top of page
top-banner.jpg

Events & Speaking Engagements

About MedSec

FREE: Cyber Secure Hospitals - Why it’s hard? What’s expected? How do we get there?

Register Here!


Oct 24, 2024 12:00 PM in EST


Description: The pressure on hospitals to address cybersecurity is increasing. The U.S. Department of Health and Human Services recently announced voluntary cyber performance goals (CPGs) with plans to make achieving cybersecurity capabilities mandatory.  But many hospitals lack a significant cybersecurity program to protect clinical workflows, safeguard patients, and meet the CPGs.  This is primarily due to a lack of qualified people and funding to create and run a program; it is not due to a lack of concern or priority.   


Audience: This webinar is intended for non-technical, leadership positions.


MedSec recommends hospitals solve these challenges by following three steps:   

1) Build a basic cybersecurity program, using known cybersecurity principles.  

2) Assess current tools for unused functionality, leveraging for security purposes.  

3) Look to invest in a new tool, addressing your highest risk security gap.   


Hospitals need to act now to shore up their cybersecurity programs.  



001: FDA Cybersecurity Submissions: Understanding the Documentation Requirements

Register through Eventbrite!


  • Presenter - Matt Hazelett - Chief Regulatory Officer

  • Date: November 14, 2024 

  • Time: 2:00 PM to 4:30 PM 

  • Location: Online

Description: This course will go into detailed overviews of the deliverables needed for medical device cybersecurity
throughout the total product lifecycle. It will help ensure your organization is aware of how to meet regulatory requirements for submissions and when the deliverables should be generated.


Audience: This course is best suited to those who already have awareness of medical device cybersecurity and are interested in a more detailed understanding of FDA deliverables and when to generate them. This may include software engineers, cybersecurity staff, regulatory affairs staff, and management.


Planned Agenda:

  1. What is Cybersecurity?

  2. Importance of Cybersecurity for Medical Devices

  3. Regulation of Cybersecurity – US Focus

  4. Cybersecurity in Design

  5. Postmarket Responsibilities

004: Cybersecurity Standards Review

Register through Eventbrite!

  • Presenter - Michelle Jump - Chief Executive Officer

  • Date: December 10, 2024 

  • Time: 9:00 AM to 3:00 PM each day (Eastern Time)

  • Location: Online


Description: Standards are the backbone of any regulated industry. In some cases, they are mandatory, such as IEC 81001-5-1 in Japan. In other cases, they can be leveraged to develop processes that align with regulators’ thinking, such as AAMI TIR 57 in the US. Whatever the driver, standards help you build process and products faster and with a higher chance of success with regulators and customers. This course will review not only the content of key cybersecurity standards but also how to strategically use them.


Audience: This course is best suited for those seeking a better understanding of how to use cybersecurity standards in the medical device industry.


Planned Agenda:

  1. How are cybersecurity standards used in the medical device industry

  2. Medical device specific cybersecurity standards: domestic and international

  3. General cybersecurity standards and their use

  4. Non-standards for cybersecurity such as NIST

  5. Useful standards from other industries such as industrial control standards

101: Cybersecurity for Medical Devices
Register through Eventbrite!

  • Presenter: Matt Hazelett - Chief Regulatory Officer

  • Date: December 11-13 

  • Time: 9:00 AM to 1:00 PM each day (Eastern Time)

  • Location: Online

Description: This course will go into more detailed overviews of the processes and deliverables needed for medical device cybersecurity throughout the total product lifecycle. It will help ensure your organization is aware of how to meet regulatory requirements for submissions and the processes to have in place and follow to prepare for inspections.


Audience: This course is best suited to those who already have awareness of medical device cybersecurity and are interested in a more detailed overview of how to manage medical device cybersecurity over the total product lifecycle. This may include software engineers, cybersecurity staff, regulatory affairs staff, and management.


Planned Agenda:

1. Regulation of Cybersecurity (524B, Guidance, eSTAR, and Inspections)

2. TPLC Security Objectives and Goals

3. Concept/Planning

4. Risk Management

5. Design and Development

6. Testing – Verification and Validation

7. Labeling

8. Cybersecurity Management Plan

9. Postmarket Requirements - Maintenance

002: Understanding Your New Sandbox: Preparing Cybersecurity Professionals for the Medical Device Space

Register through Eventbrite!

  • Presenter - Michelle Jump - Chief Executive Officer

  • Presenter - Matt Hazelett - Chief Regulatory Officer

  • Date: January 21 and 23 

  • Time: 9:00 AM to 1:00 PM each day (Eastern Time)

  • Location: Online


Description: The need for top security talent in the medical device industry far exceeds the currently available pool. That means that we often welcome those outside of the industry to fill those seats. This can be a challenge both for the new hire as well as the team that they join. Working in such a highly regulated industry brings many rules that can seem both onerous and confusing. MedSec would like to help. This course is built to connect classic cybersecurity knowledge around the framework of the compliance considerations of working in the medical device industry.


Audience: This course is best suited for technical staff whose careers have not historically been in the medical device industry and would benefit from a better understanding of the regulations and best practices.


Planned Agenda:

  1. Medical Device 101: How to navigate regulated space

  2. Importance of documentation and process

  3. Moving fast and making progress in a regulated environment

  4. Pitfalls to avoid



201: Advanced Fundamentals - Generating submission-ready eSTAR cybersecurity documents from your QMS

Register through Eventbrite!

  • Presenter: Michelle Jump - Chief Executive Officer

  • Presenter: Matt Hazelett - Chief Regulatory Officer

  • Date: January 29, 2024

  • Time: 9:00 AM to 5:00 PM each day (Eastern Time)

  • Location: Online


Description: This course goes “under the hood” of all things medical device cybersecurity including creating documentation for cybersecurity within your quality management systems, current standards, and design.


Audience: This is for medical device cybersecurity team members and regulatory affairs personnel who are looking to set up their organizations for success moving forward and who already have general familiarity with the basics for cybersecurity submissions.



Planned Agenda - Advanced Fundamentals 201

1. Why does this feel so difficult, so fast?

2. Concepts and Challenges

3. Generating submission-ready eSTAR documents from your QMS

4. Overview of cybersecurity standards and their use


bottom of page