Past Events

The lunch and learn is an informal in-person meet-up where the Center for Medical Device Cybersecurity (CMDC) invites guest speakers from the industry to share their experience working in a critical and fast-growing field of healthcare and medical device cybersecurity.

 Learn More & Register

EVENT DETAILS:

📆 Date: Wednesday, February 7
🕓 Time: 11:45AM - 1:30PM
📌 Location: Laukka Conference Room, 2^nd Floor - McNamara Alumni Center, University of Minnesota

The Center for Medical Device Cybersecurity (CMDC) at the University of Minnesota is offering a new Member Forum: Summary Report on the Analysis of Systemic Cybersecurity Challenges along the Medical Device Supply Chain

The Member Forum event will be online via Zoom on June 27^th, 2023, from 2:30-3:30 PM CST. The presentation and discussion will be followed by a networking social hour.

The Center for Medical Device Cybersecurity (CMDC) is excited to sponsor a medical device-centered offering of Adam Shostack’s popular Threat Modeling Intensive. Attendees will learn how to consistently and efficiently apply threat modeling using the Four Question Framework. The course includes a mix of hands-on exercises, discussions, and lectures (available in video before and after the course). The focus will be on fundamental skill development.

Register Here

Learner Profile
Attendees are usually a mix of product engineers, security engineers, product managers, and regulatory professionals. They're generally mid-career or more senior.

Pre-Requisites
This course does not require any prior threat modeling training. Product delivery experience is recommended.

Cost

• CMDC Member Organizations: significant discount (contact cmdc@umn.edu for discount total and unique coupon code)
• General: $3400

Date/Time

• June 21-22, 2023
• 9 AM – 5 PM each day, with networking event after day 1

Curriculum
This course is designed to train product engineers, security engineers, product managers, and regulatory professionals in threat modeling, including different ways to address the questions we ask, and to select the skills they should bring to bear.
This is a 2-day learning event. Learners will spend 8 hours in class on both days. There will be a 1-hour lunch break and 15-minute breaks during the morning and afternoon sessions.
Video Content
Prior to the first day of the course you will be enrolled in 'Shostack + Associates' Learning Management system where you will find copies of the recorded lectures, some of which we will use during the course, as well as optional videos that will allow you to explore the course topics in greater detail. We encourage you to watch them ahead of time to facilitate deeper in-class conversations.

Day 1

• 9:00am - Introductions and Goals
• 10:00am - Threat Modeling Exercise - cards hands-on
• 10:30am - 15 Minutes Break
• 10:45am - What are we working on
• 12:00pm - Lunch: 60 Minutes to eat and recharge
• 1:00pm - What can go wrong 1: STRIDE
• 2:30pm - 15 Minutes Break
• 2:45pm - What are we going to do about it?
• 4:45pm - Day summary and close

Day 2

• 9:00am - Check in, open questions
• 9:15 - What can go wrong 2: Kill chains
• 11:15 - 15 Minutes Break
• 11:30 - Mitigate: Risk management
• 12:00 - Lunch: 60 Minutes to eat and recharge.
• 1:00 - Did we do a good job
• 2:00 - End to end threat model exercise
• 2:15 - 15 Minutes Break
• 3:15 - Documenting, bringing to our work
• 4:15pm - Final questions, close

Final Homework
1. Discuss your end-to-end threat model with your peers.
2. Discuss the course with your supervisor: how will you apply what you learned?
3. Do a threat model with your peers, and don’t skimp on the retrospective.
4. Discuss the course with your peers: should we change our processes?

Best Hotel for Travelers - The Graduate Hotel, Minneapolis 
The Graduate Hotel is located in the middle of the Minneapolis-East Bank Campus, just a few minutes walk to the classroom. There is no block, so reserve rooms early! For booking and more information visit their website here.

Register Here

The Center for Medical Device Cybersecurity (CMDC) at the University of Minnesota is offering a new member forum: Effectively Managing Medical IoT Devices. An open discussion by Dan Ovick, Sr. Security Analyst Risk & Compliance/Vulnerability Management, MHealth Fairview. March, 23 2023 | 12:30 PM - 2:00 PM CT

The Center for Medical Device Cybersecurity (CMDC) at the University of Minnesota is offering a new member forum: The challenges of SBOM. An open discussion sponsored by Medcrypt. December 15, 2022 | 1:30 PM - 3:00 PM CT

The Center for Medical Device Cybersecurity (CMDC) at the University of Minnesota is offering a new member forum: Medical Device Security Penetration testing.

As part of our continuing effort to provide you with useful experiences, this will be a 90-minute virtual facilitated discussion with member companies led by MedSec. We expect to come out of it with conclusions from the discussion that can be shared with our community. June 24, 2022 | 10:00 AM - 11:30 AM CST

The Technological Leadership Institute (TLI) and the newly-formed Center for Medical Device Cybersecurity (CMDC) at the University of Minnesota invite you to participate in its short course offering: Introduction to Medical Device Cybersecurity.  

As the complexity and demand for medical devices grow, never has the need to protect them from evolving threats been so great. This course is designed to prepare early career professionals working in the medical device industry with the skills to meet the safety and security expectations of the patients, healthcare providers, and healthcare organizations that use their products.  The courses capitalize on the unique and diverse experience of TLI faculty in technology management, particularly in Security Technologies and Medical Device Innovation.

Get more details on the Short Course web page.