MEET COLIN
MEET COLIN MORGAN
Industry Recognized Expert
Biography
Colin Morgan is a key thought leader in the Healthcare Cybersecurity Industry, with over two decades of experience working in technology and cybersecurity. He is currently Managing Director at Apraciti and leads the organizations services business, which specializes in providing cybersecurity engineering expertise to medical device manufacturers building medical technology and integrating cybersecurity with quality management systems.
Colin is a member of Healthcare Sector Coordinating Council and co-author of the Medical Device and Health IT Joint Security Plan, a voluntary framework for medical device cybersecurity released in 2019. He is also an expert trainer and facilitator for the US FDA funded, Medical Device Innovation Consortium (MDIC) Medical Device & Diagnostic Threat Modeling Bootcamp training program (https://mdic.org/project/medical-device-cybersecurity-threat-modeling/), being executed in 2020.
Previously, Colin founded, developed, and led an industry leading Product Security Program at one of the largest healthcare companies in the world. As global leader and Head of Product Security, he helped develop and implement cybersecurity and quality processes, engineered medical devices for cybersecurity, performed security testing, and managed security vulnerabilities with security researchers.
Colin is a former Network & Security Engineer at the Central Intelligence Agency and contractor for a National Oceanic and Atmospheric Administrations’ supercomputing program.
- Built out Product Security Program Capabilities, including development and implementation of policies and processes and the integration with Quality Management Systems
- Provided Product Security Engineering support for products in development, including providing architecture reviews, threat models, documenting requirements, reviewing security test results, and supporting regulatory submissions
- Founded, developed and led a Product Security Program at one of the largest healthcare companies in the world, supporting Medical Devices, Healthcare Technology and Software as a Medical Device
- Built and led a team of Product Security Engineers, Product Security Penetration Testers and Product Security Incident Response Managers working to ensure Cybersecurity was part of the total product lifecycle
- Modified Medical Device Quality Management Systems to incorporate Cybersecurity from design and development through post market management, including regulatory compliance audit programs
- Participated in several industry efforts to improve Healthcare Cybersecurity, including Congressional Roundtables, US FDA Workshops, US DHS Tabletop Exercises and provided training on Product Cybersecurity to the US FDA, Canadian Government and Japanese Pharmaceutical and Medical Device Agency
- Current or former Member of several Medical Device Cybersecurity working groups including International Medical Device Regulators Forum, Healthcare Sector Coordinating Council, H-ISAC, AdvaMed and the Medical Device Manufacturers Association
- Recognized with the O’Reilly’s Security Defenders Award and Rapid7 Customer Award for efforts in partnering with the security research community on Vulnerability Disclosure
- Co-authored the Health Sector Medical Device and Health IT Joint Security Plan, released in 2019
- Member of the Medical Device Innovation Consortium (MDIC) Threat Modeling Bootcamp Training Program, funded and sponsored by US FDA in 2020
(Cybersecurity) Change Agent for Healthcare
Panel 1 – Legacy Learnings: Drag of the Past Driving Increased
Resilience in the Future
Panel 2 – Risk Assessment Approaches & Labeling
Presentation/update on the Join Security Plan
Device Security 101 Confernece
Presented – OVERVIEW OF THE CYBERSECURITY BEST PRACTICES FOR HEALTHCARE PLAYBOOK
Panel Moderator – THREAT MODELING – PANEL
Cybersecurity Workshop (2019)
Presentation/update on the Join Security Plan
Interviewed and Quoted, technewsworld.com | Medical Device Insecurity: Diagnosis Clear, Treatment Hazy