Skip to main content
    New episodes weekly

    The Med Device
    Cyber Podcast

    Frontline conversations on medical device cybersecurity, FDA premarket guidance, SBOMs, penetration testing, and the hard-won lessons that keep patients safe.

    Hosted by Blue Goat CyberFDA · IEC 62304 · ISO 14971
    The Catalogue

    Every episode, in one place.

    75 episodes & counting
    75 / 75 episodes
    Episode 75 thumbnail, Cybersecurity Isn't an IT Problem Anymore with Melissa Aarskaug
    EP 075

    Cybersecurity Isn't an IT Problem Anymore with Melissa Aarskaug

    Cybersecurity is no longer just an IT problem. It's a business resilience challenge. In this episode of the Med Device Cyber Podcast, Christian Espinosa sits down with Melissa Aarskaug to discuss what the medical device industry can learn from one of the world's most heavily regulated sectors: casino gaming. Melissa shares why attackers focus on pressure rather than weaknesses, how regulated industries are adapting to evolving cyber threats, and why organisations must shift their thinking from preventing attacks to maintaining operations when attacks inevitably happen. The conversation explores cyber resilience, leadership, AI, regulatory expectations, penetration testing, cyber insurance, and the growing role cybersecurity plays in overall business strategy. Christian also explains how medical device cybersecurity has evolved from a standalone requirement into an integral part of product quality. In This Episode: 00:00 Introduction 01:09 Lessons from protecting the gaming industry 01:58 Why attackers target regulated industries 05:22 Cybersecurity is about pressure, not industries 06:07 Compliance versus cyber resilience 08:08 Medical devices and connected ecosystems 12:29 The famous fish tank cyberattack 15:03 FDA expectations versus hospital expectations 16:04 AI, cyber maturity and the future of security 17:25 Four priorities every leader should focus on 21:24 Why penetration tests often fail to create change 24:38 Designing cybersecurity into products from the beginning 26:48 Why cyber insurance isn't a silver bullet 32:21 Why cybersecurity is now part of medical device quality 33:26 Cybersecurity is moving beyond IT and into the boardroom 37:42 Final thoughts and key takeaways Find Melissa Aarskaug here on LinkedIn: https://www.linkedin.com/in/melissa-aarskaug/ The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com. If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

    Episode 74 thumbnail, Cancer Drugs Can Damage the Heart - This Startup Wants to Fix It with Ryan Neely
    EP 074

    Cancer Drugs Can Damage the Heart - This Startup Wants to Fix It with Ryan Neely

    Medical device founders spend years thinking about engineering, clinical validation, and FDA clearance. But what happens after you clear the regulatory hurdle? In this episode of the Med Device Cyber Podcast, Christian Espinosa sits down with Ryan Neely, co-founder and CEO of Skribe Medical, to discuss the realities of bringing innovative medical technologies to market. Ryan shares how Skribe Medical is developing a wearable cardiac monitoring platform designed to help cancer patients and oncologists identify signs of treatment-related heart damage more efficiently. The conversation explores the challenges of building AI-powered medical devices, integrating new technologies into existing clinical workflows, and reducing friction for both patients and providers. The discussion also explores one of the most surprising cybersecurity insights of the episode: why hospital networks often present greater risks than home environments for connected medical devices. Ryan and Christian examine how cybersecurity considerations evolve as devices become more connected and why manufacturers must think beyond the device itself when assessing risk. In this episode, we cover: * The growing field of cardio-oncology and cardiac monitoring * Building a battery-free wearable medical device * Why clinical workflow matters as much as technical innovation * Cybersecurity risks in connected healthcare environments * Why hospital networks can create unexpected security challenges * FDA cybersecurity expectations and evolving guidance * Commercialization challenges facing MedTech startups * AI models, continuous improvement, and regulatory frameworks * Why FDA clearance is often just the beginning of the journey Episode Breakdown 00:00 – Introduction 01:53 – The hidden cardiac risks of cancer treatments 02:58 – Scribe Medical's wearable cardiac monitoring platform 03:53 – Future applications beyond oncology 04:45 – Battery-free device design and patient comfort 06:00 – Remote patient monitoring and reimbursement models 09:40 – Cybersecurity risks for connected medical devices 14:06 – Why hospital networks present unique security challenges 16:02 – FDA cybersecurity expectations and evolving regulations 19:03 – Regulatory changes and long MedTech development cycles 21:02 – Commercialization versus FDA approval 24:13 – AI models and the Predetermined Change Control Plan 25:55 – Clinical testing and validation challenges 28:14 – Closing thoughts and key takeaways Find Ryan Neely here on LinkedIn: https://www.linkedin.com/in/ryan-neely-ph-d-14464340/ The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com. If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

    Episode 73 thumbnail, The Legal Hoops and Hurdles of MedTech Commercialization with JJ Amell
    EP 073

    The Legal Hoops and Hurdles of MedTech Commercialization with JJ Amell

    Medical device commercialization is an engineering milestone, but it is also a legal minefield. In this episode, Christian Espinosa and Trevor Slattery welcome MedTech attorney JJ Amell to dissect the critical errors international founders make when entering the U.S. market. If you do not structure your corporate entities and secure your immigration pathways correctly from day one, federal bureaucracy will burn through your venture capital runway before you ever reach an FDA review. JJ outlines how Amell Law builds robust defensive frameworks around global mobility, corporate liability, and trademark protection. In this episode, we cover: * The Legal Zoom Trap: Why automated, check-the-box business formations fail to provide adequate liability shields for multi-million dollar medical operations. * Delaware vs. Texas: How recent case law regarding minority shareholder control is shifting the corporate gold standard toward the Lone Star State. * The Business Immigration Clock: Why O-1 founder visas and engineering team mobility must be negotiated at the absolute start of your commercial strategy. * Automated Pen Testing Failures: The exact financial consequences of submitting cheap security scans to the FDA, resulting in 180-day interactive review holds. * Public Scraper Scams: How bad actors weaponize public USPTO databases to manipulate foreign nationals during active application windows. Episode Breakdown: 00:00 - Intro 00:54 - Welcoming MedTech attorney JJ Amell 03:38 - Solving legal pain points for global innovators 06:11 - The three pillars of U.S. market entry 08:33 - The inverse market challenge: Moving from Europe to the U.S. 10:43 - Factoring in fiscal repercussions and international tax consultations 12:57 - State jurisdictions: Delaware standards vs Texas corporate law 16:21 - California red tape and the rise of alternative technology hubs 22:41 - Reverse engineering corporate strategy to avoid late-stage corrections 25:44 - The danger of automated penetration tests and interactive FDA reviews 29:39 - Deportation risks and B-1/B-2 tourist visa limitations 31:24 - Government bureaucracy timelines and USPTO trademark processing realities 33:04 - Public database scraping and the explosion of corporate filing scams 37:37 - AI voice cloning and deepfake vulnerabilities targeting tech executives 40:52 - Code Blue Chart: Documented cybersecurity fatalities in healthcare 44:25 - Closing thoughts and reconnecting with nature Find JJ Amell here on LinkedIn: https://www.linkedin.com/in/jjamellesq/ The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com. If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

    Episode 72 thumbnail, The Dangerous Gap in Global MedTech Security Awareness with Shahbaz Ahmed
    EP 072

    The Dangerous Gap in Global MedTech Security Awareness with Shahbaz Ahmed

    Yes, medical device security is a technology problem, but it’s also a human psychology problem. In this episode, Christian and Trevor welcome Shahbaz Ahmed, a Strategic Leadership Advisor from Pakistan, to dissect the massive global gaps in cybersecurity awareness. If people do not understand the threat, they will not invest in the solution. Shahbaz outlines how his Leadership Studio uses human engineering to unify Eastern emotional intelligence and Western strategic logic, giving tech leaders the ultimate toolkit for global commercial operations. In this episode, we cover: * Why 90 percent of people are driven by emotion rather than data, and how that changes the way we must pitch cybersecurity compliance. * The critical distinction between technical leadership and broad vision leadership, and why technical experts often struggle to convince investors. * How capability can intentionally expand your daily capacity through structured priority frameworks like the Pomodoro technique. * The psychological reasons medical communities remain entirely oblivious to the 14 vulnerable devices sitting beside every single hospital bed. * Why absolute consistency outperforms sporadic peak performance every single time when securing digital health networks. Episode Breakdown: * 00:00 - Intro * 02:14 - Leadership styles: Eastern emotion vs Western logic * 05:07 - Human engineering and the science of emotional psychology * 08:31 - Capacity vs capability: breaking down our emotional fuses * 12:28 - Technical leadership vs broad vision leadership * 14:29 - The Ex Machina color theory analogy for cultural exposure * 19:10 - Hungry judges and decision fatigue: how state affects choice * 24:43 - How increasing capability expands human cognitive capacity * 26:35 - The shocking lack of medical device cybersecurity awareness globally * 31:12 - Why regulatory updates are outpacing downstream hospital practice * 35:27 - Breaking down big words to make security simple * 38:00 - Key takeaways: consistency as the ultimate weapon for success Find Shabaz Ahmed here on LinkedIn: https://www.linkedin.com/in/shahbaz-ahmed-4004ab86/ The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com. If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

    Episode 71 thumbnail, The Age of Digital Health Humanity with Philippe Gerwill
    EP 071

    The Age of Digital Health Humanity with Philippe Gerwill

    Can you use AI and still stay 96.5 percent authentic? Philippe Gerwill joins the Med Device Cyber Podcast to demonstrate how technology can make us more human. As a Digital Health Humanist and top-ranked influencer in Switzerland, Philippe shares a unique perspective on the future of MedTech. Success in this new era requires a mastery of unlearning old habits to make room for radical new capabilities. In this episode, we cover: * The Unlearning Skill: Why letting go of old knowledge is harder than learning new tech. * Managing the Chaos: How Philippe uses AI to balance advisory roles for nearly 30 different companies. * The ChatGPT Shift: Why patients are bypassing doctors and what clinicians need to do about it. * Digital Humanism for Doctors: Keeping the human in front of you in a world of big data. Episode Breakdown: * 00:00 The concept of unlearning as a vital skill for healthcare leaders. * 01:52 Philippe’s background at Novartis and transition into healthcare technology. * 03:35 Managing advisory roles for nearly 30 companies using an AI ecosystem. * 04:50 The Favikon ranking and maintaining a 96.5 percent authenticity score. * 07:49 Defining the role of a futurist in the modern era. * 09:21 The intersection of technology and gut feeling. * 18:15 Patient behavior: why consumers are driving the shift to AI in clinics. * 32:10 The mandate to use our brain and the risks of over-relying on tools. * 44:52 The productivity trap: spending more time reprompting than writing. The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com. If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

    Episode 70 thumbnail, Why MedTech Needs Specialists with Zoltan Kevei and Saby Toth of Bishop & Co | 70
    EP 070

    Why MedTech Needs Specialists with Zoltan Kevei and Saby Toth of Bishop & Co | 70

    Medical software looks deceptively accessible because the tools are familiar and the first build can happen quickly. What remains hard is building something that stands up to regulation, security scrutiny, and real clinical risk without collapsing under its own shortcuts. That is why partner choice matters so much. A weak vendor can create elegant-looking work that fails under audit. A generalist consultant can apply hardware logic to software problems and miss the practical steps that make compliance workable. The cost of the wrong partner is not only financial. It can distort the whole product path. The same pattern shows up in technical due diligence. A strong commercial story or healthy books can hide brittle architecture, outdated stacks, poor security posture, and avoidable rewrite risk. When no one checks the technology properly, weak foundations often remain invisible until they become expensive. The broad lesson is simple. Medical software reaches the market faster when the team stops treating software, regulatory, and cybersecurity decisions as separate streams and starts handling them as one connected system. Episode Breakdown 00:01 Welcome 04:14 Market access realities in Europe and the US 08:02 Early engagement with experts 10:48 Why security belongs near the beginning 12:24 AI use and misuse in software products 16:05 Why not every product needs AI 20:03 Building medical software with the right disciplines 22:28 What investors miss without technical diligence 24:00 Why old code can become a liability 29:20 How founders should assess vendors 32:28 Why software still gets judged like hardware 36:26 Software-specific review expertise 38:33 Closing takeaways 41:14 Finish The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com. If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

    Episode 69 thumbnail, Science Before Hype in MedTech Investing with Varun Turlapati of Chaanakya Capital  | Ep. 69
    EP 069

    Science Before Hype in MedTech Investing with Varun Turlapati of Chaanakya Capital | Ep. 69

    Neurotech has one of the widest gaps in MedTech between public excitement and real scientific certainty. That makes diligence more important, not less. A compelling story, a futuristic device, or a category with massive upside can still lead investors in the wrong direction if the science is thin and the clinical case is not yet grounded. That tension sits at the center of this episode. The strongest investment case is not built on how large the market sounds or how dramatic the pitch feels. It is built on whether the device is medically credible, whether the engineering holds up under pressure, and whether specialists who would actually use it believe it belongs in practice. There is also a deeper lesson here for founders. In device categories where claims can run ahead of evidence, seriousness becomes a differentiator. Companies that think through regulatory fit, reimbursement logic, clinical use, and product hardening early are easier to believe, easier to diligence, and easier to support. Cybersecurity fits directly into that same seriousness test. A connected device cannot be treated like a normal software startup where a broken feature can be patched without consequence. If security is deferred, the cost is not only financial. It can compromise product trust at the exact moment a company needs it most. Episode Breakdown 00:00 The unknowns inside neurotech 00:31 Security decisions that should happen early 01:57 The fund’s early-stage focus 02:42 Science versus speculative claims 04:42 Valuation discipline at the seed stage 05:39 How power law logic applies in specialized VC 07:55 Why neurotech remains underbuilt 14:22 How founders are supported after investment 17:15 The missing cybersecurity layer 20:24 Why redesign gets expensive 22:17 Diligence beyond the usual checklist 24:20 How a small focused fund operates 29:45 Events, networks, and specialist insight 34:44 Multiples, IRR, and realistic return thinking 38:13 Final reflections 40:09 End The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com. If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

    Episode 5 thumbnail, Why MedTech Needs More Than Approval with Michael Branagan Harris of HealthTech Strategies | Ep. 68
    EP 005

    Why MedTech Needs More Than Approval with Michael Branagan Harris of HealthTech Strategies | Ep. 68

    MedTech companies often assume a better product should naturally win. In reality, healthcare systems change slowly, purchasing paths are layered, and the best technology can still stall if the story behind it is weak. Evidence has to do more than prove safety or performance. It has to explain why a payer should spend, why a provider should switch, and why the patient outcome is worth it. That is why market access cannot be treated as a late stage commercial task. It sits across product design, evidence generation, reimbursement planning, pricing logic, and market entry sequencing. Once teams understand that, they stop treating adoption as something that happens after approval and start building toward it from day one. The most useful framework here is simple and sharp. A technology has to work for patients, providers, payers, and the product business itself. In the United States, physician economics can add another layer. Miss one leg of that structure and the whole commercial case becomes unstable. For founders, the real takeaway is hard but useful. If you cannot explain who benefits, why they benefit, and how that benefit is proven, market access will remain a bottleneck no matter how promising the innovation looks. Episode Breakdown 00:00 Welcome 02:06 Why market access starts with the problem 09:02 Evidence beyond the trial mindset 12:45 Why some solutions fail despite good technology 14:16 The three part decision logic in market access 17:17 The patient outcome story 19:30 The four and five P framework 22:43 Why country economics matter 28:36 First market strategy 32:23 AI and digital health in different systems 33:52 The future of home based care 36:42 The price and access tradeoff 42:08 Final thoughts 48:30 Close The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com. If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

    Episode 4 thumbnail, De-Risking Product Decisions in MedTech Startups with Brent Lavin of Ironwood MedTech | Ep. 67
    EP 004

    De-Risking Product Decisions in MedTech Startups with Brent Lavin of Ironwood MedTech | Ep. 67

    Product decisions made during early development determine commercialization outcomes years later. Startups face choices about regulatory pathways, feature sets, market segments, and clinical trial strategies without frameworks for evaluating long-term consequences. Wrong decisions create compounding problems. Pursuing 510(k) clearance when market differentiation requires PMA approval limits claims and pricing power. Building features for broad markets instead of specific segments wastes resources and dilutes value propositions. Brent Lavin, Chief Product Catalyst of Ironwood MedTech Partners, explores product management with Christian Espinosa and Trevor Slattery, covering de-risking product decisions through hypothesis testing, why 510(k) pathways average four years while PMA programs require seven to nine years, and how feature set alignment with target segments shapes commercialization success. The engineering mindset applies hypothesis testing to product development. Assumptions about customer needs, clinical workflows, and value propositions require validation through iterative testing. Products evolve through feedback cycles rather than executing predetermined specifications. The end product never matches initial whiteboard concepts because iterative refinement improves designs through learning. Holding assumptions loosely and accepting when data proves them wrong produces better outcomes than defending original concepts regardless of evidence. Regulatory pathway selection carries timeline and strategic implications. 510(k) programs average four years from concept to clearance when teams understand what they are building. PMA implantable device programs extend seven to nine years but enable differentiated claims supporting premium pricing. Substantial equivalence claims limit marketing messages to comparability with predicate devices. Orthopedic space demonstrates this "sea of sameness" where 510(k) products compete primarily on price because the regulatory pathway prevents clinical differentiation claims. Second-to-market timing in clinical trials offers strategic advantages. First movers invest heavily in establishing clinical evidence and regulatory acceptance. Subsequent entrants benefit from proven pathways and reduced regulatory uncertainty. De novo devices establishing new categories through clinical trials create predicates for following 510(k) submissions. The strategy works for non-implantable devices where subsequent products can reference earlier clinical work. Feature set decisions require aligning complexity with target segment needs. Building maximum features for hypothetical broad markets creates expensive products serving no segment optimally. Identifying specific use cases and clinical workflows enables targeted feature development. The right feature set serves intended users effectively rather than attempting universal appeal. Alignment between product capabilities, clinical claims, regulatory pathway, and commercial strategy reduces friction during development and market introduction. Episode Breakdown: 00:02 Introduction and background 04:35 Ironwood MedTech Partners origin 06:02 De-risking product decisions 10:15 Engineering mindset and hypothesis testing 14:30 510(k) vs PMA pathway selection 18:45 Timeline implications 22:20 Substantial equivalence limitations 26:40 Feature set alignment 30:15 Market segmentation strategy 34:55 Second-to-market clinical trial strategy 38:45 Entrepreneurship in MedTech 40:45 Final insights and recommendations 43:29 Closing The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com. If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

    Showing 9 of 75

    Produced by Blue Goat Cyber — medical device cybersecurity consulting.

    About the Show

    Where MedTech meets the
    adversary mindset.

    Brought to you by Blue Goat Cyber, The Med Device Cyber Podcast unpacks the regulations, attacks, and engineering decisions shaping the future of connected medical devices.

    From premarket submissions to postmarket vulnerability response, built for product security teams, regulatory leads, and the engineers in the trenches.

    Browse Episodes by Topic

    Jump straight to what matters for your role.

    Meet the Host

    Practitioner, not pundit.

    Every episode is hosted by an operator who does this work daily, leading FDA submissions, threat modeling sessions, and pen tests for real medical device manufacturers.

    Headshot of Christian Espinosa, Founder & CEO, Blue Goat Cyber

    Christian Espinosa

    Founder & CEO, Blue Goat Cyber
    LinkedIn

    U.S. Air Force veteran with decades of cybersecurity experience across defense, critical infrastructure, and MedTech. Founded Blue Goat Cyber in 2022 to help manufacturers build security in from the start and move through FDA review with confidence.

    FDA Premarket CybersecurityThreat ModelingRisk Management
    View profile
    Be a Guest

    Have a story worth sharing?

    We're always looking for medical device cybersecurity practitioners, regulatory leaders, and security researchers with a sharp point of view. Pitch us below.

    Be specific - e.g. "Threat modeling a Class II infusion pump for FDA premarket"

    0/2000 characters

    Frequently Asked

    MedTech cybersecurity, answered.

    Quick answers to the questions we hear most from product security, regulatory, and engineering teams.

    Listen Anywhere

    Pick your platform.

    New episodes drop weekly. Subscribe to never miss the next deep dive.