Sign up to save your podcasts
Or
Share Securing Life Critical Technology w. Jacob Combs
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Securing Life Critical Technology w. Jacob Combs
When your insulin pump connects to your phone or your glucose monitor shares data with the cloud, is it secure? And what does "secure" even mean?
In this episode of Inside MedTech Innovation, Shannon Lantzy sits down with Jacob Combs, Chief Information Security Officer and VP of Cybersecurity at Tandem Diabetes Care. Jacob brings deep expertise from across telecom, defense, financial services, and healthcare—and now protects connected devices that deliver life-sustaining insulin therapy to people with diabetes.
This conversation explores the unique challenges of medical device cybersecurity: the tension between usability and security, the reality of legacy systems and security debt, how to scale security by design across engineering teams, and why regulatory requirements can actually be a competitive advantage.
Jacob and Shannon discuss:
Why medical device security is fundamentally different from enterprise IT security
The critical balance between safety risk and security risk in insulin delivery systems
How threat modeling becomes a verb that transforms engineering culture
The challenge of maintaining security across interoperable diabetes management ecosystems
Why "secure enough" requires sophisticated risk management, not just risk assessment
How compensating controls and lifecycle management address security debt in fielded devices
The role of FDA guidance in driving security programs forward
What it takes to push software updates quickly while maintaining quality and regulatory compliance
Timestamps
00:00 Introduction to Medical Device Cybersecurity
01:03 Meet Jacob Combs: Expert in Medical Device Cybersecurity
02:12 The Mission-Driven Approach to Cybersecurity
03:16 Balancing Safety and Security in Medical Devices
05:18 Challenges in Medical Device Cybersecurity
09:57 The Role of a CISO in Medical Device Companies
13:55 Risk Management and Cybersecurity in Medical Devices
17:17 Interoperability and Complexity in Medical Devices
26:55 Future of Cybersecurity in Medical Devices
36:08 Cybersecurity in Med Tech: A Non-Competitive Necessity
36:30 The Ethical Dilemma of Charging for Security
37:25 Product Security as a Growth Engine
38:50 Marketing Security: A Competitive Edge
39:32 Quality and Security: A Symbiotic Relationship
41:08 Regulatory Challenges and Operational Efficiency
42:36 Measuring Cybersecurity Quality
43:57 Navigating Regulatory Requirements
51:23 Innovating with AI in Security Documentation
55:25 Threat Modeling: A Cultural Shift
59:23 Legacy Devices and Security Debt
01:06:03 Balancing Security and Innovation
01:09:08 Rapid Fire Questions and Closing Thoughts
Follow Shannon and Jacob:
Connect with Shannon :
LinkedIn: https://www.linkedin.com/in/shannonlantzy/
Website: https://www.shannonlantzy.com/
Connect with Jacob:
LinkedIn: https://www.linkedin.com/in/jacobcombs/
Website: Left to Our Own Devices Podcast
View all episodes
By Shannon LantzyWhen your insulin pump connects to your phone or your glucose monitor shares data with the cloud, is it secure? And what does "secure" even mean?
In this episode of Inside MedTech Innovation, Shannon Lantzy sits down with Jacob Combs, Chief Information Security Officer and VP of Cybersecurity at Tandem Diabetes Care. Jacob brings deep expertise from across telecom, defense, financial services, and healthcare—and now protects connected devices that deliver life-sustaining insulin therapy to people with diabetes.
This conversation explores the unique challenges of medical device cybersecurity: the tension between usability and security, the reality of legacy systems and security debt, how to scale security by design across engineering teams, and why regulatory requirements can actually be a competitive advantage.
Jacob and Shannon discuss:
Why medical device security is fundamentally different from enterprise IT security
The critical balance between safety risk and security risk in insulin delivery systems
How threat modeling becomes a verb that transforms engineering culture
The challenge of maintaining security across interoperable diabetes management ecosystems
Why "secure enough" requires sophisticated risk management, not just risk assessment
How compensating controls and lifecycle management address security debt in fielded devices
The role of FDA guidance in driving security programs forward
What it takes to push software updates quickly while maintaining quality and regulatory compliance
Timestamps
00:00 Introduction to Medical Device Cybersecurity
01:03 Meet Jacob Combs: Expert in Medical Device Cybersecurity
02:12 The Mission-Driven Approach to Cybersecurity
03:16 Balancing Safety and Security in Medical Devices
05:18 Challenges in Medical Device Cybersecurity
09:57 The Role of a CISO in Medical Device Companies
13:55 Risk Management and Cybersecurity in Medical Devices
17:17 Interoperability and Complexity in Medical Devices
26:55 Future of Cybersecurity in Medical Devices
36:08 Cybersecurity in Med Tech: A Non-Competitive Necessity
36:30 The Ethical Dilemma of Charging for Security
37:25 Product Security as a Growth Engine
38:50 Marketing Security: A Competitive Edge
39:32 Quality and Security: A Symbiotic Relationship
41:08 Regulatory Challenges and Operational Efficiency
42:36 Measuring Cybersecurity Quality
43:57 Navigating Regulatory Requirements
51:23 Innovating with AI in Security Documentation
55:25 Threat Modeling: A Cultural Shift
59:23 Legacy Devices and Security Debt
01:06:03 Balancing Security and Innovation
01:09:08 Rapid Fire Questions and Closing Thoughts
Follow Shannon and Jacob:
Connect with Shannon :
LinkedIn: https://www.linkedin.com/in/shannonlantzy/
Website: https://www.shannonlantzy.com/
Connect with Jacob:
LinkedIn: https://www.linkedin.com/in/jacobcombs/
Website: Left to Our Own Devices Podcast