Past Events
Threat Modeling Intensive Training
Wednesday, Feb. 21, 2024, 9 a.m. through Friday, Feb. 23, 2024, 5 p.m.
Coming Soon
The Center for Medical Device Cybersecurity (CMDC) is excited to sponsor a medical device-centered offering of Adam Shostack’s popular Threat Modeling Intensive.
Rescheduled mid-summer dates coming soon!
Lunch & Learn: Discover Your Future in Medical Device Cybersecurity
Wednesday, Feb. 7, 2024, 11:45 p.m. through Wednesday, Feb. 7, 2024, 1:30 p.m.
Laukka Conference Room, 2nd Floor - McNamara Alumni Center, University of Minnesota
The lunch and learn is an informal in-person meet-up where the Center for Medical Device Cybersecurity (CMDC) invites guest speakers from the industry to share their experience working in a critical and fast-growing field of healthcare and medical device cybersecurity.
Learn More & Register
EVENT DETAILS:
📆 Date: Wednesday, February 7
🕓 Time: 11:45AM - 1:30PM
📌 Location: Laukka Conference Room, 2nd Floor - McNamara Alumni Center, University of Minnesota
MDI 5101 - Introduction to Medical Device Cybersecurity 2024
Tuesday, Feb. 6, 2024, 5:30 p.m. through Tuesday, April 23, 2024, 9 p.m.
Online Synchronous Course
3 Credits/16-18 CEUs
Registration open for degree-seeking students!
Introduction to Medical Device Cybersecurity will introduce students to all the security-specific activities needed to meet regulatory and customer expectations across the entire medical device lifecycle. This begins at the concept phase, where a comprehensive understanding of the security user needs are gathered, through security requirements and security risk management activities to develop a secure device architecture. Emphasis on security testing and post-market vulnerability management are also essential goals.
- Audience:
- Degree-seeking graduate students
- Undergraduate students (Juniors and Seniors)
- Continuing Professional Development - Register starting Dec. 8 th , 2023 as undergraduate
auditor/non-degree seeking leaner; 16-18 CEUs will be awarded upon completion.
- Modality: Online Synchronous Course
- 3 Credits/16-18 CEUs
Days and times: Tuesday 5:30PM to 9:30PM, February 6, 2024 - April 23, 2024
Register Here
Request more information
Please email us at cmdc@umn.edu.
Member Forum: Summary Report on the Analysis of Systemic Cybersecurity Challenges along the Medical Device Supply Chain
Tuesday, June 27, 2023, 2:30 p.m. through Tuesday, June 27, 2023, 3:30 p.m.
Virtual Event | Zoom
The Center for Medical Device Cybersecurity (CMDC) at the University of Minnesota is offering a new Member Forum: Summary Report on the Analysis of Systemic Cybersecurity Challenges along the Medical Device Supply Chain
The Member Forum event will be online via Zoom on June 27th, 2023, from 2:30-3:30 PM CST. The presentation and discussion will be followed by a networking social hour.
Threat Modeling Intensive Training
Wednesday, June 21, 2023, 9 a.m. through Thursday, June 22, 2023, 5 p.m.
Bruininks Hall | Classroom 131-B | 222 Pleasant St SE, Minneapolis, MN 55455
The Center for Medical Device Cybersecurity (CMDC) is excited to sponsor a medical device-centered offering of Adam Shostack’s popular Threat Modeling Intensive. Attendees will learn how to consistently and efficiently apply threat modeling using the Four Question Framework. The course includes a mix of hands-on exercises, discussions, and lectures (available in video before and after the course). The focus will be on fundamental skill development.
Learner Profile
Attendees are usually a mix of product engineers, security engineers, product managers, and regulatory professionals. They're generally mid-career or more senior.
Pre-Requisites
This course does not require any prior threat modeling training. Product delivery experience is recommended.
Cost
- CMDC Member Organizations: significant discount (contact cmdc@umn.edu for discount total and unique coupon code)
- General: $3400
Date/Time
- June 21-22, 2023
- 9 AM – 5 PM each day, with networking event after day 1
Curriculum
This course is designed to train product engineers, security engineers, product managers, and regulatory professionals in threat modeling, including different ways to address the questions we ask, and to select the skills they should bring to bear.
This is a 2-day learning event. Learners will spend 8 hours in class on both days. There will be a 1-hour lunch break and 15-minute breaks during the morning and afternoon sessions.
Video Content
Prior to the first day of the course you will be enrolled in 'Shostack + Associates' Learning Management system where you will find copies of the recorded lectures, some of which we will use during the course, as well as optional videos that will allow you to explore the course topics in greater detail. We encourage you to watch them ahead of time to facilitate deeper in-class conversations.
Day 1
- 9:00am - Introductions and Goals
- 10:00am - Threat Modeling Exercise - cards hands-on
- 10:30am - 15 Minutes Break
- 10:45am - What are we working on
- 12:00pm - Lunch: 60 Minutes to eat and recharge
- 1:00pm - What can go wrong 1: STRIDE
- 2:30pm - 15 Minutes Break
- 2:45pm - What are we going to do about it?
- 4:45pm - Day summary and close
Day 2
- 9:00am - Check in, open questions
- 9:15 - What can go wrong 2: Kill chains
- 11:15 - 15 Minutes Break
- 11:30 - Mitigate: Risk management
- 12:00 - Lunch: 60 Minutes to eat and recharge.
- 1:00 - Did we do a good job
- 2:00 - End to end threat model exercise
- 2:15 - 15 Minutes Break
- 3:15 - Documenting, bringing to our work
- 4:15pm - Final questions, close
Final Homework
1. Discuss your end-to-end threat model with your peers.
2. Discuss the course with your supervisor: how will you apply what you learned?
3. Do a threat model with your peers, and don’t skimp on the retrospective.
4. Discuss the course with your peers: should we change our processes?
Best Hotel for Travelers - The Graduate Hotel, Minneapolis
The Graduate Hotel is located in the middle of the Minneapolis-East Bank Campus, just a few minutes walk to the classroom. There is no block, so reserve rooms early! For booking and more information visit their website here.
Member Forum: Effectively Managing Medical IoT Devices, An Open Discussion
Thursday, March 23, 2023, 12:30 p.m. through Thursday, March 23, 2023, 2 p.m.
Virtual Event - Zoom
The Center for Medical Device Cybersecurity (CMDC) at the University of Minnesota is offering a new member forum: Effectively Managing Medical IoT Devices. An open discussion by Dan Ovick, Sr. Security Analyst Risk & Compliance/Vulnerability Management, MHealth Fairview. March, 23 2023 | 12:30 PM - 2:00 PM CT
MDI 5101 - Introduction to Medical Device Cybersecurity
Tuesday, Jan. 10, 2023, 9 a.m. through Thursday, Feb. 9, 2023, 9 a.m.
Remote synchronous
Registration open! Introduction to Medical Device Cybersecurity will introduce students to all the security-specific activities needed to meet regulatory and customer expectations across the entire medical device lifecycle. This begins at the concept phase, where a comprehensive understanding of the security user needs are gathered, through security requirements and security risk management activities to develop a secure device architecture. Emphasis on security testing and post-market vulnerability management are also essential goals.
- Audience: Graduate and undergraduates students (juniors and seniors).
- Modality: Remote synchronous
- Credits: 3
- Days and times: Wednesday 5:30PM to 9:30PM, February 8, 2023 - April 26, 2023
Member Forum: The Challenges Of SBOM, An Open Discussion
Thursday, Dec. 15, 2022, 1:30 p.m. through Thursday, Dec. 15, 2022, 3 p.m.
Virtual Event - Zoom
The Center for Medical Device Cybersecurity (CMDC) at the University of Minnesota is offering a new member forum: The challenges of SBOM. An open discussion sponsored by Medcrypt. December 15, 2022 | 1:30 PM - 3:00 PM CT
Member Forum: Medical Device Security Penetration Testing
Friday, June 24, 2022, 10 a.m. through Friday, June 24, 2022, 11:30 a.m.
Online
The Center for Medical Device Cybersecurity (CMDC) at the University of Minnesota is offering a new member forum: Medical Device Security Penetration testing.
As part of our continuing effort to provide you with useful experiences, this will be a 90-minute virtual facilitated discussion with member companies led by MedSec. We expect to come out of it with conclusions from the discussion that can be shared with our community. June 24, 2022 | 10:00 AM - 11:30 AM CST
Short Course: Introduction to Medical Device Cybersecurity
Tuesday, May 17, 2022, 9 a.m. through Thursday, June 9, 2022, 11 a.m.
Zoom
The Technological Leadership Institute (TLI) and the newly-formed Center for Medical Device Cybersecurity (CMDC) at the University of Minnesota invite you to participate in its short course offering: Introduction to Medical Device Cybersecurity.
As the complexity and demand for medical devices grow, never has the need to protect them from evolving threats been so great. This course is designed to prepare early career professionals working in the medical device industry with the skills to meet the safety and security expectations of the patients, healthcare providers, and healthcare organizations that use their products. The courses capitalize on the unique and diverse experience of TLI faculty in technology management, particularly in Security Technologies and Medical Device Innovation.
Get more details on the Short Course web page.