In this live episode from the LSI conference, Etienne Nichols sits down with Justin Bushko—known as the "MedTech Man" and author of Medical Device Fireside Chats—to dive into what separates thriving medical device companies from those that fail.

From costly engineering missteps like ignoring tolerance stack-ups to the human factors issues that derail usability in the OR, Justin shares battle-tested advice based on his experience reviewing hundreds of device designs. He also delivers a wake-up call to startups overly focused on licensing or acquisition as the endgame. Whether you're an engineer, founder, or CEO, this episode offers critical insights into how to build a product that works—and a company that lasts.

• 00:00 – Introduction & Greenlight Guru Sponsor Message
• 01:26 – Live from LSI: Introducing Justin Bushko
• 02:55 – Why Early-Stage Engineering Mistakes Derail Companies
• 04:12 – The Critical Role of DFM and Tolerance Analysis
• 06:20 – Real-World Usability Failures: FDA Warning on Cranial Fixation Devices
• 08:10 – Human Factors Oversights & Surgeon Behavior
• 10:25 – What CEOs Should Focus On vs. Engineers
• 12:20 – Economic Buyers, KOLs, and Commercialization Challenges
• 14:05 – Don’t Chase the Exit: Why Founders Should Build for Longevity
• 16:00 – Final Thoughts and Takeaways

1. DFM & Tolerance Analysis Are Non-Negotiable: Skipping detailed design-for-manufacturing and tolerance stack analysis often leads to failure right before tooling and commercialization—when funds are already tight.
2. Human Factors Must Be Built-In Early: Surgeons may not use your product as intended. Validate with a wide range of KOLs to uncover unintended use or misuse.
3. Test for High-Risk Use Cases Early: For devices like inserters, test mechanical thresholds that could lead to field failures. Don’t wait until post-market feedback.
4. Understand Economic Buyers, Not Just KOLs: A surgeon’s support doesn’t guarantee adoption. You need champions who can advocate to hospital boards and procurement teams.
5. Stop Chasing Exits—Build Real Companies: Investors and acquirers see through the “quick flip” mentality. A sustainable business model attracts more serious interest.

• Greenlight Guru – Sponsor and end-to-end MedTech quality management platform
• Justin Bushko on LinkedIn
• Etienne Nichols on LinkedIn
• Medical Device Fireside Chats –

Christian Espinosa, founder of Blue Goat Cyber and leading voice in medical device cybersecurity, joins Etienne Nichols to unpack the urgent and often misunderstood topic of cybersecurity in MedTech. From FDA’s 2023 regulatory overhaul to real-world hacking scenarios that could harm patients, Christian provides practical advice for innovators, RA/QA professionals, and software teams. He also shares why waiting until the last minute on cybersecurity could cost startups millions—or even kill a project entirely.

Whether you're a quality professional trying to build compliant systems or an innovator racing toward FDA submission, this episode lays out exactly what you need to know to stay ahead of cyber threats and within regulatory guardrails.

Key Timestamps:

• 00:01 – Intro to guest Christian Espinosa and Blue Goat Cyber
• 06:28 – Why medical device cybersecurity is different from traditional IT security
• 11:49 – Real-world hacking example: acne laser device turned skin-burner
• 13:57 – FDA expectations post-September 2023: what changed
• 17:12 – Secure boot: a microcontroller mistake that derailed a launch
• 20:35 – Common cybersecurity vendor mistake MedTech companies make
• 23:40 – SBOM: Software Bill of Materials and why it's legally critical
• 27:58 – Cyberattacks in hospitals: assuming a hostile network
• 35:44 – AI in medical devices: data bias and cybersecurity challenges
• 41:10 – Developers ≠ cybersecurity experts: the training gap nobody talks about
• 45:20 – What RA/QA professionals need to know now
• 49:30 – Why cybersecurity must be iterative, not a final-phase add-on
• 55:20 – Espinosa's final advice for MedTech professionals
• 57:52 – The story behind “Blue Goat Cyber”

Standout Quotes:

Top Takeaways:

1. Cybersecurity isn’t just about data—it's about patient safety. From burning skin to missed sepsis diagnoses, vulnerabilities in devices have real-world harm potential.
2. FDA now requires more than just a basic security plan. Post-September 2023 rules mandate testing (SAST, DAST, fuzzing), SBOMs, and risk assessments tied to patient harm.
3. Start cybersecurity planning during the requirements phase. Hardware like microcontrollers must support secure boot and other protections—retrofits can cripple product plans.
4. Iterate cybersecurity like any core development activity. One-time testing near submission is too late; build security into your pipeline just like QA or usability.
5. Traditional cybersecurity vendors aren’t enough. Many fail to meet FDA’s nuanced expectations for medical devices, causing costly submission rejections.

References & Resources:

• Christian Espinosa on LinkedIn
• Blue Goat Cyber
• Etienne Nichols on LinkedIn

MedTech 101 – Understanding SBOM (Software Bill of...

In part 2 of a critical two-part series, Etienne Nichols and regulatory affairs expert Mike Drues explore the nuanced pathway of switching a medical device from prescription (Rx) to over-the-counter (OTC).

This episode dives deep into what triggers a new submission, how usability testing and human factors play an expanded role for lay users, and the regulatory logic that guides these transitions. The conversation highlights the importance of aligning regulatory strategy with business goals, and offers practical insights on leveraging real-world evidence, understanding the limits of FDA databases, and optimizing pre-submission meetings.

• 02:10 – Starting from a cleared 510(k): Do you need a new submission for OTC?
• 06:45 – Implications of removing the healthcare provider from the equation
• 12:00 – Risk management: Expanding risk profiles when lay users are involved
• 18:15 – When a 510(k) becomes a De Novo or PMA
• 22:50 – Usability testing and the risk of user error in OTC devices
• 31:20 – Clinical investigations and good clinical practices (GCPs)
• 36:00 – Real-world evidence vs. real-world data—what’s usable?
• 41:30 – Using Pre-Subs effectively and what “quality data” really means
• 47:10 – Labeling, cleaning, and UDI for OTC products
• 53:40 – OTC software and digital health—when is it a regulated device?
• 01:00:00 – Summary: Aligning regulatory logic with common sense and business strategy

“With an OTC device, we are taking the healthcare professional totally, completely, and utterly out of the loop.”

– Mike Drues

This quote encapsulates the core regulatory challenge in moving a device to OTC: every element, from labeling to usability, must assume zero clinical supervision.

“If the clinical trial won’t tell you anything you don’t already know from good real-world evidence, why spend the time and money?”

– Mike Drues

A powerful argument for using well-documented real-world evidence over unnecessary trials—provided the data truly meets evidentiary standards.

1. Label Expansion ≠ Shortcut: Moving from prescription to OTC usually requires a new submission—especially when removing the healthcare provider introduces new risks.
2. Usability Testing Is Critical: OTC usability studies must go beyond IFU comprehension to include risk of misuse, poor device selection, and user decision-making.
3. Real-World Evidence Can Help—If It’s Clean: Real-world data isn’t always usable. FDA will expect reproducibility, traceability, and strong justifications.
4. Labeling & Design Must Assume No Clinical Oversight: Cleaning procedures, warnings, and directions must all be validated for home use and layperson comprehension.
5. Use Pre-Subs Wisely: Especially for label expansions or gray-area digital health tools, pre-subs provide critical alignment with FDA and prevent costly errors.

• Etienne Nichols on LinkedIn
• FDA Guidance on Real-World Evidence for Regulatory Decision-Making
• Greenlight Guru Webinar: What is and Isn't a Regulated Medical Device (feat. Mike Drues)
• FDA Guidance: Clinical Decision Support Software

Analogy: Think of prescription vs. OTC devices like driving a manual vs. automatic car. Prescription devices assume a trained “driver” (the healthcare provider), while OTC devices must be intuitive and safe enough for anyone to “drive”...