Skip to main content
    Back to episode
    Episode 27 · February 12, 2026 · 44m listen · 8,550 words · ~43 min read

    From Idea to FDA Clearance: What Nobody Tells Medtech Founders with Darcy Bachert | Ep. 57 - Full Transcript | The Med Device Cyber Podcast

    Read the complete, searchable transcript of Episode 27 of The Med Device Cyber Podcast - expert conversations on medical device cybersecurity, FDA premarket and postmarket guidance, SBOM management, threat modeling, and penetration testing.

    Prefer the listening experience? Open the episode page for the synopsis, key takeaways, topics, and Apple / YouTube listen links.

    Episode summary

    In this episode of the Med Device Cyber Podcast, host Christian Espinosa from Blue Goat Cyber is joined by Darcy Bachert, the Founder and CEO of Prolucid. Prolucid is an ISO 13485 certified software development firm based in Toronto, Canada, that specializes in creating software for highly regulated industries, including both MedTech and nuclear. Bachert begins by explaining the origin of his company's name, which is a portmanteau of "Project Clarity." This concept becomes a central theme of the conversation, as both speakers agree that a lack of clarity is a primary cause of failure in software development and business in general. The discussion revolves around the unique and significant challenges that MedTech startups face when bringing a software-driven medical device to market, contrasting it sharply with the development lifecycle of a typical consumer product. The main arguments center on the immense complexity and long-term commitment required for medical device development. Bachert and the hosts emphasize that success isn't just about creating an innovative algorithm or a piece of technology; it's about deeply understanding the end-user's problem and workflow from the very beginning. One of the biggest challenges discussed is achieving product-market fit in an environment where you can't simply iterate and pivot based on user feedback due to stringent regulatory constraints. The speakers point out the sobering statistics for startups in this space, with an average timeline of seven years and an investment of around $35 million to get a product to market. This long and costly journey is fraught with pitfalls, from failing to secure reimbursement strategies to creating a product that, while technologically sound, is too complex or disruptive for clinicians to adopt. It is argued that overlooking these practical considerations in favor of focusing solely on the core science is a common mistake that leads to failure. To mitigate these risks, Bachert stresses the importance of engaging with experienced partners who understand the regulated landscape. He advocates for working with firms that are already certified (e.g., ISO 13485) and follow crucial standards like IEC 62304 for software development. This not only de-risks the process for the startup but also provides confidence to investors. They discuss the false economy of choosing cheaper, less-qualified development teams, which often results in having to redo work to meet FDA standards, leading to significant delays and increased costs. The conversation concludes by reinforcing the idea that building a medical device is a comprehensive lifecycle that extends far beyond the initial product launch, requiring ongoing maintenance, security updates, and a deep, continuous understanding of the clinical environment to ensure long-term success.

    Key takeaways from this episode

    • Project clarity—understanding the 'what' and 'why' from the start—is the most critical factor for success in complex software development, especially in regulated industries.
    • Developing software for medical devices is fundamentally different and more rigorous than for consumer products, involving extensive planning, regulatory hurdles, and a focus on safety and user adoption.
    • The journey to bring a MedTech product to market is long and expensive, averaging seven years and $35 million, a reality that innovators and investors must be prepared for.
    • User adoption is paramount. If the device doesn't easily integrate into a clinician's existing workflow and make their life easier, it will likely fail, regardless of how innovative the technology is.
    • Partnering with ISO 13485 certified firms that follow standards like IEC 62304 is crucial for de-risking the development process and ensuring regulatory compliance.
    • Startups often fail by focusing too heavily on the core science or algorithm while neglecting critical business aspects like reimbursement strategies and product-market fit.
    • A medical device's lifecycle doesn't end at launch; it requires a long-term commitment to post-market surveillance, maintenance, and cybersecurity updates.

    Full episode transcript

    Page 1 of 10· Paragraphs 1 - 18
    The lack of clarity causes the most problems in humanity in anyone's life not just in software development in general. Project clarity starts with the early stages of what are we doing, why are we doing it and then every step of the way making sure we communicate progress, show what we're doing. So at the end what we've built is something that they they actually need that they can use that's going to be successful. What other challenges are pretty common that you encounter? You know really understanding how to do it the right way and how to do it in a way that can be adopted by the end user. I don't know if there's as much awareness about how much different it is to build a medical product than to just create a product. There's so much more that goes into it just from a planning, from a process perspective. Hi, welcome to another episode of the Med device Cyber podcast. Today we have a guest Darcy Bockert, and we're going to be talking about software development and how to do secure software development, a little a little bit about the Canadian Medtech market uh because Darcy's organization Prolucid is based in Canada. So before we uh kind of dive in, uh you might give us a little bit of maybe a little background on yourself Darcy and Prolucid and maybe why the name Prolucid. I I was wondering that earlier, actually. Yeah, absolutely. So first off, thanks Trevor, Christian for having me on. Uh as mentioned, Darcy Bachert founder CEO with Prolucid. We are an ISO 1345 certified software development firm based in Toronto, Canada. Been in business just over 17 years now. We actually do work in both medical and nuclear, so highly regulated industries both with very unique development as well as cyber security type challenges and work with customers really across the world. The bulk of them though would be North America, Western Europe, Australia, uh but others as well. And helping them take an idea all the way through FDA and as as you all know, cyber security is a huge part of that. So that's something that we help support with. Awesome. And where did the name Prolucid come from? So that it it's not what it maybe sounds like. It's actually two different words joined together. So it's project clarity is is where it is. We find, I think one of the most challenging things, in any project is not so much writing the software but really understanding what problem it is they're trying to solve, what they're trying to build. And so that project clarity starts with the early stages of what are we doing? why are we doing it, and then every step of the way, making sure we communicate, progress, show what we're doing. So at the end, what we've built is something that they they actually need that they can use that's going to be successful. So we try and build that into everything that we do, but that's where the name comes from. I like it. I think the lack of clarity causes the most problems in humanity in anyone's life, not just in software development in general. Especially like building a business or going after goal, you have to have clarity. Without clarity, people rarely know what to do. They don't know what steps to take and it makes it very challenging. Yeah and I think you know you you're the same. when we're talking to people, they they need help. They don't have all the answers. They're looking for that. And so you you're not just there to solve cyber security or to solve software development. You're there to share advice where you can, give input where you can, ask good questions because collectively that's what we're all trying to find is that clarity on what we're building, how we're going to build it, do it the right way and that's where we create the best successes. So Awesome. And what's the weather like today in Toronto? We, so I have to do the conversion, it's it's almost 10 degrees. We've been dealing with blizzards and and nonsense and a very very long winter that's already started but we have a bit of a thaw that we're we're dealing with right now, so I can't complain too much. I think it's probably low low 50s almost here. Guys, I'm in Arizona. It's like 55 today. That's like pretty cold for during the day in Arizona 55 uh Fahrenheit, obviously, otherwise it would be super hot. And Trevor's in San Francisco. He just moved to California not too long ago and uh he's dealing with foggy weather and chilly weather typically. Trevor: The sun has finally broken out today. It's nice to see. Hopefully it'll hopefully the sun stays out for the JP Morgan week next week, but uh yeah, it's been rainy, foggy, earthquakey, fiery, just every bad thing that can happen seems to happen to San Francisco.
    1 / 10