The Med Device Cyber Podcast

Ever thought about what it really takes to launch a successful medtech startup?Omar M. Khateeb knows the challenges firsthand. As a founder with a track record of building healthtech companies, he’s lived through the hurdles that come with innovating in the medtech space.In this episode, Omar dives into the highs and lows of his entrepreneurial journey, sharing key lessons, pivotal moments, and the strategies that helped him succeed. From tackling complex healthcare issues to navigating the regulatory maze, Omar breaks down what it takes to make a lasting impact in medtech.Join us for an inside look at the future of health tech and why it’s the perfect time for the next generation of entrepreneurs to get involved.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.comIf you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Feedback? Questions? Contact: https://bluegoatcyber.com/contact/Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficialThe Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmhSubscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Why does software composition analysis matter beyond regulatory compliance?This episode explores SCA (Software Composition Analysis) and explains how SBOMs (Software Bill of Materials), SOUP (Software of Unknown Provenance), and related tooling fit into the broader medical device cybersecurity landscape. Christian and Trevor clarify common misconceptions, including licensing fears, machine-readable requirements, and the role of static testing tools.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.comIf you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Feedback? Questions? Contact: https://bluegoatcyber.com/contact/Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficialThe Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmhSubscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

What past ransomware and medical device incidents might reveal gaps that manufacturers are still overlooking today?In this episode, Christian and Trevor examine real incidents where cybersecurity failures, software flaws, and insecure medical devices led to patient harm and death. They break down how ransomware attacks, implantable device vulnerabilities, and AI-driven therapies expose life-critical risks in healthcare. The conversation highlights why regulators are increasing scrutiny and why cybersecurity must be treated as a patient-safety imperative, not an afterthought.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 This episode was produced by Story On Media: https://www.storyon.co/

This episode puts Trevor in the hot seat. If you were put in the hot seat, could you clearly explain cybersecurity, safety, and lifecycle terms like Trevor?In this rapid-fire episode, Christian fires questions at Trevor about essential medical device cybersecurity concepts and standards. Together, they clarify how risk management, secure development, and lifecycle thinking intersect across safety, quality, and security. The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 This episode was produced by Story On Media: https://www.storyon.co/

MedTech developers, do you know which penetration testing methodology the FDA actually prefers for medical device submissions?In this episode, Christian and Trevor explain the differences between black, grey, and white box penetration testing and how each impacts the completeness and realism of cybersecurity assessments. They highlight why regulators increasingly expect deeper testing supported by source-code-level insights. They also outline the risks, costs, and delays manufacturers face when choosing insufficient testing approaches during FDA submission.Key points: (01:25) Learn how black box testing mimics an attacker with no prior knowledge. (06:27) How grey box testing blends limited credentials, architecture insight, and direct communication with engineers to expand visibility.(08:29) Why white box testing includes access to full documentation, processes, and source code.(10:20) How attacker timeframes differ from tester timeframes. (11:29) How the FDA’s static analysis, SBOM, and risk evaluation requirements tie naturally into white box testing workflows.(15:06) Learn why choosing black box testing to save money often results in higher total costs after FDA rejection.(17:47) Hear why “buy once, cry once” applies to penetration testing. The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 This episode was produced by Story On Media: https://www.storyon.co/

What risks do you take when cybersecurity is left off your development roadmap?In this episode, Christian, Trevor and guest Jim Goodmiller explore how cybersecurity intersects with regulatory expectations and quality systems, creating new challenges and opportunities for medtech innovators. Jim helps to explain why founders must integrate cybersecurity from concept through commercialization, especially as FDA scrutiny increases.Key points: 00:48 Why cybersecurity now influences every part of the regulatory landscape.04:48 How technologies can create serious safety and compliance risks when not fully vetted.10:45 Cybersecurity as a mandatory component of regulatory planning.14:52 The need for iterative penetration testing 22:16 Challenges of upgrading legacy devices25:37 Avoiding serious legal consequences.29:29 Preparing a complete roadmap for investor confidence 40:08 The role of communicationThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Thanks to Jim Goodmiller for being on the show. Connect with Jim on LinkedIn: https://www.linkedin.com/in/jimgoodmiller/ Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is...

Medtech innovators and medical device manufacturers, how can you prevent cybersecurity deficiencies from delaying your FDA submission?In this webinar, Christian Espinosa, CEO of Blue Goat Cyber, and Trevor Slattery, CTO of Blue Goat Cyber, reveal the most common reasons FDA cybersecurity submissions fail and how you can avoid them. They explain the importance of early risk management, security-by-design practices, and comprehensive testing aligned with NIST and AAMI frameworks. Explored in this webinar: 00:37 Why poor cybersecurity is a top reason for FDA medical device rejection.02:56 The FDA’s total product lifecycle approach.05:18 Why risk management must start before design. 07:35 How AAMI TR57 and ISO 14971 interact to assess patient harm. 10:51 The FDA requirement for traceability among functional, nonfunctional, and security requirements. 16:16 Why cybersecurity testing must cover the entire product (mobile, cloud, etc.).23:33 Why inadequate documentation for critical controls (authentication, logging, encryption) often causes FDA deficiencies.This episode was brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect...

MedTech manufacturers, how can you avoid the cybersecurity pitfalls that most often lead to FDA rejection?In this episode, Trevor puts Christian “in the hot seat” to tackle the most common—and sometimes misunderstood—cybersecurity questions MedTech innovators ask. Christian breaks down key concepts such as ISO 13485, HIPAA vs. FDA expectations, SAMD vs. SIMD, global regulatory demands, and more. Key points: (00:30) The purpose of ISO 13485 and why traceability, quality, and documentation are foundational to medical device safety.(02:34) How cybersecurity is now the most common reason FDA reviewers reject medical devices.(04:32) Why HIPAA focuses on patient data while the FDA focuses on patient safety.(07:21) Which global regulators impose the strictest cybersecurity requirements and how FDA and China differ.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber...

What are the 18 required cybersecurity deliverables for a pre-market submission, and how do they map to eSTAR’s 13 sections? This episode breaks down the cybersecurity deliverables required for an FDA pre-market submission and explains why they apply consistently across all device types. Christian and Trevor walk through each deliverable in detail, outline how they map to eSTAR v6.0, and highlight common misconceptions that slow down manufacturers. Key points: (00:33) Why all devices—high-risk or low-risk—must submit the same 18 cybersecurity deliverables to the FDA.(01:41) How device complexity influences documentation depth even though the deliverables never change.(04:42) How the 18 deliverables map to the 13 sections of eSTAR version 6.0. (09:50) The risk management report, threat model, risk assessment, and SBOM requirements.(17:41) How to evaluate and categorize unresolved anomalies.(20:04) How manufacturers should track remediation timelines and vulnerability density.(23:52) The cybersecurity management plan and the extensive post-market responsibilities expected by the FDA.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each...

MedTech manufacturers, how prepared are you to monitor vulnerabilities continuously once your medical device reaches the market? Also, would you like a free checklist for your Cybersecurity Management Plan? (See link below!) This webinar dives into how medical device manufacturers should build, maintain, and document postmarket cybersecurity programs that align with FDA expectations. Christian and Trevor outline critical requirements such as continuous SBOM monitoring, testing timelines, update processes, CVD workflows, and secure communication standards. Topics explored: (03:14) How the FDA's definition of "cyber device"  includes devices with Wi-Fi, Bluetooth, USB, RFID, and NFC connectivity.(05:19) Recent FDA guidance changes, including updated cybersecurity expectations.(10:30) Cybersecurity management plan personnel: compliance officer, product owner, postmarket owner, and authorizing official.(12:30) Static testing, SBOM analysis, penetration testing, and vulnerability assessments. (17:50) Security testing expectations and frequencies. (20:30) Patching, update processes, and remediation timelines. Download your free Cybersecurity Management Plan Checklist: https://bluegoatcyber.com/wp-content/uploads/2025/09/Blue-Goat-Cyber-Postmarket-Management-Checklist.pdf This episode was brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage:

In the MedTech space, how can you leverage market intelligence and machine learning for business development and sales enablement? In this episode, Christian and Trevor talk with Kevin Saem about how market intelligence and cybersecurity intersect in the MedTech space. They unpack how AI and data-driven insights are transforming sales enablement, investor confidence, and device security. They also discuss regulation delays, startup runway challenges, and the growing need for proactive cybersecurity. Kevin Saem founded Zapyrus, a SaaS platform that helps MedTech service providers supercharge sales through AI-driven market intelligence.Key points: (04:20) Why medtech lags five years behind pharma in regulation and sales sophistication.(06:30) How Zapyrus uses machine learning to identify market signals and automate sales research.(08:45) Why regulatory clarity in Europe is fueling more medtech investment than in the U.S.(12:00) How AI and connected devices are making cybersecurity a top concern for investors.(19:07) What the Illumina case and AI therapy failures reveal about industry accountability.(26:30) How medtech founders can self-regulate.(32:40) When companies should start building scalable sales systems. Thanks to Kevin Saem for being on the show. Connect with Kevin on LinkedIn: https://www.linkedin.com/in/kevin-saem/ Learn about Zapyrus, a sales system for MedTech service providers: https://welcome.zapyrus.com/ The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions?

In medical device software development, why should cybersecurity be viewed as an element of product quality, not an add-on?In this episode, Christian and Trevor speak with Randy Horton of Orthogonal about the future of medical device software development. Together, they unpack how DevSecOps, quality systems, and modern engineering practices can elevate safety and speed innovation in MedTech. From the philosophy behind “move faster and break nothing” to lessons learned from real-world cybersecurity cases, this conversation reframes how medical device teams should approach software design.Randy Horton is the Chief Solutions Officer at Orthogonal, where he helps MedTech companies build better, safer, and smarter connected devices. A lifelong software innovator, Randy brings profound insight into what it takes to merge cutting-edge tech with the regulated world of healthcare.Key points: (03:00) Randy shares how discovering the first web browser set him on a lifelong path of innovation.(05:11) Why high-quality software inherently includes cybersecurity.(08:52) Why traditional engineering mindsets struggle with the flexibility of software development.(12:42) How the “move fast” culture in Silicon Valley clashes with MedTech’s demand for control and safety.(16:09) Why some manufacturers avoid updating medtech devices, and how that hurts long-term device security.(19:49) Randy predicts that born-digital MedTech companies will lead the next wave of innovation, pushing the industry to adapt faster.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Thanks to Randy Horton for being on the show. Learn more about Orthogonal: https://orthogonal.io/ Connect with Randy on LinkedIn: https://www.linkedin.com/in/randyhorton Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Trevor Slattery on LinkedIn:

What options do MedTech manufacturers have to bring older devices up to modern cybersecurity standards? Also, how does the FDA’s latest guidance change the process for updating legacy devices?In this episode, Christian and Trevor break down the evolving challenges of managing cybersecurity for MedTech legacy devices. They explain how the FDA’s recent guidance updates create new pathways for handling older devices without requiring full redesigns. Together, they explore practical steps manufacturers can take—like penetration testing and postmarket monitoring—to stay compliant and proactive about security risks.Key points: (02:13) How the FDA defines legacy devices and why updates to older equipment pose unique challenges.(03:47) Why simply replacing old devices isn’t realistic for many healthcare organizations.(05:00) How encryption standards evolve and why older devices often can’t meet modern security expectations.(06:25) The FDA’s distinction between controlled and uncontrolled risk. (09:02) The FDA’s reduced burden pathway for legacy devices.(11:07) Best practices for postmarket management plans. The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive...

How can security architecture views strengthen a medical device manufacturer’s FDA submissions?This episode/webinar dives into the four critical security architecture views required by the FDA: global system, multi-patient harm, updatability and patchability, and secure use case views. Christian Espinosa and Trevor Slattery explain how each view strengthens product security while aligning with regulatory expectations. They also share practical strategies and examples, from cloud environments to physical updates, highlighting how proper documentation and foresight can mitigate real-world risks.Highlights: (01:19) Learn why the FDA requires four specific security architecture views and how they support threat modeling.(03:10) Understand how integrating security into architecture views reflects secure coding and DevSecOps practices.(04:15) Discover how global regulators beyond the FDA use similar documentation requirements.(07:52) Explore why global system views must include both software and hardware components as well as data flows.(11:02) The distinction between global system views and multi-patient harm views. (14:36) Common vulnerabilities like hard-coded credentials that can lead to multi-patient harm.(19:18) The risks of over-the-air updates versus physical updates for medical devices.This episode was brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube:

How can AI literacy reduce patient risk in healthcare settings? In this episode, Christian Espinosa and Trevor Slattery are joined by Dr. José Acosta. Together, they unpack the promise and pitfalls of artificial intelligence in healthcare—from the accuracy gap in diagnostics to the importance of ethics, alignment, and training. The conversation explores how clinicians can harness AI safely, ensuring innovation never comes at the cost of patient trust or care quality.Dr. José Acosta is a retired Navy trauma surgeon turned AI literacy advocate. With decades of experience in medicine and leadership, he’s now helping clinicians understand AI—from how it works to how it should be used responsibly.Key points: (00:57) José’s background as a Navy trauma surgeon and his passion for AI literacy.(02:53) What “AI literacy” really means. (05:00) Why precision matters in medicine, and why 85–95% accuracy in AI models isn’t enough when lives are on the line.(11:20) A chilling example of an AI therapy app that gave a fatal recommendation. (14:16) José predicts a surge in “ambient AI scribes” and explains how they’ll reshape physician workflows. (17:53) AI’s productivity paradox—how new tools can both help and overwhelm clinicians.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cybercriminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Thanks to José Acosta for being on the show. Connect with José on LinkedIn: https://www.linkedin.com/in/joseacostasd/ Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage:

MedTech developers and manufacturers, could your medical device unknowingly qualify as a “cyber device”?In this episode, Christian and Trevor break down what the FDA considers a “cyber device” and why so many manufacturers misunderstand this definition. They reveal how even basic interfaces like USB, HDMI, or Bluetooth can make a device cyber-enabled—and why that matters for regulatory compliance. Key points: (00:33) What makes a medical device a “cyber device,” and why confusion persists among manufacturers.(02:14) How proving a device has zero vulnerabilities is nearly impossible, even with minimal code.(03:12) Why even a simple USB port can classify a device as “cyber.”(05:05) Common interfaces (Wi-Fi, Bluetooth, RFID, NFC, HDMI) that make a device cyber-enabled.(09:23) Implantable devices, like pacemakers, and how protocols such as MedRadio introduce hidden connectivity.(12:20) A real case where the FDA classified a 3D-printing system as a cyber device due to its software dependencies.(16:15) Practical advice on removing unnecessary ports or connectivity to avoid cyber classification.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cybercriminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 This episode was produced by Story On Media: https://www.storyon.co/

In this episode, Christian and Trevor unpack the five most common misconceptions that put medical device manufacturers at risk. From confusing data protection with patient safety to misunderstanding what qualifies as a cyber device, the hosts shed light on the blind spots that cause costly delays and compliance failures. They also explore how medical device cybersecurity differs fundamentally from traditional cybersecurity, emphasizing the need for specialized expertise and early integration of secure design principles.Key points: (01:18) Misconception #1: That cybersecurity is only about protecting data rather than patient safety.(06:04) Misconception #2: That your product isn’t a “cyber device.” (07:46) Misconception #3: That cybersecurity is a one-time thing to study rather than a full lifecycle process.(12:17) Misconception #4: That software developers inherently understand cybersecurity.(19:10) Misconception #5: Thinking that traditional cybersecurity and medical device cybersecurity are the same. The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cybercriminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a...

MedTech manufacturers and developers, what happens if your AI-powered medical device makes a terrible, life-threatening mistake?This episode explores what happens when artificial intelligence in medical devices goes wrong. Christian Espinosa and Trevor Slattery break down the real-world consequences of AI failure, using a tragic mental health chatbot case to highlight the stakes of inadequate oversight. They also examine the EU AI Act, new MDCG guidance, and the ethical, regulatory, and cybersecurity challenges facing innovators in the high-risk medical AI space.Key points: (03:02) The EU AI Act and how it intersects with the MDR and IVDR.(03:55) A real case study involving a suicidal patient and an AI mental health chatbot.(06:07) How general-purpose AI tools differ from regulated medical AI.(09:57) Why threat modeling should apply to AI systems.(12:16) Ethical decision-making in autonomous systems using self-driving car analogies.(14:02) The Medical Device Coordination Group’s guidance on aligning the AI Act with EU medical device regulations.(17:10) Shared accountability across regulators, manufacturers, and users for AI oversight.(18:35) The U.S. still treats AI as a “Wild West” compared to the EU’s stricter approach.(22:42) Regulators aren’t asking if your AI works—they’re asking how it fails.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube:

What are some of the greatest challenges medical device startups face when bringing their products to market?This episode features Suzy Engwall, a healthcare innovation consultant with experience mentoring startups and guiding hospitals. She joins Christian Espinosa and Trevor Slattery to discuss the hidden roadblocks medical device innovators face—from funding gaps to internal hospital politics to overlooked cybersecurity. Together they unpack the realities of FDA compliance, AI-driven decision support, and why raising cybersecurity awareness early can mean the difference between market success and failure.Suzy Engwall is a healthcare innovation leader who’s spent the last 20 years shaking up hospitals and mentoring startups. She runs HealthTech Strategies, where she helps founders, investors, and clinicians bridge the gap between big ideas and practical adoption.Key points: (04:38) Challenges medtech startups face include funding, go-to-market strategy, and regulatory hurdles, with cybersecurity often overlooked.(05:56) Why 93% of med tech startups fail. (08:01) How internal politics within hospitals can derail promising innovations.(09:32) Hospitals now scrutinize devices for cybersecurity risk beyond FDA approval, raising the bar for manufacturers.(12:19) Legacy devices often fail modern cybersecurity requirements, forcing redesigns and frustrating manufacturers.(16:43) AI in diagnostics: who’s responsible when mistakes occur?(23:24) Why patients rarely question medical devices. (31:28) Why cybersecurity is often the last thing innovators ask about—and why that mindset must change.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cybercriminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Thanks to Suzy Engwall for being on the show. Connect with Suzy on LinkedIn: https://www.linkedin.com/in/sengwallChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber Feedback?...

How safe are the medical devices I rely on, and what are the biggest cybersecurity risks I should know about?In this episode, the team goes behind the scenes of real-world medical device penetration testing to reveal the 10 most common and dangerous cybersecurity vulnerabilities found in medical devices. The discussion covers practical examples, industry standards, and actionable advice for manufacturers and healthcare organizations.Key points: (0:00) Introduction & Penetration Testing Context(1:29) Why Penetration Testing Matters in MedTech(5:50) Top 10 Medical Device Vulnerabilities:1. Hardcoded/Default Credentials – Default passwords, BIOS passwords, and supply chain issues.2. Unsecured Communication Channels – Lack of encryption, outdated standards, key management, and device constraints.3. Outdated/Vulnerable Third-Party Components – Software Bill of Materials (SBOM), continuous monitoring, and post-market risks.4. Improper Access Control – Weak authentication, privilege escalation, and user data exposure.5. Debug Interfaces Left Enabled – JTAG/UART ports, physical access, and mitigation strategies.6. Missing/Weak Firmware Integrity Checks – Secure boot, code signing, and white-box testing.7. Poor Session Management – Session timeouts and session hijacking.8. Fuzzing Vulnerabilities (Buffer Overflows) – Fuzz testing, buffer overflows, and legacy devices.9. Lack of Tamper Detection – Audit trails, tamper-evident stickers, and physical controls.10. No Rate Limiting/Automation Controls – Brute-force attacks, automation, and rate limiting.(37:26) Secure Product Development Frameworks, and DevSecOps.(38:04) Regulatory Perspective.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Thanks to Myles Kellerman for being on the show. Connect with Myles on LinkedIn: https://www.linkedin.com/in/myles-kellerman-5763aa22Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: a...