The Med Device Cyber Podcast

Blue Goat Cyber
  • 5.0 (2)
  • LIFE SCIENCES
  • UPDATED WEEKLY

In a time where healthcare and technology are deeply intertwined, understanding medical device cybersecurity is not just important—it's essential. Welcome to The Med Device Cyber Podcast, your go-to resource for understanding the complexities of this critical field of cyber security. As the definitive podcast on medical device security, we explore everything from identifying and mitigating vulnerabilities to navigating this ever-evolving regulatory landscape. Hosted by Christian Espinosa, Founder & CEO of Blue Goat Cyber, and Trevor Slattery, Director of Medical Device Cybersecurity, each episode features expert insights into the latest cybersecurity threats, innovative solutions, and best practices for protecting the medical devices that are at the heart of modern healthcare. Whether you're a healthcare provider, a device manufacturer, a cybersecurity professional, or just someone looking to learn about the importance of cybersecurity in human lives, this podcast empowers you with the knowledge and tools to ensure patient safety and secure the future of medical technology. This podcast is brought to you by Blue Goat Cyber, specializing in providing elite cybersecurity solutions.

  1. How to Move Stakeholders from Awareness to Sustained Adoption Without Friction

    2D AGO

    How to Move Stakeholders from Awareness to Sustained Adoption Without Friction

    Marketing medical devices requires understanding that stakeholders are different, buying processes are longer, and friction points are more complex than consumer products or software. Most companies build websites and attend trade shows hoping prospects will decode their message, but prospects do not have time for that. Sustained adoption is not the same as initial purchase. It means the device is used continuously with no friction, no concerns, and no barriers, causing users to stop or switch. Getting there requires understanding every stakeholder involved, what questions they have at each stage, and what fears might stop them. This episode covers how to structure marketing that moves stakeholders through a clear path, why ideal client profile refinement produces better results than broad targeting, and how one advisor identified exact pain points to cut through noise and convert a prospect. Practical advice for anyone responsible for medtech marketing or go-to-market strategy. Episode Breakdown: 00:02 Welcome00:21 Intro02:15 Origin04:36 Challenges06:51 Foundation07:00 Knowledge gap09:30 Adoption11:45 Mapping15:20 Friction18:40 Content22:30 Targeting26:15 Failures30:45 Pain points34:20 Clarity38:50 Tradeoffs40:44 Advice The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com. If you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

    41 min
  2. Prevention Is Better Than Cure: Applying Medical Principles to Medtech Cybersecurity

    FEB 26

    Prevention Is Better Than Cure: Applying Medical Principles to Medtech Cybersecurity

    Medical device risk assessments are failing patients, not because the process is too hard, but because nobody doing the assessment has ever been in the room where the device actually gets used. Medtech quality and regulatory leader Stephen Smith describes sitting in a risk session for a device going into an intensive care unit. Twelve people in the room, and not one had ever set foot in an ICU. If you have never been in the environment your device will operate in, risk identification becomes guesswork, mitigations get written for problems that are not the actual problems, and the device goes to market with gaps that stay hidden until something goes wrong. This episode covers why the user environment is the most consistently ignored variable in medical device development, and how that same gap shows up in cybersecurity risk assessments. Also discussed: the $5,000 problem that gets rationalized today has a way of becoming the $500,000 crisis that cannot be ignored tomorrow, and what this argument actually looks like in practice. Stephen also explains why CE marking proves you passed an audit and why FDA clearance does not mean the FDA approved your device. Worth listening to if you are focused on medtech quality, regulatory, or cybersecurity. Episode Breakdown: 00:00 Opening quote00:47 Intro and guest background04:14 QA vs RA vs QC06:00 Cybersecurity in quality systems08:30 Risk as the foundation11:20 Ignoring clinicians and user environments13:00 ICU risk assessment example14:19 Startups and product market fit15:30 Key Opinion Leaders16:47 Companies hiring comfortable consultants18:30 $5,000 vs $500,00020:00 Why quality and cybersecurity are invisible22:00 What regulators actually review22:54 Self-signed certificates24:30 Cybersecurity speed vs regulation speed26:30 CE marking is not a quality guarantee27:00 Lost instructions for use28:40 Cleared vs approved29:45 Prevention is better than cure31:00 Final advice32:00 Racing analogy The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com If you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and Founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

    32 min
  3. Adversarial Attacks on Medical AI: What You Need to Know with Jun Xiang Tan

    FEB 19

    Adversarial Attacks on Medical AI: What You Need to Know with Jun Xiang Tan

    Ten years ago, Singapore's healthcare system got hacked. Patient records were stolen at a national scale. The government responded by building one of the most comprehensive medical device security frameworks in the world. The Cybersecurity Labeling Scheme has four tiers. Level one means basic security controls exist. Level four means the device underwent independent code review, has advanced threat detection, and maintains continuous vulnerability management. Hospitals can see exactly what level of security they're getting before they buy. Jun Xiang from CareHero explains why this matters, especially now that AI is showing up in medical devices without proper testing. He covers adversarial attacks on medical images, why doctors are uploading patient data to ChatGPT, and what automation bias does to clinical decision making. Practical conversation about medical device security in Southeast Asia and what manufacturers need to know about Singapore's approach. Episode Breakdown: 00:01 Welcome 00:31 Background 01:09 Military service 03:09 AI threats 03:45 23% problem 04:40 X-rays ChatGPT 05:43 Attacks 08:15 Poisoning 11:30 Hallucinations 14:20 AI code 17:45 Vulnerabilities 20:30 Pair programming 23:15 Guardrails 26:40 Automation bias 28:50 AI scribes 31:20 Dialects 34:05 Pre-triage 36:32 Pricing 37:25 Pair programmer 37:40 Human interpretation The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com If you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and Founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

    38 min
  4. SBOMs 101: What the FDA Expects and How to Get It Right

    FEB 18

    SBOMs 101: What the FDA Expects and How to Get It Right

    SBOMs are one of the most common sources of FDA deficiencies in medical device submissions. Most companies think they're doing it right, but then they get feedback asking for missing components or clarification on what's included. In this webinar, Christian Espinosa and Trevor Slattery explain what the FDA actually expects in an SBOM and why it's not just about listing third-party libraries. You need to include first-party code too. You need to follow the NTIA minimum elements. And you need to provide it in a machine-readable format like SPDX or CycloneDX. Trevor walks through the history of SBOMs, from their origins in licensing compliance to their current role in medical device cybersecurity. He explains the shift-left approach the FDA wants to see and why transparency matters for healthcare delivery organizations making purchasing decisions. The webinar also addresses a big concern people have. Does publishing an SBOM give attackers a roadmap to your system? Trevor breaks down why that's not actually a problem if you're managing your security properly. If you're building a connected medical device or preparing for an FDA submission, this is a clear breakdown of how to get your SBOM right the first time. Webinar Breakdown: 00:00 Welcome and introduction to SBOMs 00:44 What is an SBOM and why does it matter 03:10 The history of SBOMs: From licensing to cybersecurity 07:20 Why the FDA cares about SBOMs 11:30 The biggest mistake: Leaving out first-party code 15:45 NTIA minimum elements explained 19:20 Machine-readable formats: SPDX and CycloneDX 23:00 Real-world examples: Log4j and Shellshock 26:15 Do SBOMs give attackers a roadmap? The truth 29:40 Common myths about SBOMs 33:50 Key takeaways for FDA submissions 36:20 Q&A session begins Blue Goat Cyber provides essential cybersecurity solutions for the medical device industry.Learn more by visiting https://bluegoatcyber.com. If you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and Founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

    42 min
  5. Secure Software Development for Medical Devices: The Real Story with Darcy Bachert

    FEB 12

    Secure Software Development for Medical Devices: The Real Story with Darcy Bachert

    Building medical device software is hard. Building it the right way is harder. And getting it through FDA approval while managing cybersecurity requirements? That's what Darcy Bachert has been doing for 17 years. Darcy runs Prolucid Technologies, an ISO 13485-certified software development firm in Toronto. They work with medtech companies across North America, Europe, and Australia. And in that time, he's seen the same mistakes repeatedly. The biggest one? Founders build products that solve problems nobody has. Or they build something physicians won't adopt because it adds complexity instead of making their lives easier. In this conversation, Darcy talks about IEC 62304 and why it matters when choosing a software partner. The Canadian medtech ecosystem and why Toronto is a major hub. And why quality systems and cybersecurity need to be built in from day one, not added at the end. This episode is practical if you're building a medical device or working with medtech startups. Episode Breakdown: 00:01 Welcome and intro 00:30 Darcy's background and Prolucid Technologies overview 01:15 The origin of the name Prolucid Technologies 01:58 Why clarity matters more than code 04:18 Common challenges beyond software development 06:11 Toronto's medtech ecosystem 06:57 IEC 62304 and choosing the right development partner 09:17 ISO 13485 certification and investor confidence 12:04 Realistic timelines for medical device software 15:32 Cost expectations and budget planning 18:45 Building quality systems from the start 21:20 Integrating cybersecurity throughout development 24:15 When and how to do penetration testing 27:30 Cybersecurity mistakes startups make 30:42 The MTI program and Canadian medtech resources 33:18 Canadian vs US medtech markets 36:22 Physician adoption challenges 40:18 Trevor: Don't invent your problem 41:36 Darcy: Find partners who've done it before 43:05 Christian: Balance user adoption with reimbursement The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com. If you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and Founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

    44 min
  6. The Hidden Cybersecurity Challenges in Software as a Medical Device

    FEB 5

    The Hidden Cybersecurity Challenges in Software as a Medical Device

    Marc Zemel has been building Retia Medical for 15 years. The company started as two guys with slides and licensed technology. Now their data-driven hemodynamic monitoring technology for consistently accurate cardiac output measurements in high-risk surgical and critically ill patients is in 75 hospitals across 18 countries, sold by Medtronic in the U.S, and the company is preparing to launch their new product Argos Infinity, pending FDA clearance. But getting here meant dealing with cybersecurity challenges that Marc didn't see coming. In this conversation, he talks about what actually slowed them down, what he wishes he'd done differently, and why building a proper quality system from day one would have saved him years of pain. Retia Medical develops algorithms that monitor cardiovascular function. Their technology detects problems before blood pressure drops, which makes it valuable in operating rooms and ICUs. Nurses have gotten so attached to their monitors that they literally hug them because the devices help them do their jobs better. Marc walks through the specific cybersecurity issues that surprised him. Like how software as a medical device comes with ongoing compliance costs that hardware doesn't have. Or how documentation requirements kept changing as the FDA updated its expectations. Or how retrofitting cybersecurity into an existing product is way more expensive than building it in from the start. He also shares his philosophy on building companies. He doesn't focus on exits or acquisition targets. He focuses on building something people can't live without. When the product is that good, the rest takes care of itself. If you're building a medical device startup or dealing with FDA submissions, this is a conversation worth hearing. Episode Breakdown: 00:00 Introduction 00:32 Where everyone's calling from 02:54 Marc's background and journey into medtech 04:33 What Retia Medical does 07:00 Blood flow vs blood pressure 09:45 Software vs hardware as a medical device 12:30 Cybersecurity challenges 15:20 Documentation nightmares 18:45 Quality systems and why they matter early 22:10 FDA submissions over 15 years 25:30 The cost of retrofitting cybersecurity 28:50 Software updates and compliance 32:15 Build to be bought, not to be sold 37:32 What acquirers look for 39:02 Product market fit: Nurses hugging monitors 41:14 Wearables and future regulations The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com. If you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and Founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

    42 min
  7. Why Your Cloud Platform Decision Could Destroy Your Global Market Strategy

    JAN 30

    Why Your Cloud Platform Decision Could Destroy Your Global Market Strategy

    Thinking about taking your medical device to China? Or maybe you're a Chinese company looking at the American market? William Jin has spent over 30 years helping companies do exactly that, and he'll tell you straight up that most of them aren't ready. Not because they lack good products, but because they didn't think about cybersecurity early enough. William was trained as a medical doctor in Shanghai, then moved into the medtech industry working for companies like McCulloch and Stryker. Now he helps businesses on both sides of the Pacific figure out how to actually get their products approved and sold in each other's markets. The problems he sees are surprisingly similar whether you're going East or West. In this conversation, William walks through the real barriers to global expansion. We're talking about practical stuff like why using Google Cloud can completely block you from the Chinese market, how data sovereignty laws affect AI-powered devices, and why that Baxter ventilator recall should matter to everyone building connected medical devices. If you're in medtech and thinking about international markets, this is the reality check you need. William's advice is simple but critical: plan for your target markets before you start building. Otherwise, you'll spend millions redesigning later, or worse, you'll realize you can't enter those markets at all. Episode Breakdown: 00:00 The costly mistake of not planning for global markets early 00:44 Meet William Jin: Medical doctor turned medtech market strategist 03:15 What's really stopping Chinese companies from entering Western markets 07:20 Why Chinese medtech exports to the U.S. dropped while Europe increased 11:40 The Google Cloud problem nobody warns you about 15:50 How China's data regulations affect your algorithms and cloud architecture 19:30 Reverse engineering your markets: Start with the end in mind 23:00 Where Chinese companies dominate and where they struggle internationally 26:45 The Baxter recall that was really about cybersecurity 28:50 Why cybersecurity product recalls are fundamentally different 29:20 William's final advice for medtech innovators 29:40 Wrapping up: Design to disposal, not as an afterthought The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com. If you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and Founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

    30 min
  8. How to Avoid the 3 Biggest Mistakes in Medtech Startups

    JAN 14

    How to Avoid the 3 Biggest Mistakes in Medtech Startups

    Ever thought about what it really takes to launch a successful medtech startup? Omar M. Khateeb knows the challenges firsthand. As a founder with a track record of building healthtech companies, he’s lived through the hurdles that come with innovating in the medtech space. In this episode, Omar dives into the highs and lows of his entrepreneurial journey, sharing key lessons, pivotal moments, and the strategies that helped him succeed. From tackling complex healthcare issues to navigating the regulatory maze, Omar breaks down what it takes to make a lasting impact in medtech. Join us for an inside look at the future of health tech and why it’s the perfect time for the next generation of entrepreneurs to get involved. The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh Subscribe via Apple Podcasts: https://apple.co/483OJ9I Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

    53 min
See All (73)

Ratings & Reviews

5
out of 5
2 Ratings

About

In a time where healthcare and technology are deeply intertwined, understanding medical device cybersecurity is not just important—it's essential. Welcome to The Med Device Cyber Podcast, your go-to resource for understanding the complexities of this critical field of cyber security. As the definitive podcast on medical device security, we explore everything from identifying and mitigating vulnerabilities to navigating this ever-evolving regulatory landscape. Hosted by Christian Espinosa, Founder & CEO of Blue Goat Cyber, and Trevor Slattery, Director of Medical Device Cybersecurity, each episode features expert insights into the latest cybersecurity threats, innovative solutions, and best practices for protecting the medical devices that are at the heart of modern healthcare. Whether you're a healthcare provider, a device manufacturer, a cybersecurity professional, or just someone looking to learn about the importance of cybersecurity in human lives, this podcast empowers you with the knowledge and tools to ensure patient safety and secure the future of medical technology. This podcast is brought to you by Blue Goat Cyber, specializing in providing elite cybersecurity solutions.

Information

  • Creator
    Blue Goat Cyber
  • Years Active
    2024 - 2026
  • Episodes
    73
  • Rating
    Clean
  • Copyright
    © Copyright 2026 Blue Goat Cyber
  • Show Website
    The Med Device Cyber Podcast