Why is cybersecurity labeling more than just a compliance checkbox for medical device companies?

In this episode, Christian and Trevor dive into the nuanced world of cybersecurity labeling for medical devices. They discuss the role of MDS2 and JSP2 documentation, labeling misconceptions, and how manufacturers can best disclose security information without overwhelming or misleading users.

Key points: 

(6:30) Misconceptions About Cybersecurity Labeling

* Many manufacturers worry that disclosing risks will aid hackers, but that's flawed thinking.

* Distinctions between labeling as documentation and labeling as a control like a tamper-evident seal.

* Everyday product examples to illustrate why transparency in labeling matters.

(12:45) How Much Detail Is Enough?

* How deep a manufacturer should go with disclosures about encryption and risk.

* Why more detail is generally better and how to balance tech jargon with user readability.

* Different labeling needs based on whether a device is for consumers or hospitals.

(18:20) Context, Risk, and Communication

* Why not encrypting unnecessary data can backfire if a consumer is misinformed. 

* How labeling must be contextual and tailored to a device’s function and data sensitivity.

Resources mentioned in this episode: 

* The Manufacturer Disclosure Statement for Medical Device Security (generally abbreviated as MDS2). 

* The Medical Device and Health IT Joint Security Plan, version 2 (JSP2).

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com 

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session 

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. 

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ 

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ 

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ 

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ 

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber 

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ 

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ 

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial 

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. 

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

This episode was produced by Story On Media: https://www.storyon.co/ 

Med device manufacturers, are you setting up your quality system early enough in product development? Also, are you misunderstanding the FDA’s "guidance" documents—and risking rejection?

Today’s guests are Mark Swanson and Steve Gompertz of QRx Partners, and they’re passionate about helping medtech companies dodge the regulatory and quality pitfalls that derail so many startups. This episode explores how to classify your device properly, why cybersecurity documentation is required even for isolated software, and the evolving role of AI in medical technology. 

Key points: 

(02:11) Startup Failure and What QRx Solves

* Why many early-stage medtech startups fail.

* Startup optimism is contrasted with the harsh funding and regulatory realities.

(12:16) Classification Chaos and Regulatory Missteps

* The confusion around FDA’s product code database.

(17:55) AI and Quality Systems

* What qualifies as actual AI vs. marketing fluff.

* How regulators handle AI in submissions.

(31:22) National Vs State Regulations

* The critical need for manufacturers to understand state regulations. 

* Why quality and regulatory planning must precede design.

Thanks to Mark Swanson and Steve Gompertz for being on the show. 

Connect with Mark on LinkedIn: https://www.linkedin.com/in/markswansoncmq

Connect with Steve on LinkedIn: https://www.linkedin.com/in/stevegompertz

Learn more about QRx Partners: https://www.qrxpartners.com

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com 

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session 

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. 

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ 

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ 

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ 

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ 

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber 

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ 

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ 

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial 

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. 

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

This episode was produced by Story On Media: https://www.storyon.co/ 

What should you do when a vulnerability is discovered in a medical device after it's already on the market?

This dives into post-market management and incident response for medical devices, exploring what happens when a device is hacked or a vulnerability is reported. Christian Espinosa and Trevor Slattery discuss the processes involved in identifying, triaging, and remediating vulnerabilities, emphasizing the unique challenges faced in the medical device sector. 

Key points: 

(8:01) Sources of Vulnerabilities and Tracking

* There are various sources for discovering vulnerabilities, including software bill of materials, CISA-CAV, annual penetration tests, coordinated vulnerability disclosure databases, etc. 

* Standards and guidance for post-market management, including TIR-97 and FDA guidance.

(13:08) Managing False Positives and Risk Triage

* False positives are instances where a testing tool or scanner indicates a problem that doesn't actually exist.

* The critical importance of thoroughly investigating false positives in the post-market phase to avoid unnecessary fixing non-issues.

* The triage process for vulnerabilities. 

(21:11) Exploitability and Coordinated Vulnerability Disclosure

* How exploitability factors, like authentication levels, proximity, and attack complexity, can change in the post-market phase.

Resources mentioned in this episode: 

* TIR-97: AAMI standard for post-market cybersecurity management

* FDA Guidance: Postmarket Management of Cybersecurity in Medical Devices

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com 

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session 

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. 

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ 

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ 

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ 

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ 

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber 

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ 

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ 

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial 

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. 

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

This episode was produced by Story On Media: https://www.storyon.co/

What does responsible AI implementation look like in medical devices?

This episode explores the intersection of AI, cybersecurity, and medical device regulation with guest Matt Lemay, CEO of Lemay.ai. Hosts Christian Espinosa and Trevor Slattery of Blue Goat Cyber dig into how AI models are trained, certified, and deployed in clinical contexts—and what can go wrong. 

Key points: 

(7:29) Data, Security, and Deployment Risks

* Training data inconsistencies and data drift in AI models.

* Cybersecurity concerns tied to cloud deployment and version control.

(11:48) Can AI Prescribe Medication?

* Legal and liability implications of AI autonomy in healthcare.

(22:35) Risks and Regulation

* Expectations for AI-enabled device regulations in the EU and US.

(33:35) AI Answers 

* Thoughts on how AI has a hard time admitting it doesn't know the answer to something. 

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com 

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session 

Thanks to Matt Lemay for being on the show. Connect with Matt on LinkedIn: https://www.linkedin.com/in/mnlemay/

Lemay AI: https://www.lemay.ai/

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. 

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ 

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ 

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ 

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ 

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber 

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ 

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ 

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial 

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. 

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

This episode was produced by Story On Media: https://www.storyon.co/

What documents should engineers prepare to get ready for submitting a medical device to the FDA?

In this episode, Christian and Trevor dig into the underestimated role software documentation plays in cybersecurity, especially in the medical device space. They highlight how incomplete or contextless documentation can hinder everything from SBOM utility to regulatory compliance. With sharp insights and real-world examples, they make the case for elevating documentation as a strategic priority.

Key points:

(00:43) The Real Purpose of Documentation

* Software documentation is often seen as a checklist item rather than a strategic tool.

* Good documentation enables continuity and reduces knowledge silos.

(07:04) Security Starts with Documentation

* A lack of context in software can undermine their usefulness for vulnerability management.

* Documentation quality links with product security posture and incident response readiness.

(13:41) Regulation and Standards for Medical Device Documentation

* Documentation shouldn’t only meet minimum regulatory requirements.

* Strong documentation supports faster and safer decision-making during audits or breaches.

(18:11) Best Practices

* Trevor lists areas where developers consistently miss documentation opportunities (e.g., deprecated functions, third-party code).

* Christian outlines how consistent, contextual documentation helps new team members come up to speed.

(23:59) FDA Requirements

* The hosts recommend integrating documentation into sprint planning and CI/CD pipelines.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

This episode was produced by Story On Media: https://www.storyon.co/

How can human-centered design influence medical device cybersecurity?

In this episode, Christian Espinosa chats with Dylan Horvath of Cortex Design about the powerful intersection of human-centered design and medical device cybersecurity. They explore how usability, trust, and empathy can shape safer, smarter devices from the start. Dylan also shares valuable insights into building design teams, learning from failure, and driving innovation in regulated industries.

Dylan Horvath is a passionate industrial designer who’s spent decades shaping how people interact with technology. As the founder and CEO of Cortex Design, he’s all about blending creativity and engineering to build medical devices that actually work for people. 

(00:30) Design Thinking in MedTech

* Christian and Dylan discuss the similarities between design and cybersecurity.

(07:08) The Design Process

* How psychological safety and curiosity are foundations for team success.

* Cortex’s lean, iterative process and fast prototyping.

(14:18) Lessons Learned

* Dylan reflects on design failures and what they taught him.

* The balance between regulation and innovation in MedTech.

(21:26) Security and Usability

* Dylan’s thoughts on how threat modeling could better include design teams.

* The trade-offs between usability and strong security in med devices.

(26:36) Design Challenges

* User experience is critical, and overlooking it can lead to products that are difficult to use and unappealing to the market. 

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com 

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session 

Thanks to Dylan Horvath for being on the show. Connect with Dylan on LinkedIn: https://www.linkedin.com/in/dylan-horvath/ 

Learn more about Cortex Design: https://cortex-design.com/ 

Christian Espinosa is the CEO and founder of Blue Goat Cyber. 

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ 

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ 

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ 

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ 

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber 

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ 

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ 

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial 

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. 

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

This episode was produced by Story On Media: https://www.storyon.co/ 

How can medical device manufacturers meet FDA cybersecurity requirements the first time around?

What are the most significant challenges medical device manufacturers face in ensuring FDA cybersecurity compliance?

In this webinar, Trevor Slattery, CTO of Blue Goat Cyber, dives into what it takes to master medical device cybersecurity and avoid costly delays with the FDA. He outlines common pitfalls companies face, including poor documentation, lack of threat modeling, and mismatched security controls. Watch this webinar for practical, actionable advice for navigating FDA expectations and building more secure, compliant devices.

Topics Trevor explores in this webinar: 

(00:30) Why Devices Get FDA Cybersecurity Pushback

* Many devices are rejected due to poor threat models and vague documentation.

(06:36) What the FDA Is Really Looking For

* The FDA expects a structured, traceable cybersecurity story from architecture to testing.

(13:20) Building Strong Documentation and Threat Models

* Good threat modeling identifies specific risks and aligns them with appropriate mitigations.

* Fuzzy, generic statements about “zero trust” or “encryption” are red flags for reviewers.

(19:56) SBOMs, Known Vulnerabilities, and FDA Red Flags

* FDA reviewers expect to see every SBOM component mapped to known vulnerabilities.

* Missing VEX (Vulnerability Exploitability eXchange) documentation slows down reviews.

(26:54) What to Do If You’re Stuck or Behind Schedule

* If you’re behind, don't scramble—step back and rebuild the cybersecurity narrative.

* Professional guidance can help realign your strategy with FDA expectations.

This webinar was brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com 

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session 

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. 

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ 

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ 

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ 

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ 

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber 

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ 

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ 

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial 

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. 

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

This was produced by Story On Media: https://www.storyon.co/ 

How can medical device companies own their data without compromising security?

In this episode, Kevin Derr from NeuronSphere joins Christian and Trevor to dive into the intersection of cybersecurity, compliance, and innovation in the medtech world. They also explore why data ownership and secure system architecture are foundational for FDA compliance and patient safety. 

Key points: 

(0:47) From Big MedTech to Startup

* Kevin shares his journey from Stryker and J&J to co-founding NeuronSphere, which was built to simplify the creation of compliant data products for medtech engineers.

* NeuronSphere is like a toolkit allows companies to retain full data ownership while meeting FDA and cybersecurity requirements.

(5:21) Ownership, Trust, and Compliance

* Vendor solutions often fall short during V&V, triggering costly compliance upgrades.

* NeuronSphere keeps ownership and compliance within the manufacturer's own infrastructure.

(11:12) Misconfigurations and Human Error

* Misconfigured S3 buckets and default credentials are common sources of breaches.

* Even the FBI and CIA have faced major data exposures from simple mistakes.

* Human error remains the biggest vulnerability.

(17:00) Balancing Security and Functionality

* FDA’s focus is patient safety and effectiveness, not just data protection.

* Secure coding is often deprioritized due to deadlines and lack of training.

(33:21) FDA Guidance 

* The new FDA cybersecurity guidance is moving security discussions earlier in the development lifecycle.

* Startups are now forced to consider data flow and security posture before first-in-human trials.

Thanks to Kevin Derr for being on the show. Connect with Kevin on LinkedIn: https://www.linkedin.com/in/kevinderr/ 

Learn about NeuronSphere: https://www.neuronsphere.io/ 

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com 

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session 

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. 

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ 

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ 

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ 

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ 

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber 

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ 

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ 

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial 

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. 

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

This episode was produced by Story On Media: https://www.storyon.co/ 

What are some strategies founders can use to incorporate cybersecurity into the early stages of developing a medtech product? 

In this episode, Christian and Trevor break down the critical role of cybersecurity in early-stage medtech startups. They explore why cybersecurity is often overlooked, what the real-world consequences are, and how startups can shift left to avoid costly pitfalls. From VC funding to FDA requirements, they offer a roadmap for founders who want to get it right from the start.

Key points: 

(0:33) The Cybersecurity Awareness Gap

* Many early-stage medtech startups don't consider cybersecurity until it's too late.

(5:36) Budgeting for Cyber from the Start

* Cybersecurity costs extend beyond hiring a firm—developers must also build secure code.

* Developers with medtech experience and adherence to IEC/ISO standards are essential.

(10:18) Picking the Right Dev Partners

* Evaluate software firms based on documentation, process, and compliance with medtech standards.

* Founders need teams who think about security proactively, not reactively.

(15:42) Cybersecurity as a Funding Factor

* VCs now look for cybersecurity as part of the startup's roadmap.

* Cybersecurity must be iterative—not a one-time checkbox before FDA submission.

(20:22) Safety and Security 

* Cybersecurity isn't just about software—hardware choices matter too.

* Awareness of risk classes (Class A, B, C) impacts cybersecurity needs.

* Safety and security are intertwined, especially when patient harm is possible.

Resources mentioned in this episode: 

* FDA Guidance on Cybersecurity in Medical Devices 

* ISO 13485 – Medical Devices Quality Management Systems

* IEC 62304 – Medical Device Software Lifecycle Processes

* AAMI TIR57 – Principles for Medical Device Security Risk Management

* ISO 14971 – Application of Risk Management to Medical Devices

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com 

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session 

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. 

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ 

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ 

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ 

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ 

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber 

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ 

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ 

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial 

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. 

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

This episode was produced by Story On Media: https://www.storyon.co/ 

If you’re launching a medtech product, what should you know about market access, cybersecurity, reimbursement challenges, and customer education? 

In this episode, Christian and Trevor discuss the challenges and opportunities facing medtech startups with guest Paul-Lukas Hoffschmidt, CEO of Alpha Sophia. This conversation covers trends in US healthcare, the importance of cybersecurity and interoperability, and strategies for successful product commercialization. 

Key points: 

(00:53) Intro to Alpha Sophia

* Alpha Sophia’s commercial intelligence platform assists medical device, digital health, and life sciences companies in identifying the right healthcare providers for their products. 

(02:04) MedTech Trends

* The US healthcare market is increasingly important for medtech startups, partly due to slower regulatory processes in Europe. 

(06:43) Hurdles Facing MedTech Startups

* Identifying the right potential customers (physicians, practices, hospitals) is a significant challenge. 

* Gaining the attention of busy doctors requires a creative, omnichannel approach. 

(12:11) Cybersecurity and Purchasing Decisions

* Potential buyers expect medical devices to be secure, viewing regulatory approval as a baseline. 

* Interoperability is increasingly important as healthcare providers want devices that integrate into their existing systems. 

(24:05) Integrating Cybersecurity Early

* Cybersecurity should be considered from the initial product requirements phase. 

(32:53) Advice for MedTech Innovators

* Medtech innovation is a long journey requiring careful planning and resource management. 

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com 

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session 

Thanks to Paul-Lukas Hoffschmidt for being on the show. 

Learn about Alpha Sophia’s intelligence platform: https://www.Alpha Sophia.com/ 

Connect with Paul-Lukas on LinkedIn: https://www.linkedin.com/in/hoffschmidt/

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. 

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ 

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ 

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ 

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ 

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber 

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ 

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ 

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial 

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. 

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

This episode was produced by Story On Media: https://www.storyon.co/