Sign up to save your podcasts
Or
Share Total Product Lifecycle Security: From Design to Disposal
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Total Product Lifecycle Security: From Design to Disposal
How well does your security strategy cover the entire product lifespan—from concept to decommissioning?
This episode dives into the importance of the Total Product Lifecycle (TPLC) and Secure Product Development Framework (SPDF) in medical device cybersecurity. Christian and Trevor share stories, best practices, and pitfalls from real-world cases involving update security, insecure development environments, and overlooked decommissioning risks.
Key points:
(1:50) Intro to TPLC and SPDF
* The importance of TPLC and SPDF in secure development.
(7:00) Update Vulnerabilities and OTA Risks
* An example of compromised keys in an otherwise secure over-the-air (OTA) process.
* Trade-offs between update convenience and security.
(12:16) Threat Modeling
* Threat modeling’s application to development environments.
* The overlooked risks of data storage locations and natural disasters.
(17:24) Infrastructure Challenges
* How clients struggled with infrastructure across hospital environments.
* How scripts and hardcoded passwords can introduce risk.
(19:56) Building a SPDF That Works
* Best practices: coding standards, multi-layer review, and automated testing.
* Secure development is like planning for your own death—it’s hard, but necessary.
The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com
If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session
Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.
Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/
Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/
Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/
Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/
Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber
Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9
Feedback? Questions? Contact: https://bluegoatcyber.com/contact/
Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/
Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial
The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.
Subscribe via Spotify: https://spoti.fi/3XX95g0
Subscribe via Apple Podcasts: https://apple.co/483OJ9I
Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts
This episode was produced by Story On Media: https://www.storyon.co/
View all episodes
By Blue Goat CyberHow well does your security strategy cover the entire product lifespan—from concept to decommissioning?
This episode dives into the importance of the Total Product Lifecycle (TPLC) and Secure Product Development Framework (SPDF) in medical device cybersecurity. Christian and Trevor share stories, best practices, and pitfalls from real-world cases involving update security, insecure development environments, and overlooked decommissioning risks.
Key points:
(1:50) Intro to TPLC and SPDF
* The importance of TPLC and SPDF in secure development.
(7:00) Update Vulnerabilities and OTA Risks
* An example of compromised keys in an otherwise secure over-the-air (OTA) process.
* Trade-offs between update convenience and security.
(12:16) Threat Modeling
* Threat modeling’s application to development environments.
* The overlooked risks of data storage locations and natural disasters.
(17:24) Infrastructure Challenges
* How clients struggled with infrastructure across hospital environments.
* How scripts and hardcoded passwords can introduce risk.
(19:56) Building a SPDF That Works
* Best practices: coding standards, multi-layer review, and automated testing.
* Secure development is like planning for your own death—it’s hard, but necessary.
The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com
If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session
Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.
Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/
Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/
Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/
Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/
Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber
Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9
Feedback? Questions? Contact: https://bluegoatcyber.com/contact/
Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/
Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial
The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.
Subscribe via Spotify: https://spoti.fi/3XX95g0
Subscribe via Apple Podcasts: https://apple.co/483OJ9I
Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts
This episode was produced by Story On Media: https://www.storyon.co/