Medtronic
“Working with the NetSPI team, it’s been a great experience. We consider them to be almost an extension of our own team – they understand our attack surface, and it feels like they are genuinely concerned about making sure they find the holes, vulnerabilities, and gaps to protect us.”
The Challenge
Building out an incident response team for a global medical device manufacturing company is no easy task, but it is one of Nancy Brainerd’s proudest achievements of her Medtronic career thus far.
As Senior Director and Deputy CISO, Nancy’s primary concern is to defend Medtronic’s global attack surface within the constantly evolving threat landscape. To protect patient data and intellectual property, it is critical she knows the size of Medtronic’s attack surface, what’s vulnerable, and where any blind spots may be.
“It’s really important to have a second set of eyes to make sure that you are not leaving yourself vulnerable to attack,” Nancy shared. Knowing this, Nancy and her team have been working with NetSPI for the past four years to perform annual penetration tests on their network perimeter, along with spot-checking throughout the year to make sure nothing is being missed.
Why Medtronic Selected and Continues to Work with NetSPI
- A strong, adaptable partnership: One thing Nancy values most about the partnership between Medtronic and NetSPI is the ongoing engagement and quality of the relationships. Nancy explained, “It’s really been wonderful to find partners that are adapting their own services to match what we need for the unique testing of a medical device, versus a typical traditional server.”
- Attack surface awareness: Nancy knows how difficult it is to protect what you don’t know. She shared, “NetSPI has been really invaluable in helping us define our perimeter, not just once, but ongoing, and making sure that we don’t lose sight of systems that might be out there, vulnerable to cyber-attack.”
- Improved security posture: When looking back at progress over the last four years, Nancy revealed, “The significant thing that has changed is every year we add more attack surface to be tested, but instead of the vulnerabilities going up, they’re actually going down.”
Considering Working With NetSPI?
Here’s What Nancy Would Tell You:
“They are great partners, and they are very flexible. Make sure you work closely with them and understand your own attack surface – if you don’t, let them help you. They’re really good at it. That’s where I think NetSPI has brought a lot of value to us – helping us truly define our attack surface.”
About Medtronic
Medtronic is the leading global healthcare technology company that boldly attacks the most challenging health problems facing humanity by searching out and finding solutions. Our mission — to alleviate pain, restore health, and extend life — unites a global team of 90,000+ passionate people across 150 countries. Our technologies and therapies treat 70 health conditions and include cardiac devices, surgical robotics, insulin pumps, surgical tools, patient monitoring systems, and more.
Visit www.medtronic.com to learn more.