Why Medical Device Security Needs Transparency: The SBOM Revolution | Guest Ken Zalevsky

12 snips

Apr 14, 2025

Ken Zalevsky, Founder and CEO of Vigilant Ops, is on a mission to revolutionize cybersecurity in healthcare, particularly through the importance of Software Bill of Materials (SBOM). He explains how SBOMs offer crucial transparency, much like ingredient lists on food packaging, to combat vulnerabilities in medical devices. Zalevsky shares his fascinating journey from tech enthusiast to leading authority on medical device security and discusses the integration of AI in this field. Plus, he offers invaluable career insights for aspiring cybersecurity professionals.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ANECDOTE

Ken's Early Tech Influence

Ken Zalevsky's interest in tech stems from his computer scientist father who brought home gadgets early on.
His cybersecurity career began unexpectedly after a medical device was hacked during his time at Bayer.

INSIGHT

Connectivity Sparks Security Awareness

The 2011 Black Hat presentation hacking an insulin pump raised awareness of medical device vulnerabilities.
Increasing connectivity of devices demands stronger security measures to prevent dangerous breaches.

INSIGHT

Medical Device Connectivity Complexity

Modern medical devices often include many connected components, increasing security complexity.
Hospital devices range from complex injectors to simple connected thermometers, all requiring network security.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Get your FREE Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcast

In this episode of Cyber Work, Ken Zalevsky, founder and CEO of Vigilant Ops, joins us to discuss the importance of a Software Bill of Materials (SBOM) in the medical device industry. Zalevsky shares how SBOMs provide transparency and critical security insights, akin to the ingredients list on food packaging, to help identify and defend against vulnerabilities. We also delve into Zalevsky's extensive career in healthcare cybersecurity, starting from his early tech interests influenced by his father to his pivotal role at Bayer Healthcare. The discussion covers the impact of legacy systems, current security trends, the integration of AI in medical device security, and valuable insights for those looking to build a career in this crucial sector. Tune in to learn more about medical device security and the latest in cybersecurity trends, and get some expert advice straight from a seasoned professional.

00:00 Understanding SBOMs in medical devices
04:20 The evolution of medical device security
07:22 Ken Zalevsky's journey in cybersecurity
09:28 Challenges in medical device security
13:06 The role of SBOMs in cybersecurity
15:56 Implementing SBOMs in organizations
18:28 Ken Zalevsky's role at Vigilant Ops
22:01 Technical aspects of SBOMs
27:14 Legacy devices and security measures
28:24 Manufacturer's role in device security
30:07 Healthcare industry's response to security threats
30:42 Impact of major breaches on policy
34:13 Generative AI and machine learning in healthcare security
40:22 Skills and certifications for healthcare security careers
46:46 Career advice and educational paths
49:04 About Vigilant Ops and their services
52:15 Outro

– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.