Med Tech Gurus The Human Side of MedTech Security
Feb 25, 2026
Christian Espinosa, CEO of Blue Goat Cyber and former Air Force/DOD operator, turned a personal device scare into a mission to secure medical technology. He talks about designing cybersecurity for patient safety from day one. He warns about late-stage bolt-on fixes, AI risks in devices, FDA submission pitfalls, and the importance of organizational ownership and emotional intelligence in high-stakes work.
AI Snips
Chapters
Transcript
Episode notes
Cybersecurity Equals Patient Safety
- Cybersecurity for medical devices is primarily a patient safety issue, not just data protection.
- Christian Espinosa explains hacks could paralyze patients via surgical robots or cause fatal misdiagnoses in IVD systems, linking cyber risk to clinical harm.
Build Security Into The Design From Day One
- Start cybersecurity early and design it into the product lifecycle instead of bolting it on before submission.
- Espinosa likens retrofitting security to adding rebar after pouring a concrete foundation, which is costly and delays market entry.
Pen Test Early Or Expect Delays
- Run penetration tests early and address discovered vulnerabilities well before regulatory submission.
- Espinosa describes clients who wait ~60 days before submission, find many holes, and then face long fixes, investor asks, and timeline slips.