CERSI-FDA Cybersecurity Seminar Series: David Brumley (9-10 am Pacific / 12-1 pm Eastern)

 

David Brumley, PhD

CEO, ForAllSecure, Inc
Professor of Electrical and Computer Engineering, Carnegie Mellon University

Kevin Fu, PhD

Professor of Electrical & Computer Engineering, Northeastern
University Director, Archimedes Center for Healthcare and Device Security

A Fireside Chat on Testing Like a Hacker

Join Dr. David Brumley and Dr. Kevin Fu for a fireside chat on testing like a hacker.

Abstract:

How do you find and exploit new zero days in software? Hackers answer this question one way, while software development another. No wonder there is a disconnect, and we often ship unsafe software. This talk will focus on offense, and how elite hackers think and work to find new zero days.  We’ll show how you can use the same zero-day methodology to put testing like a hacker in your pipeline so that you can ship safer software faster. We’ll also connect this to pen testing, SBOM, and medical device security.

Speaker Bios:

David Brumley is the CEO of ForAllSecure and a full-time professor at Carnegie Mellon University. His research focuses on novel program analysis and verification techniques that prove the presence of bugs and vulnerabilities. He has published numerous academic papers, won several test-of-time and achievement awards, competed and won the DARPA Cyber Grand Challenge, and holds a black badge. ForAllSecure created Mayhem to bring the same technology used by the world’s best hackers into commercial software development pipelines.

Kevin Fu is a Professor of Electrical and Computer Engineering at Northeastern University and Director of the Archimedes Center for Healthcare and Device Security. His research vision is a world where science-based security is built-in by design to all embedded systems: medical devices, healthcare delivery, autonomous transportation, manufacturing, and the Internet of Things. His research lab focuses on analog cybersecurity—how to model and defend against threats to the physics of computation and sensing. Fu is most known for his security research on cryptographic and low-power inventions to defend against vulnerabilities in an implantable cardiac defibrillator. His research led to a decade of revolutionary improvements at medical device manufacturers, global regulators, and international healthcare safety standards bodies. Security solutions resulting from this research foresaw the risks of malicious software affecting hospitals a decade before ransomware began to disrupt clinical workflow worldwide. Fu previously served as the nation's inaugural Acting Director of Medical Device Cybersecurity at U.S. FDA’s Center for Devices and Radiological Health (CDRH) and Program Director for Cybersecurity at the Digital Health Center of Excellence (DHCoE).

=======================================================================

More information about this series is available at: https://pharm.ucsf.edu/cersi/cybersecurity