The Med Device Cyber Podcast

Early-stage MedTech gets riskier when investors confuse a compelling story with a credible device. Stronger diligence starts by testing whether the science is real, whether clinicians would actually use the product, and whether the company has thought seriously about regulatory fit, reimbursement logic, and engineering durability.That framework becomes even more important in neurotech, where public fascination can outrun the evidence base and where the difference between a breakthrough and a weak claim is often diligence quality.Episode Breakdown00:00 Opening02:42 Science and engineering filters07:55 Why neurotech still has open space17:15 Cybersecurity as a hardening issue24:20 How specialist funds operate38:13 Final reflections40:58 EndThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com.If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

A device can clear regulatory hurdles and still struggle commercially if the evidence is too narrow. MedTech companies need proof that speaks to affordability, care quality, operational impact, and long term value, not just technical performance.Market selection matters just as much. The same solution may fit the United States, the UK, Germany, or the Netherlands very differently because reimbursement models, provider incentives, and care delivery systems are not built the same way.Episode Breakdown00:00 Opening09:02 What evidence actually needs to prove14:16 Building a stronger adoption case22:43 Economic logic across markets28:36 Choosing where to launch42:08 Key reflections48:30 EndThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com.If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Product decisions made during early development determine commercialization outcomes years later. Wrong choices about regulatory pathways, feature sets, and market segments create compounding problems limiting commercial success.Christian Espinosa and Trevor Slattery explore product management with Brent Lavin, Chief Product Catalyst of Ironwood MedTech Partners, covering why 510(k) pathways average four years while PMA programs require seven to nine years, and how feature set alignment shapes success.The engineering mindset applies hypothesis testing to product development through iterative refinement.Practical for MedTech founders and product teams.Episode Breakdown:00:02 Introduction04:35 Ironwood origin06:02 De-risking decisions10:15 Hypothesis testing14:30 Pathway selection18:45 Timelines22:20 Claims limits26:40 Feature alignment30:15 Segmentation34:55 Clinical trials38:45 Entrepreneurship40:45 Insights43:29 CloseThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com.If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Vibe coding enables rapid development through AI-generated code but introduces security risks when developers accept outputs without verification. Malicious actors can inject vulnerabilities through manipulated training data or prompt engineering. Supply chain attacks become easier when developers blindly trust AI implementations.Jake Rodriguez, Founder and CEO of Triangle Tech, joins Trevor Slattery and Christian Espinosa to explore the security implications of vibe coding, how attackers exploit AI code generation, and what verification processes prevent unverified code reaching production.Understanding generated code requires technical knowledge many vibe coding adopters lack.Practical for development and security teams.Episode Breakdown:00:00 AI Search vs Google + Risks01:13 Intro + AI, Marketing, Cybersecurity01:39 Jake Rodriguez Background04:27 What is SEO Today06:30 AI Search vs Traditional SEO08:50 How AI Finds Content (Reddit, Quora)10:11 AI Bias and Hallucinations10:58 Content Strategy + Personal Branding12:27 Why Trust is Shifting (Podcasts, Events)13:56 Bot Farms and Fake Engagement15:02 Apple Branding Psychology16:07 App Permissions and Cyber Risks16:55 AI Voice Scams and Deepfakes19:46 Using AI for Marketing21:04 Prompt Engineering Tips22:36 Where AI Works vs Fails24:28 What is Vibe Coding27:23 AI Risks in Medical Devices30:46 Cybersecurity Challenges in MedTech32:59 AI Jailbreaks and Security Threats34:44 MedTech Marketing Strategy35:43 SEO Landing Page Strategy37:36 Key Takeaways39:00 OutroThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com.If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Early planning prevents expensive corrections when startups address clinical strategy, regulatory pathways, and cybersecurity requirements from day one rather than improvising solutions before launch. FDA pre-submission meetings provide feedback that de-risks strategies before execution.Clinical trial design shapes feasibility for startups with limited budgets. Understanding target markets determines sample requirements since UnitedStates sales need United States samples while Korean sales need Korean data. Reverse engineering where you want to sell enables appropriate planning.Good Clinical Practice guidelines establish responsibility layers. Manufacturers remain accountable for outcomes even when delegating work to CROs or contractors. Understanding responsible versus accountable shapes partner selection.Practical for regulatory and clinical strategy.Episode Breakdown:00:01 Welcome03:45 CRO terminology07:20 Market research findings12:15 Startup needs16:40 Partnerships20:25 Operations24:10 Study types28:35 FDA strategy32:50 GCP guidelines36:15 Accountability39:40 Markets41:36 ThoughtsThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com.If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Quality management system implementation delays create cascading failures across medical device development timelines. Startups using SharePoint or Google Drive for documentation discover at audit time that these tools provide no traceability, no version control, and no evidence of systematic processes.Dr. Basant Bajpai discusses why design controls begin at the concept stage, regardless of whether companies acknowledge them, how reverse documentation costs 6-12 months when manufacturers reach the submission stage without proper systems, and what happens when scaling exposes foundational quality gaps.Simple automated systems that enforce traceability outperform both manual approaches and enterprise platforms that startups cannot fully utilize. Starting early with scalable infrastructure prevents wholesale system transitions during growth.Practical for medical device startups and innovators.Episode Breakdown:00:00 Introduction Hook on QMS Mistakes and AI Boundaries00:49 Why AI Should Assist, Not Own, the Compliance Process01:09 Guest Introduction: Dr. Basant Bajpai and ComplianceMed QRA01:32 Why QMS Is a Survival System, Not Just Software02:20 The Biggest QMS Mistake Medtech Founders Make03:02 Why Early Stage Companies Must Start QMS Sooner Than They Think04:03 Why Shared Drives and Manual Systems Fail During Audits05:05 Start Simple: Build a Traceable Foundation Before You Scale06:08 Cybersecurity and Quality Are More Connected Than Most Founders Realize06:59 How AI Is Being Used Inside an Automated QMS08:00 Human in the Loop: Where AI Helps and Where Experts Must Step In08:48 The Risk of AI Hallucinations in Regulated Documentation10:03 When AI Can Invent Content and Why That Requires Extra Caution10:45 Why You Should Not Use AI Before Your QMS Basics Are Fully Built12:34 Regulator Reactions to AI in Compliance and Documentation13:29 Could Regulators Start Using AI Too?15:09 The Coming AI Arms Race in Regulatory Reviews17:04 Why Traceability Is Still the Hardest Problem for AI18:23 Why Manual Traceability Still Matters in an AI Assisted QMS20:24 AI in Healthcare: Big Opportunity, Big Responsibility22:14 What Happens When Companies Delay Quality System Implementation24:00 The Cost of Reverse Documentation and Missed Traceability25:20 Why Poor QMS Setup Becomes a Scaling Nightmare27:00 Medtech Startups: Limited Budgets, Too Many Critical Priorities28:10 The Cybersecurity Retrofit Problem and Why It Delays Submission29:07 Why New Regulatory Pressure Makes Early Planning Even More Important30:12 FDA Pushback on Weak Cybersecurity Documentation30:58 Awareness and Education as the Real Fix32:22 Final Takeaways: QMS, AI, and Cybersecurity34:05 Why AI Must Stay a Tool and Never Become the Decision Maker35:10 Closing RemarksThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com.If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Early design decisions define the trajectory of a medical device long before commercialization begins. Choices related to software architecture, third-party components, and system connectivity establish both the opportunity and the risk profile of the product.Cybersecurity introduces a layer of complexity that many teams underestimate. It extends beyond protecting data and into safeguarding patient outcomes, ensuring system reliability, and meeting increasingly stringent regulatory expectations.Chris Danek, CEO of Bessel, joins Christian and Trevor to examine how a single overlooked dependency or unsupported component can become a critical vulnerability. In many cases, these issues remain hidden until late-stage testing or FDA review, where remediation becomes significantly more expensive and disruptive.Effective development requires integrating cybersecurity into requirements, architecture, and validation activities from the outset. Threat modeling, component vetting, and design-level decisions play a defining role in reducing downstream risk.The organizations that succeed are those that treat cybersecurity as a core engineering discipline. Building secure, scalable medical devices requires alignment between technical execution, regulatory strategy, and long-term product viability.Episode Breakdown:00:01 Welcome02:54 Impact definition05:16 Security integration07:22 Connectivity requirements12:30 Architecture18:45 Requirements24:20 Development30:15 Certificates36:40 Privacy focus42:50 Risk scoring48:03 Regulators50:55 ThoughtsThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com.If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Alarm fatigue happens when monitoring systems raise so many false flags that clinical staff begin ignoring them, even when real critical events occur. A surgeon during an operation gets alarms indicating patient bleeding, but observes stable blood pressure and no visible bleeding. The surgeon trusts direct patient observation over machine output because edge cases require human judgment that AI cannot reliably provide.Brandon Fertig discusses why patient monitoring systems with visual indicators like the gingerbread man figure help nurses prioritize care without replacing their judgment, how edge cases become more important as automation increases, and why AI in healthcare should focus on efficiency rather than autonomous decision-making.Alarm noise versus signal, why ground truth patient observation matters more than machine alerts, and how human checkpoints handle situations AI cannot predict.Practical for understanding AI limitations in clinical settings.Episode Breakdown:00:01 Welcome02:20 IT background05:03 Leadership08:33 Skills transfer12:15 Philips work16:40 Training22:30 AI tools28:45 Checkpoints34:20 Monitoring38:50 Quality40:54 Efficiency41:24 Judgment42:38 AdviceThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com.If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Devices that do not integrate into the clinical workflow sit unused regardless of technical sophistication. Physicians work in high-pressure environments where equipment must be 100 percent reliable, secure, and enhance workflow rather than disrupt it.Professor Aamer Ahmed, a Consultant in Cardiothoracic Anaesthesia, Professor of Anaesthesia and Critical Care at the University of Leicester, and co-founder of Hemeo, a medical technology company designing AI-based personalized Clinical Decision Support Systems for coagulation disorders, discusses with Christian Espinosa and Trevor Slattery why involving Key Opinion Leaders at the design stage prevents expensive redesigns, what alarm fatigue does to clinical decision-making, and how legal precedent will determine AI liability as therapeutic recommendations become more common.He also explains why the best medtech development approach involves spending time in hospitals observing physicians before engineering products, how digital twin models enable personalized clinical predictions, and why common sense is not always common practice in device design.The discussion offers practical advice for building devices clinicians actually use.Episode Breakdown:00:01 Introduction00:33 Role explanation02:49 KOL involvement03:32 Workflow integration05:36 Seamless design07:13 Problem-first approach07:35 Clinical observation08:45 Digital twin12:20 IT security18:30 AI support22:15 Accountability26:40 Alarm fatigue32:10 Liability34:07 Advice38:13 SimplicityThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com.If you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Marketing medical devices requires understanding that stakeholders are different, buying processes are longer, and friction points are more complex than consumer products or software. Most companies build websites and attend trade shows hoping prospects will decode their message, but prospects do not have time for that.Sustained adoption is not the same as initial purchase. It means the device is used continuously with no friction, no concerns, and no barriers, causing users to stop or switch. Getting there requires understanding every stakeholder involved, what questions they have at each stage, and what fears might stop them.This episode covers how to structure marketing that moves stakeholders through a clear path, why ideal client profile refinement produces better results than broad targeting, and how one advisor identified exact pain points to cut through noise and convert a prospect.Practical advice for anyone responsible for medtech marketing or go-to-market strategy.Episode Breakdown:00:02 Welcome00:21 Intro02:15 Origin04:36 Challenges06:51 Foundation07:00 Knowledge gap09:30 Adoption11:45 Mapping15:20 Friction18:40 Content22:30 Targeting26:15 Failures30:45 Pain points34:20 Clarity38:50 Tradeoffs40:44 AdviceThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com.If you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Medical device risk assessments are failing patients, not because the process is too hard, but because nobody doing the assessment has ever been in the room where the device actually gets used.Medtech quality and regulatory leader Stephen Smith describes sitting in a risk session for a device going into an intensive care unit. Twelve people in the room, and not one had ever set foot in an ICU. If you have never been in the environment your device will operate in, risk identification becomes guesswork, mitigations get written for problems that are not the actual problems, and the device goes to market with gaps that stay hidden until something goes wrong.This episode covers why the user environment is the most consistently ignored variable in medical device development, and how that same gap shows up in cybersecurity risk assessments.Also discussed: the $5,000 problem that gets rationalized today has a way of becoming the $500,000 crisis that cannot be ignored tomorrow, and what this argument actually looks like in practice.Stephen also explains why CE marking proves you passed an audit and why FDA clearance does not mean the FDA approved your device.Worth listening to if you are focused on medtech quality, regulatory, or cybersecurity.Episode Breakdown:00:00 Opening quote00:47 Intro and guest background04:14 QA vs RA vs QC06:00 Cybersecurity in quality systems08:30 Risk as the foundation11:20 Ignoring clinicians and user environments13:00 ICU risk assessment example14:19 Startups and product market fit15:30 Key Opinion Leaders16:47 Companies hiring comfortable consultants18:30 $5,000 vs $500,00020:00 Why quality and cybersecurity are invisible22:00 What regulators actually review22:54 Self-signed certificates24:30 Cybersecurity speed vs regulation speed26:30 CE marking is not a quality guarantee27:00 Lost instructions for use28:40 Cleared vs approved29:45 Prevention is better than cure31:00 Final advice32:00 Racing analogyThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry.Learn more by visiting https://bluegoatcyber.comIf you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and Founder of Blue Goat Cyber.Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Ten years ago, Singapore's healthcare system got hacked. Patient records were stolen at a national scale. The government responded by building one of the most comprehensive medical device security frameworks in the world.The Cybersecurity Labeling Scheme has four tiers. Level one means basic security controls exist. Level four means the device underwent independent code review, has advanced threat detection, and maintains continuous vulnerability management. Hospitals can see exactly what level of security they're getting before they buy.Jun Xiang from CareHero explains why this matters, especially now that AI is showing up in medical devices without proper testing. He covers adversarial attacks on medical images, why doctors are uploading patient data to ChatGPT, and what automation bias does to clinical decision making.Practical conversation about medical device security in Southeast Asia and what manufacturers need to know about Singapore's approach.Episode Breakdown:00:01 Welcome00:31 Background01:09 Military service03:09 AI threats03:45 23% problem04:40 X-rays ChatGPT05:43 Attacks08:15 Poisoning11:30 Hallucinations14:20 AI code17:45 Vulnerabilities20:30 Pair programming23:15 Guardrails26:40 Automation bias28:50 AI scribes31:20 Dialects34:05 Pre-triage36:32 Pricing37:25 Pair programmer37:40 Human interpretationThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry.Learn more by visiting https://bluegoatcyber.comIf you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and Founder of Blue Goat Cyber.Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

SBOMs are one of the most common sources of FDA deficiencies in medical device submissions. Most companies think they're doing it right, but then they get feedback asking for missing components or clarification on what's included.In this webinar, Christian Espinosa and Trevor Slattery explain what the FDA actually expects in an SBOM and why it's not just about listing third-party libraries. You need to include first-party code too. You need to follow the NTIA minimum elements. And you need to provide it in a machine-readable format like SPDX or CycloneDX.Trevor walks through the history of SBOMs, from their origins in licensing compliance to their current role in medical device cybersecurity. He explains the shift-left approach the FDA wants to see and why transparency matters for healthcare delivery organizations making purchasing decisions.The webinar also addresses a big concern people have. Does publishing an SBOM give attackers a roadmap to your system? Trevor breaks down why that's not actually a problem if you're managing your security properly.If you're building a connected medical device or preparing for an FDA submission, this is a clear breakdown of how to get your SBOM right the first time.Webinar Breakdown:00:00 Welcome and introduction to SBOMs00:44 What is an SBOM and why does it matter03:10 The history of SBOMs: From licensing to cybersecurity07:20 Why the FDA cares about SBOMs11:30 The biggest mistake: Leaving out first-party code15:45 NTIA minimum elements explained19:20 Machine-readable formats: SPDX and CycloneDX23:00 Real-world examples: Log4j and Shellshock26:15 Do SBOMs give attackers a roadmap? The truth29:40 Common myths about SBOMs33:50 Key takeaways for FDA submissions36:20 Q&A session beginsBlue Goat Cyber provides essential cybersecurity solutions for the medical device industry.Learn more by visiting https://bluegoatcyber.com.If you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and Founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Building medical device software is hard. Building it the right way is harder. And getting it through FDA approval while managing cybersecurity requirements? That's what Darcy Bachert has been doing for 17 years.Darcy runs Prolucid Technologies, an ISO 13485-certified software development firm in Toronto. They work with medtech companies across North America, Europe, and Australia.And in that time, he's seen the same mistakes repeatedly.The biggest one? Founders build products that solve problems nobody has. Or they build something physicians won't adopt because it adds complexity instead of making their lives easier.In this conversation, Darcy talks about IEC 62304 and why it matters when choosing a software partner. The Canadian medtech ecosystem and why Toronto is a major hub. And why quality systems and cybersecurity need to be built in from day one, not added at the end.This episode is practical if you're building a medical device or working with medtech startups.Episode Breakdown:00:01 Welcome and intro00:30 Darcy's background and Prolucid Technologies overview01:15 The origin of the name Prolucid Technologies01:58 Why clarity matters more than code04:18 Common challenges beyond software development06:11 Toronto's medtech ecosystem06:57 IEC 62304 and choosing the right development partner09:17 ISO 13485 certification and investor confidence12:04 Realistic timelines for medical device software15:32 Cost expectations and budget planning18:45 Building quality systems from the start21:20 Integrating cybersecurity throughout development24:15 When and how to do penetration testing27:30 Cybersecurity mistakes startups make30:42 The MTI program and Canadian medtech resources33:18 Canadian vs US medtech markets36:22 Physician adoption challenges40:18 Trevor: Don't invent your problem41:36 Darcy: Find partners who've done it before43:05 Christian: Balance user adoption with reimbursementThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com.If you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and Founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Marc Zemel has been building Retia Medical for 15 years. The company started as two guys with slides and licensed technology. Now their data-driven hemodynamic monitoring technology for consistently accurate cardiac output measurements in high-risk surgical and critically ill patients is in 75 hospitals across 18 countries, sold by Medtronic in the U.S, and the company is preparing to launch their new product Argos Infinity, pending FDA clearance.But getting here meant dealing with cybersecurity challenges that Marc didn't see coming. In this conversation, he talks about what actually slowed them down, what he wishes he'd done differently, and why building a proper quality system from day one would have saved him years of pain.Retia Medical develops algorithms that monitor cardiovascular function. Their technology detects problems before blood pressure drops, which makes it valuable in operating rooms and ICUs. Nurses have gotten so attached to their monitors that they literally hug them because the devices help them do their jobs better.Marc walks through the specific cybersecurity issues that surprised him. Like how software as a medical device comes with ongoing compliance costs that hardware doesn't have. Or how documentation requirements kept changing as the FDA updated its expectations. Or how retrofitting cybersecurity into an existing product is way more expensive than building it in from the start.He also shares his philosophy on building companies. He doesn't focus on exits or acquisition targets. He focuses on building something people can't live without. When the product is that good, the rest takes care of itself.If you're building a medical device startup or dealing with FDA submissions, this is a conversation worth hearing.Episode Breakdown:00:00 Introduction00:32 Where everyone's calling from02:54 Marc's background and journey into medtech04:33 What Retia Medical does07:00 Blood flow vs blood pressure09:45 Software vs hardware as a medical device12:30 Cybersecurity challenges15:20 Documentation nightmares18:45 Quality systems and why they matter early22:10 FDA submissions over 15 years25:30 The cost of retrofitting cybersecurity28:50 Software updates and compliance32:15 Build to be bought, not to be sold37:32 What acquirers look for39:02 Product market fit: Nurses hugging monitors41:14 Wearables and future regulationsThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com.If you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and Founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Thinking about taking your medical device to China? Or maybe you're a Chinese company looking at the American market?William Jin has spent over 30 years helping companies do exactly that, and he'll tell you straight up that most of them aren't ready. Not because they lack good products, but because they didn't think about cybersecurity early enough.William was trained as a medical doctor in Shanghai, then moved into the medtech industry working for companies like McCulloch and Stryker. Now he helps businesses on both sides of the Pacific figure out how to actually get their products approved and sold in each other's markets. The problems he sees are surprisingly similar whether you're going East or West.In this conversation, William walks through the real barriers to global expansion. We're talking about practical stuff like why using Google Cloud can completely block you from the Chinese market, how data sovereignty laws affect AI-powered devices, and why that Baxter ventilator recall should matter to everyone building connected medical devices.If you're in medtech and thinking about international markets, this is the reality check you need. William's advice is simple but critical: plan for your target markets before you start building. Otherwise, you'll spend millions redesigning later, or worse, you'll realize you can't enter those markets at all.Episode Breakdown:00:00 The costly mistake of not planning for global markets early00:44 Meet William Jin: Medical doctor turned medtech market strategist03:15 What's really stopping Chinese companies from entering Western markets07:20 Why Chinese medtech exports to the U.S. dropped while Europe increased11:40 The Google Cloud problem nobody warns you about15:50 How China's data regulations affect your algorithms and cloud architecture19:30 Reverse engineering your markets: Start with the end in mind23:00 Where Chinese companies dominate and where they struggle internationally26:45 The Baxter recall that was really about cybersecurity28:50 Why cybersecurity product recalls are fundamentally different29:20 William's final advice for medtech innovators29:40 Wrapping up: Design to disposal, not as an afterthoughtThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com.If you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and Founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Ever thought about what it really takes to launch a successful medtech startup?Omar M. Khateeb knows the challenges firsthand. As a founder with a track record of building healthtech companies, he’s lived through the hurdles that come with innovating in the medtech space.In this episode, Omar dives into the highs and lows of his entrepreneurial journey, sharing key lessons, pivotal moments, and the strategies that helped him succeed. From tackling complex healthcare issues to navigating the regulatory maze, Omar breaks down what it takes to make a lasting impact in medtech.Join us for an inside look at the future of health tech and why it’s the perfect time for the next generation of entrepreneurs to get involved.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.comIf you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Feedback? Questions? Contact: https://bluegoatcyber.com/contact/Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficialThe Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmhSubscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Why does software composition analysis matter beyond regulatory compliance?This episode explores SCA (Software Composition Analysis) and explains how SBOMs (Software Bill of Materials), SOUP (Software of Unknown Provenance), and related tooling fit into the broader medical device cybersecurity landscape. Christian and Trevor clarify common misconceptions, including licensing fears, machine-readable requirements, and the role of static testing tools.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.comIf you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Feedback? Questions? Contact: https://bluegoatcyber.com/contact/Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficialThe Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmhSubscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

What past ransomware and medical device incidents might reveal gaps that manufacturers are still overlooking today?In this episode, Christian and Trevor examine real incidents where cybersecurity failures, software flaws, and insecure medical devices led to patient harm and death. They break down how ransomware attacks, implantable device vulnerabilities, and AI-driven therapies expose life-critical risks in healthcare. The conversation highlights why regulators are increasing scrutiny and why cybersecurity must be treated as a patient-safety imperative, not an afterthought.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.comIf you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Feedback? Questions? Contact: https://bluegoatcyber.com/contact/Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficialThe Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmhSubscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

This episode puts Trevor in the hot seat. If you were put in the hot seat, could you clearly explain cybersecurity, safety, and lifecycle terms like Trevor?In this rapid-fire episode, Christian fires questions at Trevor about essential medical device cybersecurity concepts and standards. Together, they clarify how risk management, secure development, and lifecycle thinking intersect across safety, quality, and security.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.comIf you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Feedback? Questions? Contact: https://bluegoatcyber.com/contact/Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficialThe Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmhSubscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

MedTech developers, do you know which penetration testing methodology the FDA actually prefers for medical device submissions?In this episode, Christian and Trevor explain the differences between black, grey, and white box penetration testing and how each impacts the completeness and realism of cybersecurity assessments. They highlight why regulators increasingly expect deeper testing supported by source-code-level insights. They also outline the risks, costs, and delays manufacturers face when choosing insufficient testing approaches during FDA submission.Key points:(01:25) Learn how black box testing mimics an attacker with no prior knowledge.(06:27) How grey box testing blends limited credentials, architecture insight, and direct communication with engineers to expand visibility.(08:29) Why white box testing includes access to full documentation, processes, and source code.(10:20) How attacker timeframes differ from tester timeframes.(11:29) How the FDA’s static analysis, SBOM, and risk evaluation requirements tie naturally into white box testing workflows.(15:06) Learn why choosing black box testing to save money often results in higher total costs after FDA rejection.(17:47) Hear why “buy once, cry once” applies to penetration testing.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.comIf you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1Feedback? Questions? Contact: https://bluegoatcyber.com/contact/Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficialThe Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmhSubscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

What risks do you take when cybersecurity is left off your development roadmap?In this episode, Christian, Trevor and guest Jim Goodmiller explore how cybersecurity intersects with regulatory expectations and quality systems, creating new challenges and opportunities for medtech innovators. Jim helps to explain why founders must integrate cybersecurity from concept through commercialization, especially as FDA scrutiny increases.Key points: 00:48 Why cybersecurity now influences every part of the regulatory landscape.04:48 How technologies can create serious safety and compliance risks when not fully vetted.10:45 Cybersecurity as a mandatory component of regulatory planning.14:52 The need for iterative penetration testing 22:16 Challenges of upgrading legacy devices25:37 Avoiding serious legal consequences.29:29 Preparing a complete roadmap for investor confidence 40:08 The role of communicationThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Thanks to Jim Goodmiller for being on the show. Connect with Jim on LinkedIn: https://www.linkedin.com/in/jimgoodmiller/ Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Medtech innovators and medical device manufacturers, how can you prevent cybersecurity deficiencies from delaying your FDA submission?In this webinar, Christian Espinosa, CEO of Blue Goat Cyber, and Trevor Slattery, CTO of Blue Goat Cyber, reveal the most common reasons FDA cybersecurity submissions fail and how you can avoid them. They explain the importance of early risk management, security-by-design practices, and comprehensive testing aligned with NIST and AAMI frameworks. Explored in this webinar: 00:37 Why poor cybersecurity is a top reason for FDA medical device rejection.02:56 The FDA’s total product lifecycle approach.05:18 Why risk management must start before design. 07:35 How AAMI TR57 and ISO 14971 interact to assess patient harm. 10:51 The FDA requirement for traceability among functional, nonfunctional, and security requirements. 16:16 Why cybersecurity testing must cover the entire product (mobile, cloud, etc.).23:33 Why inadequate documentation for critical controls (authentication, logging, encryption) often causes FDA deficiencies.This episode was brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://spoti.fi/3XX95g0Subscribe via Apple Podcasts: https://apple.co/483OJ9I

MedTech manufacturers, how can you avoid the cybersecurity pitfalls that most often lead to FDA rejection?In this episode, Trevor puts Christian “in the hot seat” to tackle the most common—and sometimes misunderstood—cybersecurity questions MedTech innovators ask. Christian breaks down key concepts such as ISO 13485, HIPAA vs. FDA expectations, SAMD vs. SIMD, global regulatory demands, and more. Key points: (00:30) The purpose of ISO 13485 and why traceability, quality, and documentation are foundational to medical device safety.(02:34) How cybersecurity is now the most common reason FDA reviewers reject medical devices.(04:32) Why HIPAA focuses on patient data while the FDA focuses on patient safety.(07:21) Which global regulators impose the strictest cybersecurity requirements and how FDA and China differ.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

What are the 18 required cybersecurity deliverables for a pre-market submission, and how do they map to eSTAR’s 13 sections? This episode breaks down the cybersecurity deliverables required for an FDA pre-market submission and explains why they apply consistently across all device types. Christian and Trevor walk through each deliverable in detail, outline how they map to eSTAR v6.0, and highlight common misconceptions that slow down manufacturers. Key points: (00:33) Why all devices—high-risk or low-risk—must submit the same 18 cybersecurity deliverables to the FDA.(01:41) How device complexity influences documentation depth even though the deliverables never change.(04:42) How the 18 deliverables map to the 13 sections of eSTAR version 6.0. (09:50) The risk management report, threat model, risk assessment, and SBOM requirements.(17:41) How to evaluate and categorize unresolved anomalies.(20:04) How manufacturers should track remediation timelines and vulnerability density.(23:52) The cybersecurity management plan and the extensive post-market responsibilities expected by the FDA.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

MedTech manufacturers, how prepared are you to monitor vulnerabilities continuously once your medical device reaches the market? Also, would you like a free checklist for your Cybersecurity Management Plan? (See link below!) This webinar dives into how medical device manufacturers should build, maintain, and document postmarket cybersecurity programs that align with FDA expectations. Christian and Trevor outline critical requirements such as continuous SBOM monitoring, testing timelines, update processes, CVD workflows, and secure communication standards. Topics explored: (03:14) How the FDA's definition of "cyber device" includes devices with Wi-Fi, Bluetooth, USB, RFID, and NFC connectivity.(05:19) Recent FDA guidance changes, including updated cybersecurity expectations.(10:30) Cybersecurity management plan personnel: compliance officer, product owner, postmarket owner, and authorizing official.(12:30) Static testing, SBOM analysis, penetration testing, and vulnerability assessments. (17:50) Security testing expectations and frequencies. (20:30) Patching, update processes, and remediation timelines. Download your free Cybersecurity Management Plan Checklist: https://bluegoatcyber.com/wp-content/uploads/2025/09/Blue-Goat-Cyber-Postmarket-Management-Checklist.pdf This episode was brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://spoti.fi/3XX95g0Subscribe via Apple Podcasts: https://apple.co/483OJ9I

In the MedTech space, how can you leverage market intelligence and machine learning for business development and sales enablement? In this episode, Christian and Trevor talk with Kevin Saem about how market intelligence and cybersecurity intersect in the MedTech space. They unpack how AI and data-driven insights are transforming sales enablement, investor confidence, and device security. They also discuss regulation delays, startup runway challenges, and the growing need for proactive cybersecurity. Kevin Saem founded Zapyrus, a SaaS platform that helps MedTech service providers supercharge sales through AI-driven market intelligence.Key points: (04:20) Why medtech lags five years behind pharma in regulation and sales sophistication.(06:30) How Zapyrus uses machine learning to identify market signals and automate sales research.(08:45) Why regulatory clarity in Europe is fueling more medtech investment than in the U.S.(12:00) How AI and connected devices are making cybersecurity a top concern for investors.(19:07) What the Illumina case and AI therapy failures reveal about industry accountability.(26:30) How medtech founders can self-regulate.(32:40) When companies should start building scalable sales systems. Thanks to Kevin Saem for being on the show. Connect with Kevin on LinkedIn: https://www.linkedin.com/in/kevin-saem/ Learn about Zapyrus, a sales system for MedTech service providers: https://welcome.zapyrus.com/ The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 This episode was produced by Story On Media: https://www.storyon.co/ In the MedTech space, how can you leverage market intelligence and machine learning for business development and sales enablement? In this episode, Christian and Trevor talk with Kevin Saem about how market intelligence and cybersecurity intersect in the MedTech space. They unpack how AI and data-driven insights are transforming sales enablement, investor confidence, and device security. They also discuss regulation delays, startup runway challenges, and the growing need for proactive cybersecurity. Kevin Saem founded Zapyrus, a SaaS platform that helps MedTech service providers supercharge sales through AI-driven market intelligence.Key points: (04:20) Why medtech lags five years behind pharma in regulation and sales sophistication.(06:30) How Zapyrus uses machine learning to identify market signals and automate sales research.(08:45) Why regulatory clarity in Europe is fueling more medtech investment than in the U.S.(12:00) How AI and connected devices are making cybersecurity a top concern for investors.(19:07) What the Illumina case and AI therapy failures reveal about industry accountability.(26:30) How medtech founders can self-regulate.(32:40) When companies should start building scalable sales systems. Thanks to Kevin Saem for being on the show. Connect with Kevin on LinkedIn: https://www.linkedin.com/in/kevin-saem/ Learn about Zapyrus, a sales system for MedTech service providers: https://welcome.zapyrus.com/ The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: <a href="http://www.youtube.com/@ChristianEspinosaOfficial" rel="noopener noreferrer"...

In medical device software development, why should cybersecurity be viewed as an element of product quality, not an add-on?In this episode, Christian and Trevor speak with Randy Horton of Orthogonal about the future of medical device software development. Together, they unpack how DevSecOps, quality systems, and modern engineering practices can elevate safety and speed innovation in MedTech. From the philosophy behind “move faster and break nothing” to lessons learned from real-world cybersecurity cases, this conversation reframes how medical device teams should approach software design.Randy Horton is the Chief Solutions Officer at Orthogonal, where he helps MedTech companies build better, safer, and smarter connected devices. A lifelong software innovator, Randy brings profound insight into what it takes to merge cutting-edge tech with the regulated world of healthcare.Key points: (03:00) Randy shares how discovering the first web browser set him on a lifelong path of innovation.(05:11) Why high-quality software inherently includes cybersecurity.(08:52) Why traditional engineering mindsets struggle with the flexibility of software development.(12:42) How the “move fast” culture in Silicon Valley clashes with MedTech’s demand for control and safety.(16:09) Why some manufacturers avoid updating medtech devices, and how that hurts long-term device security.(19:49) Randy predicts that born-digital MedTech companies will lead the next wave of innovation, pushing the industry to adapt faster.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Thanks to Randy Horton for being on the show. Learn more about Orthogonal: https://orthogonal.io/ Connect with Randy on LinkedIn: https://www.linkedin.com/in/randyhorton Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

What options do MedTech manufacturers have to bring older devices up to modern cybersecurity standards? Also, how does the FDA’s latest guidance change the process for updating legacy devices?In this episode, Christian and Trevor break down the evolving challenges of managing cybersecurity for MedTech legacy devices. They explain how the FDA’s recent guidance updates create new pathways for handling older devices without requiring full redesigns. Together, they explore practical steps manufacturers can take—like penetration testing and postmarket monitoring—to stay compliant and proactive about security risks.Key points: (02:13) How the FDA defines legacy devices and why updates to older equipment pose unique challenges.(03:47) Why simply replacing old devices isn’t realistic for many healthcare organizations.(05:00) How encryption standards evolve and why older devices often can’t meet modern security expectations.(06:25) The FDA’s distinction between controlled and uncontrolled risk. (09:02) The FDA’s reduced burden pathway for legacy devices.(11:07) Best practices for postmarket management plans. The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

How can security architecture views strengthen a medical device manufacturer’s FDA submissions?This episode/webinar dives into the four critical security architecture views required by the FDA: global system, multi-patient harm, updatability and patchability, and secure use case views. Christian Espinosa and Trevor Slattery explain how each view strengthens product security while aligning with regulatory expectations. They also share practical strategies and examples, from cloud environments to physical updates, highlighting how proper documentation and foresight can mitigate real-world risks.Highlights: (01:19) Learn why the FDA requires four specific security architecture views and how they support threat modeling.(03:10) Understand how integrating security into architecture views reflects secure coding and DevSecOps practices.(04:15) Discover how global regulators beyond the FDA use similar documentation requirements.(07:52) Explore why global system views must include both software and hardware components as well as data flows.(11:02) The distinction between global system views and multi-patient harm views. (14:36) Common vulnerabilities like hard-coded credentials that can lead to multi-patient harm.(19:18) The risks of over-the-air updates versus physical updates for medical devices.This episode was brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://spoti.fi/3XX95g0Subscribe via Apple Podcasts: https://apple.co/483OJ9I

How can AI literacy reduce patient risk in healthcare settings? In this episode, Christian Espinosa and Trevor Slattery are joined by Dr. José Acosta. Together, they unpack the promise and pitfalls of artificial intelligence in healthcare—from the accuracy gap in diagnostics to the importance of ethics, alignment, and training. The conversation explores how clinicians can harness AI safely, ensuring innovation never comes at the cost of patient trust or care quality.Dr. José Acosta is a retired Navy trauma surgeon turned AI literacy advocate. With decades of experience in medicine and leadership, he’s now helping clinicians understand AI—from how it works to how it should be used responsibly.Key points: (00:57) José’s background as a Navy trauma surgeon and his passion for AI literacy.(02:53) What “AI literacy” really means. (05:00) Why precision matters in medicine, and why 85–95% accuracy in AI models isn’t enough when lives are on the line.(11:20) A chilling example of an AI therapy app that gave a fatal recommendation. (14:16) José predicts a surge in “ambient AI scribes” and explains how they’ll reshape physician workflows. (17:53) AI’s productivity paradox—how new tools can both help and overwhelm clinicians.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cybercriminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Thanks to José Acosta for being on the show. Connect with José on LinkedIn: https://www.linkedin.com/in/joseacostasd/ Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

MedTech developers and manufacturers, could your medical device unknowingly qualify as a “cyber device”?In this episode, Christian and Trevor break down what the FDA considers a “cyber device” and why so many manufacturers misunderstand this definition. They reveal how even basic interfaces like USB, HDMI, or Bluetooth can make a device cyber-enabled—and why that matters for regulatory compliance.Key points:(00:33) What makes a medical device a “cyber device,” and why confusion persists among manufacturers.(02:14) How proving a device has zero vulnerabilities is nearly impossible, even with minimal code.(03:12) Why even a simple USB port can classify a device as “cyber.”(05:05) Common interfaces (Wi-Fi, Bluetooth, RFID, NFC, HDMI) that make a device cyber-enabled.(09:23) Implantable devices, like pacemakers, and how protocols such as MedRadio introduce hidden connectivity.(12:20) A real case where the FDA classified a 3D-printing system as a cyber device due to its software dependencies.(16:15) Practical advice on removing unnecessary ports or connectivity to avoid cyber classification.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cybercriminals by visiting https://bluegoatcyber.comIf you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1Feedback? Questions? Contact: https://bluegoatcyber.com/contact/Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficialThe Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmhSubscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

In this episode, Christian and Trevor unpack the five most common misconceptions that put medical device manufacturers at risk. From confusing data protection with patient safety to misunderstanding what qualifies as a cyber device, the hosts shed light on the blind spots that cause costly delays and compliance failures. They also explore how medical device cybersecurity differs fundamentally from traditional cybersecurity, emphasizing the need for specialized expertise and early integration of secure design principles.Key points: (01:18) Misconception #1: That cybersecurity is only about protecting data rather than patient safety.(06:04) Misconception #2: That your product isn’t a “cyber device.” (07:46) Misconception #3: That cybersecurity is a one-time thing to study rather than a full lifecycle process.(12:17) Misconception #4: That software developers inherently understand cybersecurity.(19:10) Misconception #5: Thinking that traditional cybersecurity and medical device cybersecurity are the same. The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cybercriminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

MedTech manufacturers and developers, what happens if your AI-powered medical device makes a terrible, life-threatening mistake?This episode explores what happens when artificial intelligence in medical devices goes wrong. Christian Espinosa and Trevor Slattery break down the real-world consequences of AI failure, using a tragic mental health chatbot case to highlight the stakes of inadequate oversight. They also examine the EU AI Act, new MDCG guidance, and the ethical, regulatory, and cybersecurity challenges facing innovators in the high-risk medical AI space.Key points: (03:02) The EU AI Act and how it intersects with the MDR and IVDR.(03:55) A real case study involving a suicidal patient and an AI mental health chatbot.(06:07) How general-purpose AI tools differ from regulated medical AI.(09:57) Why threat modeling should apply to AI systems.(12:16) Ethical decision-making in autonomous systems using self-driving car analogies.(14:02) The Medical Device Coordination Group’s guidance on aligning the AI Act with EU medical device regulations.(17:10) Shared accountability across regulators, manufacturers, and users for AI oversight.(18:35) The U.S. still treats AI as a “Wild West” compared to the EU’s stricter approach.(22:42) Regulators aren’t asking if your AI works—they’re asking how it fails.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

What are some of the greatest challenges medical device startups face when bringing their products to market?This episode features Suzy Engwall, a healthcare innovation consultant with experience mentoring startups and guiding hospitals. She joins Christian Espinosa and Trevor Slattery to discuss the hidden roadblocks medical device innovators face—from funding gaps to internal hospital politics to overlooked cybersecurity. Together they unpack the realities of FDA compliance, AI-driven decision support, and why raising cybersecurity awareness early can mean the difference between market success and failure.Suzy Engwall is a healthcare innovation leader who’s spent the last 20 years shaking up hospitals and mentoring startups. She runs HealthTech Strategies, where she helps founders, investors, and clinicians bridge the gap between big ideas and practical adoption.Key points: (04:38) Challenges medtech startups face include funding, go-to-market strategy, and regulatory hurdles, with cybersecurity often overlooked.(05:56) Why 93% of med tech startups fail. (08:01) How internal politics within hospitals can derail promising innovations.(09:32) Hospitals now scrutinize devices for cybersecurity risk beyond FDA approval, raising the bar for manufacturers.(12:19) Legacy devices often fail modern cybersecurity requirements, forcing redesigns and frustrating manufacturers.(16:43) AI in diagnostics: who’s responsible when mistakes occur?(23:24) Why patients rarely question medical devices. (31:28) Why cybersecurity is often the last thing innovators ask about—and why that mindset must change.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cybercriminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Thanks to Suzy Engwall for being on the show. Connect with Suzy on LinkedIn: https://www.linkedin.com/in/sengwallChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

How safe are the medical devices I rely on, and what are the biggest cybersecurity risks I should know about?In this episode, the team goes behind the scenes of real-world medical device penetration testing to reveal the 10 most common and dangerous cybersecurity vulnerabilities found in medical devices. The discussion covers practical examples, industry standards, and actionable advice for manufacturers and healthcare organizations.Key points: (0:00) Introduction &amp; Penetration Testing Context(1:29) Why Penetration Testing Matters in MedTech(5:50) Top 10 Medical Device Vulnerabilities:1. Hardcoded/Default Credentials – Default passwords, BIOS passwords, and supply chain issues.2. Unsecured Communication Channels – Lack of encryption, outdated standards, key management, and device constraints.3. Outdated/Vulnerable Third-Party Components – Software Bill of Materials (SBOM), continuous monitoring, and post-market risks.4. Improper Access Control – Weak authentication, privilege escalation, and user data exposure.5. Debug Interfaces Left Enabled – JTAG/UART ports, physical access, and mitigation strategies.6. Missing/Weak Firmware Integrity Checks – Secure boot, code signing, and white-box testing.7. Poor Session Management – Session timeouts and session hijacking.8. Fuzzing Vulnerabilities (Buffer Overflows) – Fuzz testing, buffer overflows, and legacy devices.9. Lack of Tamper Detection – Audit trails, tamper-evident stickers, and physical controls.10. No Rate Limiting/Automation Controls – Brute-force attacks, automation, and rate limiting.(37:26) Secure Product Development Frameworks, and DevSecOps.(38:04) Regulatory Perspective.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Thanks to Myles Kellerman for being on the show. Connect with Myles on LinkedIn: https://www.linkedin.com/in/myles-kellerman-5763aa22Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

How can you prepare your device for future quantum computing risks?In this episode of The Med Device Cyber Podcast, Christian and Trevor talk with May Lee of CS Life Sciences about the fast-changing world of medical device cybersecurity. They discuss the growing regulatory demands from the FDA, EU, and China, and why cybersecurity can no longer be an afterthought in device design. The conversation also dives into quantum computing, supply chain risks, and how manufacturers can balance compliance with innovation.May Lee is a medical device consultant at CS Life Sciences who specializes in AI, machine learning, and cybersecurity. With experience ranging from startups to global corporations, she brings a practical perspective on navigating regulations and helping innovators bring safer devices to market.(03:21) Why cybersecurity is moving from afterthought to design control.(05:49) Key takeaways from the FDA’s finalized cybersecurity guidance.(08:04) Comparing U.S. FDA and EU MDR cybersecurity requirements.(10:44) How quantum computing raises new risks for health data.(16:26) The balance between compliance, over compliance, and innovation.(18:23) Differences in regulatory approaches across the U.S., EU, and China.(28:05) Why third-party supply chain and software components matter for device security.(32:48) When medical device companies should engage cybersecurity consultants.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Thanks to May Lee for being on the show. Connect with May on LinkedIn: https://www.linkedin.com/in/may-lee-a1b16186/ Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

What happens when cybersecurity flaws in medical devices cross the line into criminal violations?In this episode, Christian and Trevor unpack the groundbreaking case of Illumina, where cybersecurity misrepresentation led to Department of Justice enforcement. They explore how this signals a shift from technical risks to legal and patient safety consequences, highlighting the dangers of cutting corners in device development. The conversation also outlines practical lessons for manufacturers on integrating secure product development, anticipating FDA deficiencies, and aligning business functions with cybersecurity goals.Key points: (00:02) Misrepresenting cybersecurity controls in medical devices can lead to legal prosecution under the DOJ’s civil cyber fraud initiative.(04:28) Regulatory enforcement is evolving beyond HIPAA into direct patient safety risks.(06:05) Medical device cybersecurity differs from information privacy laws, especially with potential patient harm.(08:30) The Illumina case involved a whistleblower, FDA oversight, and DOJ enforcement.(10:54) Ignoring internal warnings about device vulnerabilities led to legal consequences.(13:44) Security by design must be integrated early to avoid costly retrofits.(16:46) Cybersecurity is recognized as a clinical risk tied to patient mortality.(19:12) Manufacturers are adopting secure product development frameworks earlier in the lifecycle.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

How can medtech innovators balance speed with compliance in medical devices?In this episode, Christian and Trevor sit down with Karandeep Singh Badwal about the challenges of balancing innovation with quality and regulatory compliance in medical devices, especially with the rise of AI and software-driven solutions. From cybersecurity gaps to the staggering startup failure rate, the conversation highlights why building quality and regulatory compliance into devices from the start is crucial for long-term success.Karandeep is the founder of QRA Medical, where he helps medtech innovators navigate the maze of quality and regulatory requirements. He’s also the host of The MedTech Podcast and a LinkedIn creator who makes compliance topics easy to understand (and way less boring than the regulations themselves).(3:30) AI, Software, and Cybersecurity Challenges* Why artificial intelligence data validation remains immature and risky for medtech.* How software versioning and outdated penetration testing complicate cybersecurity.(9:45) Quality and Development Gaps* Why some startups skip quality until it’s too late.* The importance of adopting partial QMS early to ease transitions later.(28:00) Startup Pitfalls and Failure Rates* Why many medtech startups fail. * The role of regulatory delays, poor planning, and market misalignment.(30:00) Keys to Success * What successful startups do differently.Thanks to Karandeep Singh Badwal for being on the show: https://karandeepbadwal.com/ Connect with Karandeep on LinkedIn: https://www.linkedin.com/in/karandeepbadwal/ The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

Cyber threats targeting medical devices are increasingly sophisticated. A single undiscovered vulnerability could delay your FDA submission and put patient safety at risk.Join Blue Goat Cyber’s CTO, Trevor Slattery, and Director of MedTech Cybersecurity, Myles Kellerman, in this webinar as they reveal real-world vulnerabilities uncovered during penetration testing. Gain exclusive insights from actual breaches and vulnerabilities Myles has personally identified, and learn how to ensure your medical device stays secure—and your FDA submission on track.In this webinar, you’ll discover:Real-world medical device hacks uncovered by penetration testing.Common vulnerabilities most manufacturers overlook.Practical tips to meet FDA cybersecurity expectations and premarket submission requirements.How Blue Goat Cyber helps manufacturers confidently secure FDA approval.Featured Speakers:Trevor Slattery, CTO: Expert in FDA-compliant cybersecurity strategies for medical devices.Myles Kellerman, Director of MedTech Cybersecurity: Renowned penetration tester who identifies vulnerabilities before they become costly crises.

What project management mistakes can med tech innovators avoid? What methods and tools can help med tech companies manage projects?In this episode, Christian Espinosa welcomes Steve Curry to explore how strong project management can make or break a med tech company’s cybersecurity readiness. They discuss why many innovators overlook planning, how this oversight causes costly delays, and the benefits of integrating cybersecurity into every project phase. Steve shares practical strategies for execution, tool selection, and aligning team resources to ensure both speed to market and compliance success.Steve Curry founded MustardSeed, a company that brings world-class project management to the sciences. With a background in billion-dollar defense programs, Steve now helps med tech, biotech, and pharma companies execute better, faster, and smarter. Key points: (4:47) Core Challenges in Med Tech Project Management* Many companies skip creating a true project plan, leading to unachievable timelines.(11:16) Investor Perspectives and PMO Value* A skilled PMO can integrate teams, drive schedules, and improve decision-making.(18:16) Cybersecurity’s Place in the Project Plan* Cybersecurity is often added too late, causing redesigns and delays.(27:37) Tools, Efficiency, and Execution * Choosing the right project management software is critical and difficult to reverse.Thanks to Steve Curry for being on the show. Connect with Steve on LinkedIn: https://www.linkedin.com/in/steve-curry-ab883378/ Learn about MustardSeed: https://www.mustardseedpmo.com/ The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

When you’re working with a manufacturer to ensure that a medical device has strong cybersecurity, what do you need to know from a regulatory perspective? In this episode, Christian and Trevor dive into the current state of cybersecurity, discussing emerging threats and defense strategies. They also explore the role of AI in both cyberattacks and security measures, offering insights into how businesses can stay ahead of evolving threats. Key topics for regulatory affairs (RA) and quality assurance (QA) professionals covered in this webinar: (02:15) The Current Cyber Threat Landscape* The most pressing cybersecurity threats facing businesses today.* Why ransomware attacks are becoming more sophisticated.(10:45) Social Engineering * How cybercriminals manipulate human behavior to breach systems.(19:30) AI in Cybersecurity* The ways AI is being used by both attackers and defenders.* Ethical concerns around AI-driven cybersecurity tools.(27:50) Building a Culture of Security Awareness* Why employee training is crucial in preventing breaches.* Why multifactor authentication is a must.* Regularly updating and patching software.(44:30) The Future of Cybersecurity* Predictions for upcoming threats and defensive strategies.* Steps businesses can take today to prepare for tomorrow’s challenges.This episode is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://spoti.fi/3XX95g0Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Which cybersecurity tests are the most crucial, and which ones does the FDA require for medical device approval?In this episode, Christian and Trevor break down the many types of cybersecurity testing required for medical devices. They explore the distinctions between vulnerability assessments, penetration testing, and other critical methods like fuzz testing, security requirement testing, and dynamic analysis. Along the way, they share real-world examples, FDA compliance insights, and practical tips for ensuring no entry point goes untested.Key points:&nbsp;(3:21) Vulnerability vs. Penetration Testing* Vulnerability testing identifies issues quickly, while penetration testing digs deeper to exploit them.(6:01) Software Composition and Static Analysis* Using SBoMs to identify risks in third-party and unknown code.* Dangers of insecure, copied code such as hardcoded credentials.(10:23) Penetration Testing Types and Abuse Cases* Differences between black, gray, and white box testing.* Abuse case testing for overlooked or “out of scope” device interfaces.(20:44) Fuzz Testing and Security Requirements* Fuzz testing for unexpected input handling and potential zero-day vulnerabilities.* Security requirement testing, dynamic analysis, and advice on choosing skilled third-party testers.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com&nbsp;If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session&nbsp;Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.&nbsp;Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/&nbsp;Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/&nbsp;Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/&nbsp;Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/&nbsp;Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber&nbsp;Feedback? Questions? Contact: https://bluegoatcyber.com/contact/&nbsp;Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/&nbsp;Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial&nbsp;The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.&nbsp;Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh&nbsp;Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcastsThis episode was produced by Story On Media: https://www.storyon.co/&nbsp;

What are the unique challenges and regulatory requirements of medical device penetration testing?&nbsp;In this webinar episode with Christian Espinosa, CEO of Blue Goat Cyber, and Trevor Slattery, CTO of Blue Goat Cyber, you’ll learn:&nbsp;* How Medical Device Penetration Testing Differs from Traditional IT Security.Unlike conventional IT security testing, medical device penetration testing prioritizes patient safety and device functionality. Discover how attackers exploit firmware, wireless protocols, and hardware vulnerabilities—threats often overlooked in standard IT security assessments.*&nbsp; Meeting FDA &amp; Global Regulatory Requirements for Penetration Testing.With the FDA’s 2023 cybersecurity guidance, EU MDR expectations, and IEC 62304 compliance now requiring risk-based security testing, manufacturers must integrate penetration testing to avoid regulatory delays, design deficiencies, and costly late-stage changes.*&nbsp; Identifying &amp; Preventing the Most Exploited Medical Device Vulnerabilities.From weak authentication and unpatched third-party components to unencrypted communication channels, real-world attacks on pacemakers, insulin pumps, and hospital IoT devices illustrate the critical need for proactive security measures. Learn how these vulnerabilities could have been prevented.*&nbsp; Medical Device Risk Matrix: Replacing Probability with Exploitability &amp; Prioritizing Patient Harm.Traditional risk assessments rely on probability vs. impact, but medical device risk scoring prioritizes exploitability (CVSS-based) over probability for a more objective evaluation. Learn how patient harm replaces a solely HIPAA-focused data exposure approach, aligning risk assessment with real-world consequences.*&nbsp; How Penetration Testing Strengthens Security &amp; Accelerates FDA Approval.Early integration of security testing in development reduces costly last-minute fixes and regulatory deficiencies, while postmarket penetration testing ensures ongoing protection against evolving cyber threats, preventing unexpected recalls and compliance failures.

What cybersecurity challenges face hospitals and medical devices today that medtech innovators should know about?Today’s guest is Dr. Dylan Attard, who swapped his scalpel for startups when he founded MedTech World, a global conference series elevating healthcare innovation. He’s passionate about connecting startups with investors and sparking conversations that turn bold ideas into life-saving solutions.In this episode, Dr. Attard shares his transition from surgeon to founder of MedTech World and offers a global perspective on med tech growth, innovation, and cybersecurity. Along with Christian and Trevor, he explores how startups can safeguard patient lives—and their bottom line—by thinking about cybersecurity from day one.(07:20) Global Growth of Med TechMed tech expansion in the Middle East, Africa, and Asia.(12:46) Cybersecurity Awareness and Startup RiskHow many med tech innovators fail to consider cybersecurity early.(18:18) Documented Cases of Patient HarmChallenging the narrative that medical device hacks haven’t caused patient harm.(36:13) Vision for MedTech World Dylan shares the mission behind MedTech World and its expansion goals.Thanks to Dr. Dylan Attard for being on the show. Visit his website: https://www.dylanattard.com/ Connect with him on LinkedIn: https://www.linkedin.com/in/dylattard/ The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://spoti.fi/3XX95g0Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

Medical devices are becoming more connected, but with that connectivity comes risk.In this episode, Christian and Trevor dive into risk assessments for medical devices—a crucial process in ensuring both patient safety and cybersecurity compliance.They discuss:* The difference between risk management and risk assessment* How risk scoring works using exploitability vs. impact* Why traditional cybersecurity metrics don’t fully apply to medical devices* The importance of traceability and compliance with ISO 14971 &amp; AAMI TIR57* How SBOMs and vulnerability assessments fit into a cybersecurity strategy* Real-world examples of risk prioritization in medical devicesRisk assessments aren’t just about identifying vulnerabilities—they’re about understanding their real-world impact on patients and ensuring compliance with regulatory bodies like the FDA.This episode was brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://spoti.fi/3XX95g0Subscribe via Apple Podcasts: https://apple.co/483OJ9I

How do measures and metrics differ, and why is this distinction crucial for FDA submissions?In this episode, Christian and Trevor demystify the difference between cybersecurity measures and metrics in the context of FDA guidance. They explore what the FDA expects in submissions, emphasizing patch timelines, vulnerability tracking, and post-market data collection. They also discuss the importance of actionability over mere compliance and include real-world challenges like device downtime and risk in different environments.Key points: (0:30) Measures vs Metrics Defined* Measures are raw figures like time or count; metrics are calculated from measures.(4:06) FDA Guidance and Patch Timelines* FDA expects metrics like percentage of patched vulnerabilities and two patch-related durations.(7:49) Real-Time Alerts * Devices should notify users immediately of anomalies to compensate for lack of SOC monitoring.(14:01) When to Include Metrics in Submissions* Metrics aren’t always required during initial submission unless data is available.(18:07) Downtime, Rebooting, and Risk Profiles* Reboot times and system recovery durations should be treated as key measures.* Risk profiles shift based on device use environment. The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://spoti.fi/3XX95g0Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

Christian Espinosa, CEO of Blue Goat Cyber, and Trevor Slattery, Director of Medical Device Cybersecurity, explore the critical topic of threat modeling in medical device cybersecurity.This session covers essential practices and frameworks that ensure the safety and security of medical devices, aligning with FDA guidelines.We cover the DFD3 standard for threat diagramming and the STRIDE framework for identifying potential threats. Learn how to visualize and assess risks effectively, understand trust boundaries, and implement robust security measures to protect sensitive patient data.Blue Goat Cyber is a group of cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.comIf you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Director of Medical Device Cybersecurity at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyberFeedback? Questions? Contact: https://bluegoatcyber.com/contact/Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficialFor more content on medical device cybersecurity, check out The Med Device Cyber Podcast, your essential resource. In each episode, we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, subscribing to the Med Device Cyber Podcast will help you safeguard patient safety.Subscribe via Spotify: https://spoti.fi/3XX95g0Subscribe via Apple Podcasts: https://apple.co/483OJ9I

How have medical device cybersecurity requirements changed since 2023, and what does this mean for your product development?In this episode, Christian and Trevor welcome Monica Montañez from NAMSA to unpack the evolving landscape of FDA cybersecurity requirements. From new laws introduced in 2023 to the ambiguous language in FDA guidance, they dig into what it really takes to meet expectations for cyber device submissions. (0:32) NAMSA and Industry Shifts* Monica introduces NAMSA’s role in regulatory and quality consulting.(5:12) FDA Guidance vs. Legal Mandate* The confusion around FDA’s "recommended" language.* How internet-connectivity defines cyber devices—including USB and Bluetooth.(12:57) Classifications, Interfaces, and Testing Gaps* The dangers of assuming interfaces are disabled.* Why early cybersecurity design is now critical for approval.(18:08) New Submission Expectations* What’s now required in a submission: threat models, risk assessments, lifecycle documentation.* Trevor explains how these requirements balloon documentation to hundreds of pages.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Thanks to Monica Montañez for being on the show. Learn more about Monica on NAMSA’s website:https://namsa.com/expertise/team/monica-r-montanez/ Connect with Monica on LinkedIn: https://www.linkedin.com/in/monica-montanez-ms-rs-rac-cqa-4389336 Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://spoti.fi/3XX95g0Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

Join Trevor Slattery, Director of Cybersecurity, and Christian Espinosa, CEO of Blue Goat Cyber, for a comprehensive webinar on medical device cybersecurity. Trevor and Christian explore the critical interplay between safety and security risk management, offering guidance on conducting effective risk assessments that address vulnerabilities across both domains. This presentation will give you a deeper understanding of key standards like ISO 14971 and AAMI TIR57 and learn how to implement robust risk management frameworks. Equip yourself with the knowledge needed to ensure both patient safety and data security in medical devices!Blue Goat Cyber is a group of cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Director of Medical Device Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial For more content on medical device cybersecurity, check out The Med Device Cyber Podcast, your essential resource. In each episode, we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, subscribing to the Med Device Cyber Podcast will help you safeguard patient safety. Subscribe via Spotify: https://spoti.fi/3XX95g0Subscribe via Apple Podcasts: https://apple.co/483OJ9I