Unmasking DNS Threats & Cybersecurity Considerations for Medical Devices

Come and network with your friends, make new friends, and hear 2 great speakers at this special late afternoon event. A buffet dinner will be available.

Topic One: Cybersecurity and AI Considerations for U. S. Medical Devices

From design and development to post-market considerations, the U.S. Food and Drug Administration requires that rigor be evident to ensure the patient safety of medical devices employing digital health solutions, including those that are AI-enabled. This talk provides an overview of those requirements as detailed in two recently finalized FDA guidance for industry publications and tips for demonstrating compliance when preparing premarket submissions, as well as during post-market assessments.

Speaker One: Diane Kulisek

Diane Kulisek is a Quality Systems and Regulatory Affairs Consultant to the Medical Device Industry with more than 20 years of hands-on experience. She has worked to ensure the safety of a wide range of medical devices, incorporating critical software, most notably those for cardiac applications such as a total artificial heart (Syncardia) and cardiac rhythm management (CRM) devices, including pacemakers and implantable defibrillators(Abbott). She has also contributed to the development of compliant design portfolios for critical software as a medical device (SaMD), specifically, ICU monitoring software (Philips).

As manager of quality systems for Johnson & Johnson, Diane drove the qualification of software as part of clinical sterilization processing equipment and developed the software validation master file for non-deliverable software used throughout the organization.

Diane has a Master of Science in Engineering and has long maintained certifications as a Manager of Quality/Organizational Excellence and as a Quality Engineer from the American Society for Quality (ASQ).

Topic Two: Unmasking DNS Threats to the Healthcare Industry

The Domain Name System (DNS) is often called the “phonebook of the Internet,” but beneath its surface lies one of the most exploited attack vectors in healthcare. Cybercriminals abuse DNS to launch ransomware, steal protected health information (PHI), and disrupt clinical operations.

We’ll explore real-world healthcare scenarios where DNS has been weaponized for command-and-control, data exfiltration, and phishing that targets frontline staff. Attendees will learn how DNS abuse threatens patient safety and compliance, and why it is a blind spot in many hospital and research environments.

Key takeaways include:

• How attackers exploit DNS to compromise healthcare systems
• Techniques to detect and stop DNS abuse before it impacts care delivery
• The role of DNS security in a healthcare-focused Zero Trust model

Whether you’re a healthcare IT leader, security professional, or clinical informatics specialist, this session will equip you to better defend against one of the most trusted—but most abused—protocols on your network.

Speaker Two: Chris Usserman

Chris Usserman brings over 35 years of US Intelligence Community (IC) and Cybersecurity expertise, specializing in both offensive and defensive cyber operations. Currently at Infoblox, Chris is pivotal in collaborations with CISA, the Department of Defense and extended partner nations to actively shape global cybersecurity strategies and enhance international cyber defenses.

His career includes a decade at Lockheed Martin’s Advanced Technology Labs conducting cyber capabilities applied research, 14 years in Air Force Intelligence, 10 years in IC cyber operations, and over 11 years consulting on ‘Applied Intelligence’ to bolster cybersecurity postures for government and industry partners.

Chris excels at engaging and enlightening audiences with the latest cyber threat capabilities, employing more robust cybersecurity frameworks, and sharing his unique experiences about how threat actors think and act.

Please Park in Lot 77, right next door to the Community Center.

Because ISSA Los Angeles makes commitments to our facilities well in advance of each event, we regret that we cannot offer any refunds or credits within 72 hours of any of our events. If you cannot attend an event you can send someone in your place as long as they have your written permission.

CPEs: There will be 2 CPE credits for the meeting.

Disclaimer: ISSA-LA reserves the right to alter or delete items from the program in the event of unforeseen circumstances. Material has been prepared for the professional development of ISSA-LA members and others in the IT audit, control, security, and governance community. Neither the presenters nor ISSA-LA can warrant that the use of material presented will be adequate to discharge the legal or professional liability of the members in the conduct of their practices.

All materials used in the preparation and delivery of presentations on behalf of ISSA-LA are original materials created by the speakers, or otherwise are materials which the speakers have all rights and authority to use and/or reproduce in connection with such presentation and to grant the rights to ISSA-LA as set forth in speaker agreement. Subject to the rights granted in the speaker agreement, all applicable copyrights, trade secrets, and other intellectual property rights in the materials are and remain with the speakers. Please note: unauthorized recording, in any form, of presentations and workshops is prohibited.

Permission to be Photographed: By attending this event, the registrant grants permission to be photographed during the event. The resultant photographs may be used by ISSA-LA for future promotion of ISSA-LA’s educational events on ISSA-LA’s web site and/or in printed promotional materials, and by attending this event, the registrant consents to any such use. The registrant understands any use of the photographs will be without remuneration. The registrant also waives any right to inspect or approve the aforementioned use of any photographs now or in the future.