How can security architecture views strengthen a medical device manufacturer’s FDA submissions?

This episode/webinar dives into the four critical security architecture views required by the FDA: global system, multi-patient harm, updatability and patchability, and secure use case views. Christian Espinosa and Trevor Slattery explain how each view strengthens product security while aligning with regulatory expectations. They also share practical strategies and examples, from cloud environments to physical updates, highlighting how proper documentation and foresight can mitigate real-world risks.

Highlights:

(01:19) Learn why the FDA requires four specific security architecture views and how they support threat modeling.

(03:10) Understand how integrating security into architecture views reflects secure coding and DevSecOps practices.

(04:15) Discover how global regulators beyond the FDA use similar documentation requirements.

(07:52) Explore why global system views must include both software and hardware components as well as data flows.

(11:02) The distinction between global system views and multi-patient harm views.

(14:36) Common vulnerabilities like hard-coded credentials that can lead to multi-patient harm.

(19:18) The risks of over-the-air updates versus physical updates for medical devices.

This episode was brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube:

How can AI literacy reduce patient risk in healthcare settings?

In this episode, Christian Espinosa and Trevor Slattery are joined by Dr. José Acosta. Together, they unpack the promise and pitfalls of artificial intelligence in healthcare—from the accuracy gap in diagnostics to the importance of ethics, alignment, and training. The conversation explores how clinicians can harness AI safely, ensuring innovation never comes at the cost of patient trust or care quality.

Dr. José Acosta is a retired Navy trauma surgeon turned AI literacy advocate. With decades of experience in medicine and leadership, he’s now helping clinicians understand AI—from how it works to how it should be used responsibly.

Key points:

(00:57) José’s background as a Navy trauma surgeon and his passion for AI literacy.

(02:53) What “AI literacy” really means.

(05:00) Why precision matters in medicine, and why 85–95% accuracy in AI models isn’t enough when lives are on the line.

(11:20) A chilling example of an AI therapy app that gave a fatal recommendation.

(14:16) José predicts a surge in “ambient AI scribes” and explains how they’ll reshape physician workflows.

(17:53) AI’s productivity paradox—how new tools can both help and overwhelm clinicians.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cybercriminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Thanks to José Acosta for being on the show. Connect with José on LinkedIn: https://www.linkedin.com/in/joseacostasd/

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage:

MedTech developers and manufacturers, could your medical device unknowingly qualify as a “cyber device”?

In this episode, Christian and Trevor break down what the FDA considers a “cyber device” and why so many manufacturers misunderstand this definition. They reveal how even basic interfaces like USB, HDMI, or Bluetooth can make a device cyber-enabled—and why that matters for regulatory compliance.

Key points:

(00:33) What makes a medical device a “cyber device,” and why confusion persists among manufacturers.

(02:14) How proving a device has zero vulnerabilities is nearly impossible, even with minimal code.

(03:12) Why even a simple USB port can classify a device as “cyber.”

(05:05) Common interfaces (Wi-Fi, Bluetooth, RFID, NFC, HDMI) that make a device cyber-enabled.

(09:23) Implantable devices, like pacemakers, and how protocols such as MedRadio introduce hidden connectivity.

(12:20) A real case where the FDA classified a 3D-printing system as a cyber device due to its software dependencies.

(16:15) Practical advice on removing unnecessary ports or connectivity to avoid cyber classification.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cybercriminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

This episode was produced by Story On Media: https://www.storyon.co/