- Job title of nominated professional: Senior Security Consultant and Cybersecurity Researcher at Rapid7
- Company (where nominated professional or team is working): Rapid7
- Website: http://www.rapid7.com
- Company size (employees): 850
In 3 bullets, summarize why this professional or team deserves recognition:
• Jay Radcliffe has made notable contributions to the medical device and cybersecurity communities. First, by disclosing key vulnerabilities in insulin pumps, including the Animas OneTouch Ping and in the Medtronic device, he started an important conversation about connected medical device security. He has also spoken and educated others at industry events like BIOMedevice and BSides to help security professionals gain the skills they need to research and build safer medical devices.
• In addition to his education efforts around medical security, Jay’s passion for education has spread to broader InfoSec initiatives. Jay’s master’s work at the SANS Technical Institute has inspired him to mentor young professionals; he is a participant in the BSidesLV Mentorship Program. In this role, Jay will act as a mentor and advisor to first-time conference speakers, helping to overcome the jitters that often accompany big presentations to peer audiences.
• Jay has also been a strong proponent for ethical hacking. He has given multiple presentations on the ethical dilemmas that security researchers face when discovering zero-day vulnerabilities, based upon his work with medical devices.
In less than 300 words, summarize the achievements of the professional or team in the nominated category
Jay Radcliffe is a senior security consultant and cybersecurity researcher at Rapid7, well known and respected for his pioneering research into medical device security. Jay has disclosed several critical vulnerabilities in insulin pumps, potentially saving lives and better informing consumers about the risks they assume with connected medical devices.
Jay first entered the public spotlight in 2011 at Black Hat, a cybersecurity conference in Las Vegas. At the conference, he demonstrated vulnerabilities in the Medtronic Inc. insulin pump, the same one he for a time used to regularly provide him with carefully measured doses of insulin. Jay was able to manipulate the levels of insulin remotely and able to raise public awareness around how malicious actors could take advantage of the same vulnerability to deliver potentially lethal doses of insulin.
In 2016, Jay’s passion for research, education, and medical security spurred him to investigate the security features of another insulin pump: the Animas OneTouch Ping. Again, Jay discovered a way for attackers to remotely communicate with insulin pump — meaning a malicious actor could deliver a lethal or harmful dose of insulin to unsuspecting patients. As a part of disclosing the vulnerability in the Animas OneTouch Ping, he worked closely with the Animas team (and Johnson & Johnson, Animas’ parent company), to ensure all patients were notified of the news, assured that they weren’t in immediate danger, and informed of potential mitigations if they were uncomfortable with the potential risk.
Jay has more than 15 years of experience in the InfoSec community. Jay has spoken at dozens of conferences and seminars around the world, and his master’s work at the SANS Technical Institute has inspired him to mentor young professionals.