About Medtronic

Medtronic is the leading global healthcare technology company that boldly attacks the most challenging health problems facing humanity by searching out and finding solutions.

Visit www.medtronic.com to learn more.

NetSPI Solutions

Attack Surface Management (ASM), Penetration Testing as a Service (PTaaS), Proactive Security



Employee Count



Minnesota, United States

Medtronic’s journey with NetSPI

Building out an incident response team for a global medical device manufacturing company is no easy task, but it is one of Nancy Brainerd’s proudest achievements of her Medtronic career thus far. 

As Senior Director and Deputy CISO, Nancy’s primary concern is to defend Medtronic’s global attack surface within the constantly evolving threat landscape. To protect patient data and intellectual property, it is critical she knows the size of Medtronic’s attack surface, what’s vulnerable, and where any blind spots may be.

“It’s really important to have a second set of eyes to make sure that you are not leaving yourself vulnerable to attack,” Nancy shared. Knowing this, Nancy and her team have been working with NetSPI for the past four years to perform annual penetration tests on their network perimeter, along with spot-checking throughout the year to make sure potential threats are not being missed.

Why Medtronic and NetSPI make a successful pairing

  1. A strong adaptable, partnership: One thing Nancy values most about the partnership between Medtronic and NetSPI is the ongoing engagement and quality of the relationships. Nancy explained, “It’s really been wonderful to find partners that are adapting their own services to match what we need for the unique testing of a medical device, versus a typical traditional server.”
  2. Attack surface awareness: Nancy knows how difficult it is to protect what you don’t know. She shared, “NetSPI has been really invaluable in helping us define our perimeter, not just once, but ongoing, and making sure that we don’t lose sight of systems that might be out there, vulnerable to cyber-attack.”
  3. Improved security posture: When looking back at progress over the last four years, Nancy revealed, “The significant thing that has changed is every year we add more attack surface to be tested, but instead of the vulnerabilities going up, they’re actually going down.”

Considering working with NetSPI? Here’s what Nancy would tell you

“They are great partners, and they are very flexible. Make sure you work closely with them and understand your own attack surface — if you don’t, let them help you. They’re really good at it. That’s where I think NetSPI has brought a lot of value to us — helping us truly define our attack surface.”