Skip to main content
    All Episodes
    Episode 006 · December 10, 2024 · 35m listen

    Avoid the Dumb Tax: Cybersecurity Lessons for MedTech Startups with Steve Bell | Ep. 5

    Steve Bell
    Industry Veteran

    Episode Summary

    This episode of The Med Device Cyber Podcast features industry veteran Steve Bell, who shares invaluable insights for MedTech startups navigating the complex journey of bringing a medical device to market. Bell emphasizes that startups often face a steep "dumb tax" due to common, yet avoidable, mistakes. He highlights the critical importance of early cybersecurity integration, stressing that bolting it on late in the development cycle leads to costly redesigns and significant delays in regulatory approval. The discussion covers the distinction between functional and non-functional requirements, with cybersecurity falling squarely into the latter, requiring proactive planning from the requirements phase. Bell and the host also delve into the financial realities of MedTech, underscoring the need for "big ideas" that promise substantial returns for investors, typically $100 million in revenue by year ten. The episode further explores the extended average exit time for MedTech startups (10-12 years) and the growing awareness among investors about cybersecurity as a crucial due diligence factor. This episode is essential listening for product security teams, regulatory leads, and engineers seeking to avoid common pitfalls and strategically plan for long-term success in the MedTech industry, particularly regarding FDA premarket considerations and risk management.

    Key Takeaways

    • 01MedTech startups must integrate cybersecurity from the requirements phase, not as a late add-on, to avoid costly redesigns and regulatory delays.
    • 02A startup's ability to raise money continuously is paramount, with the CEO's primary role being fundraising.
    • 03Successful MedTech commercialization requires planning the 'end game' before product development begins, rather than focusing solely on R&D.
    • 04Startups should seek education and mentorship from industry experts to avoid common mistakes and navigate complex regulatory pathways, including cybersecurity requirements.
    • 05Investors are increasingly scrutinizing cybersecurity plans during due diligence, making it a critical factor for securing funding.
    • 06Understanding the difference between functional (what a device does) and non-functional (how it maintains security, integrity, and privacy) requirements is crucial for comprehensive cybersecurity planning.
    • 07Planning for potential risks and building in security controls like secure boot from the start is more cost-effective and efficient than remediation later.
    • 08Most medical device startups fail, often due to an inability to reach profitability and secure ongoing funding; strong cybersecurity and regulatory planning aid long-term viability.

    Frequently Asked Questions

    Quick answers drawn from this episode.

    • This episode of The Med Device Cyber Podcast features industry veteran Steve Bell, who shares invaluable insights for MedTech startups navigating the complex journey of bringing a medical device to market. Bell emphasizes that startups often face a steep "dumb tax" due to common, yet avoidable, mistakes.

    • MedTech startups must integrate cybersecurity from the requirements phase, not as a late add-on, to avoid costly redesigns and regulatory delays. A startup's ability to raise money continuously is paramount, with the CEO's primary role being fundraising. Successful MedTech commercialization requires planning the 'end game' before product development...

    • This episode covers FDA Premarket Cybersecurity. It's part of The Med Device Cyber Podcast, hosted by Blue Goat Cyber, focused on practical medical device cybersecurity guidance for MedTech teams.

    • He highlights the critical importance of early cybersecurity integration, stressing that bolting it on late in the development cycle leads to costly redesigns and significant delays in regulatory approval. It's most useful for medical device manufacturers, cybersecurity engineers, regulatory affairs professionals, and MedTech founders...

    • MedTech startups must integrate cybersecurity from the requirements phase, not as a late add-on, to avoid costly redesigns and regulatory delays.

    Listeners also asked

    Quick answers pulled from related episodes.

    Share this episode

    Pre-fills with: "MedTech startups must integrate cybersecurity from the requirements phase, not as a late add-on, to avoid costly redesigns and regulatory delays."

    Welcome to The Med Device Cyber Podcast. Today, we have a guest, Steve. Steve's been in the industry quite a while and he brings some valuable insights to help startups through their journey to get their device to market. Do you want to introduce yourself a little bit, Steve? Yeah, sure. Firstly, thank you for having me on. It's a real pleasure to be here. Yes, my name is Steve Bell, and for those that don't know me, you'll know I wear purple if you ever see me on LinkedIn. That's how you can find me.> I've been in Med device for just over 35 years. I started my career at Johnson & Johnson, doing sixteen years there. I did the whole transition from open surgery to laparoscopic, so I have a lot of fondness for that whole minimally invasive side of things. Then I did a cardiovascular division within J&J and a women's health division. I was actually part of the team that was looking at Intuitive back in the very early days, when they were just getting going. I then left J&J and I did the California startup thing. I used to commute between Rome and Los Angeles every two weeks. I did that for almost 10 years, which was interesting. It got to be exhausting. Yeah, it was. You kind of get used to it, though. You get into the rut. The 405 was actually worse going down from Los Angeles to Irvine than the transatlantic, which was quite bonkers, really. It took me longer sometimes to get down the 405. I did multiple hardcore startups, where literally me and like Brad Sharp started some of the industry companies that we did in a cupboard, in a small cupboard. Literally, one of the startups called Intra that we did there. I did that for a long time, did a couple of turnaround companies, and then I sort of retired. You know, I crashed and burned a few startups quite spectacularly, which is where you get the most learning. But I did well in a few, flipped a few. Then I was contacted by a really good guy called Martin Frost, who was the CEO of CMR Surgical, which is a soft tissue surgical robotic company. Martin twisted my arm, and I went there for six months to basically go and set up a commercial team and ended up being there six years. Then I said, 'Okay, I think that's long enough now.' Last September, I stepped out, and since then, I'm sort of semi-retired but trying to help the industry—you know, surgeons, young entrepreneurs, startup engineers—to really try and learn all the mistakes that I've made and a lot of my friends make in startups so they don't make the same mistakes. So, I'm doing a lot of that, really, at the minute, trying to help startups to start up the right way. Yeah, awesome. I call that the

    Hosted by

    Explore every episode in the topics covered here.

    More from your hosts

    Other episodes diving into Christian and Trevor's areas of focus.

    Episodes covering similar ground - including FDA Premarket.

    Why this matches shares the FDA Premarket topic and covers similar themes around planning, investors, scrutinizing.

    Why this matches shares the FDA Premarket topic and covers similar themes around investors, factor, seeking.

    Why this matches shares the FDA Premarket topic and covers similar themes around viability, redesigns, face.

    Listen to this episode