network, currently the longest running regional computer network in the United States. He has taught and lectured widely, including at Purdue University, Georgetown University, Virginia Tech University, and the University of Maryland. He is currently a lead research scientist at the Cyber Security Policy and Research Institute at George Washington University. In 2015 and 2016, Dr. Landwehr was the visiting McDevitt Professor of Computer Science at the McDevitt Center for Creativity and Innovation of LeMoyne College to develop and teach an inter-disciplinary undergraduate course entitled "Cybersecurity for Future Presidents." In 2019, he became a visiting professor in the Electrical and Computer Engineering Division of the University of Michigan in Ann Arbor. Dr. Landwehr joined the Board of Directors of the Center for Democracy and Technology in September 2016.

Dr. Landwehr is an IEEE Fellow and has received various awards, including the ACM SIGSAC's Outstanding Contribution Award and the National Science Foundation Director's Award for Meritorious Service. He was a member of the founding class inducted into the National Cyber Security Hall of Fame.

Fred B. Schneider, PhD - Cornell University

Fred B. Schneider is the Samuel B. Eckert Professor of Computer Science and former Department Chair of Computer Science at Cornell University. He is a member of the National Academy of Engineering and the Computer Science and Telecommunications Board (CSTB). He is the Founding Chair of the National Academies Forum on Cyber Resilience.

Lorrie Faith Cranor, DSc - Carnegie Mellon University

Lorrie Faith Cranor is the Director and Bosch Distinguished Professor in Security and Privacy Technologies of CyLab and the FORE Systems Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University. She is also co-director of the Collaboratory Against Hate: Research and Action Center at Carnegie Mellon and the University of Pittsburgh. She directs the CyLab Usable Privacy and Security Laboratory (CUPS) and co-directs the Privacy Engineering program. In 2016 she served as Chief Technologist at the US Federal Trade Commission. She is also a co-founder of Wombat Security Technologies, Inc, a security awareness training company that was acquired by Proofpoint. She has authored over 200 research papers on online privacy, usable security, and other topics. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability and founded the Symposium On Usable Privacy and Security (SOUPS). She also co-founded the Conference on Privacy Engineering Practice and Respect (PEPR). She is a fellow of the ACM, IEEE, and AAAS.

Kevin T. Kornegay, PhD - Morgan State University

Kevin T. Kornegay received the B.S. degree in electrical engineering from Pratt Institute, Brooklyn, NY, in 1985 and the M.S. and Ph.D. degrees in electrical engineering from the University of California at Berkeley in 1990 and 1992, respectively. He is currently the IoT Security Professor and Director of the Cybersecurity Assurance and Policy (CAP) Center for Academic Excellence in the Electrical and Computer Engineering Department at Morgan State University in Baltimore, MD. His research interests include hardware assurance, reverse engineering, secure embedded systems, side-­‐channel analysis, and differential fault analysis. Dr. Kornegay serves or has served on the technical program committees of several international conferences including the IEEE Symposium on Hardware Oriented Security and Trust (HOST), EEE Secure Development Conference (SECDEV), USENIX Security 2020, the IEEE Physical Assurance and Inspection of Electronics (PAINE), and the ACM Great Lakes Symposium on VLSI (GLSVLSI). He is the recipient of numerous awards, including He is the recipient of multiple awards, including the NSF CAREER Award, IBM Faculty Partnership Award, National Semiconductor Faculty Development Award, and the General Motors Faculty Fellowship Award. He is currently a senior member of the IEEE and a member of Eta Kappa Nu and Tau Beta Pi engineering honor societies.

Stefan Savage, PhD - University of California, San Diego

Stefan Savage is a professor of Computer Science and Engineering at the University of California, San Diego. He received his Ph.D. in Computer Science and Engineering from the University of Washington and a B.S. in Applied History from Carnegie Mellon University. He currently serves as the co-director for UCSD's Center for Network Systems (CNS). Savage is a full-time empiricist, whose research interests lie at the intersection of computer security, distributed systems and networking. Savage is a member of the American Academy of Arts and Sciences, a MacArthur Fellow, an ACM Fellow, and is the recipient of ACM's Prize in Computing and AAAS' Golden Goose award. He currently holds the Irwin and Joan Jacobs Chair in Information and Computer Science, but is a fairly down-to-earth guy and only writes about himself in the third person when asked.

Christian Dameff, MD - University of California, San Diego

Dr. Christian Dameff is an assistant professor of Emergency Medicine, Biomedical Informatics, and Computer Science (affiliate) at the University of California San Diego. At UCSD Health he was hired as the nation’s first Medical Director of Cyber Security. Published clinical works include post cardiac arrest care including therapeutic hypothermia, novel drug targets for acute myocardial infarction patients, ventricular fibrillation waveform analysis, cardiopulmonary resuscitation (CPR) quality and optimization, dispatch assisted CPR, teletoxicology, clinical applications of wearables, and electronic health records. Dr. Dameff is also a hacker and security researcher interested in the intersection of healthcare, patient safety, and cybersecurity. He has spoken at some of the world’s most prominent Cyber Security forums including DEFCON, RSA, Blackhat, and BSides, and is one of the cofounders of the CyberMed Summit, a novel multidisciplinary conference with emphasis on medical device and infrastructure cybersecurity. Published cybersecurity topics include hacking 911 systems, HL7 messaging vulnerabilities, and malware.

Ross J. Anderson, PhD - Edinburgh University / University of Cambridge

Ross J. Anderson is the author of Security Engineering and a professor at Edinburgh University and University of Cambridge, UK. He was elected a Fellow of the Royal Society and the Royal Academy of Engineering. Ross is a pioneer and world leader in security engineering, and is distinguished for starting a number of new areas of research in hardware, software and systems. His early work on how systems fail established a base of empirical evidence for building threat models for a wide range of applications from banking to healthcare. He has made trailblazing contributions that helped establish a number of new research topics, including security usability, hardware tamper-resistance, information hiding, and the analysis of application programming interfaces. He is also one of the founders of the study of information security economics, which not only illuminates where the most effective attacks and defences may be found, but is also of fundamental importance to making policy for the information society.

Kevin Fu, PhD - University of Michigan

Kevin Fu is an associate professor of EECS at the University of Michigan where he directs the Archimedes Center for Healthcare and Device Security. His research vision is a world where science-based security is built-in by design to all embedded systems: medical devices, healthcare delivery, autonomous transportation, manufacturing, and the Internet of Things. His research lab focuses on analog cybersecurity—how to model and defend against threats to the physics of computation and sensing. Fu is most known for his security research on cryptographic and low-power inventions to defend against vulnerabilities in an implantable cardiac defibrillator. His research led to a decade of revolutionary improvements at medical device manufacturers, global regulators, and international healthcare safety standards bodies. Security solutions resulting from this research foresaw the risks of malicious software affecting hospitals a decade before ransomware began to disrupt clinical workflow worldwide. Fu previously served as the nation's inaugural Acting Director of Medical Device Cybersecurity at U.S. FDA’s Center for Devices and Radiological Health (CDRH) and Program Director for Cybersecurity at the Digital Health Center of Excellence (DHCoE).

Fu has been recognized as an IEEE Fellow, Sloan Research Fellow, and MIT Technology Review TR35 Innovator of the Year. He received best paper awards from USENIX Security, IEEE Security & Privacy, and ACM SIGCOMM. His research on pacemaker security received an IEEE Test of Time Award. He co-founded healthcare cybersecurity startup Virta Labs. Fu has testified in the House and Senate on matters of information security and was commissioned by the National Academy of Medicine to publish a report on trustworthy medical device software. He serves as a member of the Association for the Advancement of Medical Instrumentation (AAMI) Biomedical Instrumentation & Technology Editorial Board, the ACM Committee on Computers and Public Policy, and the USENIX Security Steering Committee. He served as the inaugural co-chair of the AAMI cybersecurity working group to create the first FDA-recognized consensus standards to improve the security of medical device manufacturing. He founded the Archimedes Center for Healthcare and Device Security, and co-founded the team for emergency reuse decontamination of N95 masks during pandemic shortages. Fu served as a member of the U.S. NIST Information Security and Privacy Advisory Board and federal science advisory groups. Fu received his BS, MEng, and PhD from MIT. He earned a certificate of artisanal bread making from the French Culinary Institute, builds wood-fired brick ovens, and enjoys woodworking.

Daniel Kramer, MD, MPH - Harvard Medical School

Dr. Daniel Kramer studied Philosophy at Brown University prior to earning his MD from Harvard Medical School and MPH from the Harvard TH Chan School of Public Health. He completed internal medicine training at Massachusetts General Hospital and fellowships in cardiovascular disease at clinical cardiac electrophysiology at Beth Israel Deaconess Medical Center, as well as the Medical Device Fellowship Program with the FDA. He is a member of the cardiac electrophysiology service at BIDMC, where he is part of the Richard and Susan Smith Center for Outcomes Research in Cardiology. Dr. Kramer’s research focuses on ethics, policy, and clinical outcomes related to the use of cardiac devices, with funding support from the Harvard Catalyst, Paul Beeson Scholars Program, the Greenwall Faculty Scholars Program in Bioethics, and the National Institutes of Health.

Erika A. Petersen, MD, FAANS, FACS - University of Arkansas for Medical Sciences

Dr. Erika A. Petersen, MD, FAANS, FACS, directs the Section of Functional and Restorative Neurosurgery at UAMS Medical Center. She is a professor in the Department of Neurosurgery at UAMS. Dr. Petersen is a board certified neurosurgeon whose clinical practice focuses on neuromodulation, treating movement disorders, spasticity, and chronic pain through surgical procedures and stereotactic radiosurgery. Dr. Petersen's research interests focus on using high-resolution imaging to understand the functional interaction of centers within the brain and on developing new devices, indications, and methods for treating chronic pain using neuromodulation. Her collaborations with colleagues in neuroradiology, neurology, pain, and psychiatry are aimed toward identifying new applications for the use of deep brain stimulation and neuromodulation for pain. Dr. Petersen completed her undergraduate education at Princeton University and received her medical degree from the University of North Carolina at Chapel Hill. She trained in neurosurgery at the University of Texas Southwestern with a fellowship in deep brain stimulation at the National Hospital for Neurology and Neurosurgery in London. Dr. Petersen has served on the Joint Section on Pain of the American Association of Neurological Surgeons (AANS)/Congress of Neurological Surgeons (CNS) and the CNS Scientific Programming Committee and sits on the Executive Board of the American Society of Pain and Neuroscience. She serves as associate editor of stereotactic and functional neurosurgery for Operative Neurosurgery, and is on the editorial board of Neuromodulation. Dr. Petersen lectures frequently at national and international meetings on deep brain stimulation, emerging applications of neuromodulation, and chronic pain management. She has authored numerous articles and book chapters in stereotactic and functional neurosurgery, neuromodulation, and neuroscience.

Jeff Tully, MD - University of California, San Diego

Dr. Jeff Tully, MD, is Assistant Clinical Professor of Anesthesiology at UC San Diego Health. Dr. Tully is practicing physician and security researcher working within the intersections between medicine and technology to make health care safer for patients everywhere. He is an Anesthesiologist, Pediatrician and Security Researcher with an interest in understanding the ever-growing intersections between healthcare and technology. Prior to medical school he worked on “hacking” the genetic code of Salmonella bacteria to create anti-cancer tools, and throughout medical training has remained involved in the conversations and projects that will secure healthcare and protect patients as we face a new era of remote care, implantable medical devices and biohacking.

Michelle Jump - MedSec

Michelle Jump is the Chief Executive Officer at MedSec where she is responsible for providing strategic leadership, training and education to the medical device industry, and thought leadership in the area of medical device cybersecurity practices and process. She also participates in a variety of domestic and international standards, as well as relevant industry and governmental initiatives to support security within the healthcare industry.

Michelle is a veteran of our Medical Device security industry being instrumentally involved with seminal industry consensus standards like AAMI TIR 57, AAMI TIR 97, IMDRF, and the Medical Device CVSS Rubric. She regularly communicates with the United States FDA on the topic of medical device security by co-presenting, assisting with submissions, and helping shape guidance and implementation of this topic at the agency.

John Riggi - American Hospital Association

John Riggi, having spent nearly 30 years as a highly decorated veteran of the FBI, serves as the first national advisor for cybersecurity and risk for the American Hospital Association and their 5000+ member hospitals. John leverages his distinctive experience at the FBI and CIA in the investigation and disruption of cyber threats, international organized crime and terrorist organizations to assist on related policy and advocacy issues. John’s national perspective is further informed by his direct role in assisting ransomware victim hospitals and health systems.

John is the recipient of the FBI Director’s Award for Special Achievement in Counterterrorism and the CIA’s George H.W. Bush Award for Excellence in Counterterrorism, the CIAs highest award in this category. John presents extensively on cybersecurity and risk topics, has provided testimony before the Senate, regularly engages with the Administration and is frequently interviewed by the media.

Ken Hoyme - Advisory Board, MedCrypt

Ken Hoyme brings 40 years of experience in designing regulated, safety-critical secure systems as well as his knowledge of medical device security and regulation. Ken recently retired from Boston Scientific as a Senior Product Security Fellow, where he established the company-wide product security program, incorporating security requirements across their Quality System. Ken has been active in many industry initiatives, including (1) co-chairing H-ISAC's Medical Device Security Information Sharing Council (MDSISC); (2) serving as one of the original co-chairs of AAMI's Device Security Working Group, which produced AAMI TIR57, a report outlining the principles of medical device security and risk management; (3) serving as a member of AAMI's BI&T Editorial Board; participating in several HSCC JCWG working groups including the development of the Joint Security Plan; (4) participating and leading cybersecurity projects with the Medical Device Innovation Consortium (MDIC); (5) participating in every meeting of the Archimedes Center for Health Care and Medical Device Cybersecurity now at Northeastern University; (6) instigating the creation of the Center for Medical Device Cybersecurity (CMDC) at the University of Minnesota; (7) and serving as co-instructor for CMDC's initial short courses.

Previously, Ken was a Distinguished Scientist at Adventium Labs performing government-funded research on the intersection of safety and security for cyber-physical systems. He won a Department of Homeland Security (DHS) contract to develop a medical device platform using separation architectures to simplify the implementation of safety and security controls. Before that, he was a Senior Fellow at Boston Scientific in their Cardiac Rhythm Management division where he led the development of the LATITUDE Remote Patient Management system. This system, released in 2005, incorporates secure protocols between the implant, programmer, home monitor, and web server to maintain safety and privacy. Prior to Boston Scientific, Ken spent 18 years at Honeywell's Corporate Research lab, where he was a Senior Fellow. He was awarded Honeywell's highest technical recognition for his work on the Boeing 777. Ken has been granted 40 U.S. and 9 International patents and he received his Bachelor's and Master's Degrees in Electrical Engineering from the University of Minnesota.

Matthew Hazelett - Cybersecurity Policy Analyst, U.S. Food and Drug Administration

Matthew Hazelett started at the Food and Drug Administration as a biomedical engineer within the Implantable Electrophysiology Devices Branch (IEDB) at the Center for Devices and Radiological Health (CDRH). His review areas included pacemakers, defibrillators, leads, and supporting devices (programmers, home monitors, etc.). Since starting at FDA, he developed a review focus in cybersecurity, participates in cybersecurity guidance development, and supports cybersecurity vulnerability assessments and premarket reviews across CDRH. He started his position as the Cybersecurity Policy Analyst in the Office of Product Evaluation and Quality (OPEQ) in February 2020. His role is focused on premarket and postmarket cybersecurity policy development and implementation across the clinical review offices. He also serves as a Digital Health Center of Excellence Program Director for the OPEQ Cybersecurity Focal Point Program.

Matthew earned a B.S. in biomedical engineering from the University of Rochester where he focused in electrical signals and systems. After graduation, he worked for a medical device research and development company in New Hampshire as a Test Engineer and then Test Manager overseeing device verification and validation testing.

Greg Garcia - Executive Director for Cybersecurity, Healthcare Sector Coordinating Council (HSCC)

Greg Garcia is the Executive Director for Cybersecurity of the Health Sector Coordinating Council, the convening organization for critical healthcare infrastructure organizations working in partnership with HHS and other government agencies to protect the security and resilience of the sector, patient safety and public health.

Greg was the nation's first DHS Assistant Secretary for Cybersecurity and Communications under President George W. Bush, 2006-09, where among other achievements he initiated the creation of the National Cyber and Communications Integration Center (NCCIC). He also served as executive director of the Financial Services Sector Coordinating Council, stood up the I.T. Sector Coordinating Council, and held executive positions with Bank of America, 3Com Corporation, and the Information Technology Association of America.

Greg also served as professional staff on the Committee on Science in the U.S. House of Representatives, where he helped draft and shepherd enactment of the Cyber Security Research and Development Act of 2002.

Beau Woods - Founder/CEO, Stratigos Security

Beau Woods helps bridge the gap between the security research and public policy communities, to ensure connected technology that can impact life and safety is worthy of our trust. Over the past several years, he has consulted with the healthcare, automotive, aviation, rail, and IoT industries, as well as cyber security researchers, US congressional offices, the White House, and other US and international policy makers.

Beau is a leader with the I Am The Cavalry grassroots initiative, and Founder/CEO of Stratigos Security, and a Cyber Safety Innovation Fellow with the Atlantic Council. Beau also sits on the board of several non-profit organizations and leads initiatives like Hackers on the Hill and Policy @ DEF CON.

Beau recently served as a Senior Advisor with CISA where he develops strategy for the CISA COVID Task Force, an Entrepreneur in Residence with the US Food and Drug Administration, and was formerly Managing Principal Consultant and Solutions Architect for Dell SecureWorks. Beau is a frequent presenter, media contributor, and author, and graduated from the Georgia Institute of Technology with a BS in Psychology.

Suzanne Schwartz - Director, Office of Strategic Partnerships & Technology Innovation, Center for Devices & Radiological Health, U.S. Food and Drug Administration

Suzanne B. Schwartz, MD, MBA is the Director of the Office of Strategic Partnerships and Technology Innovation (OST) at FDA’s Center for Devices & Radiological Health (CDRH). Suzanne’s work in medical device cybersecurity includes raising awareness, educating, outreach, partnering and coalition-building within the Healthcare and Public Health Sector (HPH) as well as fostering collaborations across other government agencies and the private sector. Suzanne has been recognized for Excellence in Innovation at FDA’s Women’s History Month for her work in Medical Device Cybersecurity. Together with Health Canada, Suzanne has represented FDA in co-chairing the International Medical Device Regulators Forum (IMDRF) Work Group on Medical Device Cybersecurity leading to its first international guidance publication in March 2020. She chairs CDRH’s Cybersecurity Working Group, tasked with formulating FDA’s medical device cybersecurity policy and has additionally served as co-chair of the Government Coordinating Council (GCC) for the HPH Critical Infrastructure Sector, focusing on the sector’s healthcare cybersecurity initiatives. Suzanne earned an MD from Albert Einstein College of Medicine; an executive MBA from NYU Stern School of Business, completed Cohort X of the National Preparedness Leadership Initiative – Harvard School of Public Health & Harvard Kennedy School of Government executive education, and earned in September 2018 a certificate of mastery for completion of requirements at the Federal Executive Institute – Leadership for a Democratic Society.

Andrew Carney, MS - Program Manager, Advanced Research Projects Agency for Health (ARPA-H)

Andrew Carney joined ARPA-H in July, 2023 from HSBC’s Cybersecurity Science and Analytics group, where he worked as a principal researcher. He has over 15 years of experience in software and hardware vulnerability research, technical education and training, and management of research and development teams.

Before HSBC, Carney was a technical advisor and contractor for the Defense Advanced Research Projects Agency (DARPA). At DARPA, he supported research efforts focused on reverse engineering, program analysis, human-machine teaming, and automated program repair. Throughout his career, Carney has been involved in competitive hacking (called Capture the Flag, or CTF) as both a player and a competition organizer. He holds a master’s degree in computer science from The Johns Hopkins University.

Brian M. Mazanec, PhD - Deputy Director, Office of Preparedness HHS Administration for Strategic Preparedness and Response

Brian Mazanec is the Deputy Director, Office of Preparedness within the Administration for Strategic Preparedness and Response (ASPR) at the U.S. Department of Health and Human Services (HHS).

In Brian’s role as Deputy Director of the Office of Preparedness, he helps lead the office responsible for all aspects of preparation for events such as disease outbreaks, natural disasters, and intentional attacks with chemical, biological, radiological, or nuclear (CBRN) weapons. This work is closely coordinated with other offices within ASPR, as well as other related components within HHS, such as CDC's Office of Readiness and Response, other U.S. government departments and agencies, and international allies and partners.

Brian’s responsibilities include oversight and management of the following component offices: Security and Intelligence; Information Management, Data and Analytics; Critical Infrastructure Protection; Health Care Readiness; Medical Reserve Corps; Planning and Exercises; Continuity; and the Secretary’s Operations Center.

Prior to joining ASPR, Brian served at the U.S. Government Accountability Office (GAO), where he was the senior executive responsible for leading the agency’s Strategic Warfare and Intelligence portfolio. He led and managed numerous teams evaluating a variety of national security programs and activities related to biological and other emerging threats; intelligence community management; security and counterintelligence; sensitive activities and programs; personnel vetting; and space policy and operations. In addition, Brian led GAO’s efforts to establish an Insider Threat Program and other internal security-related initiatives. Prior to GAO, Brian worked on WMD issues at the Defense Intelligence Agency, Office of the Secretary of Defense for Nuclear Matters, and the Joint Staff J5 Combating WMD directorate.

Brian received his Ph.D. in Biodefense from George Mason University’s Schar School of Policy and Government and holds a B.A. in political science from the University of Richmond and a M.S. in defense and strategic studies from Missouri State University’s Department of Defense and Strategic Studies. In addition to his work in government, Brian’s teaches graduate level courses at several local universities, and he has authored or co-authored multiple academic books on cyber issues. He lives in Fairfax, Virginia with his wife and four children.

Jessica Wilkerson, JD - Senior Cyber Policy Advisor and Medical Device Cybersecurity Team Lead, Division of Medical Device Cybersecurity (DMDC)

Jessica Wilkerson is a Senior Cyber Policy Advisor and the Medical Device Cybersecurity Team Lead within the Division of Medical Device Cybersecurity (DMDC), housed within the Office of Readiness and Response (ORR) in the Office of Strategic Partnerships and Technology Innovation (OST) in FDA CDRH. As part of DMDC, she examines issues and develops policy related to medical device cybersecurity. She received a B.A. in Policy Studies and minors in Computer Science and Mathematics from Syracuse University, and a J.D. from the Catholic University of America’s Columbus School of Law.

David Brumley, PhD - CEO, ForAllSecure, Inc/Professor of Electrical and Computer Engineering, Carnegie Mellon University

David Brumley is the CEO of ForAllSecure and a full-time professor at Carnegie Mellon University. His research focuses on novel program analysis and verification techniques that prove the presence of bugs and vulnerabilities. He has published numerous academic papers, won several test-of-time and achievement awards, competed and won the DARPA Cyber Grand Challenge, and holds a black badge. ForAllSecure created Mayhem to bring the same technology used by the world’s best hackers into commercial software development pipelines.

Dr. Brumley also worked for 5 years as a Computer Security Officer for Stanford University. He obtained a Bachelor of Arts in mathematics from the University of Northern Colorado, an MS in computer science from Stanford University, and a PhD in computer science from Carnegie Mellon University. He was previously the Assistant Computer Security Officer for Stanford University. He is the faculty advisor to the Plaid Parliament of Pwning (PPP), which is the Carnegie Mellon University competitive security team. 

Nastassia Tamari - Division Director, Medical Device Cybersecurity, U.S. FDA CDRH  

Nastassia Tamari is the Division Director for Medical Device Cybersecurity within the Division of Medical Device Cybersecurity (DMDC), housed within the Office of Readiness and Response (ORR) in the Office of Strategic Partnerships and Technology Innovation (OST) in FDA CDRH. The Division of Medical Device Cybersecurity provides leadership and strategic direction for medical device cybersecurity policy.​ As part of DMDC, she leads a team that develops policy related to medical device cybersecurity to advance national preparedness and response to cybersecurity incidents involving medical devices. She spent more than a decade at a private medical device manufacturer supporting the creation of a product security program, leading the security operations team for enterprise, product, and manufacturing, and finally leading a global team in strategic regulatory alignment. She earned a B.A. in Communication from San Diego State University and completed graduate work at Boston University earning an M.S. in Journalism.

Terry Rice - Vice President, IT Risk Management and Security & Chief Information Security Officer (CISO), Merck

Terry Rice is the Vice President, IT Risk Management and Security, and Chief Information Security Officer (CISO). In this role, he is responsible for the IT organization’s risk management and cybersecurity program including IT policy, information security engineering, identity and access management engineering, threat intelligence, security incident response and eDiscovery. He is a member of the IT Leadership Team. Terry also serves on the board of the Health Information Sharing and Analysis Center (H-ISAC) and is a former-chairman of the Healthcare Sector Coordinating Council Cyber Working Group. He recently served as a member of the Healthcare Industry Cybersecurity Task Force.

Terry began his career as a US Army Officer and served with the 101st Airborne Division, US Forces Korea, the National Security Agency and other units. Upon leaving military service, Terry worked in the consulting industry in a variety of information security roles. He then spent four years at Johnson & Johnson as a Director of Global Information Security. Terry joined Merck in 2007.

Terry holds a Bachelor of Science degree from the United States Military Academy at West Point and Master of Science degree from George Washington University. He is married and has two children.

Andrea Greene-Horace, MHA, EMCS - Senior Advisor, Cybersecurity/Deputy Program Manager-COOP-Business Continuity

Ms. Greene-Horace is a Health Care and IT Leader with over 25 years of experience in healthcare and IT program development for the private sector, as well as federal and state governments. She has advised Federal and State Executives on the strategy to ensure the secure and timely opening of the Health Care Marketplaces under the Affordable Care Act (ACA). Ms. Greene-Horace created and managed the first federal cybersecurity and privacy office for the ACA to ensure that federal cybersecurity and privacy requirements were built into IT development and program governance for 17 Health State Based Care Marketplaces. She advised the Secretary of the Maryland Department of Health in instituting Health Plan Management requirements for the ACA. Her other program and/or start-up experiences have included program development at the Marriott Corporation (Senior Living Services), the New Jersey Primary Care Association (Network Management Services), and at several federal agencies and in establishing Program Offices or new business services. She is currently establishing the Artificial Intelligence (AI) Compliance Framework within the AI Governance Framework for the ACA Program. A lifelong learner, she loves learning about the potential impact of emerging technology. Ms. Greene-Horace is a graduate of Penn State (BA), Cornell (MHA), and Brown University (Cyber). She is also a member of Delta Sigma Theta Sorority, Inc. In her free time, she loves to spend time with her family, taking time planning events for children, and listening and strategizing with young adults to pursue and achieve their passions.

Jan Küfner - Team Leader, Penetration Testing, TÜV SÜD

Jan Küfner is currently the team leader for the penetration testing team of TÜV SÜD, which is testing medical devices and IVDs only. He holds a master’s degree in cyber security and mechanical engineering. Prior to his job as team leader, he worked for TÜV SÜD notified body for seven years, which grants market authorization for medical devices in Europe, similar to what the FDA does in the US. During that time, he was the technical lead for medical device cyber security. There he created the cyber security auditing program as well as minimum requirements for secure medical devices to ensure that secure medical devices only are being granted market access in Europe. He has a strong passion for cyber security, is an active pen-tester, and loves to go to conferences.