The Med Device Cyber Podcast

Devices that do not integrate into the clinical workflow sit unused regardless of technical sophistication. Physicians work in high-pressure environments where equipment must be 100 percent reliable, secure, and enhance workflow rather than disrupt it.Professor Aamer Ahmed, a Consultant in Cardiothoracic Anaesthesia, Professor of Anaesthesia and Critical Care at the University of Leicester, and co-founder of Hemeo, a medical technology company designing AI-based personalized Clinical Decision Support Systems for coagulation disorders, discusses with Christian Espinosa and Trevor Slattery why involving Key Opinion Leaders at the design stage prevents expensive redesigns, what alarm fatigue does to clinical decision-making, and how legal precedent will determine AI liability as therapeutic recommendations become more common.He also explains why the best medtech development approach involves spending time in hospitals observing physicians before engineering products, how digital twin models enable personalized clinical predictions, and why common sense is not always common practice in device design.The discussion offers practical advice for building devices clinicians actually use.Episode Breakdown:00:01 Introduction00:33 Role explanation02:49 KOL involvement03:32 Workflow integration05:36 Seamless design07:13 Problem-first approach07:35 Clinical observation08:45 Digital twin12:20 IT security18:30 AI support22:15 Accountability26:40 Alarm fatigue32:10 Liability34:07 Advice38:13 SimplicityThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com.If you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Marketing medical devices requires understanding that stakeholders are different, buying processes are longer, and friction points are more complex than consumer products or software. Most companies build websites and attend trade shows hoping prospects will decode their message, but prospects do not have time for that.Sustained adoption is not the same as initial purchase. It means the device is used continuously with no friction, no concerns, and no barriers, causing users to stop or switch. Getting there requires understanding every stakeholder involved, what questions they have at each stage, and what fears might stop them.This episode covers how to structure marketing that moves stakeholders through a clear path, why ideal client profile refinement produces better results than broad targeting, and how one advisor identified exact pain points to cut through noise and convert a prospect.Practical advice for anyone responsible for medtech marketing or go-to-market strategy.Episode Breakdown:00:02 Welcome00:21 Intro02:15 Origin04:36 Challenges06:51 Foundation07:00 Knowledge gap09:30 Adoption11:45 Mapping15:20 Friction18:40 Content22:30 Targeting26:15 Failures30:45 Pain points34:20 Clarity38:50 Tradeoffs40:44 AdviceThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com.If you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Medical device risk assessments are failing patients, not because the process is too hard, but because nobody doing the assessment has ever been in the room where the device actually gets used.Medtech quality and regulatory leader Stephen Smith describes sitting in a risk session for a device going into an intensive care unit. Twelve people in the room, and not one had ever set foot in an ICU. If you have never been in the environment your device will operate in, risk identification becomes guesswork, mitigations get written for problems that are not the actual problems, and the device goes to market with gaps that stay hidden until something goes wrong.This episode covers why the user environment is the most consistently ignored variable in medical device development, and how that same gap shows up in cybersecurity risk assessments.Also discussed: the $5,000 problem that gets rationalized today has a way of becoming the $500,000 crisis that cannot be ignored tomorrow, and what this argument actually looks like in practice.Stephen also explains why CE marking proves you passed an audit and why FDA clearance does not mean the FDA approved your device.Worth listening to if you are focused on medtech quality, regulatory, or cybersecurity.Episode Breakdown:00:00 Opening quote00:47 Intro and guest background04:14 QA vs RA vs QC06:00 Cybersecurity in quality systems08:30 Risk as the foundation11:20 Ignoring clinicians and user environments13:00 ICU risk assessment example14:19 Startups and product market fit15:30 Key Opinion Leaders16:47 Companies hiring comfortable consultants18:30 $5,000 vs $500,00020:00 Why quality and cybersecurity are invisible22:00 What regulators actually review22:54 Self-signed certificates24:30 Cybersecurity speed vs regulation speed26:30 CE marking is not a quality guarantee27:00 Lost instructions for use28:40 Cleared vs approved29:45 Prevention is better than cure31:00 Final advice32:00 Racing analogyThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry.Learn more by visiting https://bluegoatcyber.comIf you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and Founder of Blue Goat Cyber.Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Ten years ago, Singapore's healthcare system got hacked. Patient records were stolen at a national scale. The government responded by building one of the most comprehensive medical device security frameworks in the world.The Cybersecurity Labeling Scheme has four tiers. Level one means basic security controls exist. Level four means the device underwent independent code review, has advanced threat detection, and maintains continuous vulnerability management. Hospitals can see exactly what level of security they're getting before they buy.Jun Xiang from CareHero explains why this matters, especially now that AI is showing up in medical devices without proper testing. He covers adversarial attacks on medical images, why doctors are uploading patient data to ChatGPT, and what automation bias does to clinical decision making.Practical conversation about medical device security in Southeast Asia and what manufacturers need to know about Singapore's approach.Episode Breakdown:00:01 Welcome00:31 Background01:09 Military service03:09 AI threats03:45 23% problem04:40 X-rays ChatGPT05:43 Attacks08:15 Poisoning11:30 Hallucinations14:20 AI code17:45 Vulnerabilities20:30 Pair programming23:15 Guardrails26:40 Automation bias28:50 AI scribes31:20 Dialects34:05 Pre-triage36:32 Pricing37:25 Pair programmer37:40 Human interpretationThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry.Learn more by visiting https://bluegoatcyber.comIf you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and Founder of Blue Goat Cyber.Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

SBOMs are one of the most common sources of FDA deficiencies in medical device submissions. Most companies think they're doing it right, but then they get feedback asking for missing components or clarification on what's included.In this webinar, Christian Espinosa and Trevor Slattery explain what the FDA actually expects in an SBOM and why it's not just about listing third-party libraries. You need to include first-party code too. You need to follow the NTIA minimum elements. And you need to provide it in a machine-readable format like SPDX or CycloneDX.Trevor walks through the history of SBOMs, from their origins in licensing compliance to their current role in medical device cybersecurity. He explains the shift-left approach the FDA wants to see and why transparency matters for healthcare delivery organizations making purchasing decisions.The webinar also addresses a big concern people have. Does publishing an SBOM give attackers a roadmap to your system? Trevor breaks down why that's not actually a problem if you're managing your security properly.If you're building a connected medical device or preparing for an FDA submission, this is a clear breakdown of how to get your SBOM right the first time.Webinar Breakdown:00:00 Welcome and introduction to SBOMs00:44 What is an SBOM and why does it matter03:10 The history of SBOMs: From licensing to cybersecurity07:20 Why the FDA cares about SBOMs11:30 The biggest mistake: Leaving out first-party code15:45 NTIA minimum elements explained19:20 Machine-readable formats: SPDX and CycloneDX23:00 Real-world examples: Log4j and Shellshock26:15 Do SBOMs give attackers a roadmap? The truth29:40 Common myths about SBOMs33:50 Key takeaways for FDA submissions36:20 Q&A session beginsBlue Goat Cyber provides essential cybersecurity solutions for the medical device industry.Learn more by visiting https://bluegoatcyber.com.If you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and Founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Building medical device software is hard. Building it the right way is harder. And getting it through FDA approval while managing cybersecurity requirements? That's what Darcy Bachert has been doing for 17 years.Darcy runs Prolucid Technologies, an ISO 13485-certified software development firm in Toronto. They work with medtech companies across North America, Europe, and Australia.And in that time, he's seen the same mistakes repeatedly.The biggest one? Founders build products that solve problems nobody has. Or they build something physicians won't adopt because it adds complexity instead of making their lives easier.In this conversation, Darcy talks about IEC 62304 and why it matters when choosing a software partner. The Canadian medtech ecosystem and why Toronto is a major hub. And why quality systems and cybersecurity need to be built in from day one, not added at the end.This episode is practical if you're building a medical device or working with medtech startups.Episode Breakdown:00:01 Welcome and intro00:30 Darcy's background and Prolucid Technologies overview01:15 The origin of the name Prolucid Technologies01:58 Why clarity matters more than code04:18 Common challenges beyond software development06:11 Toronto's medtech ecosystem06:57 IEC 62304 and choosing the right development partner09:17 ISO 13485 certification and investor confidence12:04 Realistic timelines for medical device software15:32 Cost expectations and budget planning18:45 Building quality systems from the start21:20 Integrating cybersecurity throughout development24:15 When and how to do penetration testing27:30 Cybersecurity mistakes startups make30:42 The MTI program and Canadian medtech resources33:18 Canadian vs US medtech markets36:22 Physician adoption challenges40:18 Trevor: Don't invent your problem41:36 Darcy: Find partners who've done it before43:05 Christian: Balance user adoption with reimbursementThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com.If you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and Founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Marc Zemel has been building Retia Medical for 15 years. The company started as two guys with slides and licensed technology. Now their data-driven hemodynamic monitoring technology for consistently accurate cardiac output measurements in high-risk surgical and critically ill patients is in 75 hospitals across 18 countries, sold by Medtronic in the U.S, and the company is preparing to launch their new product Argos Infinity, pending FDA clearance.But getting here meant dealing with cybersecurity challenges that Marc didn't see coming. In this conversation, he talks about what actually slowed them down, what he wishes he'd done differently, and why building a proper quality system from day one would have saved him years of pain.Retia Medical develops algorithms that monitor cardiovascular function. Their technology detects problems before blood pressure drops, which makes it valuable in operating rooms and ICUs. Nurses have gotten so attached to their monitors that they literally hug them because the devices help them do their jobs better.Marc walks through the specific cybersecurity issues that surprised him. Like how software as a medical device comes with ongoing compliance costs that hardware doesn't have. Or how documentation requirements kept changing as the FDA updated its expectations. Or how retrofitting cybersecurity into an existing product is way more expensive than building it in from the start.He also shares his philosophy on building companies. He doesn't focus on exits or acquisition targets. He focuses on building something people can't live without. When the product is that good, the rest takes care of itself.If you're building a medical device startup or dealing with FDA submissions, this is a conversation worth hearing.Episode Breakdown:00:00 Introduction00:32 Where everyone's calling from02:54 Marc's background and journey into medtech04:33 What Retia Medical does07:00 Blood flow vs blood pressure09:45 Software vs hardware as a medical device12:30 Cybersecurity challenges15:20 Documentation nightmares18:45 Quality systems and why they matter early22:10 FDA submissions over 15 years25:30 The cost of retrofitting cybersecurity28:50 Software updates and compliance32:15 Build to be bought, not to be sold37:32 What acquirers look for39:02 Product market fit: Nurses hugging monitors41:14 Wearables and future regulationsThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com.If you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and Founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Thinking about taking your medical device to China? Or maybe you're a Chinese company looking at the American market?William Jin has spent over 30 years helping companies do exactly that, and he'll tell you straight up that most of them aren't ready. Not because they lack good products, but because they didn't think about cybersecurity early enough.William was trained as a medical doctor in Shanghai, then moved into the medtech industry working for companies like McCulloch and Stryker. Now he helps businesses on both sides of the Pacific figure out how to actually get their products approved and sold in each other's markets. The problems he sees are surprisingly similar whether you're going East or West.In this conversation, William walks through the real barriers to global expansion. We're talking about practical stuff like why using Google Cloud can completely block you from the Chinese market, how data sovereignty laws affect AI-powered devices, and why that Baxter ventilator recall should matter to everyone building connected medical devices.If you're in medtech and thinking about international markets, this is the reality check you need. William's advice is simple but critical: plan for your target markets before you start building. Otherwise, you'll spend millions redesigning later, or worse, you'll realize you can't enter those markets at all.Episode Breakdown:00:00 The costly mistake of not planning for global markets early00:44 Meet William Jin: Medical doctor turned medtech market strategist03:15 What's really stopping Chinese companies from entering Western markets07:20 Why Chinese medtech exports to the U.S. dropped while Europe increased11:40 The Google Cloud problem nobody warns you about15:50 How China's data regulations affect your algorithms and cloud architecture19:30 Reverse engineering your markets: Start with the end in mind23:00 Where Chinese companies dominate and where they struggle internationally26:45 The Baxter recall that was really about cybersecurity28:50 Why cybersecurity product recalls are fundamentally different29:20 William's final advice for medtech innovators29:40 Wrapping up: Design to disposal, not as an afterthoughtThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com.If you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and Founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Ever thought about what it really takes to launch a successful medtech startup?Omar M. Khateeb knows the challenges firsthand. As a founder with a track record of building healthtech companies, he’s lived through the hurdles that come with innovating in the medtech space.In this episode, Omar dives into the highs and lows of his entrepreneurial journey, sharing key lessons, pivotal moments, and the strategies that helped him succeed. From tackling complex healthcare issues to navigating the regulatory maze, Omar breaks down what it takes to make a lasting impact in medtech.Join us for an inside look at the future of health tech and why it’s the perfect time for the next generation of entrepreneurs to get involved.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.comIf you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Feedback? Questions? Contact: https://bluegoatcyber.com/contact/Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficialThe Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmhSubscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Why does software composition analysis matter beyond regulatory compliance?This episode explores SCA (Software Composition Analysis) and explains how SBOMs (Software Bill of Materials), SOUP (Software of Unknown Provenance), and related tooling fit into the broader medical device cybersecurity landscape. Christian and Trevor clarify common misconceptions, including licensing fears, machine-readable requirements, and the role of static testing tools.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.comIf you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Feedback? Questions? Contact: https://bluegoatcyber.com/contact/Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficialThe Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmhSubscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

What past ransomware and medical device incidents might reveal gaps that manufacturers are still overlooking today?In this episode, Christian and Trevor examine real incidents where cybersecurity failures, software flaws, and insecure medical devices led to patient harm and death. They break down how ransomware attacks, implantable device vulnerabilities, and AI-driven therapies expose life-critical risks in healthcare. The conversation highlights why regulators are increasing scrutiny and why cybersecurity must be treated as a patient-safety imperative, not an afterthought.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.comIf you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Feedback? Questions? Contact: https://bluegoatcyber.com/contact/Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficialThe Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmhSubscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

This episode puts Trevor in the hot seat. If you were put in the hot seat, could you clearly explain cybersecurity, safety, and lifecycle terms like Trevor?In this rapid-fire episode, Christian fires questions at Trevor about essential medical device cybersecurity concepts and standards. Together, they clarify how risk management, secure development, and lifecycle thinking intersect across safety, quality, and security.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.comIf you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Feedback? Questions? Contact: https://bluegoatcyber.com/contact/Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficialThe Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmhSubscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

MedTech developers, do you know which penetration testing methodology the FDA actually prefers for medical device submissions?In this episode, Christian and Trevor explain the differences between black, grey, and white box penetration testing and how each impacts the completeness and realism of cybersecurity assessments. They highlight why regulators increasingly expect deeper testing supported by source-code-level insights. They also outline the risks, costs, and delays manufacturers face when choosing insufficient testing approaches during FDA submission.Key points:(01:25) Learn how black box testing mimics an attacker with no prior knowledge.(06:27) How grey box testing blends limited credentials, architecture insight, and direct communication with engineers to expand visibility.(08:29) Why white box testing includes access to full documentation, processes, and source code.(10:20) How attacker timeframes differ from tester timeframes.(11:29) How the FDA’s static analysis, SBOM, and risk evaluation requirements tie naturally into white box testing workflows.(15:06) Learn why choosing black box testing to save money often results in higher total costs after FDA rejection.(17:47) Hear why “buy once, cry once” applies to penetration testing.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.comIf you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1Feedback? Questions? Contact: https://bluegoatcyber.com/contact/Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficialThe Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmhSubscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

What risks do you take when cybersecurity is left off your development roadmap?In this episode, Christian, Trevor and guest Jim Goodmiller explore how cybersecurity intersects with regulatory expectations and quality systems, creating new challenges and opportunities for medtech innovators. Jim helps to explain why founders must integrate cybersecurity from concept through commercialization, especially as FDA scrutiny increases.Key points: 00:48 Why cybersecurity now influences every part of the regulatory landscape.04:48 How technologies can create serious safety and compliance risks when not fully vetted.10:45 Cybersecurity as a mandatory component of regulatory planning.14:52 The need for iterative penetration testing 22:16 Challenges of upgrading legacy devices25:37 Avoiding serious legal consequences.29:29 Preparing a complete roadmap for investor confidence 40:08 The role of communicationThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Thanks to Jim Goodmiller for being on the show. Connect with Jim on LinkedIn: https://www.linkedin.com/in/jimgoodmiller/ Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Medtech innovators and medical device manufacturers, how can you prevent cybersecurity deficiencies from delaying your FDA submission?In this webinar, Christian Espinosa, CEO of Blue Goat Cyber, and Trevor Slattery, CTO of Blue Goat Cyber, reveal the most common reasons FDA cybersecurity submissions fail and how you can avoid them. They explain the importance of early risk management, security-by-design practices, and comprehensive testing aligned with NIST and AAMI frameworks. Explored in this webinar: 00:37 Why poor cybersecurity is a top reason for FDA medical device rejection.02:56 The FDA’s total product lifecycle approach.05:18 Why risk management must start before design. 07:35 How AAMI TR57 and ISO 14971 interact to assess patient harm. 10:51 The FDA requirement for traceability among functional, nonfunctional, and security requirements. 16:16 Why cybersecurity testing must cover the entire product (mobile, cloud, etc.).23:33 Why inadequate documentation for critical controls (authentication, logging, encryption) often causes FDA deficiencies.This episode was brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://spoti.fi/3XX95g0Subscribe via Apple Podcasts: https://apple.co/483OJ9I

MedTech manufacturers, how can you avoid the cybersecurity pitfalls that most often lead to FDA rejection?In this episode, Trevor puts Christian “in the hot seat” to tackle the most common—and sometimes misunderstood—cybersecurity questions MedTech innovators ask. Christian breaks down key concepts such as ISO 13485, HIPAA vs. FDA expectations, SAMD vs. SIMD, global regulatory demands, and more. Key points: (00:30) The purpose of ISO 13485 and why traceability, quality, and documentation are foundational to medical device safety.(02:34) How cybersecurity is now the most common reason FDA reviewers reject medical devices.(04:32) Why HIPAA focuses on patient data while the FDA focuses on patient safety.(07:21) Which global regulators impose the strictest cybersecurity requirements and how FDA and China differ.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

What are the 18 required cybersecurity deliverables for a pre-market submission, and how do they map to eSTAR’s 13 sections? This episode breaks down the cybersecurity deliverables required for an FDA pre-market submission and explains why they apply consistently across all device types. Christian and Trevor walk through each deliverable in detail, outline how they map to eSTAR v6.0, and highlight common misconceptions that slow down manufacturers. Key points: (00:33) Why all devices—high-risk or low-risk—must submit the same 18 cybersecurity deliverables to the FDA.(01:41) How device complexity influences documentation depth even though the deliverables never change.(04:42) How the 18 deliverables map to the 13 sections of eSTAR version 6.0. (09:50) The risk management report, threat model, risk assessment, and SBOM requirements.(17:41) How to evaluate and categorize unresolved anomalies.(20:04) How manufacturers should track remediation timelines and vulnerability density.(23:52) The cybersecurity management plan and the extensive post-market responsibilities expected by the FDA.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

MedTech manufacturers, how prepared are you to monitor vulnerabilities continuously once your medical device reaches the market? Also, would you like a free checklist for your Cybersecurity Management Plan? (See link below!) This webinar dives into how medical device manufacturers should build, maintain, and document postmarket cybersecurity programs that align with FDA expectations. Christian and Trevor outline critical requirements such as continuous SBOM monitoring, testing timelines, update processes, CVD workflows, and secure communication standards. Topics explored: (03:14) How the FDA's definition of "cyber device" includes devices with Wi-Fi, Bluetooth, USB, RFID, and NFC connectivity.(05:19) Recent FDA guidance changes, including updated cybersecurity expectations.(10:30) Cybersecurity management plan personnel: compliance officer, product owner, postmarket owner, and authorizing official.(12:30) Static testing, SBOM analysis, penetration testing, and vulnerability assessments. (17:50) Security testing expectations and frequencies. (20:30) Patching, update processes, and remediation timelines. Download your free Cybersecurity Management Plan Checklist: https://bluegoatcyber.com/wp-content/uploads/2025/09/Blue-Goat-Cyber-Postmarket-Management-Checklist.pdf This episode was brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://spoti.fi/3XX95g0Subscribe via Apple Podcasts: https://apple.co/483OJ9I

In the MedTech space, how can you leverage market intelligence and machine learning for business development and sales enablement? In this episode, Christian and Trevor talk with Kevin Saem about how market intelligence and cybersecurity intersect in the MedTech space. They unpack how AI and data-driven insights are transforming sales enablement, investor confidence, and device security. They also discuss regulation delays, startup runway challenges, and the growing need for proactive cybersecurity. Kevin Saem founded Zapyrus, a SaaS platform that helps MedTech service providers supercharge sales through AI-driven market intelligence.Key points: (04:20) Why medtech lags five years behind pharma in regulation and sales sophistication.(06:30) How Zapyrus uses machine learning to identify market signals and automate sales research.(08:45) Why regulatory clarity in Europe is fueling more medtech investment than in the U.S.(12:00) How AI and connected devices are making cybersecurity a top concern for investors.(19:07) What the Illumina case and AI therapy failures reveal about industry accountability.(26:30) How medtech founders can self-regulate.(32:40) When companies should start building scalable sales systems. Thanks to Kevin Saem for being on the show. Connect with Kevin on LinkedIn: https://www.linkedin.com/in/kevin-saem/ Learn about Zapyrus, a sales system for MedTech service providers: https://welcome.zapyrus.com/ The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 This episode was produced by Story On Media: https://www.storyon.co/ In the MedTech space, how can you leverage market intelligence and machine learning for business development and sales enablement? In this episode, Christian and Trevor talk with Kevin Saem about how market intelligence and cybersecurity intersect in the MedTech space. They unpack how AI and data-driven insights are transforming sales enablement, investor confidence, and device security. They also discuss regulation delays, startup runway challenges, and the growing need for proactive cybersecurity. Kevin Saem founded Zapyrus, a SaaS platform that helps MedTech service providers supercharge sales through AI-driven market intelligence.Key points: (04:20) Why medtech lags five years behind pharma in regulation and sales sophistication.(06:30) How Zapyrus uses machine learning to identify market signals and automate sales research.(08:45) Why regulatory clarity in Europe is fueling more medtech investment than in the U.S.(12:00) How AI and connected devices are making cybersecurity a top concern for investors.(19:07) What the Illumina case and AI therapy failures reveal about industry accountability.(26:30) How medtech founders can self-regulate.(32:40) When companies should start building scalable sales systems. Thanks to Kevin Saem for being on the show. Connect with Kevin on LinkedIn: https://www.linkedin.com/in/kevin-saem/ Learn about Zapyrus, a sales system for MedTech service providers: https://welcome.zapyrus.com/ The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube:

In medical device software development, why should cybersecurity be viewed as an element of product quality, not an add-on?In this episode, Christian and Trevor speak with Randy Horton of Orthogonal about the future of medical device software development. Together, they unpack how DevSecOps, quality systems, and modern engineering practices can elevate safety and speed innovation in MedTech. From the philosophy behind “move faster and break nothing” to lessons learned from real-world cybersecurity cases, this conversation reframes how medical device teams should approach software design.Randy Horton is the Chief Solutions Officer at Orthogonal, where he helps MedTech companies build better, safer, and smarter connected devices. A lifelong software innovator, Randy brings profound insight into what it takes to merge cutting-edge tech with the regulated world of healthcare.Key points: (03:00) Randy shares how discovering the first web browser set him on a lifelong path of innovation.(05:11) Why high-quality software inherently includes cybersecurity.(08:52) Why traditional engineering mindsets struggle with the flexibility of software development.(12:42) How the “move fast” culture in Silicon Valley clashes with MedTech’s demand for control and safety.(16:09) Why some manufacturers avoid updating medtech devices, and how that hurts long-term device security.(19:49) Randy predicts that born-digital MedTech companies will lead the next wave of innovation, pushing the industry to adapt faster.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Thanks to Randy Horton for being on the show. Learn more about Orthogonal: https://orthogonal.io/ Connect with Randy on LinkedIn: https://www.linkedin.com/in/randyhorton Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh Subscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1