Christian Espinosa, founder of Blue Goat Cyber and leading voice in medical device cybersecurity, joins Etienne Nichols to unpack the urgent and often misunderstood topic of cybersecurity in MedTech. From FDA’s 2023 regulatory overhaul to real-world hacking scenarios that could harm patients, Christian provides practical advice for innovators, RA/QA professionals, and software teams. He also shares why waiting until the last minute on cybersecurity could cost startups millions—or even kill a project entirely.

Whether you're a quality professional trying to build compliant systems or an innovator racing toward FDA submission, this episode lays out exactly what you need to know to stay ahead of cyber threats and within regulatory guardrails.

Key Timestamps:

• 00:01 – Intro to guest Christian Espinosa and Blue Goat Cyber
• 06:28 – Why medical device cybersecurity is different from traditional IT security
• 11:49 – Real-world hacking example: acne laser device turned skin-burner
• 13:57 – FDA expectations post-September 2023: what changed
• 17:12 – Secure boot: a microcontroller mistake that derailed a launch
• 20:35 – Common cybersecurity vendor mistake MedTech companies make
• 23:40 – SBOM: Software Bill of Materials and why it's legally critical
• 27:58 – Cyberattacks in hospitals: assuming a hostile network
• 35:44 – AI in medical devices: data bias and cybersecurity challenges
• 41:10 – Developers ≠ cybersecurity experts: the training gap nobody talks about
• 45:20 – What RA/QA professionals need to know now
• 49:30 – Why cybersecurity must be iterative, not a final-phase add-on
• 55:20 – Espinosa's final advice for MedTech professionals
• 57:52 – The story behind “Blue Goat Cyber”

Standout Quotes:

Top Takeaways:

1. Cybersecurity isn’t just about data—it's about patient safety. From burning skin to missed sepsis diagnoses, vulnerabilities in devices have real-world harm potential.
2. FDA now requires more than just a basic security plan. Post-September 2023 rules mandate testing (SAST, DAST, fuzzing), SBOMs, and risk assessments tied to patient harm.
3. Start cybersecurity planning during the requirements phase. Hardware like microcontrollers must support secure boot and other protections—retrofits can cripple product plans.
4. Iterate cybersecurity like any core development activity. One-time testing near submission is too late; build security into your pipeline just like QA or usability.
5. Traditional cybersecurity vendors aren’t enough. Many fail to meet FDA’s nuanced expectations for medical devices, causing costly submission rejections.

References & Resources:

• Christian Espinosa on LinkedIn
• Blue Goat Cyber
• Etienne Nichols on LinkedIn

MedTech 101 – Understanding SBOM (Software Bill of...

In part 2 of a critical two-part series, Etienne Nichols and regulatory affairs expert Mike Drues explore the nuanced pathway of switching a medical device from prescription (Rx) to over-the-counter (OTC).

This episode dives deep into what triggers a new submission, how usability testing and human factors play an expanded role for lay users, and the regulatory logic that guides these transitions. The conversation highlights the importance of aligning regulatory strategy with business goals, and offers practical insights on leveraging real-world evidence, understanding the limits of FDA databases, and optimizing pre-submission meetings.

• 02:10 – Starting from a cleared 510(k): Do you need a new submission for OTC?
• 06:45 – Implications of removing the healthcare provider from the equation
• 12:00 – Risk management: Expanding risk profiles when lay users are involved
• 18:15 – When a 510(k) becomes a De Novo or PMA
• 22:50 – Usability testing and the risk of user error in OTC devices
• 31:20 – Clinical investigations and good clinical practices (GCPs)
• 36:00 – Real-world evidence vs. real-world data—what’s usable?
• 41:30 – Using Pre-Subs effectively and what “quality data” really means
• 47:10 – Labeling, cleaning, and UDI for OTC products
• 53:40 – OTC software and digital health—when is it a regulated device?
• 01:00:00 – Summary: Aligning regulatory logic with common sense and business strategy

“With an OTC device, we are taking the healthcare professional totally, completely, and utterly out of the loop.”

– Mike Drues

This quote encapsulates the core regulatory challenge in moving a device to OTC: every element, from labeling to usability, must assume zero clinical supervision.

“If the clinical trial won’t tell you anything you don’t already know from good real-world evidence, why spend the time and money?”

– Mike Drues

A powerful argument for using well-documented real-world evidence over unnecessary trials—provided the data truly meets evidentiary standards.

1. Label Expansion ≠ Shortcut: Moving from prescription to OTC usually requires a new submission—especially when removing the healthcare provider introduces new risks.
2. Usability Testing Is Critical: OTC usability studies must go beyond IFU comprehension to include risk of misuse, poor device selection, and user decision-making.
3. Real-World Evidence Can Help—If It’s Clean: Real-world data isn’t always usable. FDA will expect reproducibility, traceability, and strong justifications.
4. Labeling & Design Must Assume No Clinical Oversight: Cleaning procedures, warnings, and directions must all be validated for home use and layperson comprehension.
5. Use Pre-Subs Wisely: Especially for label expansions or gray-area digital health tools, pre-subs provide critical alignment with FDA and prevent costly errors.

• Etienne Nichols on LinkedIn
• FDA Guidance on Real-World Evidence for Regulatory Decision-Making
• Greenlight Guru Webinar: What is and Isn't a Regulated Medical Device (feat. Mike Drues)
• FDA Guidance: Clinical Decision Support Software

Analogy: Think of prescription vs. OTC devices like driving a manual vs. automatic car. Prescription devices assume a trained “driver” (the healthcare provider), while OTC devices must be intuitive and safe enough for anyone to “drive”...

In Part 1 of this two-part series, Etienne Nichols sits down with regulatory strategist Dr. Mike Drues to explore the nuanced differences between prescription (Rx) and over-the-counter (OTC) medical devices. They demystify key terms, regulatory classifications, and the growing trend of label expansions from Rx to OTC—highlighting real-world examples like CPAP machines and continuous glucose monitors (CGMs).

This episode unpacks how intended users, environments, and risk tolerances shape device categorization, and why usability testing is far more complex than many realize. Whether you're developing a consumer health product or preparing a label expansion strategy, this is a must-listen for your regulatory roadmap.

• [03:05] – What defines an OTC vs. prescription medical device?
• [06:45] – Market size of OTC devices and major product categories
• 10:00 – Label expansion: moving from Rx to OTC status
• 13:22 – The role of intended use environment in OTC classifications
• 20:40 – Examples of devices in each FDA class that are OTC
• 26:30 – Prescription devices used in home settings vs. true OTC
• 31:15 – Characteristics that qualify devices for OTC status
• 37:55 – Self-diagnosis, self-selection, and patient usability challenges
• 43:00 – “Reasonably foreseeable misuse” and how to interpret guidance
• 49:05 – Do you design for the lowest common denominator?
• 56:10 – Representing diverse user populations in usability testing
• 1:01:45 – Can a device launch OTC first? The case for wellness-to-Rx strategies
• 1:08:15 – FDA’s perspective on device safety: OTC vs. Rx

“The best regulatory professionals don’t just know the rules—they know the exceptions.”

Dr. Mike Drues reminds us that exceptional regulatory strategy lies in understanding nuance, especially in OTC classifications where edge cases can redefine categories.

“Just because a device is used at home doesn’t mean it’s over the counter.”

This insight challenges a common industry assumption, underscoring the importance of carefully defining intended use and environment early in development.

1. OTC ≠ Low Risk by Default – Many Class II and even rare Class III devices can be OTC; it’s more about intended user, use environment, and risk mitigation than class alone.
2. Label Expansion Requires Strategy – Transitioning a device from prescription to OTC isn’t just about removing a doctor’s role—it may involve new usability studies, labeling changes, and potentially a 510(k) or de novo submission.
3. Understand the "Intended Use Environment" – FDA doesn’t just care about where the device is used, but how those environmental parameters (like light, humidity, and user training) affect safe operation.
4. Usability Testing Must Reflect Real Users – For OTC devices, human factors validation must account for diverse educational backgrounds, not just ideal users.
5. Don't Rely on Labels Alone – Whether or not users read (or understand) instructions must be tested, not assumed. Intuitive design is critical for OTC success.

• Etienne Nichols on LinkedIn
• Greenlight Guru Medical Device Classification Webinar with Mike Drues (for explanation on device classes)
• FDA Guidance: “Factors to Consider When Making Benefit-Risk Determinations in Medical Device...

Are you new to the medical device industry—or mentoring someone who is? In this foundational episode of the Global Medical Device Podcast, host Etienne Nichols sits down with Sara Adams and Chris Rush from Greenlight Guru to deliver a MedTech 101 masterclass.

They unpack the roles, regulations, and realities of medical device development in a heavily regulated space. From defining what actually counts as a medical device to navigating FDA classifications and global regulations, the trio offers practical insights, industry analogies, and personal war stories that make this episode as entertaining as it is educational. Whether you’re in R&D, marketing, clinical, or quality, this is the episode to bookmark and share with every new hire.

02:20 – What counts as a medical device? Intended use and labeling

06:48 – Differentiating roles: Quality, Regulatory, Clinical, R&D, and Marketing

15:40 – Understanding regulatory bodies: FDA, EU MDR, Health Canada, and more

20:15 – FDA Classifications: Class I, II, III, and what determines risk

26:00 – Standards to know: ISO 13485, 14971, 14155, 21 CFR Part 820

33:05 – FDA pathways: 510(k), De Novo, PMA – when and why they apply

41:55 – The design control matrix explained (User Needs through Validation)

49:00 – Reverse engineering design controls: pitfalls and best practices

55:30 – Clinical trials vs. preclinical studies: When each is required

1:00:45 – Manufacturing & supplier controls: operations meets compliance

1:04:15 – Final advice for MedTech newcomers: Read the regs and know the problem

“Just because you don’t call it a medical device doesn’t mean the FDA agrees with you.” – Sarah Adams

This quote highlights a key regulatory pitfall: your marketing claims, not just your label, determine if the FDA considers your product a medical device.

“A 510(k) is like someone checking your wristband at the door—you’re cleared to go in. A PMA? That’s a locked door and you need full approval to enter.” – Chris Rush

A memorable analogy that demystifies the difference between FDA clearance and approval pathways.

Labeling + Intended Use = Regulatory Trigger

Whether it’s software or a simple tool, if your product makes medical claims or supports medical decision-making, it may fall under FDA or other international regulatory oversight.

Regulatory Pathways Are Tied to Risk and Novelty

Know the difference between a 510(k), De Novo, and PMA. Class II “me-too” devices may avoid clinical trials, while Class III and novel devices usually require significant evidence.

Understand Design Controls Early

Reverse-engineering documentation late in development is risky and inefficient. Start early with user needs and build forward through the five pillars: inputs, outputs, verification, and validation.

Cross-functional Understanding Prevents Compliance Gaps

Marketing, clinical, and R&D all influence regulatory standing. Even social media likes can trigger off-label scrutiny—every department needs to understand their regulatory impact.

Reading Regulations Is Not Optional

A strong regulatory foundation is key to faster development, better audits, and smoother market access. Resources like 21 CFR Part 820 and ISO 13485 are surprisingly readable and essential.

• Etienne Nichols on LinkedIn
• Chris Rush on LinkedIn

In this episode of the Global Medical Device Podcast, Etienne Nichols speaks with renowned regulatory and reimbursement expert Karandeep Singh Badwal to uncover the complexities of medical device reimbursement across the US, EU, and Asian markets.

From the influence of governmental systems to the nuances of coding, coverage, and payments, Karandeep shares real-world insights for MedTech companies developing their global market strategies. Learn why early planning for reimbursement is just as crucial as regulatory approval, and how future-proofing your strategy against political and economic changes can safeguard your device's success.

00:00 – Intro and Sponsor Message (Greenlight Guru Quality)

02:30 – Why Reimbursement Must Be Considered Early

07:15 – US Reimbursement System: Medicare, Medicaid, and Private Insurers

13:10 – EU Reimbursement: Challenges with Fragmented National Systems

17:45 – Asian Market Differences: Japan, China, and South Korea

23:20 – The Importance of a Reimbursement Expert

28:05 – Navigating Political Changes in Global MedTech Markets

33:30 – Special Challenges for AI and Software as a Medical Device

40:00 – Direct-to-Consumer vs. Prescription Strategies

46:20 – Integrating Real-World Evidence and Post-Market Surveillance

52:00 – How Management Reviews Can Align Business and Quality Goals

01:03:10 – Pros and Cons: US vs. EU Reimbursement Models

01:18:20 – Final Takeaways and Closing Thoughts

"Reimbursement isn’t just the final step after regulatory approval — it is a core business strategy."

Why it matters: Many companies fail by not building reimbursement into their earliest development and design decisions.

"You can have the most innovative medical device in the world, but without a reimbursement pathway, you won't have a viable business."

Why it matters: Innovation alone isn’t enough; financial strategy is crucial to survival and growth.

• Start with reimbursement in mind: Align your product claims, indications, and market strategies with potential reimbursement pathways early.
• Tailor by region: US, EU, and Asian markets all have distinct reimbursement landscapes — success in one doesn't guarantee success in another.
• Hire jurisdiction-specific experts: Use consultants experienced in your target markets to avoid costly mistakes.
• Leverage post-market surveillance: Integrate real-world evidence gathering into your QMS and management reviews to support reimbursement claims.
• Build strategic flexibility: Political and regulatory landscapes shift — maintain backup jurisdictions and alternative market strategies.

• Etienne Nichols on LinkedIn
• Greenlight Guru Quality Management System
• Medtech Podcast hosted by Karandeep Singh Badwal

What is "Reimbursement" in MedTech?

Reimbursement refers to how a company gets paid for a medical device after it’s cleared for use. This usually involves navigating government programs (like Medicare) or private insurance, and it determines how easily hospitals, clinics, or individuals can buy and use a product.

Simple Analogy: Think of it like getting a movie produced: regulatory clearance is getting your movie rated, but reimbursement is making sure theaters agree to pay you to...

In this episode of the Global Medical Device Podcast, host Etienne Nichols sits down with Kirk Petyo, Managing Partner at Talent Factory Recruiting, to explore the art and science of hiring in MedTech.

Kirk shares strategies for building magnetic employer brands, explains the difference between competencies and capabilities in candidates, and warns about the hidden costs of bad hires or delayed recruitment. They also discuss how to attract top talent from outside traditional MedTech backgrounds, and why companies must clearly define their values to thrive in today's competitive hiring landscape.

• [00:02:00] – Introduction to Kirk Petyo and Talent Factory Recruiting's unique approach
• [00:05:30] – What makes a company a "magnet" for top talent in MedTech
• [00:12:20] – How to recruit candidates from outside traditional MedTech backgrounds
• [00:20:00] – How to differentiate between a good worker and a good interviewer
• [00:30:10] – The ripple effects of a single bad hire in a MedTech company
• [00:35:50] – The cost of leaving key roles unfilled for too long
• [00:44:00] – Outdated hiring practices that repel top candidates
• [00:50:00] – Trends in hiring and workforce planning for 2025
• [01:02:00] – Final advice for MedTech hiring managers and company leaders

1. "If you treat hiring like a transaction, you'll get transactional results. But if you treat hiring as a critical strategy for growth, you’ll flourish." – Kirk Petyo
2. "Your candidate’s life must be better at your organization than it was at their last job—if you can't tell that story, you'll struggle to attract top talent." - Kirk Petyo

• Define your value drivers clearly: Understand what makes your company unique before trying to attract top talent.
• Focus on capability, not just competency: Prioritize what candidates can learn and contribute over time, not just what they know today.
• Structure your interview process: Build a consistent, benchmark-driven approach to avoid gut-feel hiring mistakes.
• Partner with strategic recruiters: Seek recruiters who genuinely understand your company culture and goals, not just resume matchers.
• Act early on critical hires: Don’t delay filling strategic roles; the opportunity cost and cultural risk multiply with time.

• Kirk Petyo’s LinkedIn Profile
• Talent Factory Medical Website
• Etienne Nichols' LinkedIn Profile

Competency vs. Capability (Simplified):

Think of competency like what’s already in a candidate’s toolbox—their current skills and experiences. Capability is their potential—the size of the projects they could build if you give them the right tools and environment.

Poll Question: What’s the biggest challenge you face when hiring MedTech talent?

• Defining clear job expectations
• Attracting candidates from outside the industry
• Avoiding bad hires
• Speeding up the hiring...

In this compelling episode, Etienne Nichols chats with regulatory powerhouse Sarah Moeller about the crucial intersection between the FDA's regulatory oversight and international ISO standards development.

They uncover the profound impact of FDA's participation—or absence—in shaping global standards, especially ISO 14155 and ISO 18969 updates. The conversation also tackles the shifting landscape caused by administrative changes in the U.S., the effects on clinical trials, AI-driven digital evidence, and what companies must do to stay compliant and innovative in a volatile regulatory environment.

• [02:30] – Introduction to Sarah Moeller and her role in ISO 18969 updates.
• [07:00] – Overview of ISO standards update processes and FDA’s critical role.
• [15:20] – The impact of AI and digital evidence on clinical evaluations.
• [22:10] – Why FDA's temporary absence from standards writing matters.
• [31:45] – Resumed communications: FDA’s current engagement status.
• [41:00] – Implications of leadership changes at the FDA.
• [50:15] – Strategic advice for MedTech companies amidst regulatory uncertainty.
• [58:00] – Passionate case for FDA's continued involvement and defense of public service.
• [1:12:30] – Big updates in ISO 14155 and 18969 and what they mean for clinical trials.

• "Without FDA at the standards table, we risk global disharmony—and patients pay the price." – Sarah Moeller
• "Taking care of each other must be our number one goal in both hospitality and healthcare." – Sarah MoellerKey Takeaways:

1. Maintain proactive and open communications with your FDA reviewers.
2. Incorporate rigorous digital evidence management to future-proof clinical evaluations.
3. Advocate for clear regulatory processes by contacting your congressional representatives.

• ISO 14155: Good Clinical Practice for Medical Device Trials—Updated to reflect decentralized trials and enhanced CRO oversight.
• ISO 18969: Clinical Evaluation Standard aligning evaluations across the total product lifecycle.
• MDUFA and PDUFA: Critical funding mechanisms supporting timely FDA review processes.
• Etienne Nichols on LinkedIn

ISO Standards: International standards that ensure quality, safety, and efficacy in products across global markets.

MDUFA (Medical Device User Fee Agreement): Agreement where companies pay fees to FDA for timely device reviews.

Clinical Evaluation: Systematic process for assessing and analyzing clinical data to verify the safety and performance of a medical device.

Poll Question: "Do you believe the FDA should have a permanent seat at all ISO standards committees?"

👉 Email your thoughts to podcast@greenlight.guru

Enjoyed today’s episode? We'd love your feedback!

📩Email us your thoughts and suggestions for future topics at podcast@greenlight.guru

🎧 Don’t forget to leave a review on iTunes or your favorite podcast platform!

Brought to you by Greenlight Guru Quality:

Greenlight Guru helps MedTech companies stay audit-ready 24/7 with smarter, structured quality management tools that align with FDA and ISO...

In our 400th episode of the Global Medical Device Podcast, host Etienne Nichols is joined by Greenlight Guru’s Sara Adams to unpack the findings of the 2025 Medical Device Industry Benchmark Report. From the rise of family office investments to QMS upgrades and the impact of regulatory uncertainty, this episode delivers a candid and comprehensive look at the current MedTech landscape. Sara brings her quality expertise and industry anecdotes to life, while Etienne adds sharp insights on strategic planning and product development.

Whether you're facing supply chain complexity, preparing for QMSR, or trying to navigate market shifts, this episode is your roadmap for the year ahead.

• 00:03 – Introduction to the 2025 Medical Device Industry Report
• 05:00 – Market growth outlook: $800B by 2030
• 09:40 – Family office investment trends in MedTech
• 13:15 – Hiring freezes and headcount reductions: what's behind the numbers?
• 20:22 – Supply chain challenges and supplier qualification issues
• 28:35 – Why only 11% of companies rate their supply chain management as “excellent”
• 33:30 – QMS upgrades and the strategic focus on quality systems
• 39:00 – Fundraising and clinical trials: top priorities for pre-commercial companies
• 44:55 – Regulatory complexity: QMSR, EU MDR, and FDA staffing pressures
• 53:50 – FDA Form 483s: top causes and how to avoid them
• 1:04:00 – Action plan for 2025: technology, collaboration, and performance
• 1:12:00 – Making quality your competitive edge

1. Global MedTech market expected to hit $800B by 2030.
2. Quality systems and operational efficiency are becoming top priorities.
3. Regulatory uncertainty is affecting hiring and supply chain strategy.

1. Start preparing for QMSR (FDA’s Quality Management System Regulation) now.
2. Prioritize supplier qualification and traceability early in development.
3. Choose purpose-built tools to reduce headcount needs and streamline processes.

• 2025 Medical Device Industry Report – Greenlight Guru
• Etienne Nichols on LinkedIn
• Sara Adams on LinkedIn
• Episode 360: Is it Possible to Buy a QMS? with Sara Adams

QMS (Quality Management System): A structured system that documents processes, procedures, and responsibilities for achieving quality and regulatory compliance.

QMSR: FDA’s new quality regulation aligning with ISO 13485:2016.

483 Form: Issued by the FDA when investigators find conditions that may violate the FD&C Act.

Family Office...