Skip to main content
    Back to episode
    Episode 6 · December 10, 2024 · 35m listen · 4,822 words · ~24 min read

    Avoid the Dumb Tax: Cybersecurity Lessons for MedTech Startups with Steve Bell | Ep. 5 - Full Transcript | The Med Device Cyber Podcast

    Read the complete, searchable transcript of Episode 6 of The Med Device Cyber Podcast - expert conversations on medical device cybersecurity, FDA premarket and postmarket guidance, SBOM management, threat modeling, and penetration testing.

    Prefer the listening experience? Open the episode page for the synopsis, key takeaways, topics, and Apple / YouTube listen links.

    Episode summary

    In this episode of The Med Device Cyber Podcast, the hosts welcome Steve Bell, a seasoned veteran with over 35 years of experience in the MedTech industry. Steve shares his extensive background, which began with a 16-year tenure at Johnson & Johnson where he was part of the pivotal transition from open surgery to minimally invasive laparoscopic procedures. His career also included roles in cardiovascular and women's health divisions and even early involvement with the robotics company Intuitive Surgical. After leaving the corporate world, Steve immersed himself in the challenging California startup scene, experiencing both successful ventures and spectacular failures, which he refers to as paying the "dumb tax." His journey culminated in a six-year stint as CEO of CMR Surgical, a soft-tissue surgical robotics company. Now semi-retired, Steve dedicates his expertise to mentoring the next generation of MedTech entrepreneurs, helping them avoid common pitfalls on their path to market. The central theme of the discussion is the harsh reality and strategic necessities of launching a successful MedTech startup. Steve argues that many founders, especially those with brilliant clinical or academic ideas, often underestimate the non-technical aspects of building a business. He strongly emphasizes that the single most important job of a startup's CEO is fundraising, as cash flow, or "burn rate," is the lifeblood that determines survival. The conversation delves into the "go big or go home" mentality prevalent among investors. Steve explains that because the due diligence process is just as intensive for a small investment as it is for a large one, investors and corporate strategics are primarily interested in ideas that target massive markets with the potential to generate returns in the hundreds of millions. The podcast also specifically addresses the critical role of cybersecurity, which is often treated as an afterthought by new companies. The hosts and Steve concur that security cannot be simply "bolted on" late in the development cycle. Instead, it must be a core component from the very beginning, integrated during the initial requirements and design phases. Neglecting this leads to costly redesigns, significant delays in regulatory submissions (like FDA or MDR clearance), and a rapid depletion of funds. Steve's overarching advice for aspiring MedTech founders is to get educated, build a network of experienced mentors, and clearly define their end-game—including the commercialization strategy and exit plan—before a single screw is turned. He highlights the crucial distinction between intelligence and experience, urging entrepreneurs to learn from the costly mistakes of others to increase their own chances of success.

    Key takeaways from this episode

    • The primary job of a MedTech startup founder or CEO is to raise money; without consistent funding to manage the 'burn rate,' the company will not survive.
    • MedTech is a high-risk industry where a majority of ventures fail. Success requires more than a great idea; it demands deep knowledge of commercialization, regulation, and business strategy.
    • Investors and corporate strategics favor a 'go big or go home' approach, seeking startups that target large markets with the potential for $100 million in revenue by year 10.
    • Avoid paying the 'dumb tax' by getting educated and seeking mentorship from experienced industry professionals who have already made the costly mistakes.
    • Commercialization is the hardest part of a MedTech startup, accounting for over 90% of the effort, while R&D is less than 10%.
    • Cybersecurity must be integrated from the very beginning of the design process. Treating it as an afterthought leads to expensive redesigns and significant regulatory delays.
    • Start with the end in mind. Founders must understand their commercialization pathway, pricing, and exit strategy before beginning product development.
    • There's a significant difference between intelligence and experience. New entrepreneurs should value and leverage the experience of industry veterans to navigate challenges.

    Full episode transcript

    Page 1 of 6· Paragraphs 1 - 11
    Christian: Welcome to the Med Device Cyber podcast. Today we have a guest, Steve. Steve's been in the industry quite a while and he brings some valuable insights in and to help startups through their journey to get their device to market. You want to introduce yourself a little bit, Steve? Steve: Yes, sure. Uh firstly, thank you for having me on. So it's a a real pleasure to be here. Yes, my name is Steve Bell and for those that don't know me, um, you'll know I wear purple if you ever see me on LinkedIn. That's how you can find me. Um, yeah, I've been in med device for just over 35 years and I started my career at Johnson & Johnson, did 16 years there, did the whole transition from open surgery to laparoscopic, so have a lot of uh, a lot of fondness for that whole minimally invasive side of things. Steve: Then I did a cardiovascular division within J&J, a women's health division, and I was actually part of the team that was looking at uh Intuitive back in the very early days, um, when when they were just getting going. Um, I I then left J&J and I did um, the California startup thing. So I used to commute between Rome and Los Angeles every two weeks. Did that for almost 10 years, which was um interesting. Christian: That'd be exhausting. Steve: Yeah, it wa it was, it was. You kind of get used to it though, you get into the ro... the 405 was actually worse going down from Los Angeles to Irvine was worse than the uh transatlantic, which was quite bonkers really. Yeah, it took me longer sometimes to get down the 405. So, um, yeah, so I I did multiple like hardcore startups, you know, where I literally me and like Brad Sharp started some of the industry um uh companies that we did in a cupboard in, you know, in a small cupboard, literally. Uh, one of the startups was called InSitech that we did there. Steve: Did that for a long time, did a couple of turnaround companies and then I sort of retired, um, you know, crashed and burned a few startups quite spectacular, uh, which is uh where you get the most learning. Um, but did, did well in a few, flipped a few, um, and then I was contacted by uh a really good guy called Martin Frost who was the CEO of CMR Surgical, which is a soft tissue surgical robotic company. Steve: And Martin twisted my arm and, you know, I I was went there for six months to basically go and set them up a commercial team and ended up being there six years. And I said, okay, I think that's long enough now. Uh, and then I uh last September I stepped out and um, since then I'm, I'm sort of semi-retired but trying to help the industry, you know, surgeons, young entrepreneurs, startup engineers, to really try and learn all the mistakes that, you know, I've made and a lot of my friends make in startups so they don't make the same mistakes. So, yeah, so I'm doing a lot of that really at the minute is trying to help startups to startup the right way. Christian: Yeah, awesome. I call that the uh, the dumb tax. In my first cybersecurity company, I, I paid a lot of the, the dumb tax as they say, you know. Hopefully I'll pay less of it this time, you know. It's always a little bit of tax we have to pay. So that's, that's a great way you're doing. You know, hopefully, you're helping people avoid some of that dumb tax, you know. Steve: And, and, you know, and, and in medtech startups, that's a really expensive dumb tax. I mean, it it can literally, you know, sink your company. You know, a small decision like, you know, putting the company in the wrong place, um, can easily derail your company and make it hard to raise follow-on rounds. So I'm, you know, I, I have a, a website called howtostartupinmedtech.com, tried to keep it easy. Steve: Um, and there, and on there, you know, there's, there's like a 100-video online course that people can take and it's basically just me um blathering on for a good long while in about 100 videos, um, trying to just tell people the mistakes not to make and trying to give them some insights of what, you know, really helps with a medtech startup. That's what kind of I do most days. Christian: Yeah, I've taken part of your course. I know you have this idea in there like, it's kind of go big or go home. You want to elaborate on that a little bit?
    1 / 6