Listen now
Episode breakdown
Key takeaways
- Cybersecurity must evolve from an IT function to a leadership priority due to the increasing sophistication of cyber threats.
- Organisations, particularly in regulated industries, should focus on cyber resilience to ensure business continuity during cyber incidents, rather than solely on preventing all attacks.
- The gaming industry provides valuable lessons for MedTech in maintaining operations 24/7 and managing cyber risks with significant financial implications.
- AI is increasingly influential in both cyber defense and offensive cybercrime, necessitating its consideration in security strategies.
- Integrating cybersecurity into quality management systems is crucial for medical device manufacturers.
- Leadership teams need to prioritize cyber risk across their organizations, understanding that compliance does not equate to resilience.
- Penetration tests require executive buy-in to drive meaningful change and improve security posture.
For years, cybersecurity has been viewed as an IT responsibility. Today's threat landscape demands something very different.
In this episode of the Med Device Cyber Podcast, Christian Espinosa is joined by Melissa Aarskaug, a cybersecurity executive with extensive experience protecting highly regulated industries, including banking and casino gaming. Melissa shares lessons from an industry where operations run 24 hours a day, every day of the year, and where even a few minutes of downtime can have enormous financial consequences.
The conversation explores why attackers increasingly target regulated industries, how cyber resilience differs from compliance, and why cybersecurity has evolved into a leadership issue rather than simply an IT function. Melissa explains why organisations should focus less on preventing every possible attack and more on ensuring the business can continue operating when incidents occur.
Christian and Melissa also discuss how medical device manufacturers can learn from the gaming industry's approach to resilience, the growing role of AI in both cyber defence and cybercrime, why cybersecurity should be integrated into quality management systems, and how leadership teams can better prioritise cyber risk across their organisations.
Whether you're a MedTech founder, cybersecurity professional, healthcare leader, or product developer, this episode offers practical insights into building more resilient organisations in an increasingly connected world.
Notable quotes
“Cybersecurity should be a leadership issue because it connects to every aspect of the organization.”
“The conversations around cybersecurity need to shift from 'Are you compliant?' to 'Are you resilient?'”
“You can be compliant but not secure, and you can be secure but not compliant. Ideally, we want to be both.”
“AI is going to change the cybersecurity landscape in terms of defense and offense. It's coming.”
Frequently asked questions
Bring this work to your device
Need help with penetration testing?
Blue Goat Cyber delivers medical device penetration testing for medical device manufacturers - from threat modeling to FDA-ready reports.
Medical Device Penetration TestingMore on Penetration Testing
Keep listening
-
Episode 60
How to Move Stakeholders from Awareness to Sustained Adoption Without Friction
With MedTech leader
-
Episode 46
How Market Intelligence Shapes MedTech Growth with Kevin Saem
With Kevin Saem
-
Episode 34
Integrating Project Management to Strengthen Cybersecurity Outcomes with Steve Curry
With Steve Curry
-
Episode 22
AI in Medical Devices: Opportunities & Regulation with Matt Lemay
With Matt Lemay