If you’re launching a medtech product, what should you know about market access, cybersecurity, reimbursement challenges, and customer education? 

In this episode, Christian and Trevor discuss the challenges and opportunities facing medtech startups with guest Paul-Lukas Hoffschmidt, CEO of Alpha Sophia. This conversation covers trends in US healthcare, the importance of cybersecurity and interoperability, and strategies for successful product commercialization. 

Key points: 

(00:53) Intro to Alpha Sophia

* Alpha Sophia’s commercial intelligence platform assists medical device, digital health, and life sciences companies in identifying the right healthcare providers for their products. 

(02:04) MedTech Trends

* The US healthcare market is increasingly important for medtech startups, partly due to slower regulatory processes in Europe. 

(06:43) Hurdles Facing MedTech Startups

* Identifying the right potential customers (physicians, practices, hospitals) is a significant challenge. 

* Gaining the attention of busy doctors requires a creative, omnichannel approach. 

(12:11) Cybersecurity and Purchasing Decisions

* Potential buyers expect medical devices to be secure, viewing regulatory approval as a baseline. 

* Interoperability is increasingly important as healthcare providers want devices that integrate into their existing systems. 

(24:05) Integrating Cybersecurity Early

* Cybersecurity should be considered from the initial product requirements phase. 

(32:53) Advice for MedTech Innovators

* Medtech innovation is a long journey requiring careful planning and resource management. 

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com 

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session 

Thanks to Paul-Lukas Hoffschmidt for being on the show. 

Learn about Alpha Sophia’s intelligence platform: https://www.Alpha Sophia.com/ 

Connect with Paul-Lukas on LinkedIn: https://www.linkedin.com/in/hoffschmidt/

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. 

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ 

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ 

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ 

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ 

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber 

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ 

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ 

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial 

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. 

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

This episode was produced by Story On Media: https://www.storyon.co/ 

What are some of the biggest barriers to effective collaboration between coders and cyber experts, and how can they be overcome?

This episode explores the essential components of successful collaboration and teamwork. The discussion delves into common challenges teams face and practical strategies for improving communication and trust. 

Key points that Christian and Trevor explore: 

(00:31) Developer-Cybersecurity Divide

* The hosts open up about ego and emotional intelligence in cybersecurity and development.

* Developers often respond defensively to security findings, creating friction during collaboration.

(04:46) Incomplete Fixes and Communication Gaps

* Clients sometimes apply superficial fixes or disagree with findings due to misunderstanding the issue.

* Ultimately, clients must accept or reject risks, but they must fully understand them first.

(07:40) Is Dual Expertise Feasible?

* The distinct expertise needed for development and cybersecurity makes dual mastery unlikely.

(12:26) Business Pressure 

* Unrealistic timelines often force teams to release insecure products under pressure from leadership.

* Compliance-driven cybersecurity efforts are seen as necessary evils rather than strategic investments.

(17:29) DevSecOps & Misconfigurations

* Despite years of talk, DevSecOps adoption remains limited due to cost, culture, and lack of education.

* Misconfigurations and human error are far more common than code exploits in real-world breaches.

(22:11) Tools & Tradeoffs

* Secure pipelines and scanning tools are helpful but not foolproof; many vulnerabilities still require human testing.

* Developers can drastically reduce risks by understanding and applying core cybersecurity best practices.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com 

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session 

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. 

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ 

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ 

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ 

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ 

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber 

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ 

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ 

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial 

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. 

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

This episode was produced by Story On Media: https://www.storyon.co/ 

What are the 10 essential components of a successful commercialization plan in the medtech industry, and why are they often overlooked?

This episode explores the critical role of commercialization in the medtech industry. The conversation explores the reasons behind the high failure rate of medtech startups and emphasizes the importance of a comprehensive commercialization plan, cybersecurity considerations, and the pursuit of wisdom over speed. 

Today’s guest is Craig T. Ingram, a medtech and healthcare technology consultant who helps companies avoid going broke by focusing on effective commercialization strategies. Craig is the Chief Commercialization Strategy and Growth Advisor for Int'l Commercialization Growth Partners. 

Key points: 

(3:21) The Commercialization Roadmap

* Many companies lack a written commercialization roadmap, focusing instead on sales and marketing plans. 

* Key components of commercialization include regulatory affairs, product design, production, and alliances and partnerships, which are often overlooked. 

(10:11) Cybersecurity 

* Cybersecurity is not evil but a critical necessity, similar to insurance, to protect against malicious activity and data breaches. 

* Cybersecurity can be viewed as a means of preventing malicious activity rather than just protecting data. 

(24:51) Value vs Expertise

* Many manufacturers struggle to evaluate cybersecurity vendors, often prioritizing cost over specialized expertise. 

* Applying the same commercialization strategies as large companies is ineffective for startups and small to medium-sized enterprises. 

(34:20) Wisdom vs. Speed in Business

* The "move fast and break things" mentality prevalent in Silicon Valley can be detrimental to proper commercialization. 

* Effective commercialization requires a focus on getting it right rather than being right, and a willingness to learn and adapt.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com 

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session 

Thanks to Craig T. Ingram for being on the show. Connect with Craig on LinkedIn: https://www.linkedin.com/in/craigtingram 

Learn about Int'l Commercialization Growth Partners: https://www.medicalsalesgrowth.com/ 

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. 

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ 

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ 

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ 

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ 

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber 

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ 

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ 

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial 

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. 

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

This episode was produced by Story On Media: https://www.storyon.co/ 

Why is interoperability increasing cybersecurity risks in healthcare, and what can we do about it?

Interoperability is making healthcare more efficient but also more vulnerable to cyber threats. In this episode, Christian and Trevor discuss how second-order attacks, misconfigured cloud systems, and poor data integrity controls can compromise medical devices. They also share practical steps manufacturers can take to protect their devices and networks.

Key points:

(02:00) Understanding Interoperability Risks

* The increasing number of connected medical devices and their security challenges.

* How interoperability expands the attack surface in hospital networks.

(10:30) Second-Order Attacks

* Why attacking one system can compromise another in unexpected ways.

(20:45) Industry Challenges

* The MGM cyberattack and how a single vulnerability led to widespread damage.

(30:20) Best Practices for Secure Interoperability

* Validating all data entering and exiting a medical device.

* Restricting access to USB ports and other high-risk connection points.

* The potential (and pitfalls) of blockchain for medical records.

* Why security awareness must evolve alongside interoperability.

Resources mentioned in this episode that you can Google:

* Showdan search engine for devices.

* MedTech World, a conference on medtech innovations.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

This episode was produced by Story On Media: https://www.storyon.co/

Why are Software Bill of Materials (SBOMs) critical for medical device security?

In this episode, Cortez Frazier Jr. joins Christian and Trevor to discuss SBOMs, vulnerability prioritization, and why companies should stop fearing software transparency. The conversation covers real-world security challenges, regulatory trends, and how organizations can protect themselves before a major breach forces them to act.

Cortez Frazier Jr. is a principal product manager at FOSSA, where he helps companies navigate software supply chain security with a mix of technical expertise and strategic foresight.

Key points: 

* Overview of FOSSA and its role in software composition analysis.

* The increasing importance of SBOMs in regulatory compliance.

* (10:30) Understanding SBOMs 

* How the SolarWinds attack changed the conversation around software transparency.

* Why some manufacturers are reluctant to release SBOMs.

* (20:45) Prioritizing Vulnerabilities 

* The difference between CVEs and actual exploitability risks.

* Why blindly patching everything isn’t an effective security strategy.

* (30:20) Legal and Compliance Risks

* How open-source licenses can force companies to disclose their source code.

* What manufacturers need to do to avoid unexpected legal issues.

* (40:50) Future Trends 

* How hospitals and customers will soon start demanding SBOMs.

* Cortez’s advice for companies looking to improve their cybersecurity posture.

Resources mentioned in this episode that you can Google: 

* Executive Order 14028. 

* SPDX and CycloneDX – Machine-readable SBOM formats

* EPSS (Exploit Predictability Scoring System) – A better way to assess vulnerability risk

* CISA Known Exploited Vulnerabilities List – The vulnerabilities that actually matter

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com 

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session 

Thanks to Cortez Frazier Jr. for being on the show. Connect with Cortez on LinkedIn: https://www.linkedin.com/in/cortezfrazierjr/ 

Learn more about FOSSA: https://fossa.com/ 

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. 

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ 

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ 

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ 

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ 

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber 

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ 

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ 

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial 

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. 

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

This episode was produced by Story On Media & Marketing: https://www.successwithstories.com 

What are some of the biggest cybersecurity risks medical devices face after they hit the market?

This episode dives into the challenges of postmarket surveillance for medical devices. Christian and Trevor discuss vulnerabilities that emerge after deployment, how manufacturers and hospitals handle updates, and why continuous security testing is essential. They also cover penetration testing and the evolving regulatory landscape for medical device cybersecurity.

Key points: 

* The importance of postmarket surveillance in medical device cybersecurity.

* How vulnerabilities in third-party libraries can create security risks.

* The FDA’s push for over-the-air (OTA) updates and the associated attack vectors.

* The necessity of a Coordinated Vulnerability Disclosure (CVD) system.

* Why hospitals struggle with unpatchable medical devices in their networks.

* The role of Software Bill of Materials (SBOM) in monitoring supply chain security.

* How penetration testing identifies new threats even after a device is launched.

* How attackers exploit known vulnerabilities in medical devices.

* The misconception that cybersecurity is a one-time effort rather than an ongoing process.

Chapters: 

(02:30) Medical Device Vulnerabilities

(05:45) Over-the-Air Updates

(10:20) Coordinated Vulnerability Disclosure 

(15:15) SBOM in Medical Device Security

(20:45) Why Hospitals Struggle with Unpatchable Devices

(25:30) Continuous Penetration Testing

Resources mentioned in this episode: 

* CISA Known Exploited Vulnerabilities List: https://www.cisa.gov/known-exploited-vulnerabilities-catalog 

* NTIA Software Bill of Materials Guidelines: https://www.ntia.gov/page/software-bill-materials 

* FDA Cybersecurity Guidance for Medical Devices: https://www.fda.gov/medical-devices/digital-health-center-excellence/cybersecurity 

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com 

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session 

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. 

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ 

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ 

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ 

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ 

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber 

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ 

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ 

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial 

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. 

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

This episode was produced by Story On Media & Marketing: https://www.successwithstories.com 

What is threat modeling, how does it differ from penetration testing, and why are both necessary? 

This episode dives into the nuances of advanced threat modeling for medical devices. Christian and Trevor discuss essential frameworks, the importance of early cybersecurity integration, and real-world examples of vulnerabilities in healthcare environments. 

Key points: 

* Threat modeling involves stepping into the mindset of an attacker to identify and mitigate vulnerabilities.

* Entry points like Bluetooth, USB ports, and sloppy coding are critical concerns in medical device cybersecurity.

* Frameworks such as STRIDE and MITRE ATT&CK help categorize and analyze potential threats.

* Penetration testing provides deeper insights than vulnerability scanning.

* Hospital networks are inherently insecure.

* Denial-of-service and delayed-service attacks can directly impact patient safety, especially for critical devices.

* Supply chain vulnerabilities, including insecure firmware and software, present significant risks.

* A layered security approach, akin to physical safes and home security, enhances device protection.

* Real-world threat modeling extends beyond cybersecurity, as illustrated by examples like fire escapes and shark encounters.

Chapters: 

(01:24) Home Base Security

(02:46) Defining Threat Modeling 

(06:24) Entry Points 

(13:10) STRIDE Framework

(19:05) Penetration Testing vs. Vulnerability Scanning

(25:14) Holistic Vulnerability Analysis

(27:27) Real-Time Threat Modeling

Resources mentioned in this episode: 

* "MITRE Playbook for Threat Modeling Medical Devices"

* STRIDE Threat Modeling Framework

* MITRE ATT&CK Framework: https://attack.mitre.org 

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com 

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session 

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. 

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ 

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ 

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ 

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ 

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber 

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ 

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ 

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial 

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. 

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

This episode was produced by Story On Media & Marketing: https://www.successwithstories.com 

How might the second Donald Trump administration and Robert F. Kennedy Jr. impact the medtech cybersecurity world? 

In this episode, Christian and Trevor discuss how the Trump administration and RFK Jr.’s policies could reshape medical device cybersecurity and regulation. They explore potential Food and Drug Administration restructuring, the impact of tariffs on China, and new scrutiny on supply chains and AI components. 

Key points: 

* The Trump administration’s focus on efficiency and deregulation may clash with RFK Jr.’s push for stricter safety rules.

* FDA restructuring is rumored, with potential divisions for food, drugs, and medical devices.

* Increased oversight may make it harder for startups to bring devices to market.

* Tariffs on Chinese components could drive up costs and slow down innovation.

* Cybersecurity concerns around AI models like DeepSeek raise new challenges.

* The potential elimination of the CSRB could shift more cybersecurity responsibilities to private companies.

* Elon Musk’s Department of Government Efficiency (DOGE) and its potential impact on FDA processes.

Chapters: 

(03:30) What Trump & RFK Jr Policies Mean for MedTech

(07:50) Tariffs on China

(13:15) Supply Chain Risks

(19:45) FDA Restructuring

(25:00) The Future of Incident Response & Cybersecurity in Medical Devices

(30:10) Advice for Startups

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com 

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session 

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. 

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ 

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ 

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ 

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ 

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber 

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ 

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ 

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial 

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. 

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

This episode was produced by Story On Media & Marketing: https://www.successwithstories.com 

How does the FDA’s latest AI guidance on medical devices impact manufacturers and cybersecurity challenges in healthcare?

In this episode, Christian and Trevor discuss the latest FDA AI guidance and how it will impact real-world AI applications in healthcare. 

Key points: 

* The FDA’s new guidance on AI in medical devices, released in January 2025.

* Differences between artificial intelligence (AI) and machine learning (ML).

* Historical context of AI, including early examples like Microsoft’s Clippy.

* Potential risks of AI in healthcare, including data poisoning, model inversion, and evasion.

* Challenges of ensuring AI integrity, confidentiality, and availability.

* The concept of model bias and how it impacts diagnostic accuracy.

* Practical cybersecurity strategies for AI-enabled medical devices.

* Importance of ongoing post-market monitoring to address performance drift.

* Value of consulting cybersecurity experts early in the development lifecycle.

Chapters: 

(02:52) AI’s Role in Healthcare

(05:50) Historical Context: From Clippy to ChatGPT

(08:15) Understanding AI Models and Training Data

(11:00) Risks: Data Poisoning and Hallucinations

(18:06) Mitigating Bias and Narrowing AI Applications

(23:39) Model Evasion and Performance Drift

(37:55) Securing AI Across the Product Lifecycle

Resources mentioned in this episode: 

* The U.S. Food and Drug Administration 2025 AI Guidance: https://bit.ly/FDA-AI-medical-devices 

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com 

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session 

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. 

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ 

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ 

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ 

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ 

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber 

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ 

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ 

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial 

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. 

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

This episode was produced by Story On Media & Marketing: https://www.successwithstories.com 

How does human behavior impact medical device cybersecurity? Also, why do cybersecurity awareness programs often fail to make a lasting impact?

This episode dives into the human factor in medical device cybersecurity. Christian and Trevor discuss how human error and resistance to change contribute to vulnerabilities in healthcare networks and medical devices. They share real-life stories and actionable insights to encourage collaboration and better security practices across teams.

Key points: 

* The human factor is often the weakest link in cybersecurity, with social engineering attacks frequently succeeding.

* Cybersecurity awareness training often fails to produce meaningful changes in behavior.

* Network segmentation is a critical step in reducing the impact of breaches in healthcare environments.

* Integrating secure coding practices into software development from the outset.

* Legacy medical devices often lack basic security controls, creating significant vulnerabilities.

* FDA guidance is driving improvements in medtech cybersecurity but often meets resistance.

* Penetration testing reveals common issues like default credentials and poorly configured networks.

* Budget constraints often lead to insufficient investment in cybersecurity—until after a breach occurs.

* Cultural resistance to change hinders the adoption of necessary security measures.

Chapters: 

(02:03) Defining the Human Factor in Cybersecurity

(04:37) Why Cybersecurity Is Seen as a Necessary Evil

(07:52) Penetration Testing Stories from Hospital Networks

(12:55) Addressing Human Error in IT and Engineering Teams

(16:41) The Importance of Secure Coding in Software Development

(19:02) FDA Guidance and Its Impact on MedTech Security

(23:03) The Need for Cultural Change

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com 

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session 

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Director of Medical Device Cybersecurity at Blue Goat Cyber. 

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ 

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ 

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ 

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ 

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber 

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ 

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ 

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial 

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. 

Subscribe via Spotify: https://spoti.fi/3XX95g0

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts

This episode was produced by Story On Media & Marketing: https://www.successwithstories.com