3. Threat Modeling Medical Devices with Adam Shostack

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/8a/f8/16/8af8167b-9848-aac2-ba9c-5d5c792e1b7c/mza_6068709217374037997.jpg/600x600bb.jpg

Medical Device Cybersecurity Podcast

Cyber Doctor

19 episodes

1 week ago

Medical devices save lives—but are they secure? This podcast explores cybersecurity risks, real-world attacks, and best practices to protect life-saving technology. Designed for medical device professionals, engineers, and security experts, we cover FDA & EU regulations to hacking risks and investigations. Hosted by Mathieu 'Cyber Doctor' Peteau, a cybersecurity specialist, this podcast simplifies complex security issues into actionable insights. Subscribe now to stay ahead in medical device security and protect healthcare technology.

Medicine

Health & Fitness

RSS

All content for Medical Device Cybersecurity Podcast is the property of Cyber Doctor and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Medicine

Health & Fitness

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_nologo/42955779/42955779-1738305810712-be67c9de18d87.jpg

3. Threat Modeling Medical Devices with Adam Shostack

Medical Device Cybersecurity Podcast

36 minutes 22 seconds

9 months ago

3. Threat Modeling Medical Devices with Adam Shostack

Medical Devices are getting increasingly complex.

We're now dealing with interconnected medical devices with tens of inputs, dozens of connections, and a plethora of connections. How can you handle security in this context?

Threat modeling is the process recommended by the FDA in which you discover vulnerabilities, respond to risks, and analyze your work. It's done in a 4 question framework:

What are we working on?
What can go wrong?
What are we going to do about it?
Did we do a good job?

To guide us through the intricacies of threat modeling, we have a true luminary in the field, Adam Shostack. Adam is the author of "Threat Modeling: Designing for Security" and "Threats: What Every Engineer Should Learn from Star Wars." He’s a leading expert on threat modeling, a consultant, expert witness, and game designer. With decades of experience delivering security, Adam's insights range from founding startups to nearly a decade at Microsoft.

What you'll understand after listening to the episode:

Threat modeling is built on simple questions. Ask them early in development when changes are easier to make.
Visibility is key. Start with simple whiteboard sketches to get everyone on the same page before moving to more formal diagrams.
Focus on practical solutions. Sometimes, redesigning to avoid problems entirely is better than trying to calculate and mitigate specific risks.

Want to dive even deeper into threat modeling and medical device cybersecurity?

🔹 Stay up-to-date with the latest in medical device cybersecurity with my weekly newsletter at⁠⁠cyberdoctornotes.com⁠⁠

🔹 Explore Adam's groundbreaking work on threat modeling at ⁠shostack.org

🔹 Read Adam's latest bookon Amazon

Please share with a fellow medical device security pioneer!

Securely yours,Cyber Doctor