Marc Zemel has been building Retia Medical for 15 years. The company started as two guys with slides and licensed technology. Now their data-driven hemodynamic monitoring technology for consistently accurate cardiac output measurements in high-risk surgical and critically ill patients is in 75 hospitals across 18 countries, sold by Medtronic in the U.S, and the company is preparing to launch their new product Argos Infinity, pending FDA clearance.

But getting here meant dealing with cybersecurity challenges that Marc didn't see coming. In this conversation, he talks about what actually slowed them down, what he wishes he'd done differently, and why building a proper quality system from day one would have saved him years of pain.

Retia Medical develops algorithms that monitor cardiovascular function. Their technology detects problems before blood pressure drops, which makes it valuable in operating rooms and ICUs. Nurses have gotten so attached to their monitors that they literally hug them because the devices help them do their jobs better.

Marc walks through the specific cybersecurity issues that surprised him. Like how software as a medical device comes with ongoing compliance costs that hardware doesn't have. Or how documentation requirements kept changing as the FDA updated its expectations. Or how retrofitting cybersecurity into an existing product is way more expensive than building it in from the start.

He also shares his philosophy on building companies. He doesn't focus on exits or acquisition targets. He focuses on building something people can't live without. When the product is that good, the rest takes care of itself.

If you're building a medical device startup or dealing with FDA submissions, this is a conversation worth hearing.

Episode Breakdown:

00:00 Introduction

00:32 Where everyone's calling from

02:54 Marc's background and journey into medtech

04:33 What Retia Medical does

07:00 Blood flow vs blood pressure

09:45 Software vs hardware as a medical device

12:30 Cybersecurity challenges

15:20 Documentation nightmares

18:45 Quality systems and why they matter early

22:10 FDA submissions over 15 years

25:30 The cost of retrofitting cybersecurity

28:50 Software updates and compliance

32:15 Build to be bought, not to be sold

37:32 What acquirers look for

39:02 Product market fit: Nurses hugging monitors

41:14 Wearables and future regulations

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com.

If you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and Founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram:

Thinking about taking your medical device to China? Or maybe you're a Chinese company looking at the American market?

William Jin has spent over 30 years helping companies do exactly that, and he'll tell you straight up that most of them aren't ready. Not because they lack good products, but because they didn't think about cybersecurity early enough.

William was trained as a medical doctor in Shanghai, then moved into the medtech industry working for companies like McCulloch and Stryker. Now he helps businesses on both sides of the Pacific figure out how to actually get their products approved and sold in each other's markets. The problems he sees are surprisingly similar whether you're going East or West.

In this conversation, William walks through the real barriers to global expansion. We're talking about practical stuff like why using Google Cloud can completely block you from the Chinese market, how data sovereignty laws affect AI-powered devices, and why that Baxter ventilator recall should matter to everyone building connected medical devices.

If you're in medtech and thinking about international markets, this is the reality check you need. William's advice is simple but critical: plan for your target markets before you start building. Otherwise, you'll spend millions redesigning later, or worse, you'll realize you can't enter those markets at all.

Episode Breakdown:

00:00 The costly mistake of not planning for global markets early

00:44 Meet William Jin: Medical doctor turned medtech market strategist

03:15 What's really stopping Chinese companies from entering Western markets

07:20 Why Chinese medtech exports to the U.S. dropped while Europe increased

11:40 The Google Cloud problem nobody warns you about

15:50 How China's data regulations affect your algorithms and cloud architecture

19:30 Reverse engineering your markets: Start with the end in mind

23:00 Where Chinese companies dominate and where they struggle internationally

26:45 The Baxter recall that was really about cybersecurity

28:50 Why cybersecurity product recalls are fundamentally different

29:20 William's final advice for medtech innovators

29:40 Wrapping up: Design to disposal, not as an afterthought

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com.

If you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook:

Ever thought about what it really takes to launch a successful medtech startup?

Omar M. Khateeb knows the challenges firsthand. As a founder with a track record of building healthtech companies, he’s lived through the hurdles that come with innovating in the medtech space.

In this episode, Omar dives into the highs and lows of his entrepreneurial journey, sharing key lessons, pivotal moments, and the strategies that helped him succeed. From tackling complex healthcare issues to navigating the regulatory maze, Omar breaks down what it takes to make a lasting impact in medtech.

Join us for an inside look at the future of health tech and why it’s the perfect time for the next generation of entrepreneurs to get involved.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Why does software composition analysis matter beyond regulatory compliance?

This episode explores SCA (Software Composition Analysis) and explains how SBOMs (Software Bill of Materials), SOUP (Software of Unknown Provenance), and related tooling fit into the broader medical device cybersecurity landscape. Christian and Trevor clarify common misconceptions, including licensing fears, machine-readable requirements, and the role of static testing tools.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

What past ransomware and medical device incidents might reveal gaps that manufacturers are still overlooking today?

In this episode, Christian and Trevor examine real incidents where cybersecurity failures, software flaws, and insecure medical devices led to patient harm and death. They break down how ransomware attacks, implantable device vulnerabilities, and AI-driven therapies expose life-critical risks in healthcare. The conversation highlights why regulators are increasing scrutiny and why cybersecurity must be treated as a patient-safety imperative, not an afterthought.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

This episode was produced by Story On Media: https://www.storyon.co/

This episode puts Trevor in the hot seat. If you were put in the hot seat, could you clearly explain cybersecurity, safety, and lifecycle terms like Trevor?

In this rapid-fire episode, Christian fires questions at Trevor about essential medical device cybersecurity concepts and standards. Together, they clarify how risk management, secure development, and lifecycle thinking intersect across safety, quality, and security.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

This episode was produced by Story On Media: https://www.storyon.co/

MedTech developers, do you know which penetration testing methodology the FDA actually prefers for medical device submissions?

In this episode, Christian and Trevor explain the differences between black, grey, and white box penetration testing and how each impacts the completeness and realism of cybersecurity assessments. They highlight why regulators increasingly expect deeper testing supported by source-code-level insights. They also outline the risks, costs, and delays manufacturers face when choosing insufficient testing approaches during FDA submission.

Key points:

(01:25) Learn how black box testing mimics an attacker with no prior knowledge.

(06:27) How grey box testing blends limited credentials, architecture insight, and direct communication with engineers to expand visibility.

(08:29) Why white box testing includes access to full documentation, processes, and source code.

(10:20) How attacker timeframes differ from tester timeframes.

(11:29) How the FDA’s static analysis, SBOM, and risk evaluation requirements tie naturally into white box testing workflows.

(15:06) Learn why choosing black box testing to save money often results in higher total costs after FDA rejection.

(17:47) Hear why “buy once, cry once” applies to penetration testing.

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.

Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmh

Subscribe via Apple Podcasts: https://apple.co/483OJ9I

Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

This episode was produced by Story On Media: https://www.storyon.co/

What risks do you take when cybersecurity is left off your development roadmap?

In this episode, Christian, Trevor and guest Jim Goodmiller explore how cybersecurity intersects with regulatory expectations and quality systems, creating new challenges and opportunities for medtech innovators. Jim helps to explain why founders must integrate cybersecurity from concept through commercialization, especially as FDA scrutiny increases.

Key points:

00:48 Why cybersecurity now influences every part of the regulatory landscape.

04:48 How technologies can create serious safety and compliance risks when not fully vetted.

10:45 Cybersecurity as a mandatory component of regulatory planning.

14:52 The need for iterative penetration testing

22:16 Challenges of upgrading legacy devices

25:37 Avoiding serious legal consequences.

29:29 Preparing a complete roadmap for investor confidence

40:08 The role of communication

The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com

If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session

Thanks to Jim Goodmiller for being on the show.

Connect with Jim on LinkedIn: https://www.linkedin.com/in/jimgoodmiller/

Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.

Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/

Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9

Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/

Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/

Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/

Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Feedback? Questions? Contact: https://bluegoatcyber.com/contact/

Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/

Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial

The Med Device Cyber Podcast is...