Cybersecurity for Medical Devices | Ctrl-Alt-Secure S3E13 ft. Madison Morrow & Farshad Esnaashari Artwork

Ctrl - Alt - Secure Podcast

Welcome to the Ctrl-Alt-Secure podcast, your guide to navigating the ever-changing landscape of cybersecurity. Join us as we delve into the latest trends, threats, and innovations shaping the infosec space.

All Episodes

Ctrl - Alt - Secure Podcast

Cybersecurity for Medical Devices | Ctrl-Alt-Secure S3E13 ft. Madison Morrow & Farshad Esnaashari

December 05, 2025 • Red Sentry CEO Valentina Flores • Season 2 • Episode 13

In this episode of Ctrl-Alt-Secure, Valentina Flores sits down with Madison Morrow, Director of Business Development at Blue Sages, and Farshad Esnaashari, a medical device full–lifecycle consultant, to break down one of the most urgent topics in the med-tech industry: cybersecurity requirements for FDA medical device submissions.

The conversation explores why the FDA is increasing its cybersecurity expectations, the most common mistakes manufacturers make, and how device makers can integrate security early in the product lifecycle. Madison explains how Blue Sages supports medical device companies through engineering best practices, software documentation, testing, and compliance, while Farshad brings over 30 years of experience in architectural security, risk management, and interpreting FDA cybersecurity guidance.

Key topics covered in this FDA cybersecurity episode:

• Why cybersecurity must start early in medical device design (not at the end)
• What the FDA now expects: SPDF, SBOM, traceability, threat modeling, and vulnerability management
• Why shallow SBOMs, missing traceability, and late pentesting delay submissions
• How penetration testing and offensive security strengthen FDA submissions
• Practical guidance for med-tech startups balancing speed, safety, and compliance
• How AI introduces new cybersecurity risks in medical devices and what the FDA expects for model updates, rollback plans, and integrity checks

Who needs this episode?

This discussion is essential for anyone involved in medical device development, regulatory submissions, FDA compliance, cyber risk, software validation, or connected device security. If you’re preparing a 510(k), De Novo, or PMA submission in 2025–2026, this episode gives you a clear roadmap of what to prioritize.

About Ctrl-Alt-Secure

Ctrl-Alt-Secure is brought to you by Red Sentry, a human-led, tech-powered penetration testing firm helping companies identify and fix vulnerabilities before attackers can exploit them.

🔗 Connect with Blue Sages to explore their engineering and regulatory support for medical device companies: https://www.bluesages.com/

🔗 Contact Red Sentry: https://redsentry.com/contact

Find more about Red Sentry.