Colin Morgan is a key thought leader in the Healthcare Cybersecurity Industry, with over two decades of experience working in technology and cybersecurity. He is currently Managing Director at APRACITI and leads the organizations services business, which specializes in providing cybersecurity engineering expertise to medical device manufacturers building medical technology and integrating cybersecurity with quality management systems.
Colin is a member of Healthcare Sector Coordinating Council and co-author of the Medical Device and Health IT Joint Security Plan, a voluntary framework for medical device cybersecurity released in 2019. He is also an expert trainer and facilitator for the US FDA funded, Medical Device Innovation Consortium (MDIC) Medical Device & Diagnostic Threat Modeling Bootcamp training program (https://mdic.org/project/medical-device-cybersecurity-threat-modeling/).
Previously, Colin founded, developed, and led an industry leading Product Security Program at one of the largest healthcare companies in the world. As global leader and Head of Product Security, he helped develop and implement cybersecurity and quality processes, engineered medical devices for cybersecurity, performed security testing, and managed security vulnerabilities with security researchers.
Colin is a former Network & Security Engineer at the Central Intelligence Agency and contractor for a National Oceanic and Atmospheric Administrations’ supercomputing program. Throughout his career, Colin has accomplished the following:
- Built out Product Security Program Capabilities, including development and implementation of policies and processes and the integration with Quality Management Systems
- Provided Product Security Engineering support for products in development, including providing architecture reviews, threat models, documenting requirements, reviewing security test results, and supporting regulatory submissions
- Founded, developed and led a Product Security Program at one of the largest healthcare companies in the world, supporting Medical Devices, Healthcare Technology and Software as a Medical Device
- Built and led a team of Product Security Engineers, Product Security Penetration Testers and Product Security Incident Response Managers working to ensure Cybersecurity was part of the total product lifecycle
- Modified Medical Device Quality Management Systems to incorporate Cybersecurity from design and development through post market management, including regulatory compliance audit programs
- Participated in several industry efforts to improve Healthcare Cybersecurity, including Congressional Roundtables, US FDA Workshops, US DHS Tabletop Exercises and provided training on Product Cybersecurity to the US FDA, Canadian Government and Japanese Pharmaceutical and Medical Device Agency
- Current or former Member of several Medical Device Cybersecurity working groups including International Medical Device Regulators Forum, Healthcare Sector Coordinating Council, H-ISAC, AdvaMed and the Medical Device Manufacturers Association
- Recognized with the O’Reilly’s Security Defenders Award and Rapid7 Customer Award for efforts in partnering with the security research community on Vulnerability Disclosure
- Co-authored the Health Sector Medical Device and Health IT Joint Security Plan, released in 2019
- Member of the Medical Device Innovation Consortium (MDIC) Threat Modeling Bootcamp Training Program, funded and sponsored by US FDA in 2020
VIDEOS & DOWNLOADS :
Over the years Colin has spoken at a number of seminars and conferences and is considered one of the world's leading authorities on Medical Device Cybersecurity. We invite you to watch/download some of his past talks.
- Co-Author, Healthcare and Public Health Sector Joint Security Plan
- Interviewed and Quoted, technewsworld.com | Medical Device Insecurity: Diagnosis Clear, Treatment Hazy
- Interviewed and Quoted, jnj.com | 4 Ways Johnson & Johnson Is Leading the Fight Against Cyberattackers
- Interviewed and Quoted, financialtimes.com | Medical device makers wake up to cyber security threat
- Panel Presenter and Quoted, medtechintelligence.com | Moving Target: Playing Catch-Up in Cybersecurity
- Presenter and Quoted, njtechweekly.com | Internet of Medical Things Conference
- Panel 1 – Legacy Learnings: Drag of the Past Driving Increased
- Resilience in the Future Panel 2 – Risk Assessment Approaches & Labeling
- Presentation/update on the Join Security Plan
- Presented – OVERVIEW OF THE CYBERSECURITY BEST PRACTICES FOR HEALTHCARE PLAYBOOK
- Panel Moderator – THREAT MODELING – PANEL
MDIC Medical Device Cybersecurity Threat Modeling training – this is an important one that I want to showcase somewhere on the website, but definitely here.
Presentation w/ video, BSidesLasVegas, Spoke about Medical Device Cybersecurity
Keynote w/video, BioPharma Research Council Internet of Medical Thing Symposium
(Cybersecurity) Change Agent for Healthcare