Data Security, Environmental Engineering, Digital Health, and More
42TEK is an independent consulting service based in Silicon Valley. Strengths in environmental engineering, healthcare systems, medical devices, and critical infrastructure. Program management, project management, and compliance experience at Apple, Google, PayPal, Yahoo!, First Data, Kaiser Permanente, and startups, plus environmental engineering and patient care experience. Send inquiries to info@42tek.com.
Data Security
Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), and Senior IEEE Member. Experience at Apple, First Data, Yahoo!, Kaiser Permanente, PayPal, and others. IEEE Senior Member.
42TEK helps startups and small- to medium-size organizations understand and address cybersecurity concerns in the early stages of development when small efforts can provide large benefits.
Digital Health
Clinical and engineering experience to help securely architect and implement technologies for mobile health, remote monitoring, and healthcare payments. Respiratory therapy experience in Intensive Care Units. Healthcare financial systems at Kaiser Permanente. Telemedicine at AppMedicine, Inc. Organizer, moderator, or presenter at more than 20 conferences and seminars on digital health, data security, and payments topics.
Environmental Engineering
Conducted environmental impact studies for energy facilities such as power plants, transmission lines, and pipelines. Managed environmental, health, and safety regulations work in the petroleum industry and then the investigation and remediation of soil and groundwater contamination at industrial sites. Member of the IEEE Standard P7100 Environmental Impact of Artificial Intelligence Working Group. Currently working on Climate Restoration.
Work is underway to refine technologies to measure the effectiveness of a great way to remove excess carbon dioxide from the atmosphere using a natural process in the ocean. This will lead to a pilot study.
You won’t want to miss this presentation on Climate Restoration. It tells how a novel approach will be used to remove enough carbon dioxide from the air to reverse global warming. It uses a natural process that happens when dust and volcanic ash blow into the ocean.
Iron in this dust helps phytoplankton grow and this microscopic plant life captures carbon dioxide through photosynthesis.
The presentation will explain work underway to develop monitoring technology to guide the process and a pilot project planned for the near future. If all goes well, the process can be scaled up to operate worldwide. I’ll be announcing the launch of a new nonprofit organization to do this work.
This week, I presented three talks at the 12th IEEE Conference on Technologies for Sustainability (SusTech 2025) – “Inspiring Technology Solutions for Climate Sustainability” https://ieee-sustech.org in Santa Ana, CA: “The Dose Makes the Poison – Too Much Carbon Dioxide,” “Implementing Climate Restoration This Decade,” and “Carbon Dioxide Measurement for Climate Restoration.”
The bottom line is this. It looks like we can replicate a natural process to remove carbon dioxide from the atmosphere to reverse global warming. A pilot study is proposed to confirm this. Contact me if you would like to help fund this.
The paper I co-authored with Peter Fiekowsky will be in the conference proceedings.
Consider attending the April 20-24, 2025 12th IEEE Conference on Technologies for Sustainability (SusTech 2025) – “Inspiring Technology Solutions for Climate Sustainability”https://ieee-sustech.orgIn-person in Santa Ana, CA and online via Zoom. Early-bird registration is open now.
During the April 20 “Technologies for a Circular Economy” workshop, I’ll give a talk on “The Dose Makes the Poison – Too Much Carbon Dioxide.” On April 22, I’ll present a Keynote entitled “Carbon Dioxide Measurement for Climate Restoration.” Also during one of the sessions, I’ll present the paper I co-authored with Peter Fiekowsky entitled “Implementing Climate Restoration This Decade.”
IEEE World Technology Summit on AI Infrastructure, November 12-14, 2024 at the San Jose Convention Center
A lot of conferences are about the What of AI. This one was about the How – that is, the underlying infrastructure needed to support AI. This means the silicon, systems, and applications, plus security, standards and regulations to provide the framework for success.
The event featured top executives from around the world discussing how to solve our immediate problems, focusing on these core areas:
Al applications and their required infrastructure
Silicon to support Al applications
Systems to support Al applications
Security & Standards & Laws
I moderated the session on Security & Standards & Laws.
All of the speakers were from industry, except one from UC Berkeley and one from the National Science Foundation.
Attendees came away with increased understanding of challenges and solutions in providing the infrastructure needed to support the fast-growing AI industry.
TUESDAY November 12
Event Reception
WEDNESDAY November 13
Morning:
Welcome & Keynote
AI Applications
Applications utilizing Artificial Intelligence are growing rapidly but to enable them the suitable infrastructure must be there. Key growing areas including Large Language Models, Medical applications (consumer and professional), Electronic Design Automation, and Digital Twins are greatly influencing the requirements for infrastructure. This session will examine these and other topics to understand their possible growth and infrastructure needs.
Afternoon:
Silicon
The underlying silicon is a critical enabler for computing in Artificial Intelligence and its infrastructure. This session illustrates multiple perspectives on challenges in silicon technologies for AI/ML and its impact on AI/ML solutions. We will consider different aspects including silicon architectures, development and verification challenges, packaging, and aspects of energy consumption and cooling.
THURSDAY November 14
Morning:
Systems
Although there are many elements to providing AI solutions from servers to edge to client, one of the key current challenges rests in the server technology. Servers provide the backbone necessary for complex computation and data management that AI needs to provide its services. Both power and cooling are critical elements that if not available and managed, we will not be able to provide the computational power needed to make them happen. This session considers the challenges spanning from server to edge to client, but the primary focus is keeping the servers operating.
Afternoon:
Security & Standards
There are concerns about risks involving both the development and use of AI. Everyone working on AI Infrastructure needs to be mindful of these concerns. With respect to Security, this session considers cybersecurity risks affecting the computation involved in providing AI products and services and also possible adverse impacts from the use or abuse of AI. With respect to Standards, this session includes work by IEEE on the development of standards for AI and also covers international, national, and state government activity to create laws and regulations to guide and control AI.
MOVE Community Outreach, an IEEE-USA Initiative, is an emergency relief program committed to assisting victims of natural disasters with short-term communications, computer, and power solutions. Services include phone charging, internet & communications support, and lighting to disaster victims. MOVE also offers educational outreach.
In conjunction with the presence of the MOVE truck at the IEEE Global Humanitarian Technology Conference (GHTC), this is a panel discussion among representatives from organizations involved with emergency response and disaster recovery. The focus is on communications, computing, and power, but expanded from there. After a brief description of the MOVE truck, the emphasis is on stories about what works and lessons learned.
see link above for photos and biographical paragraphs for moderator and panelists.
this video from Zoom contains
first few minutes: introduction about the Consultants’ Network of Silicon Valley (CNSV)
This event was organized by the Consultants‘ Network of Silicon Valley (CNSV) as part of its sponsorship of the GHTC, which was held September 8-11, 2022 at Santa Clara University.
Defcon 30, Black Hat, and BSides Las Vegas are all happening August 9-14 in Las Vegas! The Diana Initiative, too. Check out these links to read about “Hacker Summer Camp.” Great opportunities to keep up-to-date on cybersecurity and network.
A lot continues to happen in the cybersecurity field and here are a few things I think are worth highlighting, plus some notes on my current activities.
– federal Cybersecurity and Infrastructure Security Agency (CISA) (https://www.cisa.gov) continues to generate advice, including a series of insights at https://www.cisa.gov/insights
– I’m assisting a medical software startup with setting up its cybersecurity program for its Software as a Medical Device (SaMD) product.
– I’m doing program management work related to Public Key Infrastructure for a large Silicon Valley technology company. Lots to do to maintain compliance with WebTrust and CAB Forum requirements.
– RSA Conference (https://www.rsaconference.com/usa) and BSidesSF (https://bsidessf.org) in San Francisco are deferred from February to June 2022. I’ll probably volunteer again at BSidesSF, assuming it is reasonably safe with respect to COVID-19. Maybe hang out on the exhibit floor at RSA for a day.
This Spring and Summer there’s a lot going on relative to cybersecurity for medical devices. Check these out…
Defcon 30 Biohacking Village – is targeted for August 11-14 in Las Vegas. We’ll see whether that actually happens and how risky it may be to attend, depending on the status of COVID-19. https://www.villageb.io
It’s been a whirlwind week and it’s not over, yet. Defcon29 (aka “hacker summer camp”) was August 5-8 in Las Vegas. HIMSS21 (the Health Information Management Systems Society’s global conference) started August 9 and runs through August 13, also in Las Vegas. Temperatures have been as high as 108 degrees F. Both have been hybrid conferences with some online and some in person.
I volunteered with the Biohacking Village at Defcon29, which this year mainly involved monitoring the online discussion boards in case there was any inappropriate behavior. The in person things included villages regarding IoT Hacking, Car Hacking, Voting Machines, Cryptocurrency, Satellite Hacking, and a new group called Security Leaders. There were also some good sessions on Public Policy pertaining to cybersecurity.
I co-authored and co-presented a short talk at HIMSS21…
Cybersecurity in a Complex Healthcare Ecosystem David Snyder, 42TEK, Inc. & Mitch Parker, Indiana University Health
Managing cybersecurity risk for supply chains with multiple vendors is complicated. Each vendor is clearly responsible for its own system, but who minds the overall end-to-end concerns? These concerns affect both products, such as medical devices, and services, such as telehealth platforms. Healthcare delivery organizations can have over a thousand vendors, many of which connect to the organization’s network. Cybersecurity attackers can invade a supplier’s network, interrupt service, steal information, upload malware, and even get into the healthcare delivery organization’s network to do damage, install ransomware, or steal information. In this presentation, best practices were described for assessing risks, avoiding cybersecurity vulnerabilities, and for network-connected vendors and business partners to maintain security. Special attention was given to hospitals and remote patient monitoring. Containerization, Application Programming Interfaces, and modern virtualization techniques were also covered.
This talk was based on the paper posted elsewhere on this web site.
Key takeaways…
equally important with designing, implementing, and maintaining online systems securely is the need to anticipate and expect failures and malicious attacks that will require response and recovery. Sure, cyber defense, but plan for cyber resilience [recover quickly]. Offline backups, emergency contact lists, contingency plans, legal and technical consulting standby contracts, and table top practice session are essential.
there is a shortage of trained cybersecurity professionals, so start investing in training for your existing staff while continuing to seek the expertise you need
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
