top of page

RESUME/MEDIA

PROFESSIONAL INFORMATION:

In the 20+ years I have been involved in the InfoSec community, I have worked for some of the top companies in the industry. At this time, I feel that my unique combination of technical, speaking, writing, and interpersonal skills sets me aside from others as one of the premier security professionals in my field. First and foremost, I have the mind of an offensive penetration tester with a knack for hardware hacking and embedded device security. In 2011, my presentation at Black Hat displayed security weaknesses in insulin pumps, including a live demonstration in which I remotely suspended the delivery of insulin. I repeated that success in late 2016 with my research on the Animas Ping insulin pump that replaced the Medtronic that I had. I crave the “pursuit of intellectual happiness” that comes from diving deep into the technical details of penetration testing, whether it is looking at embedded devices, or the more traditional spaces of networks and servers. I bring this technical background and knowledge to all the client engagements.

 

Second, I have a passion for public speaking and sharing my knowledge with others through teaching and education. I have given multiple presentations on the ethical dilemmas that security researchers face when discovering zero-day vulnerabilities, based upon my work with medical devices. I have also spoken at dozens of conferences and seminars around the world. My masters work at the SANS Technical Institute has inspired me mentoring of those newer in their careers, Teaching, for me, is a wonderful way to keep my skills sharp and a way that I can give back to the community which has given me so much.

WORK EXPERIENCE

 

Thermo Fisher

Scientific Director, Product Security Testing & Research​

2019 - Current​

  • Direct a team of Security Researchers and Penetration Testers

  • Work with Product Teams on developing security controls

  • Work with outside research groups on product security

  • Manage testing and research budget(s)

  • Develop relationships with outside security firms

 

Thermo Fisher Scientific 

Cyber Security Researcher​

2018 - 2019

  •  ​Conduct Security Assessments and Penetration Testing on Lab Devices and Equipment produced by Thermo Fisher Scientific

  • Train and Mentor Junior Security Analysts

  • Develop and Create Training for Developers and Engineers

  • Consult with Product Managers on FDA 510k Pre/Post Market Cyber Security Guidelines

  • Develop new security products and processes

 

Boston Scientific 

Cyber Security Researcher​

2018​​

  • Worked with R&D and Development Teams to embed security into product design(s)

  • Conducted Security Assessments on Medical Devices

  • Worked with Project Managers on FDA 510K Cyber Security Documentation 

  • Consulted with Product Managers on FDA Post-Market Guidance

 

 

Rapid7 

Principal Security Consultant​ 

2014 - 2018

​I joined Rapid7 as a Senior Penetration Tester and was moved to the Strategic Services Team as one of its first members. Was awarded the Security Hero of the Year in 2016. 

  • Conducted Penetration Tests individually and as part of a team

  • Developed new offerings for Cyber Security Maturity Assessments, HIPAA, NY DFS Cyber Security Regulation(s), CIS Critical Controls

  • Conducted Independent research on IoT and Medical Devices

  • Provided Technical Expert Witness services to Law Firms

InGuardians 

Senior Security Consultant

​2012 - 2014​

  • Conducted Penetration Testing services on traditional IT networks

  • Researched Embedded Hardware (IoT, Smart Grid, IIOT, Medical Devices)

IBM / Internet Security Systems

Cyber Threat Analyst / Security Engineer/ Senior System Administrator

​2000 - 2012

  • Authored Weekly Cyber Security Assessment and News articles 

  • Provided research assistance to our Managed Security Services staff 

  • Built a custom device management platform based on open source software to support the ISS/IBM MSSP Service for 25,000+ security devices

  • Designed and supported back-end infrastructure for the MSSP service offerings

EDUCATION & CERTIFICATIONS

SANS Technology Institute

Masters of Science, Information Security Engineering​

 

One of the first graduates of the Masters program. Focused on Offensive Security, Legal Issues, and Defensive Techniques.  ​

Wayne State University

Bachelors of Arts, Criminal Justice/Pre-Law

 

​Heavily focused on the intersection of law and technology. 

ISC2 

CISSP (2001 - Present)

​GIAC/SANS 

GSEC     (2006 - 2014)

GCIH     (2007 - 2019)

GCIA      (2008 - 2016)

GCFA     (2009 - 2014)

GPEN    (2009 - 2014)

GWAPT (2010 - 2014)

GLEG    (2007 - 2014)

GCPM   (2008 - 2014)

GLIT      (2007)

GLDR    (2007)

GSPA     (2007)

SS-GHD (2007)

MEDIA COVERAGE

 

SPEAKING EVENTS

2019

FDA Workshop, Washington, DC

2018

CyberMedSec Conference, University of Arizona Medical School

Boston Scientific Product Security Conference, Minneapolis, MN

BSidesLV, Las Vegas, NV

BlackHat, Las Vegas, NV

2017

MEDSEC Medical conference, Orlando, FL

BSIDES Detroit, Detroit, MI

NASDAQ Marketing Event, New York, NY

Northeastern Panel on CyberLaw, Boston, MA

DEF CON BioHacking, Las Vegas, NV

CIO Presentation for Medical Industry, 

FTC Regulatory Conference 

Diabetes Technology Conference, Paris, France

2016

Keynote Security of Things conference, San Diego, CA

Week of Media With Insulin Pump, Boston, MA

Media event for Pump Disclosure, Boston, MA

DerbyCon, Louisville, KY

DEF CON Biohacking, Las Vegas, NV

BSidesLV, Las Vegas, NV

BSidesSLC, Salt Lake City, UT

Helmstar Investment Group Lunch, Boise, ID

Bsides Seattle Conference, Seattle, WA

2015

Keynote Security Conference

Northeastern Law School Guest Speaker

DerbyCon, Louisville, KY

CFAA Workshop Talk, Berkley, CA

SXSW Talk, Austin, TX

Security Conference

2014

SANS Conference, San Francisco, CA

FDA Workshop, Washington, DC

DerbyCon, Louisville, KY

BSidesLV, Las Vegas, NV

BlackHat, Las Vegas, NV

FTC Talk, Washington, DC

2013

BlackHat Europe, Amsterdam, NL

BsidesLV, Las Vegas, NV

BlackHat, Las Vegas, NV

2012

Shmoocon, Washington, DC

2011

Intel Product Security Conference, Portland, OR

BlackHat, Las Vegas, NV

Videos:

  • BH 2011 Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System

  • Schmoocon 2012 Encryption, Passwords and Data Security:

  • BSidesLV 2013 Mom! I Broke My Insulin Pump... Again!

  • BH 2013 Fact and Fiction: Defending Medical Device

  • BH EU 2013 Building a Defensive Framework for Medical Device Security

  • Interview Implanted Medical Device Security

  • Interview Getting ahead on medical device security

  • BsidesSLC 2016 The Hacker will see you nowDerbycon 2016 What I have learned in 25+years of Ham Radio

  • J&J warns of cybersecurity issue with insulin pump.

  • BSides Detroit 2017 Hacking with Ham Radios What I have learned in 25 years of being a ham

  • NYDFS Intro (2017)

 

Podcasts:

Olympic hacks & #drones + #MedicalDevice security w/ @jradcliffe02

bottom of page