Explore the most recent editions of MPO Magazine, featuring expert commentary, industry trends, and breakthrough technologies.
Access the full digital version of MPO Magazine anytime, anywhere, with interactive content and enhanced features.
Join our community of medical device professionals. Subscribe to MPO Magazine for the latest news and updates delivered straight to your mailbox.
Explore the transformative impact of additive manufacturing on medical devices, including design flexibility and materials.
Learn about outsourcing options in the medical device sector, focusing on quality, compliance, and operational excellence.
Stay updated on the latest electronic components and technologies driving innovation in medical devices.
Discover precision machining and laser processing solutions that enhance the quality and performance of medical devices.
Explore the latest materials and their applications in medical devices, focusing on performance, biocompatibility, and regulatory compliance.
Learn about advanced molding techniques for producing high-quality, complex medical device components.
Stay informed on best practices for packaging and sterilization methods that ensure product safety and compliance.
Explore the latest trends in research and development, as well as design innovations that drive the medical device industry forward.
Discover the role of software and IT solutions in enhancing the design, functionality, and security of medical devices.
Learn about the essential testing methods and standards that ensure the safety and effectiveness of medical devices.
Stay updated on innovations in tubing and extrusion processes for medical applications, focusing on precision and reliability.
Stay ahead with real-time updates on critical news affecting the medical device industry.
Access unique content and insights not available in the print edition of the MPO Magazine.
Explore feature articles that delve into specific topics within the medical device industry, providing in-depth analysis and insights.
Gain perspective from industry experts through regular columns addressing key challenges and innovations in medical devices.
Read the editor’s thoughts on the current state of the medical device industry.
Discover the leading companies in the medical device sector, showcasing their innovations and contributions to the industry.
Explore detailed profiles of medical device contract manufacturing and service provider companies, highlighting their capabilities and offerings.
Learn about the capabilities of medical device contract manufacturing and service provider companies, showcasing their expertise and resources.
Watch informative videos featuring industry leaders discussing trends, technologies, and insights in medical devices.
Short, engaging videos providing quick insights and updates on key topics within the medical device industry.
Tune in to discussions with industry experts sharing their insights on trends, challenges, and innovations in the medical device sector.
Participate in informative webinars led by industry experts, covering various topics relevant to the medical device sector.
Stay informed on the latest press releases and announcements from leading companies in the medical device manufacturing industry.
Access comprehensive eBooks covering a range of topics on medical device manufacturing, design, and innovation.
Highlighting the innovators and entrepreneurs who are shaping the future of medical technology.
Explore sponsored articles and insights from leading companies in the medical device manufacturing sector.
Read in-depth whitepapers that explore key issues, trends, and research findings for the medical device industry.
Discover major industry events, trade shows, and conferences focused on medical devices and technology.
Get real-time updates and insights live from the CompaMed/Medica conference floor.
Join discussions and networking opportunities at the MPO Medtech Forum, focusing on the latest trends and challenges in the industry.
Attend the MPO Summit for insights and strategies from industry leaders shaping the future of medical devices.
Participate in the ODT Forum, focusing on orthopedic device trends and innovations.
Discover advertising opportunities with MPO to reach a targeted audience of medical device professionals.
Review our editorial guidelines for submissions and contributions to MPO.
Read about our commitment to protecting your privacy and personal information.
Familiarize yourself with the terms and conditions governing the use of MPOmag.com.
What are you searching for?
A cybersecurity consultant can provide a massive advantage in speed, cost, quality, and ease of premarket submission approval.
January 27, 2026
By: Christopher Gates
Founder & CEO
After a brief leave of absence from authoring this column, I have returned (although this specific submission may present more as a Talent Matters column, rather than my typical Cybersecurity focus). For me—both personally and professionally—2025 has presented many challenges but also a few positive events.
After spending eight years of my life creating and building a medical device cybersecurity team for a contract development and manufacturing organization (CDMO), which was highly successful, the “bean counters”1 who subsequently took over the organization decided to devastate the company. After multiple rounds of layoffs (and the valuable employees leaving to find more dependable employment), I was finally included in the bloodletting. The once very successful company is now just a pale shadow of itself.
So as not to dwell on the eight years wasted, I quickly moved on to a small company. Unfortunately, after just two weeks, I realized I had made a mistake, which I attributed to the questionable quality of the management team.
This left me in a state of self-reflection, pondering numerous questions:
I finally got my head squared away and decided I was helping manufacturers and patients. In addition, the effort put forth for all of these decades was worth continuing. However, I also recognized changes were needed in how the service was provided. It’s also become apparent the good folks at FDA would continue, but with changes as well.
Thus, arsMedSecurity—a medical device cybersecurity consultancy—was formed. While we strive to keep expenses low, the firm leverages AI (i.e., large language models) to improve efficiency while still providing human oversight of the process and its outputs. With a focus on cybersecurity premarket submission assistance, all of the required cybersecurity testing is conducted in-house. As we are developers first and security experts second, we can work with developers, regulatory staff, and the FDA.
So, if I wasn’t able to find a “new home” that met all the quality and honorable attributes I required before I would work for them, what chance does a device manufacturer have of selecting a consultant who will deliver a quality product, meet FDA requirements, comply with your schedule, and be affordable?
One of the main challenges is navigating the flood of new consultants that have emerged since the inclusion of cybersecurity in the Food, Drug, and Cosmetic Act (section 524B). Unfortunately, in my humble opinion, many of these parties should not be trusted with a medical device project. One of the primary ways to determine the suitability of a security consultant is to find out how long the company has been in business and how long the principals at the company have been working in cybersecurity. However, it is worth noting these factors do not necessarily go hand in hand. For example, arsMedSecurity is a new entity, but presents with a founder who brings over 20 years of security experience and over 40 years of medical device development experience.
There are other important questions to ask that will help determine a suitable cybersecurity consultant for a medical device project.
While LinkedIn can serve as a good starting point for finding cybersecurity consultants, a manufacturer needs to perform due diligence far beyond what is posted on that site or any other social networking platform. By applying some common sense, however, several impressions can be gained from social media. For example, does the CEO of the consultancy frequently post from all over the world (usually accompanied by pictures of his wife by his side)? This could indicate the service is not budget-minded; clients are affording him a rather enjoyable lifestyle. On the other hand, does the cybersecurity organization post videos at least once a day? This might lead one to wonder when he has time to manage the business and ensure clients are being properly serviced and meeting their timelines.
I also have an anecdotal social media example that serves as a cautionary tale for companies seeking a consultant. One cybersecurity vendor was posting checklists and flowcharts to LinkedIn for months. The CEO would then ask for feedback on the elements. He was developing an e-book on medical device cybersecurity and intended to place these publicly reviewed diagrams into it. Perhaps I’m a little sensitive to this example since I co-authored the first book on medical device cybersecurity, but how knowledgeable should this individual be considered, leveraging this tactic? Can he profess to be an expert a manufacturer should want to hire if he’s unable to determine the value of the checklists and flowcharts without public feedback from random sources on LinkedIn?
As a final option, there’s the old standby of asking for references. Of course, the problem with this method is well established—we all have references who make us look good, but no vendor is going to supply a reference for a client who had a bad experience.
The question remains: How should a developer or manufacturer evaluate a cybersecurity vendor? Unfortunately, like so many things in life, there are no shortcuts; you must spend time reviewing each vendor while in meetings. For my own company, I expect to spend a minimum of two hours with each prospective client before any decisions are made. And that is precisely how it should be; you will rely on this person or organization to provide you with content you most likely have no way of confirming applicability to the purpose of achieving regulatory approval. Leave nothing to chance—have everything the cybersecurity consultant will perform signed, itemized, and described, including all deliverables, and ensure they align with FDA’s list of deliverables.
Take your time, question everything, and don’t act until you feel comfortable working with your chosen vendor. A cybersecurity consultant can provide a massive advantage in speed, cost, quality, and ease of premarket submission approval, but this isn’t guaranteed. There are still a few good vendors out there, but don’t assume that is the case.
On a final note, I’m thrilled to be writing this column again for MPO. In the next column, I will walk through the top 10 reasons FDA puts a hold on your premarket submission (using FDA-supplied data), and ways to ensure that doesn’t happen.
Reference1 tinyurl.com/mpo260121
Christopher Gates is the founder and CEO of arsMedSecurity, a medtech cybersecurity consulting firm. He is a recognized thought leader in medical device cybersecurity and the current co-chair for H-ISAC’s MDSC. Gates has more than 50 years of experience developing and securing medical devices and works with numerous industry-leading device manufacturers. He frequently collaborates with regulatory and standard bodies, including the CSIA, Health Sector Coordinating Council, H-ISAC, and Bluetooth SIG.
Enter the destination URL
Or link to existing content
Enter your account email.
A verification code was sent to your email, Enter the 6-digit code sent to your mail.
Didn't get the code? Check your spam folder or resend code
Set a new password for signing in and accessing your data.
Your Password has been Updated !
