Why Cybersecurity and Quality Are One and the Same

How can medical device startups avoid missteps in cybersecurity, quality, and compliance?

In this episode, Trevor Slattery speaks with Ashkon Rasooli about the intersection of quality systems and cybersecurity in medical devices. They unpack why treating cybersecurity as a bolt-on checklist is ineffective and even dangerous. They also discuss regulatory realities, risk management frameworks, and how early-stage teams can avoid costly pitfalls by planning smarter from the start.

Ashkon Rasooli is the CEO of EnGenius Solutions, a boutique consulting firm focused on medical device software development. With a background in both hands-on coding and compliance, Ashkon helps MedTech startups navigate quality systems and regulatory strategy.

Key points:

(0:31) Why Regulations and Cybersecurity Are Intertwined

• How EnGenius helps small MedTech companies plan early.

• Challenging the idea that cybersecurity and QMS are separate disciplines.

(7:12) Planning Cybersecurity Early

• Business model, product design, and geography all shape your compliance path.

(12:16) Culture Over Checklists in MedTech Security

• Ashkon’s “Non-BS Manifesto” based on Agile principles.

• Real-world examples of ransomware causing patient harm.

(20:38) Why Probabilistic Risk Scoring Falls Short

• How exploitability trumps probability in FDA guidance.

• How cybersecurity attackers differ from typical safety failures.

(28:14) Planning Compliance

• Dick Cheney’s pacemaker becomes a cautionary tale of targeted threats.

Check out EnGenius Solutions: https://www.engeniussolutions.com