Category
Cybersecurity
Practical cybersecurity for leaders, engineers, and the teams trying to keep up with the threat landscape.
51 posts
Jun 22, 2026
Five Seconds On Elbrus And The FDA Submission
Four hours before this summit photo on Mt. Elbrus, I almost died from five seconds of lost focus. Same mistake MedTech teams make on FDA cybersecurity submissions — and the self-arrest that gets you out of it.
Jun 21, 2026
The Ultrasound That Found My Clots: Why Medical Device Cybersecurity Is Personal
In 2022 a Doppler ultrasound found six blood clots in my left leg. That device saved my life. It's also why I treat medical device cybersecurity as a patient safety issue, not a compliance checkbox.
Jun 20, 2026
What a 'Good' SBOM Actually Looks Like — And What Reviewers Reject
FDA reviewers see thousands of SBOMs. Most are wrong in the same handful of ways. Here's what a defensible Software Bill of Materials looks like for a medical device submission — and the patterns that trigger a deficiency.
May 28, 2026
If Your Reviewer Can't See the System, You Don't Have an Architecture
Security Architecture Views are where most medical device submissions either earn trust or lose it. Here's what a clear, defensible architecture view looks like — and why most teams over-engineer the diagrams and under-engineer the boundaries.
Apr 8, 2026
Why Postmarket Cybersecurity Is Where MedTech Actually Fails
FDA clearance is the floor, not the finish line. A look at why most medical device cybersecurity programs collapse after launch — and what the working postmarket programs do differently.
Mar 12, 2026
FDA Premarket Cybersecurity: What the 2026 Guidance Actually Requires
A plain-English breakdown of FDA's final 2026 premarket cybersecurity guidance — what the threat model, SBOM, labeling, and cybersecurity management plan actually have to look like for clearance.
Jan 22, 2026
Total Product Lifecycle: The Framing That Fixes Most MedTech Submissions
Most medical device cybersecurity programs fail because they treat security as a premarket activity. The Total Product Lifecycle framing is what the FDA expects — and what makes the work durable.
Nov 18, 2025
Threat Modeling Is the Work. Everything Else Is the Receipt.
Most medical device cybersecurity submissions fail at the threat model — not because reviewers are picky, but because teams treat threat modeling as documentation. It's the engineering discipline that produces everything else.
Sep 17, 2023
What Is Threat Intelligence, and Why Is It Important in Supporting Your Cyber Team?
In this post, we review what threat intelligence is, its current impact, and what it all means to your cyber team.
Sep 17, 2023
Silos Weaken Your Cybersecurity Posture, Collaboration Makes It Stronger
How did cybersecurity become so siloed? And what can you do to break silos down?
Jul 17, 2023
Is Your Cybersecurity Budget Limited? How to Do More with Less
In this post we explore the state of cybersecurity budgets and how changes in the way you manage your team can help you do more with less.
May 11, 2023
Cybersecurity Strategy Pitfalls: How to Get Back on the Right Path
An underlying theme in the pitfalls we’ll discuss is how cybersecurity professionals miss or don’t give much credit to the human element.
Apr 13, 2023
Ransomware Attacks: New Ways to Exploit Old Vulnerabilities
Cybercriminals are leveraging old weaknesses with the latest in AI and machine learning to maximize ransomware impact.
Apr 13, 2023
The Latest on Supply Chain Security: How Cyber Professionals Can Move the Needle
Supply chain attacks often involve third-party software because of privileged access and frequent communication with the vendor’s network.
Jan 19, 2023
What Is XOps, and How Is It Changing the Cybersecurity Talent Discussion?
XOps describes the uniting of DevOps, DevSecOps, AIOps, and MLOps.
Dec 24, 2022
Cyber Risk and Digital Transformation: The Gap Is Growing
Cyber risk and digital transformation can work in harmony toward business objectives, but it requires a strong culture and strategy.
Dec 24, 2022
The Cyber Threat No One Talks About — the Absence of a Cybersecurity Culture
While the concept of a cybersecurity culture isn’t new, it’s still an internal challenge for most technical cybersecurity teams.
Dec 4, 2022
Why Organizations Should Pivot to DevSecOps
The underlying foundation of DevSecOps is security by design. Security is a consideration at the conception of the project, not an afterthought.
Dec 1, 2022
Cybersecurity Trends Every Professional Needs to Know in 2026
The threats, tools, and shifts shaping cybersecurity in 2026: AI-driven attacks and defense, identity as the new perimeter, regulatory pressure, and the human factor.
Nov 14, 2022
3 Reasons Why Current Cybersecurity Measures Aren’t Working and How to Fix Them
The real reason cybersecurity measures are failing is because of a people problem. It’s the core foundation of my book, The Smartest Person in the Room.
Oct 8, 2022
What the Latest Cybersecurity Breaches Can Teach Us
There’s no shortage of cybersecurity breaches, with fear-inducing headlines. There is much to learn in these situations.
Sep 27, 2022
What Is Zero Trust Architecture, and Why Should Your Organization Shift to It?
Zero trust architecture describes a strategic approach to cybersecurity that enables an organization to be secure by eliminating implicit trust and replacing it with continuous validation. Its beginnings sprung from the “never trust, always verify” principle.
Sep 27, 2022
Will AI and Machine Learning Help or Hurt Cybersecurity?
AI and machine learning are helping and hurting cybersecurity. Technical teams can marry these tools with their own skills to produce the best security posture.
Jul 21, 2022
What Is Total Intelligence, and How To Build a Cyber Team to Lead with It
When making any decision, intelligence certainly plays a key role. However, often it’s only the logical, rational side of intelligence that people rely on, especially in worlds like cybersecurity.
Jul 3, 2022
Remote Work Is Here to Stay: The Impact on Cybersecurity
In the rush to remote enable staff, we know cybersecurity was an afterthought. Many organizations hobbled together different technologies.
Sep 12, 2021
Top 10 Organized Cybercrime Syndicates
In this blog post, we discuss ten of the most notorious organized cybercrime syndicates and how they operate.
Sep 4, 2021
3 Steps to Hide Data in an Image Using Steganography
In this post we'll explain a simple method to hide data (any type of data - text, image, malware, etc.) in a JPEG.
Sep 4, 2021
2 Simple Ways to Extract GPS Coordinates from Images
In this post, we'll cover two simple ways to extract Exif (Exchangeable image file) data, which includes GPS coordinates, from images.
Sep 4, 2021
Top 10 Penetration Testing Decision Factors
This article contains ten items you should consider when selecting an organization to perform a penetration test against your environment.
Sep 4, 2021
6 Famous Hackers that Got Caught
The best hackers we never hear about. Here are the stories of six of the most famous hackers and how they were caught.
Sep 4, 2021
Penetration Testing History
The concept of penetration testing has been around since human beings first began trying to understand their enemies' thought processes.
Sep 4, 2021
Leetspeak: The History of Hacking Subculture's Native Tongue
You've probably seen leetspeak, also known as 1337 or “l33t,” somewhere on the Internet or in a movie about computer hacking.
Sep 4, 2021
Hacking Medical Devices for Profit and Terror
Covers background on why medical device security is something to pay attention to, the four attack objectives, and solutions.
Sep 4, 2021
Cybersecurity Risk Needs to be Simplified
Complexity is the enemy of execution. Unnecessary complication is tied to ego & lack of clarity. In cybersecurity everything is overly complicated.
Sep 4, 2021
Questions to Ask a vCISO
Many companies rush into finding fractional vCISO services and end up with a relationship they did not expect. Ask the right questions first.
Sep 3, 2021
Top 10 Largest Healthcare Data Breaches by Number of Records Stolen
Healthcare data breaches have increased in both scale and regularity during the last decade, with the worst affecting up to 80 million people.
Aug 29, 2021
Explanation of Cybersecurity Hashing and Collisions
This post is a transcript of Christian Espinosa's explanation of cybersecurity hashing and collisions, including an MD5 collision demo.
Aug 29, 2021
Explanation of the Cybersecurity CIA Triad
This post is a transcript of Christian Espinosa's explanation of the cybersecurity CIA triad including the opposite, DAD.
Aug 29, 2021
Black Box Penetration Testing Explained
This post is a transcript of Christian Espinosa's explanation of Black Box Penetration Testing and how White, Gray, and Black relate.
Aug 29, 2021
Gray Box Penetration Testing Explained
This post is a transcript of Christian Espinosa's explanation of Gray Box Penetration Testing and how White, Gray, and Black relate.
Aug 27, 2021
White Box Penetration Testing Explained
This post is a transcript of Christian Espinosa's explanation of White Box Penetration Testing and how White, Gray, and Black relate.
Jun 17, 2021
The Latest Cybersecurity Incidents and What You Can Learn from Them
Cybersecurity incidents are on the rise, which isn’t a surprise to most in the industry. Hackers become more sophisticated every day, exploiting vulnerabilities and cyber defense mechanisms.
Mar 24, 2021
Adapting in Cybersecurity: Why Agility Matters
Adapting in cybersecurity and being agile have long been hallmarks of the field. After all, there’s always a new threat or risk, so the industry is certainly not static.
Feb 10, 2021
Risk Comprehension Is a Basic Cybersecurity Skill, Yet Most Practitioners Lack It
Risk assessment is essential to proactive and reactive cybersecurity plans, yet most cybersecurity professionals do not understand risk.
Feb 4, 2021
Your Cybersecurity Framework Is Overcomplicated - Here's Why
Let’s be frank and honest — your cybersecurity framework is overcomplicated. Simplicity is better than complexity.
Feb 2, 2021
Your Cybersecurity Methods Are Failing - Here’s Why
As much as every organization wants to believe they are cyber secure, the reality paints a different story.
Jul 21, 2020
The Cybersecurity Status Quo Needs to Change
With cybersecurity, there is a status quo, this movement that we just keep following, but it's not helping. It's time to challenge the cybersecurity status quo.
Jul 3, 2020
Ransomware – Should You Pay?
What do you do if you get ransomware in healthcare or critical infrastructure? Should you pay the ransom? How do you prevent ransomware?
Jun 3, 2020
Aviation Cybersecurity – Hacking Aircraft
The risk of successful hacks of aircraft is increasing. Aircraft are complex systems with long supply chains and legacy systems and protocols.
Jan 24, 2020
Why Small Businesses Are Still the #1 Cybercrime Target in 2026
Small and mid-sized businesses absorb the majority of cyberattacks. Here's why attackers target them, what's changed since 2020, and the practical defenses that actually work.
Nov 13, 2018
Medical Device Hacking and the Vulnerability of Connected Medical Devices
Christian Espinosa is interviewed by Kim Komando on hacking medical devices. From pacemakers to hospital equipment, nearly anything can be hacked. This risk is real.