The last time I posted on this blog was March 13th, 2013 immediately following my last public speaking engagement at an information security conference. Who was to know that a year later I would be done with enterprise security and working in a totally new vertical? Certainly not me.
In May of 2015 I started working as a product security consultant for a major medical device manufacturer assisting a variety of medical device engineering teams. My scope and focus moved from the abstract 50,000 foot view of enterprise security architecture to deeply technical, in the weeds work with those engineering teams developing design inputs to move medical devices security forward.
To say that it has been a massive learning experience is an understatement. However, it has also been extremely rewarding. I work in a space where we are making changes that have real positive impact on the safety of human beings and the protection of the information they share with their healthcare providers.
I perhaps have a blind spot, but the mass of communication I see online seems focused rather stridently on how bad things are and how medical devices are the next blah blah blah we're all gonna die blargle blargle blargle.
Are there bad things happening?
Are medical devices a bit (lot) behind the times when it comes to their security posture?
However, there are some of us out there making changes and trying to move the needle. To that end, I'll be offering some thoughts here and there about what I see happening and what kind of changes are occurring.
I hope you find it interesting.
To that end, I am always happy to focus my attention in places where people have questions, so leave a comment mentioning things you are curious about related to medical device security and I'll do my best to speak to them.
Until next time, hopefully not three years from now, later.