Ever thought about what it really takes to launch a successful medtech startup?

Omar M. Khateeb knows the challenges firsthand. As a founder with a track record of building healthtech companies, he’s lived through the hurdles that come with innovating in the medtech space.

In this episode, Omar dives into the highs and lows of his entrepreneurial journey, sharing key lessons, pivotal moments, and the strategies that helped him succeed. From tackling complex healthcare issues to navigating the regulatory maze, Omar breaks down what it takes to make a lasting impact in medtech.

Join us for an inside look at the future of health tech and why it’s the perfect time for the next generation of entrepreneurs to get involved.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Why does software composition analysis matter beyond regulatory compliance?

This episode explores SCA (Software Composition Analysis) and explains how SBOMs (Software Bill of Materials), SOUP (Software of Unknown Provenance), and related tooling fit into the broader medical device cybersecurity landscape. Christian and Trevor clarify common misconceptions, including licensing fears, machine-readable requirements, and the role of static testing tools.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

In the MedTech space, how can you leverage market intelligence and machine learning for business development and sales enablement?

In this episode, Christian and Trevor talk with Kevin Saem about how market intelligence and cybersecurity intersect in the MedTech space. They unpack how AI and data-driven insights are transforming sales enablement, investor confidence, and device security. They also discuss regulation delays, startup runway challenges, and the growing need for proactive cybersecurity.

Kevin Saem founded Zapyrus, a SaaS platform that helps MedTech service providers supercharge sales through AI-driven market intelligence.

Key points:

(04:20) Why medtech lags five years behind pharma in regulation and sales sophistication.

(06:30) How Zapyrus uses machine learning to identify market signals and automate sales research.

(08:45) Why regulatory clarity in Europe is fueling more medtech investment than in the U.S.

(12:00) How AI and connected devices are making cybersecurity a top concern for investors.

(19:07) What the Illumina case and AI therapy failures reveal about industry accountability.

(26:30) How medtech founders can self-regulate.

(32:40) When companies should start building scalable sales systems.

Thanks to Kevin Saem for being on the show. Connect with Kevin on LinkedIn: https://www.linkedin.com/in/kevin-saem/

Learn about Zapyrus, a sales system for MedTech service providers: https://welcome.zapyrus.com/

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

This episode was produced by Story On Media: https://www.storyon.co/

In the MedTech space, how can you leverage market intelligence and machine learning for business development and sales enablement?

In this episode, Christian and Trevor talk with Kevin Saem about how market intelligence and cybersecurity intersect in the MedTech space. They unpack how AI and data-driven insights are transforming sales enablement, investor confidence, and device security. They also discuss regulation delays, startup runway challenges, and the growing need for proactive cybersecurity.

Kevin Saem founded Zapyrus, a SaaS platform that helps MedTech service providers supercharge sales through AI-driven market intelligence.

Key points:

(04:20) Why medtech lags five years behind pharma in regulation and sales sophistication.

(06:30) How Zapyrus uses machine learning to identify market signals and automate sales research.

(08:45) Why regulatory clarity in Europe is fueling more medtech investment than in the U.S.

(12:00) How AI and connected devices are making cybersecurity a top concern for investors.

(19:07) What the Illumina case and AI therapy failures reveal about industry accountability.

(26:30) How medtech founders can self-regulate.

(32:40) When companies should start building scalable sales systems.

Thanks to Kevin Saem for being on the show. Connect with Kevin on LinkedIn: https://www.linkedin.com/in/kevin-saem/

Learn about Zapyrus, a sales system for MedTech service providers: https://welcome.zapyrus.com/

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube:

In medical device software development, why should cybersecurity be viewed as an element of product quality, not an add-on?

In this episode, Christian and Trevor speak with Randy Horton of Orthogonal about the future of medical device software development. Together, they unpack how DevSecOps, quality systems, and modern engineering practices can elevate safety and speed innovation in MedTech. From the philosophy behind “move faster and break nothing” to lessons learned from real-world cybersecurity cases, this conversation reframes how medical device teams should approach software design.

Randy Horton is the Chief Solutions Officer at Orthogonal, where he helps MedTech companies build better, safer, and smarter connected devices. A lifelong software innovator, Randy brings profound insight into what it takes to merge cutting-edge tech with the regulated world of healthcare.

Key points:

(03:00) Randy shares how discovering the first web browser set him on a lifelong path of innovation.

(05:11) Why high-quality software inherently includes cybersecurity.

(08:52) Why traditional engineering mindsets struggle with the flexibility of software development.

(12:42) How the “move fast” culture in Silicon Valley clashes with MedTech’s demand for control and safety.

(16:09) Why some manufacturers avoid updating medtech devices, and how that hurts long-term device security.

(19:49) Randy predicts that born-digital MedTech companies will lead the next wave of innovation, pushing the industry to adapt faster.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Thanks to Randy Horton for being on the show.

Learn more about Orthogonal: https://orthogonal.io/

Connect with Randy on LinkedIn: https://www.linkedin.com/in/randyhorton

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

What options do MedTech manufacturers have to bring older devices up to modern cybersecurity standards? Also, how does the FDA’s latest guidance change the process for updating legacy devices?

In this episode, Christian and Trevor break down the evolving challenges of managing cybersecurity for MedTech legacy devices. They explain how the FDA’s recent guidance updates create new pathways for handling older devices without requiring full redesigns. Together, they explore practical steps manufacturers can take—like penetration testing and postmarket monitoring—to stay compliant and proactive about security risks.

Key points:

(02:13) How the FDA defines legacy devices and why updates to older equipment pose unique challenges.

(03:47) Why simply replacing old devices isn’t realistic for many healthcare organizations.

(05:00) How encryption standards evolve and why older devices often can’t meet modern security expectations.

(06:25) The FDA’s distinction between controlled and uncontrolled risk.

(09:02) The FDA’s reduced burden pathway for legacy devices.

(11:07) Best practices for postmarket management plans.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

How can security architecture views strengthen a medical device manufacturer’s FDA submissions?

This episode/webinar dives into the four critical security architecture views required by the FDA: global system, multi-patient harm, updatability and patchability, and secure use case views. Christian Espinosa and Trevor Slattery explain how each view strengthens product security while aligning with regulatory expectations. They also share practical strategies and examples, from cloud environments to physical updates, highlighting how proper documentation and foresight can mitigate real-world risks.

Highlights:

(01:19) Learn why the FDA requires four specific security architecture views and how they support threat modeling.

(03:10) Understand how integrating security into architecture views reflects secure coding and DevSecOps practices.

(04:15) Discover how global regulators beyond the FDA use similar documentation requirements.

(07:52) Explore why global system views must include both software and hardware components as well as data flows.

(11:02) The distinction between global system views and multi-patient harm views.

(14:36) Common vulnerabilities like hard-coded credentials that can lead to multi-patient harm.

(19:18) The risks of over-the-air updates versus physical updates for medical devices.

This episode was brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

How can AI literacy reduce patient risk in healthcare settings?

In this episode, Christian Espinosa and Trevor Slattery are joined by Dr. José Acosta. Together, they unpack the promise and pitfalls of artificial intelligence in healthcare—from the accuracy gap in diagnostics to the importance of ethics, alignment, and training. The conversation explores how clinicians can harness AI safely, ensuring innovation never comes at the cost of patient trust or care quality.

Dr. José Acosta is a retired Navy trauma surgeon turned AI literacy advocate. With decades of experience in medicine and leadership, he’s now helping clinicians understand AI—from how it works to how it should be used responsibly.

Key points:

(00:57) José’s background as a Navy trauma surgeon and his passion for AI literacy.

(02:53) What “AI literacy” really means.

(05:00) Why precision matters in medicine, and why 85–95% accuracy in AI models isn’t enough when lives are on the line.

(11:20) A chilling example of an AI therapy app that gave a fatal recommendation.

(14:16) José predicts a surge in “ambient AI scribes” and explains how they’ll reshape physician workflows.

(17:53) AI’s productivity paradox—how new tools can both help and overwhelm clinicians.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cybercriminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Thanks to José Acosta for being on the show. Connect with José on LinkedIn: https://www.linkedin.com/in/joseacostasd/

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

MedTech developers and manufacturers, could your medical device unknowingly qualify as a “cyber device”?

In this episode, Christian and Trevor break down what the FDA considers a “cyber device” and why so many manufacturers misunderstand this definition. They reveal how even basic interfaces like USB, HDMI, or Bluetooth can make a device cyber-enabled—and why that matters for regulatory compliance.

Key points:

(00:33) What makes a medical device a “cyber device,” and why confusion persists among manufacturers.

(02:14) How proving a device has zero vulnerabilities is nearly impossible, even with minimal code.

(03:12) Why even a simple USB port can classify a device as “cyber.”

(05:05) Common interfaces (Wi-Fi, Bluetooth, RFID, NFC, HDMI) that make a device cyber-enabled.

(09:23) Implantable devices, like pacemakers, and how protocols such as MedRadio introduce hidden connectivity.

(12:20) A real case where the FDA classified a 3D-printing system as a cyber device due to its software dependencies.

(16:15) Practical advice on removing unnecessary ports or connectivity to avoid cyber classification.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cybercriminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

In this episode, Christian and Trevor unpack the five most common misconceptions that put medical device manufacturers at risk. From confusing data protection with patient safety to misunderstanding what qualifies as a cyber device, the hosts shed light on the blind spots that cause costly delays and compliance failures. They also explore how medical device cybersecurity differs fundamentally from traditional cybersecurity, emphasizing the need for specialized expertise and early integration of secure design principles.

Key points:

(01:18) Misconception #1: That cybersecurity is only about protecting data rather than patient safety.

(06:04) Misconception #2: That your product isn’t a “cyber device.”

(07:46) Misconception #3: That cybersecurity is a one-time thing to study rather than a full lifecycle process.

(12:17) Misconception #4: That software developers inherently understand cybersecurity.

(19:10) Misconception #5: Thinking that traditional cybersecurity and medical device cybersecurity are the same.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cybercriminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

MedTech manufacturers and developers, what happens if your AI-powered medical device makes a terrible, life-threatening mistake?

This episode explores what happens when artificial intelligence in medical devices goes wrong. Christian Espinosa and Trevor Slattery break down the real-world consequences of AI failure, using a tragic mental health chatbot case to highlight the stakes of inadequate oversight. They also examine the EU AI Act, new MDCG guidance, and the ethical, regulatory, and cybersecurity challenges facing innovators in the high-risk medical AI space.

Key points:

(03:02) The EU AI Act and how it intersects with the MDR and IVDR.

(03:55) A real case study involving a suicidal patient and an AI mental health chatbot.

(06:07) How general-purpose AI tools differ from regulated medical AI.

(09:57) Why threat modeling should apply to AI systems.

(12:16) Ethical decision-making in autonomous systems using self-driving car analogies.

(14:02) The Medical Device Coordination Group’s guidance on aligning the AI Act with EU medical device regulations.

(17:10) Shared accountability across regulators, manufacturers, and users for AI oversight.

(18:35) The U.S. still treats AI as a “Wild West” compared to the EU’s stricter approach.

(22:42) Regulators aren’t asking if your AI works—they’re asking how it fails.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

What are some of the greatest challenges medical device startups face when bringing their products to market?

This episode features Suzy Engwall, a healthcare innovation consultant with experience mentoring startups and guiding hospitals. She joins Christian Espinosa and Trevor Slattery to discuss the hidden roadblocks medical device innovators face—from funding gaps to internal hospital politics to overlooked cybersecurity. Together they unpack the realities of FDA compliance, AI-driven decision support, and why raising cybersecurity awareness early can mean the difference between market success and failure.

Suzy Engwall is a healthcare innovation leader who’s spent the last 20 years shaking up hospitals and mentoring startups. She runs HealthTech Strategies, where she helps founders, investors, and clinicians bridge the gap between big ideas and practical adoption.

Key points:

(04:38) Challenges medtech startups face include funding, go-to-market strategy, and regulatory hurdles, with cybersecurity often overlooked.

(05:56) Why 93% of med tech startups fail.

(08:01) How internal politics within hospitals can derail promising innovations.

(09:32) Hospitals now scrutinize devices for cybersecurity risk beyond FDA approval, raising the bar for manufacturers.

(12:19) Legacy devices often fail modern cybersecurity requirements, forcing redesigns and frustrating manufacturers.

(16:43) AI in diagnostics: who’s responsible when mistakes occur?

(23:24) Why patients rarely question medical devices.

(31:28) Why cybersecurity is often the last thing innovators ask about—and why that mindset must change.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cybercriminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Thanks to Suzy Engwall for being on the show. Connect with Suzy on LinkedIn: https://www.linkedin.com/in/sengwall

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

How safe are the medical devices I rely on, and what are the biggest cybersecurity risks I should know about?

In this episode, the team goes behind the scenes of real-world medical device penetration testing to reveal the 10 most common and dangerous cybersecurity vulnerabilities found in medical devices. The discussion covers practical examples, industry standards, and actionable advice for manufacturers and healthcare organizations.

Key points:

(0:00) Introduction & Penetration Testing Context

(1:29) Why Penetration Testing Matters in MedTech

(5:50) Top 10 Medical Device Vulnerabilities:

1. Hardcoded/Default Credentials – Default passwords, BIOS passwords, and supply chain issues.

2. Unsecured Communication Channels – Lack of encryption, outdated standards, key management, and device constraints.

3. Outdated/Vulnerable Third-Party Components – Software Bill of Materials (SBOM), continuous monitoring, and post-market risks.

4. Improper Access Control – Weak authentication, privilege escalation, and user data exposure.

5. Debug Interfaces Left Enabled – JTAG/UART ports, physical access, and mitigation strategies.

6. Missing/Weak Firmware Integrity Checks – Secure boot, code signing, and white-box testing.

7. Poor Session Management – Session timeouts and session hijacking.

8. Fuzzing Vulnerabilities (Buffer Overflows) – Fuzz testing, buffer overflows, and legacy devices.

9. Lack of Tamper Detection – Audit trails, tamper-evident stickers, and physical controls.

10. No Rate Limiting/Automation Controls – Brute-force attacks, automation, and rate limiting.

(37:26) Secure Product Development Frameworks, and DevSecOps.

(38:04) Regulatory Perspective.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Thanks to Myles Kellerman for being on the show. Connect with Myles on LinkedIn: https://www.linkedin.com/in/myles-kellerman-5763aa22

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

What past ransomware and medical device incidents might reveal gaps that manufacturers are still overlooking today?

In this episode, Christian and Trevor examine real incidents where cybersecurity failures, software flaws, and insecure medical devices led to patient harm and death. They break down how ransomware attacks, implantable device vulnerabilities, and AI-driven therapies expose life-critical risks in healthcare. The conversation highlights why regulators are increasing scrutiny and why cybersecurity must be treated as a patient-safety imperative, not an afterthought.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

How can you prepare your device for future quantum computing risks?

In this episode of The Med Device Cyber Podcast, Christian and Trevor talk with May Lee of CS Life Sciences about the fast-changing world of medical device cybersecurity. They discuss the growing regulatory demands from the FDA, EU, and China, and why cybersecurity can no longer be an afterthought in device design. The conversation also dives into quantum computing, supply chain risks, and how manufacturers can balance compliance with innovation.

May Lee is a medical device consultant at CS Life Sciences who specializes in AI, machine learning, and cybersecurity. With experience ranging from startups to global corporations, she brings a practical perspective on navigating regulations and helping innovators bring safer devices to market.

(03:21) Why cybersecurity is moving from afterthought to design control.

(05:49) Key takeaways from the FDA’s finalized cybersecurity guidance.

(08:04) Comparing U.S. FDA and EU MDR cybersecurity requirements.

(10:44) How quantum computing raises new risks for health data.

(16:26) The balance between compliance, over compliance, and innovation.

(18:23) Differences in regulatory approaches across the U.S., EU, and China.

(28:05) Why third-party supply chain and software components matter for device security.

(32:48) When medical device companies should engage cybersecurity consultants.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Thanks to May Lee for being on the show. Connect with May on LinkedIn: https://www.linkedin.com/in/may-lee-a1b16186/

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

What happens when cybersecurity flaws in medical devices cross the line into criminal violations?

In this episode, Christian and Trevor unpack the groundbreaking case of Illumina, where cybersecurity misrepresentation led to Department of Justice enforcement. They explore how this signals a shift from technical risks to legal and patient safety consequences, highlighting the dangers of cutting corners in device development. The conversation also outlines practical lessons for manufacturers on integrating secure product development, anticipating FDA deficiencies, and aligning business functions with cybersecurity goals.

Key points:

(00:02) Misrepresenting cybersecurity controls in medical devices can lead to legal prosecution under the DOJ’s civil cyber fraud initiative.

(04:28) Regulatory enforcement is evolving beyond HIPAA into direct patient safety risks.

(06:05) Medical device cybersecurity differs from information privacy laws, especially with potential patient harm.

(08:30) The Illumina case involved a whistleblower, FDA oversight, and DOJ enforcement.

(10:54) Ignoring internal warnings about device vulnerabilities led to legal consequences.

(13:44) Security by design must be integrated early to avoid costly retrofits.

(16:46) Cybersecurity is recognized as a clinical risk tied to patient mortality.

(19:12) Manufacturers are adopting secure product development frameworks earlier in the lifecycle.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

How can medtech innovators balance speed with compliance in medical devices?

In this episode, Christian and Trevor sit down with Karandeep Singh Badwal about the challenges of balancing innovation with quality and regulatory compliance in medical devices, especially with the rise of AI and software-driven solutions. From cybersecurity gaps to the staggering startup failure rate, the conversation highlights why building quality and regulatory compliance into devices from the start is crucial for long-term success.

Karandeep is the founder of QRA Medical, where he helps medtech innovators navigate the maze of quality and regulatory requirements. He’s also the host of The MedTech Podcast and a LinkedIn creator who makes compliance topics easy to understand (and way less boring than the regulations themselves).

(3:30) AI, Software, and Cybersecurity Challenges

* Why artificial intelligence data validation remains immature and risky for medtech.

* How software versioning and outdated penetration testing complicate cybersecurity.

(9:45) Quality and Development Gaps

* Why some startups skip quality until it’s too late.

* The importance of adopting partial QMS early to ease transitions later.

(28:00) Startup Pitfalls and Failure Rates

* Why many medtech startups fail.

* The role of regulatory delays, poor planning, and market misalignment.

(30:00) Keys to Success

* What successful startups do differently.

Thanks to Karandeep Singh Badwal for being on the show: https://karandeepbadwal.com/

Connect with Karandeep on LinkedIn: https://www.linkedin.com/in/karandeepbadwal/

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

Cyber threats targeting medical devices are increasingly sophisticated. A single undiscovered vulnerability could delay your FDA submission and put patient safety at risk.

Join Blue Goat Cyber’s CTO, Trevor Slattery, and Director of MedTech Cybersecurity, Myles Kellerman, in this webinar as they reveal real-world vulnerabilities uncovered during penetration testing. Gain exclusive insights from actual breaches and vulnerabilities Myles has personally identified, and learn how to ensure your medical device stays secure—and your FDA submission on track.

In this webinar, you’ll discover:

• Real-world medical device hacks uncovered by penetration testing.
• Common vulnerabilities most manufacturers overlook.
• Practical tips to meet FDA cybersecurity expectations and premarket submission requirements.
• How Blue Goat Cyber helps manufacturers confidently secure FDA approval.

Featured Speakers:

Trevor Slattery, CTO: Expert in FDA-compliant cybersecurity strategies for medical devices.

Myles Kellerman, Director of MedTech Cybersecurity: Renowned penetration tester who identifies vulnerabilities before they become costly crises.

What project management mistakes can med tech innovators avoid? What methods and tools can help med tech companies manage projects?

In this episode, Christian Espinosa welcomes Steve Curry to explore how strong project management can make or break a med tech company’s cybersecurity readiness. They discuss why many innovators overlook planning, how this oversight causes costly delays, and the benefits of integrating cybersecurity into every project phase. Steve shares practical strategies for execution, tool selection, and aligning team resources to ensure both speed to market and compliance success.

Steve Curry founded MustardSeed, a company that brings world-class project management to the sciences. With a background in billion-dollar defense programs, Steve now helps med tech, biotech, and pharma companies execute better, faster, and smarter.

Key points:

(4:47) Core Challenges in Med Tech Project Management

* Many companies skip creating a true project plan, leading to unachievable timelines.

(11:16) Investor Perspectives and PMO Value

* A skilled PMO can integrate teams, drive schedules, and improve decision-making.

(18:16) Cybersecurity’s Place in the Project Plan

* Cybersecurity is often added too late, causing redesigns and delays.

(27:37) Tools, Efficiency, and Execution

* Choosing the right project management software is critical and difficult to reverse.

Thanks to Steve Curry for being on the show. Connect with Steve on LinkedIn: https://www.linkedin.com/in/steve-curry-ab883378/

Learn about MustardSeed: https://www.mustardseedpmo.com/

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

When you’re working with a manufacturer to ensure that a medical device has strong cybersecurity, what do you need to know from a regulatory perspective?

In this episode, Christian and Trevor dive into the current state of cybersecurity, discussing emerging threats and defense strategies. They also explore the role of AI in both cyberattacks and security measures, offering insights into how businesses can stay ahead of evolving threats.

Key topics for regulatory affairs (RA) and quality assurance (QA) professionals covered in this webinar:

(02:15) The Current Cyber Threat Landscape

* The most pressing cybersecurity threats facing businesses today.

* Why ransomware attacks are becoming more sophisticated.

(10:45) Social Engineering

* How cybercriminals manipulate human behavior to breach systems.

(19:30) AI in Cybersecurity

* The ways AI is being used by both attackers and defenders.

* Ethical concerns around AI-driven cybersecurity tools.

(27:50) Building a Culture of Security Awareness

* Why employee training is crucial in preventing breaches.

* Why multifactor authentication is a must.

* Regularly updating and patching software.

(44:30) The Future of Cybersecurity

* Predictions for upcoming threats and defensive strategies.

* Steps businesses can take today to prepare for tomorrow’s challenges.

This episode is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Which cybersecurity tests are the most crucial, and which ones does the FDA require for medical device approval?

In this episode, Christian and Trevor break down the many types of cybersecurity testing required for medical devices. They explore the distinctions between vulnerability assessments, penetration testing, and other critical methods like fuzz testing, security requirement testing, and dynamic analysis. Along the way, they share real-world examples, FDA compliance insights, and practical tips for ensuring no entry point goes untested.

Key points: 

(3:21) Vulnerability vs. Penetration Testing

* Vulnerability testing identifies issues quickly, while penetration testing digs deeper to exploit them.

(6:01) Software Composition and Static Analysis

* Using SBoMs to identify risks in third-party and unknown code.

* Dangers of insecure, copied code such as hardcoded credentials.

(10:23) Penetration Testing Types and Abuse Cases

* Differences between black, gray, and white box testing.

* Abuse case testing for overlooked or “out of scope” device interfaces.

(20:44) Fuzz Testing and Security Requirements

* Fuzz testing for unexpected input handling and potential zero-day vulnerabilities.

* Security requirement testing, dynamic analysis, and advice on choosing skilled third-party testers.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com 

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session 

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. 

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ 

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ 

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ 

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ 

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber 

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ 

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ 

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial 

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. 

Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh 

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

This episode was produced by Story On Media: https://www.storyon.co/ 

What are the unique challenges and regulatory requirements of medical device penetration testing? 

In this webinar episode with Christian Espinosa, CEO of Blue Goat Cyber, and Trevor Slattery, CTO of Blue Goat Cyber, you’ll learn: 

* How Medical Device Penetration Testing Differs from Traditional IT Security.

Unlike conventional IT security testing, medical device penetration testing prioritizes patient safety and device functionality. Discover how attackers exploit firmware, wireless protocols, and hardware vulnerabilities—threats often overlooked in standard IT security assessments.

*  Meeting FDA & Global Regulatory Requirements for Penetration Testing.

With the FDA’s 2023 cybersecurity guidance, EU MDR expectations, and IEC 62304 compliance now requiring risk-based security testing, manufacturers must integrate penetration testing to avoid regulatory delays, design deficiencies, and costly late-stage changes.

*  Identifying & Preventing the Most Exploited Medical Device Vulnerabilities.

From weak authentication and unpatched third-party components to unencrypted communication channels, real-world attacks on pacemakers, insulin pumps, and hospital IoT devices illustrate the critical need for proactive security measures. Learn how these vulnerabilities could have been prevented.

*  Medical Device Risk Matrix: Replacing Probability with Exploitability & Prioritizing Patient Harm.

Traditional risk assessments rely on probability vs. impact, but medical device risk scoring prioritizes exploitability (CVSS-based) over probability for a more objective evaluation. Learn how patient harm replaces a solely HIPAA-focused data exposure approach, aligning risk assessment with real-world consequences.

*  How Penetration Testing Strengthens Security & Accelerates FDA Approval.

Early integration of security testing in development reduces costly last-minute fixes and regulatory deficiencies, while postmarket penetration testing ensures ongoing protection against evolving cyber threats, preventing unexpected recalls and compliance failures.

What cybersecurity challenges face hospitals and medical devices today that medtech innovators should know about?

Today’s guest is Dr. Dylan Attard, who swapped his scalpel for startups when he founded MedTech World, a global conference series elevating healthcare innovation. He’s passionate about connecting startups with investors and sparking conversations that turn bold ideas into life-saving solutions.

In this episode, Dr. Attard shares his transition from surgeon to founder of MedTech World and offers a global perspective on med tech growth, innovation, and cybersecurity. Along with Christian and Trevor, he explores how startups can safeguard patient lives—and their bottom line—by thinking about cybersecurity from day one.

(07:20) Global Growth of Med Tech

Med tech expansion in the Middle East, Africa, and Asia.

(12:46) Cybersecurity Awareness and Startup Risk

How many med tech innovators fail to consider cybersecurity early.

(18:18) Documented Cases of Patient Harm

Challenging the narrative that medical device hacks haven’t caused patient harm.

(36:13) Vision for MedTech World

Dylan shares the mission behind MedTech World and its expansion goals.

Thanks to Dr. Dylan Attard for being on the show.

Visit his website: https://www.dylanattard.com/

Connect with him on LinkedIn: https://www.linkedin.com/in/dylattard/

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

Medical devices are becoming more connected, but with that connectivity comes risk.

In this episode, Christian and Trevor dive into risk assessments for medical devices—a crucial process in ensuring both patient safety and cybersecurity compliance.

They discuss:

* The difference between risk management and risk assessment

* How risk scoring works using exploitability vs. impact

* Why traditional cybersecurity metrics don’t fully apply to medical devices

* The importance of traceability and compliance with ISO 14971 & AAMI TIR57

* How SBOMs and vulnerability assessments fit into a cybersecurity strategy

* Real-world examples of risk prioritization in medical devices

Risk assessments aren’t just about identifying vulnerabilities—they’re about understanding their real-world impact on patients and ensuring compliance with regulatory bodies like the FDA.

This episode was brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

This episode puts Trevor in the hot seat. If you were put in the hot seat, could you clearly explain cybersecurity, safety, and lifecycle terms like Trevor?

In this rapid-fire episode, Christian fires questions at Trevor about essential medical device cybersecurity concepts and standards. Together, they clarify how risk management, secure development, and lifecycle thinking intersect across safety, quality, and security.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

How do measures and metrics differ, and why is this distinction crucial for FDA submissions?

In this episode, Christian and Trevor demystify the difference between cybersecurity measures and metrics in the context of FDA guidance. They explore what the FDA expects in submissions, emphasizing patch timelines, vulnerability tracking, and post-market data collection. They also discuss the importance of actionability over mere compliance and include real-world challenges like device downtime and risk in different environments.

Key points:

(0:30) Measures vs Metrics Defined

* Measures are raw figures like time or count; metrics are calculated from measures.

(4:06) FDA Guidance and Patch Timelines

* FDA expects metrics like percentage of patched vulnerabilities and two patch-related durations.

(7:49) Real-Time Alerts

* Devices should notify users immediately of anomalies to compensate for lack of SOC monitoring.

(14:01) When to Include Metrics in Submissions

* Metrics aren’t always required during initial submission unless data is available.

(18:07) Downtime, Rebooting, and Risk Profiles

* Reboot times and system recovery durations should be treated as key measures.

* Risk profiles shift based on device use environment.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

Christian Espinosa, CEO of Blue Goat Cyber, and Trevor Slattery, Director of Medical Device Cybersecurity, explore the critical topic of threat modeling in medical device cybersecurity.

This session covers essential practices and frameworks that ensure the safety and security of medical devices, aligning with FDA guidelines.

We cover the DFD3 standard for threat diagramming and the STRIDE framework for identifying potential threats. Learn how to visualize and assess risks effectively, understand trust boundaries, and implement robust security measures to protect sensitive patient data.

Blue Goat Cyber is a group of cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Director of Medical Device Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

For more content on medical device cybersecurity, check out The Med Device Cyber Podcast, your essential resource. In each episode, we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, subscribing to the Med Device Cyber Podcast will help you safeguard patient safety.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

How have medical device cybersecurity requirements changed since 2023, and what does this mean for your product development?

In this episode, Christian and Trevor welcome Monica Montañez from NAMSA to unpack the evolving landscape of FDA cybersecurity requirements. From new laws introduced in 2023 to the ambiguous language in FDA guidance, they dig into what it really takes to meet expectations for cyber device submissions.

(0:32) NAMSA and Industry Shifts

* Monica introduces NAMSA’s role in regulatory and quality consulting.

(5:12) FDA Guidance vs. Legal Mandate

* The confusion around FDA’s "recommended" language.

* How internet-connectivity defines cyber devices—including USB and Bluetooth.

(12:57) Classifications, Interfaces, and Testing Gaps

* The dangers of assuming interfaces are disabled.

* Why early cybersecurity design is now critical for approval.

(18:08) New Submission Expectations

* What’s now required in a submission: threat models, risk assessments, lifecycle documentation.

* Trevor explains how these requirements balloon documentation to hundreds of pages.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Thanks to Monica Montañez for being on the show.

Learn more about Monica on NAMSA’s website:

https://namsa.com/expertise/team/monica-r-montanez/

Connect with Monica on LinkedIn: https://www.linkedin.com/in/monica-montanez-ms-rs-rac-cqa-4389336

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

Join Trevor Slattery, Director of Cybersecurity, and Christian Espinosa, CEO of Blue Goat Cyber, for a comprehensive webinar on medical device cybersecurity.

Trevor and Christian explore the critical interplay between safety and security risk management, offering guidance on conducting effective risk assessments that address vulnerabilities across both domains.

This presentation will give you a deeper understanding of key standards like ISO 14971 and AAMI TIR57 and learn how to implement robust risk management frameworks. Equip yourself with the knowledge needed to ensure both patient safety and data security in medical devices!

Blue Goat Cyber is a group of cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Director of Medical Device Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

For more content on medical device cybersecurity, check out The Med Device Cyber Podcast, your essential resource. In each episode, we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, subscribing to the Med Device Cyber Podcast will help you safeguard patient safety.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

What are the four security architecture views that the FDA prioritizes, and how do they impact your device's design?

This episode explores the FDA-defined security architecture views essential for medical device cybersecurity. Christian and Trevor break down the four views—global system, updatability/patchability, multi-patient harm, and secure use cases—with real-world examples and practical advice.

Key points:

(5:25) The Global System View

* Companion apps and cloud infrastructure must be part of the device scope.

* Many device manufacturers overlook update infrastructure in this view.

* Distinguishing in-scope versus out-of-scope components is a common challenge.

(12:52) Updatability and Patchability

* Secure update procedures must cover the entire lifecycle.

* FDA wants manufacturers to consider both infrastructure and delivery integrity.

* A weak development environment can compromise update trustworthiness.

(18:21) Multi-Patient Harm Scenarios

* Risk is based on the scope and scale of potential compromise.

* Even small devices can cause large-scale issues depending on their connectivity.

(23:09) Secure Use Case Views and Closing Advice

* Every device function should have a corresponding security consideration.

* Functional requirements can guide secure use case documentation.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

How can you integrate relevant cybersecurity standards early in your medical device development process? Also, how do FDA cybersecurity standards help reduce the time to market for new medical devices?

In this episode, Trevor Slattery, CTO of Blue Goat Cyber, and Jordan John, Director of Regulatory Affairs and Compliance at Blue Goat Cyber, explore:

* The importance of integrating standards into the QMS from the start.

* How TIR57 complements ISO 14971 for security risk management.

* Why cybersecurity must be operational, not just documented.

* IEC 62304 and its role in secure software lifecycle processes.

* ISO/IEC 81001-5-1 is covered as a framework for secure product development.

* NIST SP 800-115 is explored as a guide for FDA-compliant penetration testing.

* How FDA guidance ties all the standards together.

This episode was brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

How can shared responsibility models improve healthcare cybersecurity?

In this episode, Greg Garcia joins Christian and Trevor to break down the evolving landscape of medical device cybersecurity from a national policy perspective. Together, they discuss the legacy device challenge, shared accountability, and how sector-wide collaboration is critical to progress. The episode drives home the message that cybersecurity is not just technical—it’s foundational to patient safety and innovation.

Greg Garcia is one of the people shaping the future of critical infrastructure cybersecurity—and he’s got the track record to back it up. As executive director of the Health Sector Coordinating Council Cybersecurity Working Group, he’s all about connecting the dots between policy, industry, and patient safety.

Key points:

(1:30) Cyber in Critical Infrastructure

* Greg’s career path from Homeland Security to health sector leadership.

* The Health Sector Coordinating Council’s mission.

(10:35) The Legacy Device Dilemma

* Medical device cybersecurity suffers from the finger-pointing between HDOs and MDMs.

* Managing unsupported devices and contractual accountability.

(18:05) Budget Gaps and Cultural Challenges

* Rural hospitals and underfunded providers struggle to keep up with cybersecurity expectations.

* The case for regulatory mandates to level the playing field.

(31:47) Regulation, Risk, and Big Ideas

* The idea of Authorization to Operate (ATO) for health tech.

* Comparisons to Department of Defense (DoD) and FedRAMP models are raised as a vision for healthcare.

(40:12) Culture Over Compliance

* Why data shows low medical device exploitation—but that’s no reason to relax.

* How to make “secure by default” a reality.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Thanks to Greg Garcia for being on the show. Connect with Greg Garcia on LinkedIn: https://www.linkedin.com/in/gregorytgarcia/

Learn about the Health Sector Coordinating Council: https://healthsectorcouncil.org/

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

How well does your security strategy cover the entire product lifespan—from concept to decommissioning?

This episode dives into the importance of the Total Product Lifecycle (TPLC) and Secure Product Development Framework (SPDF) in medical device cybersecurity. Christian and Trevor share stories, best practices, and pitfalls from real-world cases involving update security, insecure development environments, and overlooked decommissioning risks.

Key points:

(1:50) Intro to TPLC and SPDF

* The importance of TPLC and SPDF in secure development.

(7:00) Update Vulnerabilities and OTA Risks

* An example of compromised keys in an otherwise secure over-the-air (OTA) process.

* Trade-offs between update convenience and security.

(12:16) Threat Modeling

* Threat modeling’s application to development environments.

* The overlooked risks of data storage locations and natural disasters.

(17:24) Infrastructure Challenges

* How clients struggled with infrastructure across hospital environments.

* How scripts and hardcoded passwords can introduce risk.

(19:56) Building a SPDF That Works

* Best practices: coding standards, multi-layer review, and automated testing.

* Secure development is like planning for your own death—it’s hard, but necessary.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

How can medical device startups avoid missteps in cybersecurity, quality, and compliance?

In this episode, Trevor Slattery speaks with Ashkon Rasooli about the intersection of quality systems and cybersecurity in medical devices. They unpack why treating cybersecurity as a bolt-on checklist is ineffective and even dangerous. They also discuss regulatory realities, risk management frameworks, and how early-stage teams can avoid costly pitfalls by planning smarter from the start.

Ashkon Rasooli is the CEO of EnGenius Solutions, a boutique consulting firm focused on medical device software development. With a background in both hands-on coding and compliance, Ashkon helps medtech startups navigate quality systems and regulatory strategy.

Key points:

(0:31) Why Regulations and Cybersecurity Are Intertwined

* How EnGenius helps small medtech companies plan early.

* Challenging the idea that cybersecurity and QMS are separate disciplines.

(7:12) Planning Cybersecurity Early

* Business model, product design, and geography all shape your compliance path.

(12:16) Culture Over Checklists in MedTech Security

* Ashkon’s “Non-BS Manifesto” based on Agile principles.

* Real-world examples of ransomware causing patient harm.

(20:38) Why Probabilistic Risk Scoring Falls Short

* How exploitability trumps probability in FDA guidance.

* How cybersecurity attackers differ from typical safety failures.

(28:14) Planning Compliance

* Dick Cheney’s pacemaker becomes a cautionary tale of targeted threats.

Thanks to Ashkon Rasooli for being on the show. Connect with him: https://www.linkedin.com/in/ashkonrasooli

Check out EnGenius Solutions: https://www.engeniussolutions.com

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

Why is cybersecurity labeling more than just a compliance checkbox for medical device companies?

In this episode, Christian and Trevor dive into the nuanced world of cybersecurity labeling for medical devices. They discuss the role of MDS2 and JSP2 documentation, labeling misconceptions, and how manufacturers can best disclose security information without overwhelming or misleading users.

Key points:

(6:30) Misconceptions About Cybersecurity Labeling

* Many manufacturers worry that disclosing risks will aid hackers, but that's flawed thinking.

* Distinctions between labeling as documentation and labeling as a control like a tamper-evident seal.

* Everyday product examples to illustrate why transparency in labeling matters.

(12:45) How Much Detail Is Enough?

* How deep a manufacturer should go with disclosures about encryption and risk.

* Why more detail is generally better and how to balance tech jargon with user readability.

* Different labeling needs based on whether a device is for consumers or hospitals.

(18:20) Context, Risk, and Communication

* Why not encrypting unnecessary data can backfire if a consumer is misinformed.

* How labeling must be contextual and tailored to a device’s function and data sensitivity.

Resources mentioned in this episode:

* The Manufacturer Disclosure Statement for Medical Device Security (generally abbreviated as MDS2).

* The Medical Device and Health IT Joint Security Plan, version 2 (JSP2).

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

MedTech developers, do you know which penetration testing methodology the FDA actually prefers for medical device submissions?

In this episode, Christian and Trevor explain the differences between black, grey, and white box penetration testing and how each impacts the completeness and realism of cybersecurity assessments. They highlight why regulators increasingly expect deeper testing supported by source-code-level insights. They also outline the risks, costs, and delays manufacturers face when choosing insufficient testing approaches during FDA submission.

Key points:

(01:25) Learn how black box testing mimics an attacker with no prior knowledge.

(06:27) How grey box testing blends limited credentials, architecture insight, and direct communication with engineers to expand visibility.

(08:29) Why white box testing includes access to full documentation, processes, and source code.

(10:20) How attacker timeframes differ from tester timeframes.

(11:29) How the FDA’s static analysis, SBOM, and risk evaluation requirements tie naturally into white box testing workflows.

(15:06) Learn why choosing black box testing to save money often results in higher total costs after FDA rejection.

(17:47) Hear why “buy once, cry once” applies to penetration testing.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Med device manufacturers, are you setting up your quality system early enough in product development? Also, are you misunderstanding the FDA’s "guidance" documents—and risking rejection?

Today’s guests are Mark Swanson and Steve Gompertz of QRx Partners, and they’re passionate about helping medtech companies dodge the regulatory and quality pitfalls that derail so many startups. This episode explores how to classify your device properly, why cybersecurity documentation is required even for isolated software, and the evolving role of AI in medical technology.

Key points:

(02:11) Startup Failure and What QRx Solves

* Why many early-stage medtech startups fail.

* Startup optimism is contrasted with the harsh funding and regulatory realities.

(12:16) Classification Chaos and Regulatory Missteps

* The confusion around FDA’s product code database.

(17:55) AI and Quality Systems

* What qualifies as actual AI vs. marketing fluff.

* How regulators handle AI in submissions.

(31:22) National Vs State Regulations

* The critical need for manufacturers to understand state regulations.

* Why quality and regulatory planning must precede design.

Thanks to Mark Swanson and Steve Gompertz for being on the show.

Connect with Mark on LinkedIn: https://www.linkedin.com/in/markswansoncmq

Connect with Steve on LinkedIn: https://www.linkedin.com/in/stevegompertz

Learn more about QRx Partners: https://www.qrxpartners.com

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

What should you do when a vulnerability is discovered in a medical device after it's already on the market?

This dives into post-market management and incident response for medical devices, exploring what happens when a device is hacked or a vulnerability is reported. Christian Espinosa and Trevor Slattery discuss the processes involved in identifying, triaging, and remediating vulnerabilities, emphasizing the unique challenges faced in the medical device sector.

Key points:

(8:01) Sources of Vulnerabilities and Tracking

* There are various sources for discovering vulnerabilities, including software bill of materials, CISA-CAV, annual penetration tests, coordinated vulnerability disclosure databases, etc.

* Standards and guidance for post-market management, including TIR-97 and FDA guidance.

(13:08) Managing False Positives and Risk Triage

* False positives are instances where a testing tool or scanner indicates a problem that doesn't actually exist.

* The critical importance of thoroughly investigating false positives in the post-market phase to avoid unnecessary fixing non-issues.

* The triage process for vulnerabilities.

(21:11) Exploitability and Coordinated Vulnerability Disclosure

* How exploitability factors, like authentication levels, proximity, and attack complexity, can change in the post-market phase.

Resources mentioned in this episode:

* TIR-97: AAMI standard for post-market cybersecurity management

* FDA Guidance: Postmarket Management of Cybersecurity in Medical Devices

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

What does responsible AI implementation look like in medical devices?

This episode explores the intersection of AI, cybersecurity, and medical device regulation with guest Matt Lemay, CEO of Lemay.ai. Hosts Christian Espinosa and Trevor Slattery of Blue Goat Cyber dig into how AI models are trained, certified, and deployed in clinical contexts—and what can go wrong.

Key points:

(7:29) Data, Security, and Deployment Risks

* Training data inconsistencies and data drift in AI models.

* Cybersecurity concerns tied to cloud deployment and version control.

(11:48) Can AI Prescribe Medication?

* Legal and liability implications of AI autonomy in healthcare.

(22:35) Risks and Regulation

* Expectations for AI-enabled device regulations in the EU and US.

(33:35) AI Answers

* Thoughts on how AI has a hard time admitting it doesn't know the answer to something.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Thanks to Matt Lemay for being on the show. Connect with Matt on LinkedIn: https://www.linkedin.com/in/mnlemay/

Lemay AI: https://www.lemay.ai/

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

What documents should engineers prepare to get ready for submitting a medical device to the FDA?

In this episode, Christian and Trevor dig into the underestimated role software documentation plays in cybersecurity, especially in the medical device space. They highlight how incomplete or contextless documentation can hinder everything from SBOM utility to regulatory compliance. With sharp insights and real-world examples, they make the case for elevating documentation as a strategic priority.

Key points:

(00:43) The Real Purpose of Documentation

* Software documentation is often seen as a checklist item rather than a strategic tool.

* Good documentation enables continuity and reduces knowledge silos.

(07:04) Security Starts with Documentation

* A lack of context in software can undermine their usefulness for vulnerability management.

* Documentation quality links with product security posture and incident response readiness.

(13:41) Regulation and Standards for Medical Device Documentation

* Documentation shouldn’t only meet minimum regulatory requirements.

* Strong documentation supports faster and safer decision-making during audits or breaches.

(18:11) Best Practices

* Trevor lists areas where developers consistently miss documentation opportunities (e.g., deprecated functions, third-party code).

* Christian outlines how consistent, contextual documentation helps new team members come up to speed.

(23:59) FDA Requirements

* The hosts recommend integrating documentation into sprint planning and CI/CD pipelines.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

How can human-centered design influence medical device cybersecurity?

In this episode, Christian Espinosa chats with Dylan Horvath of Cortex Design about the powerful intersection of human-centered design and medical device cybersecurity. They explore how usability, trust, and empathy can shape safer, smarter devices from the start. Dylan also shares valuable insights into building design teams, learning from failure, and driving innovation in regulated industries.

Dylan Horvath is a passionate industrial designer who’s spent decades shaping how people interact with technology. As the founder and CEO of Cortex Design, he’s all about blending creativity and engineering to build medical devices that actually work for people.

(00:30) Design Thinking in MedTech

* Christian and Dylan discuss the similarities between design and cybersecurity.

(07:08) The Design Process

* How psychological safety and curiosity are foundations for team success.

* Cortex’s lean, iterative process and fast prototyping.

(14:18) Lessons Learned

* Dylan reflects on design failures and what they taught him.

* The balance between regulation and innovation in MedTech.

(21:26) Security and Usability

* Dylan’s thoughts on how threat modeling could better include design teams.

* The trade-offs between usability and strong security in med devices.

(26:36) Design Challenges

* User experience is critical, and overlooking it can lead to products that are difficult to use and unappealing to the market.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Thanks to Dylan Horvath for being on the show. Connect with Dylan on LinkedIn: https://www.linkedin.com/in/dylan-horvath/

Learn more about Cortex Design: https://cortex-design.com/

Christian Espinosa is the CEO and founder of Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

How can medical device manufacturers meet FDA cybersecurity requirements the first time around?

What are the most significant challenges medical device manufacturers face in ensuring FDA cybersecurity compliance?

In this webinar, Trevor Slattery, CTO of Blue Goat Cyber, dives into what it takes to master medical device cybersecurity and avoid costly delays with the FDA. He outlines common pitfalls companies face, including poor documentation, lack of threat modeling, and mismatched security controls. Watch this webinar for practical, actionable advice for navigating FDA expectations and building more secure, compliant devices.

Topics Trevor explores in this webinar:

(00:30) Why Devices Get FDA Cybersecurity Pushback

* Many devices are rejected due to poor threat models and vague documentation.

(06:36) What the FDA Is Really Looking For

* The FDA expects a structured, traceable cybersecurity story from architecture to testing.

(13:20) Building Strong Documentation and Threat Models

* Good threat modeling identifies specific risks and aligns them with appropriate mitigations.

* Fuzzy, generic statements about “zero trust” or “encryption” are red flags for reviewers.

(19:56) SBOMs, Known Vulnerabilities, and FDA Red Flags

* FDA reviewers expect to see every SBOM component mapped to known vulnerabilities.

* Missing VEX (Vulnerability Exploitability eXchange) documentation slows down reviews.

(26:54) What to Do If You’re Stuck or Behind Schedule

* If you’re behind, don't scramble—step back and rebuild the cybersecurity narrative.

* Professional guidance can help realign your strategy with FDA expectations.

This webinar was brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

How can medical device companies own their data without compromising security?

In this episode, Kevin Derr from NeuronSphere joins Christian and Trevor to dive into the intersection of cybersecurity, compliance, and innovation in the medtech world. They also explore why data ownership and secure system architecture are foundational for FDA compliance and patient safety.

Key points:

(0:47) From Big MedTech to Startup

* Kevin shares his journey from Stryker and J&J to co-founding NeuronSphere, which was built to simplify the creation of compliant data products for medtech engineers.

* NeuronSphere is like a toolkit allows companies to retain full data ownership while meeting FDA and cybersecurity requirements.

(5:21) Ownership, Trust, and Compliance

* Vendor solutions often fall short during V&V, triggering costly compliance upgrades.

* NeuronSphere keeps ownership and compliance within the manufacturer's own infrastructure.

(11:12) Misconfigurations and Human Error

* Misconfigured S3 buckets and default credentials are common sources of breaches.

* Even the FBI and CIA have faced major data exposures from simple mistakes.

* Human error remains the biggest vulnerability.

(17:00) Balancing Security and Functionality

* FDA’s focus is patient safety and effectiveness, not just data protection.

* Secure coding is often deprioritized due to deadlines and lack of training.

(33:21) FDA Guidance

* The new FDA cybersecurity guidance is moving security discussions earlier in the development lifecycle.

* Startups are now forced to consider data flow and security posture before first-in-human trials.

Thanks to Kevin Derr for being on the show. Connect with Kevin on LinkedIn: https://www.linkedin.com/in/kevinderr/

Learn about NeuronSphere: https://www.neuronsphere.io/

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

What are some strategies founders can use to incorporate cybersecurity into the early stages of developing a medtech product?

In this episode, Christian and Trevor break down the critical role of cybersecurity in early-stage medtech startups. They explore why cybersecurity is often overlooked, what the real-world consequences are, and how startups can shift left to avoid costly pitfalls. From VC funding to FDA requirements, they offer a roadmap for founders who want to get it right from the start.

Key points:

(0:33) The Cybersecurity Awareness Gap

* Many early-stage medtech startups don't consider cybersecurity until it's too late.

(5:36) Budgeting for Cyber from the Start

* Cybersecurity costs extend beyond hiring a firm—developers must also build secure code.

* Developers with medtech experience and adherence to IEC/ISO standards are essential.

(10:18) Picking the Right Dev Partners

* Evaluate software firms based on documentation, process, and compliance with medtech standards.

* Founders need teams who think about security proactively, not reactively.

(15:42) Cybersecurity as a Funding Factor

* VCs now look for cybersecurity as part of the startup's roadmap.

* Cybersecurity must be iterative—not a one-time checkbox before FDA submission.

(20:22) Safety and Security

* Cybersecurity isn't just about software—hardware choices matter too.

* Awareness of risk classes (Class A, B, C) impacts cybersecurity needs.

* Safety and security are intertwined, especially when patient harm is possible.

Resources mentioned in this episode:

* FDA Guidance on Cybersecurity in Medical Devices

* ISO 13485 – Medical Devices Quality Management Systems

* IEC 62304 – Medical Device Software Lifecycle Processes

* AAMI TIR57 – Principles for Medical Device Security Risk Management

* ISO 14971 – Application of Risk Management to Medical Devices

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

If you’re launching a medtech product, what should you know about market access, cybersecurity, reimbursement challenges, and customer education?

In this episode, Christian and Trevor discuss the challenges and opportunities facing medtech startups with guest Paul-Lukas Hoffschmidt, CEO of Alpha Sophia. This conversation covers trends in US healthcare, the importance of cybersecurity and interoperability, and strategies for successful product commercialization.

Key points:

(00:53) Intro to Alpha Sophia

* Alpha Sophia’s commercial intelligence platform assists medical device, digital health, and life sciences companies in identifying the right healthcare providers for their products.

(02:04) MedTech Trends

* The US healthcare market is increasingly important for medtech startups, partly due to slower regulatory processes in Europe.

(06:43) Hurdles Facing MedTech Startups

* Identifying the right potential customers (physicians, practices, hospitals) is a significant challenge.

* Gaining the attention of busy doctors requires a creative, omnichannel approach.

(12:11) Cybersecurity and Purchasing Decisions

* Potential buyers expect medical devices to be secure, viewing regulatory approval as a baseline.

* Interoperability is increasingly important as healthcare providers want devices that integrate into their existing systems.

(24:05) Integrating Cybersecurity Early

* Cybersecurity should be considered from the initial product requirements phase.

(32:53) Advice for MedTech Innovators

* Medtech innovation is a long journey requiring careful planning and resource management.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Thanks to Paul-Lukas Hoffschmidt for being on the show.

Learn about Alpha Sophia’s intelligence platform: https://www.Alpha Sophia.com/

Connect with Paul-Lukas on LinkedIn: https://www.linkedin.com/in/hoffschmidt/

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

What are some of the biggest barriers to effective collaboration between coders and cyber experts, and how can they be overcome?

This episode explores the essential components of successful collaboration and teamwork. The discussion delves into common challenges teams face and practical strategies for improving communication and trust.

Key points that Christian and Trevor explore:

(00:31) Developer-Cybersecurity Divide

* The hosts open up about ego and emotional intelligence in cybersecurity and development.

* Developers often respond defensively to security findings, creating friction during collaboration.

(04:46) Incomplete Fixes and Communication Gaps

* Clients sometimes apply superficial fixes or disagree with findings due to misunderstanding the issue.

* Ultimately, clients must accept or reject risks, but they must fully understand them first.

(07:40) Is Dual Expertise Feasible?

* The distinct expertise needed for development and cybersecurity makes dual mastery unlikely.

(12:26) Business Pressure

* Unrealistic timelines often force teams to release insecure products under pressure from leadership.

* Compliance-driven cybersecurity efforts are seen as necessary evils rather than strategic investments.

(17:29) DevSecOps & Misconfigurations

* Despite years of talk, DevSecOps adoption remains limited due to cost, culture, and lack of education.

* Misconfigurations and human error are far more common than code exploits in real-world breaches.

(22:11) Tools & Tradeoffs

* Secure pipelines and scanning tools are helpful but not foolproof; many vulnerabilities still require human testing.

* Developers can drastically reduce risks by understanding and applying core cybersecurity best practices.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

What risks do you take when cybersecurity is left off your development roadmap?

In this episode, Christian, Trevor and guest Jim Goodmiller explore how cybersecurity intersects with regulatory expectations and quality systems, creating new challenges and opportunities for medtech innovators. Jim helps to explain why founders must integrate cybersecurity from concept through commercialization, especially as FDA scrutiny increases.

Key points:

00:48 Why cybersecurity now influences every part of the regulatory landscape.

04:48 How technologies can create serious safety and compliance risks when not fully vetted.

10:45 Cybersecurity as a mandatory component of regulatory planning.

14:52 The need for iterative penetration testing

22:16 Challenges of upgrading legacy devices

25:37 Avoiding serious legal consequences.

29:29 Preparing a complete roadmap for investor confidence

40:08 The role of communication

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Thanks to Jim Goodmiller for being on the show.

Connect with Jim on LinkedIn: https://www.linkedin.com/in/jimgoodmiller/

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

What are the 10 essential components of a successful commercialization plan in the medtech industry, and why are they often overlooked?

This episode explores the critical role of commercialization in the medtech industry. The conversation explores the reasons behind the high failure rate of medtech startups and emphasizes the importance of a comprehensive commercialization plan, cybersecurity considerations, and the pursuit of wisdom over speed.

Today’s guest is Craig T. Ingram, a medtech and healthcare technology consultant who helps companies avoid going broke by focusing on effective commercialization strategies. Craig is the Chief Commercialization Strategy and Growth Advisor for Int'l Commercialization Growth Partners.

Key points:

(3:21) The Commercialization Roadmap

* Many companies lack a written commercialization roadmap, focusing instead on sales and marketing plans.

* Key components of commercialization include regulatory affairs, product design, production, and alliances and partnerships, which are often overlooked.

(10:11) Cybersecurity

* Cybersecurity is not evil but a critical necessity, similar to insurance, to protect against malicious activity and data breaches.

* Cybersecurity can be viewed as a means of preventing malicious activity rather than just protecting data.

(24:51) Value vs Expertise

* Many manufacturers struggle to evaluate cybersecurity vendors, often prioritizing cost over specialized expertise.

* Applying the same commercialization strategies as large companies is ineffective for startups and small to medium-sized enterprises.

(34:20) Wisdom vs. Speed in Business

* The "move fast and break things" mentality prevalent in Silicon Valley can be detrimental to proper commercialization.

* Effective commercialization requires a focus on getting it right rather than being right, and a willingness to learn and adapt.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Thanks to Craig T. Ingram for being on the show. Connect with Craig on LinkedIn: https://www.linkedin.com/in/craigtingram

Learn about Int'l Commercialization Growth Partners: https://www.medicalsalesgrowth.com/

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

Why is interoperability increasing cybersecurity risks in healthcare, and what can we do about it?

Interoperability is making healthcare more efficient but also more vulnerable to cyber threats. In this episode, Christian and Trevor discuss how second-order attacks, misconfigured cloud systems, and poor data integrity controls can compromise medical devices. They also share practical steps manufacturers can take to protect their devices and networks.

Key points:

(02:00) Understanding Interoperability Risks

* The increasing number of connected medical devices and their security challenges.

* How interoperability expands the attack surface in hospital networks.

(10:30) Second-Order Attacks

* Why attacking one system can compromise another in unexpected ways.

(20:45) Industry Challenges

* The MGM cyberattack and how a single vulnerability led to widespread damage.

(30:20) Best Practices for Secure Interoperability

* Validating all data entering and exiting a medical device.

* Restricting access to USB ports and other high-risk connection points.

* The potential (and pitfalls) of blockchain for medical records.

* Why security awareness must evolve alongside interoperability.

Resources mentioned in this episode that you can Google:

* Showdan search engine for devices.

* MedTech World, a conference on medtech innovations.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

Why are Software Bill of Materials (SBOMs) critical for medical device security?

In this episode, Cortez Frazier Jr. joins Christian and Trevor to discuss SBOMs, vulnerability prioritization, and why companies should stop fearing software transparency. The conversation covers real-world security challenges, regulatory trends, and how organizations can protect themselves before a major breach forces them to act.

Cortez Frazier Jr. is a principal product manager at FOSSA, where he helps companies navigate software supply chain security with a mix of technical expertise and strategic foresight.

Key points:

* Overview of FOSSA and its role in software composition analysis.

* The increasing importance of SBOMs in regulatory compliance.

* (10:30) Understanding SBOMs

* How the SolarWinds attack changed the conversation around software transparency.

* Why some manufacturers are reluctant to release SBOMs.

* (20:45) Prioritizing Vulnerabilities

* The difference between CVEs and actual exploitability risks.

* Why blindly patching everything isn’t an effective security strategy.

* (30:20) Legal and Compliance Risks

* How open-source licenses can force companies to disclose their source code.

* What manufacturers need to do to avoid unexpected legal issues.

* (40:50) Future Trends

* How hospitals and customers will soon start demanding SBOMs.

* Cortez’s advice for companies looking to improve their cybersecurity posture.

Resources mentioned in this episode that you can Google:

* Executive Order 14028.

* SPDX and CycloneDX – Machine-readable SBOM formats

* EPSS (Exploit Predictability Scoring System) – A better way to assess vulnerability risk

* CISA Known Exploited Vulnerabilities List – The vulnerabilities that actually matter

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Thanks to Cortez Frazier Jr. for being on the show. Connect with Cortez on LinkedIn: https://www.linkedin.com/in/cortezfrazierjr/

Learn more about FOSSA: https://fossa.com/

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

What are some of the biggest cybersecurity risks medical devices face after they hit the market?

This episode dives into the challenges of postmarket surveillance for medical devices. Christian and Trevor discuss vulnerabilities that emerge after deployment, how manufacturers and hospitals handle updates, and why continuous security testing is essential. They also cover penetration testing and the evolving regulatory landscape for medical device cybersecurity.

Key points:

* The importance of postmarket surveillance in medical device cybersecurity.

* How vulnerabilities in third-party libraries can create security risks.

* The FDA’s push for over-the-air (OTA) updates and the associated attack vectors.

* The necessity of a Coordinated Vulnerability Disclosure (CVD) system.

* Why hospitals struggle with unpatchable medical devices in their networks.

* The role of Software Bill of Materials (SBOM) in monitoring supply chain security.

* How penetration testing identifies new threats even after a device is launched.

* How attackers exploit known vulnerabilities in medical devices.

* The misconception that cybersecurity is a one-time effort rather than an ongoing process.

Chapters:

(02:30) Medical Device Vulnerabilities

(05:45) Over-the-Air Updates

(10:20) Coordinated Vulnerability Disclosure

(15:15) SBOM in Medical Device Security

(20:45) Why Hospitals Struggle with Unpatchable Devices

(25:30) Continuous Penetration Testing

Resources mentioned in this episode:

* CISA Known Exploited Vulnerabilities List: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

* NTIA Software Bill of Materials Guidelines: https://www.ntia.gov/page/software-bill-materials

* FDA Cybersecurity Guidance for Medical Devices: https://www.fda.gov/medical-devices/digital-health-center-excellence/cybersecurity

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts