Fabian M.

Details

Education: Cuyamaca College - Associate of Science - AS
Networking, Security and System Administration - Enterprise Networking

Experience: • Evaluate product design and process and procedures and recommend implementation of cyber security related processes where possible.
• Develop, create and implement cyber security policies, processes and procedures.
• Work with developments teams to provide guidance in the secure design and development of information systems and medical devices.
• Ensure that products and solutions align with FDA Medical Device Cybersecurity Pre and Post market guidelines.
• Identify and define cybersecurity requirements for multiple standards and regulations.
• Conduct, coordinate and assist with security assessments (vulnerability identification, vulnerability scans, third-party penetration tests).
• Work with R&D teams on identification and remediation of vulnerabilities from SCA (software composition analysis), SAST (static application security testing) and DAST (dynamic application security testing)
• Lead vulnerability management efforts to identify/track/maintain vulnerabilities through the lifecycle of the product.
• Support R&D teams with the creation of threat models for specific products.
• Work with development teams in the creation and maintenance of Software Bill of Materials (SBOM) (SPDX, CycloneDX, CSV/Excel).
• Support compliance efforts for DoD Risk Management Framework and FDA Medical Device Security guidance, EU MDR and country-specific regulatory compliance.
• Provide support for cybersecurity documentation for FDA 510k submissions (Creation of architecture, security test plans, security test reports, security assessments, SBOMs, etc.)
• Product security sales support, support marketing with external customers to answer questions related to product security (customer questionnaires, regulatory questionnaires, MDS2, etc.), RFPs, RFOs, contracts, etc.
• Maintain security posture and compliance of the certification lab environment – Updating security patches for Operating Systems, Hypervisors, third Party applications and security hardening.
• Standards: DoD RMF (NIST 800-53), FDA Medical Device Cybersecurity guidance, EU-MDR (cyber), ISO 2700, HIPAA.

Years of Experience: 20

Spoken Language: English, Spanish

Skills

Information Security, Medical Device R&D, Medical Devices, Medical Information Systems, Product Security, Security Controls and Mitigations, Cybersecurity Risk Assessment and Management, Risk Management Framework, RMF, Documentation, Vulnerability Assessments and Management, Software Bill of Materials (SBOM), Threat Modeling, FDA 510k (Cybersecurity), DoD RMF (NIST 800-53), FDA Medical Device Cybersecurity guidance, EU-MDR (cyber), ISO 2700, HIPAA, MDS2

About

Over 20 years of experience in Enterprise Engineering, Cybersecurity, Information Security, Systems Administration, Networking, Design, Development and Testing. Have lead teams through design, engineering and implementation processes. Very strong experience in Information Security, Security Risk Assessment, Security Compliance, Vulnerability Management and Cybersecurity processes in DoD and Health IT (medical devices / FDA).