Skip to main content
    Episode Search

    Find the episode you need.

    Search by keyword, narrow by topic or host, and pick your listening platform. Share the URL - your filters travel with it.

    74 / 74 episodes
    Episode 74 thumbnail, Cancer Drugs Can Damage the Heart - This Startup Wants to Fix It with Ryan Neely
    EP 074

    Cancer Drugs Can Damage the Heart - This Startup Wants to Fix It with Ryan Neely

    Medical device founders spend years thinking about engineering, clinical validation, and FDA clearance. But what happens after you clear the regulatory hurdle? In this episode of the Med Device Cyber Podcast, Christian Espinosa sits down with Ryan Neely, co-founder and CEO of Skribe Medical, to discuss the realities of bringing innovative medical technologies to market. Ryan shares how Skribe Medical is developing a wearable cardiac monitoring platform designed to help cancer patients and oncologists identify signs of treatment-related heart damage more efficiently. The conversation explores the challenges of building AI-powered medical devices, integrating new technologies into existing clinical workflows, and reducing friction for both patients and providers. The discussion also explores one of the most surprising cybersecurity insights of the episode: why hospital networks often present greater risks than home environments for connected medical devices. Ryan and Christian examine how cybersecurity considerations evolve as devices become more connected and why manufacturers must think beyond the device itself when assessing risk. In this episode, we cover: * The growing field of cardio-oncology and cardiac monitoring * Building a battery-free wearable medical device * Why clinical workflow matters as much as technical innovation * Cybersecurity risks in connected healthcare environments * Why hospital networks can create unexpected security challenges * FDA cybersecurity expectations and evolving guidance * Commercialization challenges facing MedTech startups * AI models, continuous improvement, and regulatory frameworks * Why FDA clearance is often just the beginning of the journey Episode Breakdown 00:00 – Introduction 01:53 – The hidden cardiac risks of cancer treatments 02:58 – Scribe Medical's wearable cardiac monitoring platform 03:53 – Future applications beyond oncology 04:45 – Battery-free device design and patient comfort 06:00 – Remote patient monitoring and reimbursement models 09:40 – Cybersecurity risks for connected medical devices 14:06 – Why hospital networks present unique security challenges 16:02 – FDA cybersecurity expectations and evolving regulations 19:03 – Regulatory changes and long MedTech development cycles 21:02 – Commercialization versus FDA approval 24:13 – AI models and the Predetermined Change Control Plan 25:55 – Clinical testing and validation challenges 28:14 – Closing thoughts and key takeaways Find Ryan Neely here on LinkedIn: https://www.linkedin.com/in/ryan-neely-ph-d-14464340/ The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com. If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1
    Episode 73 thumbnail, The Legal Hoops and Hurdles of MedTech Commercialization with JJ Amell
    EP 073

    The Legal Hoops and Hurdles of MedTech Commercialization with JJ Amell

    Medical device commercialization is an engineering milestone, but it is also a legal minefield. In this episode, Christian Espinosa and Trevor Slattery welcome MedTech attorney JJ Amell to dissect the critical errors international founders make when entering the U.S. market. If you do not structure your corporate entities and secure your immigration pathways correctly from day one, federal bureaucracy will burn through your venture capital runway before you ever reach an FDA review. JJ outlines how Amell Law builds robust defensive frameworks around global mobility, corporate liability, and trademark protection. In this episode, we cover: * The Legal Zoom Trap: Why automated, check-the-box business formations fail to provide adequate liability shields for multi-million dollar medical operations. * Delaware vs. Texas: How recent case law regarding minority shareholder control is shifting the corporate gold standard toward the Lone Star State. * The Business Immigration Clock: Why O-1 founder visas and engineering team mobility must be negotiated at the absolute start of your commercial strategy. * Automated Pen Testing Failures: The exact financial consequences of submitting cheap security scans to the FDA, resulting in 180-day interactive review holds. * Public Scraper Scams: How bad actors weaponize public USPTO databases to manipulate foreign nationals during active application windows. Episode Breakdown: 00:00 - Intro 00:54 - Welcoming MedTech attorney JJ Amell 03:38 - Solving legal pain points for global innovators 06:11 - The three pillars of U.S. market entry 08:33 - The inverse market challenge: Moving from Europe to the U.S. 10:43 - Factoring in fiscal repercussions and international tax consultations 12:57 - State jurisdictions: Delaware standards vs Texas corporate law 16:21 - California red tape and the rise of alternative technology hubs 22:41 - Reverse engineering corporate strategy to avoid late-stage corrections 25:44 - The danger of automated penetration tests and interactive FDA reviews 29:39 - Deportation risks and B-1/B-2 tourist visa limitations 31:24 - Government bureaucracy timelines and USPTO trademark processing realities 33:04 - Public database scraping and the explosion of corporate filing scams 37:37 - AI voice cloning and deepfake vulnerabilities targeting tech executives 40:52 - Code Blue Chart: Documented cybersecurity fatalities in healthcare 44:25 - Closing thoughts and reconnecting with nature Find JJ Amell here on LinkedIn: https://www.linkedin.com/in/jjamellesq/ The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com. If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1
    Episode 72 thumbnail, The Dangerous Gap in Global MedTech Security Awareness with Shahbaz Ahmed
    EP 072

    The Dangerous Gap in Global MedTech Security Awareness with Shahbaz Ahmed

    Yes, medical device security is a technology problem, but it’s also a human psychology problem. In this episode, Christian and Trevor welcome Shahbaz Ahmed, a Strategic Leadership Advisor from Pakistan, to dissect the massive global gaps in cybersecurity awareness. If people do not understand the threat, they will not invest in the solution. Shahbaz outlines how his Leadership Studio uses human engineering to unify Eastern emotional intelligence and Western strategic logic, giving tech leaders the ultimate toolkit for global commercial operations. In this episode, we cover: * Why 90 percent of people are driven by emotion rather than data, and how that changes the way we must pitch cybersecurity compliance. * The critical distinction between technical leadership and broad vision leadership, and why technical experts often struggle to convince investors. * How capability can intentionally expand your daily capacity through structured priority frameworks like the Pomodoro technique. * The psychological reasons medical communities remain entirely oblivious to the 14 vulnerable devices sitting beside every single hospital bed. * Why absolute consistency outperforms sporadic peak performance every single time when securing digital health networks. Episode Breakdown: * 00:00 - Intro * 02:14 - Leadership styles: Eastern emotion vs Western logic * 05:07 - Human engineering and the science of emotional psychology * 08:31 - Capacity vs capability: breaking down our emotional fuses * 12:28 - Technical leadership vs broad vision leadership * 14:29 - The Ex Machina color theory analogy for cultural exposure * 19:10 - Hungry judges and decision fatigue: how state affects choice * 24:43 - How increasing capability expands human cognitive capacity * 26:35 - The shocking lack of medical device cybersecurity awareness globally * 31:12 - Why regulatory updates are outpacing downstream hospital practice * 35:27 - Breaking down big words to make security simple * 38:00 - Key takeaways: consistency as the ultimate weapon for success Find Shabaz Ahmed here on LinkedIn: https://www.linkedin.com/in/shahbaz-ahmed-4004ab86/ The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com. If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1
    Episode 71 thumbnail, The Age of Digital Health Humanity with Philippe Gerwill
    EP 071

    The Age of Digital Health Humanity with Philippe Gerwill

    Can you use AI and still stay 96.5 percent authentic? Philippe Gerwill joins the Med Device Cyber Podcast to demonstrate how technology can make us more human. As a Digital Health Humanist and top-ranked influencer in Switzerland, Philippe shares a unique perspective on the future of MedTech. Success in this new era requires a mastery of unlearning old habits to make room for radical new capabilities. In this episode, we cover: * The Unlearning Skill: Why letting go of old knowledge is harder than learning new tech. * Managing the Chaos: How Philippe uses AI to balance advisory roles for nearly 30 different companies. * The ChatGPT Shift: Why patients are bypassing doctors and what clinicians need to do about it. * Digital Humanism for Doctors: Keeping the human in front of you in a world of big data. Episode Breakdown: * 00:00 The concept of unlearning as a vital skill for healthcare leaders. * 01:52 Philippe’s background at Novartis and transition into healthcare technology. * 03:35 Managing advisory roles for nearly 30 companies using an AI ecosystem. * 04:50 The Favikon ranking and maintaining a 96.5 percent authenticity score. * 07:49 Defining the role of a futurist in the modern era. * 09:21 The intersection of technology and gut feeling. * 18:15 Patient behavior: why consumers are driving the shift to AI in clinics. * 32:10 The mandate to use our brain and the risks of over-relying on tools. * 44:52 The productivity trap: spending more time reprompting than writing. The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com. If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1
    Episode 70 thumbnail, Why MedTech Needs Specialists with Zoltan Kevei and Saby Toth of Bishop & Co | 70
    EP 070

    Why MedTech Needs Specialists with Zoltan Kevei and Saby Toth of Bishop & Co | 70

    Medical software looks deceptively accessible because the tools are familiar and the first build can happen quickly. What remains hard is building something that stands up to regulation, security scrutiny, and real clinical risk without collapsing under its own shortcuts. That is why partner choice matters so much. A weak vendor can create elegant-looking work that fails under audit. A generalist consultant can apply hardware logic to software problems and miss the practical steps that make compliance workable. The cost of the wrong partner is not only financial. It can distort the whole product path. The same pattern shows up in technical due diligence. A strong commercial story or healthy books can hide brittle architecture, outdated stacks, poor security posture, and avoidable rewrite risk. When no one checks the technology properly, weak foundations often remain invisible until they become expensive. The broad lesson is simple. Medical software reaches the market faster when the team stops treating software, regulatory, and cybersecurity decisions as separate streams and starts handling them as one connected system. Episode Breakdown 00:01 Welcome 04:14 Market access realities in Europe and the US 08:02 Early engagement with experts 10:48 Why security belongs near the beginning 12:24 AI use and misuse in software products 16:05 Why not every product needs AI 20:03 Building medical software with the right disciplines 22:28 What investors miss without technical diligence 24:00 Why old code can become a liability 29:20 How founders should assess vendors 32:28 Why software still gets judged like hardware 36:26 Software-specific review expertise 38:33 Closing takeaways 41:14 Finish The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com. If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1
    Episode 69 thumbnail, Science Before Hype in MedTech Investing with Varun Turlapati of Chaanakya Capital | Ep. 69
    EP 069

    Science Before Hype in MedTech Investing with Varun Turlapati of Chaanakya Capital | Ep. 69

    Neurotech has one of the widest gaps in MedTech between public excitement and real scientific certainty. That makes diligence more important, not less. A compelling story, a futuristic device, or a category with massive upside can still lead investors in the wrong direction if the science is thin and the clinical case is not yet grounded. That tension sits at the center of this episode. The strongest investment case is not built on how large the market sounds or how dramatic the pitch feels. It is built on whether the device is medically credible, whether the engineering holds up under pressure, and whether specialists who would actually use it believe it belongs in practice. There is also a deeper lesson here for founders. In device categories where claims can run ahead of evidence, seriousness becomes a differentiator. Companies that think through regulatory fit, reimbursement logic, clinical use, and product hardening early are easier to believe, easier to diligence, and easier to support. Cybersecurity fits directly into that same seriousness test. A connected device cannot be treated like a normal software startup where a broken feature can be patched without consequence. If security is deferred, the cost is not only financial. It can compromise product trust at the exact moment a company needs it most. Episode Breakdown 00:00 The unknowns inside neurotech 00:31 Security decisions that should happen early 01:57 The fund’s early-stage focus 02:42 Science versus speculative claims 04:42 Valuation discipline at the seed stage 05:39 How power law logic applies in specialized VC 07:55 Why neurotech remains underbuilt 14:22 How founders are supported after investment 17:15 The missing cybersecurity layer 20:24 Why redesign gets expensive 22:17 Diligence beyond the usual checklist 24:20 How a small focused fund operates 29:45 Events, networks, and specialist insight 34:44 Multiples, IRR, and realistic return thinking 38:13 Final reflections 40:09 End The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com. If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1
    Episode 5 thumbnail, Why MedTech Needs More Than Approval with Michael Branagan Harris of HealthTech Strategies | Ep. 68
    EP 005

    Why MedTech Needs More Than Approval with Michael Branagan Harris of HealthTech Strategies | Ep. 68

    MedTech companies often assume a better product should naturally win. In reality, healthcare systems change slowly, purchasing paths are layered, and the best technology can still stall if the story behind it is weak. Evidence has to do more than prove safety or performance. It has to explain why a payer should spend, why a provider should switch, and why the patient outcome is worth it. That is why market access cannot be treated as a late stage commercial task. It sits across product design, evidence generation, reimbursement planning, pricing logic, and market entry sequencing. Once teams understand that, they stop treating adoption as something that happens after approval and start building toward it from day one. The most useful framework here is simple and sharp. A technology has to work for patients, providers, payers, and the product business itself. In the United States, physician economics can add another layer. Miss one leg of that structure and the whole commercial case becomes unstable. For founders, the real takeaway is hard but useful. If you cannot explain who benefits, why they benefit, and how that benefit is proven, market access will remain a bottleneck no matter how promising the innovation looks. Episode Breakdown 00:00 Welcome 02:06 Why market access starts with the problem 09:02 Evidence beyond the trial mindset 12:45 Why some solutions fail despite good technology 14:16 The three part decision logic in market access 17:17 The patient outcome story 19:30 The four and five P framework 22:43 Why country economics matter 28:36 First market strategy 32:23 AI and digital health in different systems 33:52 The future of home based care 36:42 The price and access tradeoff 42:08 Final thoughts 48:30 Close The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com. If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1
    Episode 4 thumbnail, De-Risking Product Decisions in MedTech Startups with Brent Lavin of Ironwood MedTech | Ep. 67
    EP 004

    De-Risking Product Decisions in MedTech Startups with Brent Lavin of Ironwood MedTech | Ep. 67

    Product decisions made during early development determine commercialization outcomes years later. Startups face choices about regulatory pathways, feature sets, market segments, and clinical trial strategies without frameworks for evaluating long-term consequences. Wrong decisions create compounding problems. Pursuing 510(k) clearance when market differentiation requires PMA approval limits claims and pricing power. Building features for broad markets instead of specific segments wastes resources and dilutes value propositions. Brent Lavin, Chief Product Catalyst of Ironwood MedTech Partners, explores product management with Christian Espinosa and Trevor Slattery, covering de-risking product decisions through hypothesis testing, why 510(k) pathways average four years while PMA programs require seven to nine years, and how feature set alignment with target segments shapes commercialization success. The engineering mindset applies hypothesis testing to product development. Assumptions about customer needs, clinical workflows, and value propositions require validation through iterative testing. Products evolve through feedback cycles rather than executing predetermined specifications. The end product never matches initial whiteboard concepts because iterative refinement improves designs through learning. Holding assumptions loosely and accepting when data proves them wrong produces better outcomes than defending original concepts regardless of evidence. Regulatory pathway selection carries timeline and strategic implications. 510(k) programs average four years from concept to clearance when teams understand what they are building. PMA implantable device programs extend seven to nine years but enable differentiated claims supporting premium pricing. Substantial equivalence claims limit marketing messages to comparability with predicate devices. Orthopedic space demonstrates this "sea of sameness" where 510(k) products compete primarily on price because the regulatory pathway prevents clinical differentiation claims. Second-to-market timing in clinical trials offers strategic advantages. First movers invest heavily in establishing clinical evidence and regulatory acceptance. Subsequent entrants benefit from proven pathways and reduced regulatory uncertainty. De novo devices establishing new categories through clinical trials create predicates for following 510(k) submissions. The strategy works for non-implantable devices where subsequent products can reference earlier clinical work. Feature set decisions require aligning complexity with target segment needs. Building maximum features for hypothetical broad markets creates expensive products serving no segment optimally. Identifying specific use cases and clinical workflows enables targeted feature development. The right feature set serves intended users effectively rather than attempting universal appeal. Alignment between product capabilities, clinical claims, regulatory pathway, and commercial strategy reduces friction during development and market introduction. Episode Breakdown: 00:02 Introduction and background 04:35 Ironwood MedTech Partners origin 06:02 De-risking product decisions 10:15 Engineering mindset and hypothesis testing 14:30 510(k) vs PMA pathway selection 18:45 Timeline implications 22:20 Substantial equivalence limitations 26:40 Feature set alignment 30:15 Market segmentation strategy 34:55 Second-to-market clinical trial strategy 38:45 Entrepreneurship in MedTech 40:45 Final insights and recommendations 43:29 Closing The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com. If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1
    Episode 3 thumbnail, Vibe Coding Security Risks & Malicious Injection with Jake Rodriguez of Triangle Tech | Ep. 66
    EP 003

    Vibe Coding Security Risks & Malicious Injection with Jake Rodriguez of Triangle Tech | Ep. 66

    Vibe coding describes AI-assisted software development where developers describe desired functionality and AI generates implementation code. The approach enables rapid prototyping and reduces time spent on routine coding tasks. Developers can build features faster by describing requirements in natural language rather than writing every line manually. The efficiency gains attract developers seeking productivity improvements and faster development cycles. Security risks emerge when developers accept AI-generated code without understanding implementation details. Malicious actors can manipulate training data or prompt engineering to inject vulnerabilities into generated code. Supply chain attacks become easier when developers blindly trust AI outputs and incorporate code containing backdoors, data exfiltration mechanisms, or logic bombs. The same efficiency that makes vibe coding attractive creates attack surfaces through reduced code review and verification. Understanding what generated code actually does requires technical knowledge many adopting vibe coding lack. If developers cannot read and verify code quality, they cannot identify security problems embedded in AI outputs. Malicious code hidden in seemingly functional implementations can persist through development into production systems. Organizations adopting AI code generation need security review processes preventing unverified code from reaching deployment. The right tool for the right job principle applies to AI adoption generally and vibe coding specifically. Not every development task benefits from AI generation. Critical security functions, authentication systems, and sensitive data handling require human expertise and verification regardless of AI capabilities. Understanding where AI helps versus where human judgment remains essential separates effective AI adoption from risky dependency on tools users do not fully understand. Episode Breakdown: 00:00 AI Search vs Google + Risks 01:13 Intro + AI, Marketing, Cybersecurity 01:39 Jake Rodriguez Background 04:27 What is SEO Today 06:30 AI Search vs Traditional SEO 08:50 How AI Finds Content (Reddit, Quora) 10:11 AI Bias and Hallucinations 10:58 Content Strategy + Personal Branding 12:27 Why Trust is Shifting (Podcasts, Events) 13:56 Bot Farms and Fake Engagement 15:02 Apple Branding Psychology 16:07 App Permissions and Cyber Risks 16:55 AI Voice Scams and Deepfakes 19:46 Using AI for Marketing 21:04 Prompt Engineering Tips 22:36 Where AI Works vs Fails 24:28 What is Vibe Coding 27:23 AI Risks in Medical Devices 30:46 Cybersecurity Challenges in MedTech 32:59 AI Jailbreaks and Security Threats 34:44 MedTech Marketing Strategy 35:43 SEO Landing Page Strategy 37:36 Key Takeaways 39:00 Outro The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com. If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1
    Episode 2 thumbnail, Who Owns Patient Data Security in Trials with Rob Bedford, CEO of Franklyn Health | Ep. 65
    EP 002

    Who Owns Patient Data Security in Trials with Rob Bedford, CEO of Franklyn Health | Ep. 65

    RACI charts distinguish between responsible and accountable parties in medical device development and clinical trials. Responsible parties perform the work. Accountable parties own outcomes and face consequences when problems occur. The person accountable depends on results regardless of who actually executes tasks. This distinction becomes critical when manufacturers delegate work to contractors or outsource components. Manufacturers remain accountable for patient data security in clinical trials even when multiple parties handle information. Principal investigators at trial sites bear responsibility for data integrity at their locations. Contract research organizations may manage infrastructure and communication. But accountability stays with the manufacturer serving as sponsor. If breaches occur or compliance failures emerge, manufacturers face regulatory consequences. The same accountability pattern applies to software development and component selection. When manufacturers delegate software creation to contractors and vulnerabilities appear, manufacturers answer to regulators. When manufacturers choose components with security weaknesses, they remain accountable for device security regardless of supplier claims. Due diligence in partner selection becomes essential because delegation transfers work but not liability. Understanding scope determines what startups can accomplish with limited resources. Boston Scientific collects data across ten countries simultaneously without budget concerns. Startups must identify highest-value early targets and streamline paths toward successful commercialization. FDA represents common early choice due to market size, but understanding what FDA expects before designing products prevents later corrections. Security by design parallels early clinical planning. Building safe and effective devices requires understanding regulatory expectations from the beginning and designing products to meet those standards. Waiting until late stages to address security or clinical requirements forces expensive retrofitting that might have been avoided through proper early planning and stakeholder engagement. Episode Breakdown: 00:01 Opening 03:45 CRO terminology clarification 07:20 Why small medtech companies matter 12:15 Budget constraints and strategic focus 16:40 Speed requirements for startups 20:25 Team dedication to medtech 24:10 Clinical trial types 28:35 FDA reasonableness and early engagement 32:50 Patient data security accountability 36:15 RACI chart principles 39:40 Scope understanding for startups 41:36 Final words The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com. If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1
    Episode 1 thumbnail, Start QMS Early to Avoid Reverse Documentation with Dr. Basant Bajpai | Ep. 64
    EP 001

    Start QMS Early to Avoid Reverse Documentation with Dr. Basant Bajpai | Ep. 64

    Regulatory submissions fail increasingly often due to inadequate cybersecurity documentation, forcing medical device manufacturers to address security requirements earlier in development cycles. FDA scrutiny intensifies around penetration testing, vulnerability assessment, and security architecture decisions, particularly for Software as a Medical Device submissions. Retrofitting cybersecurity into completed product designs imposes severe timeline penalties. Fundamental architecture changes to implement security controls may invalidate existing validation work, requiring complete reverification under new design specifications. The parallel mirrors quality system delays, where addressing requirements late in development costs 6-12 months and substantial consulting expenses. Medical device development complexity increases as regulatory requirements expand across quality management, cybersecurity, clinical validation, and commercialization planning. Limited startup funding forces difficult prioritization decisions about whether to invest in software engineering, quality infrastructure, regulatory preparation, or clinical studies. Deferring any critical component creates downstream bottlenecks. The interconnection between quality systems and cybersecurity compliance grows tighter as both disciplines emphasize documentation, traceability, and evidence of systematic processes. Audit trails protecting quality records parallel requirements for security event logging. Design controls ensuring product safety extend naturally into security architecture decisions. Compliance teams addressing quality requirements must simultaneously prepare cybersecurity evidence. Early engagement with both quality and security requirements prevents expensive late-stage corrections. Founders building medical devices must understand the complete regulatory landscape from the concept stage, implementing foundational systems that scale rather than deferring infrastructure until growth creates urgency. The path to market shortens significantly when quality and security are integrated with product development from the beginning. Episode Breakdown: 00:00 QMS Mistakes and AI Misuse 01:09 Guest Intro: Dr. Basant Bajpai 01:32 Why QMS Is Critical for Survival 02:30 The Biggest Mistake Founders Make 03:30 Why You Must Start QMS Early 04:30 Why Manual Systems Fail Audits 05:30 Build Simple, Scalable Systems First 06:08 Cybersecurity and Quality Go Together 07:00 How AI Is Used in QMS 08:00 Human in the Loop Matters 08:50 AI Risks and Hallucinations 10:00 When AI Can Invent and Why It’s Dangerous 10:45 Don’t Use AI Before QMS Basics 12:30 Regulator Views on AI 13:30 AI in Regulatory Reviews 15:10 The Coming AI Arms Race 17:00 Traceability Challenges with AI 18:20 Why Traceability Must Stay Manual 20:20 AI in Healthcare Risks and Opportunities 22:10 Cost of Delaying QMS 24:00 Reverse Documentation Pain 25:30 Scaling Problems from Poor Systems 27:00 Startup Challenges and Tradeoffs 28:10 Cybersecurity Retrofit Problem 29:00 Regulatory Pressure Is Increasing 30:10 FDA Pushback on Cybersecurity 31:00 Awareness Is the Key Fix 32:20 Key Takeaways for Founders 34:05 AI Should Assist, Not Replace 35:10 Closing The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com. If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1
    Episode 19 thumbnail, Early Design Decisions that Shape Medical Device Success with Chris Danek, CEO of Bessel | Ep. 63
    EP 019

    Early Design Decisions that Shape Medical Device Success with Chris Danek, CEO of Bessel | Ep. 63

    This episode of the Med Device Cyber Podcast, hosted by Christian Espinosa and Trevor Slattery of Blue Goat Cyber, features guest Chris Danek, the Founder and CEO of Bessel. The discussion centers on the critical need for medical device startups to integrate cybersecurity into their product development process from the very beginning, rather than treating it as a late-stage compliance checkbox. Chris Danek, whose company specializes in helping medtech startups commercialize their innovations, frames the conversation around the concept of creating products with "breakthrough impact." The hosts and guest argue that achieving this impact in today's environment is impossible without a robust and proactive cybersecurity strategy, as neglecting it can lead to devastating financial and product-related consequences. The core argument made throughout the episode is the reframing of medical device cybersecurity from a simple data protection issue to a fundamental component of patient safety. Christian Espinosa vividly illustrates this by describing worst-case scenarios, such as a hacked surgical robot causing paralysis or a compromised defibrillator delivering fatal shocks. This leads to a discussion of several key misconceptions prevalent in the industry. A major point of contention is the false assumption that software developers are inherently cybersecurity experts. Espinosa provocatively states that, in his experience, only about one in a hundred software developers truly understand cybersecurity, emphasizing that the skillset required to build software is fundamentally different from the adversarial mindset needed to secure it. This mistake often results in cybersecurity being pushed to the end of the development cycle, a practice the speakers deem a potential "product killer." To avoid these pitfalls, the experts advocate for a comprehensive, lifecycle-based approach to security. Trevor Slattery highlights the immense costs of late-stage testing, recounting instances where thousands of vulnerabilities were discovered just months before a planned regulatory submission, causing delays and cost overruns exceeding half a million dollars. The solution, they propose, is to start with threat modeling at the conceptual stage to understand what could go wrong and how an attacker might compromise the device. This informs early architectural decisions, ensures security requirements are baked into the design, and guides the selection of secure hardware and software components. The conversation stresses that this proactive stance is not just about appeasing regulators like the FDA, but about de-risking the entire business venture, streamlining development, and ultimately delivering a safer and more effective device to market for the benefit of patients.
    Showing 12 of 74