In this interview, we talk to Axel, Christopher, and Jason authors of the book Medical Device Cybersecurity for Engineers and Manufacturers, Second Edition. We discuss the motivation behind writing the book, the target audience, the most useful aspects of the book, the challenges of writing the book, and advice for other engineers who are considering writing a book.
Axel Wirth holds a Master of Science in Engineering Management from Tufts University and a Bachelor of Science in Electrical, Electronics, and Communications Engineering from Düsseldorf University of Applied Sciences. He is currently the Chief Security Strategist at MedCrypt, where he has led efforts to integrate modern cybersecurity into healthcare technology since September 2019. He also serves as an Adjunct Professor at the University of Connecticut, teaching “Medical Device Cybersecurity” to graduate students.
Christopher Gates holds a B.S. in Computer Science from California State University. He is the Director of Product Security at Velentium, where he has been since January 2021. He previously worked as a Principal System Security Architect at Velentium, implementing Secure Development Lifecycle processes.
Jason Smith holds a bachelor’s degree in English and Religious Studies from William & Mary and a master’s degree in Apologetics and Cultural Studies from Houston Baptist University. He is currently serving as a Senior Marketing Strategist at Velentium and previously worked as a Technical Writer.
1. What was your main motivation behind writing your book?
After a successful 1st edition, we received great and constructive feedback including suggestions of what else we should cover, or what should be covered in more detail. Further, over the past 5 years, the industry has shifted and is more educated on the topic (partially due to our book), and the need for additional information has become evident. Further, the medical device industry is highly regulated and changes in regulations, guidance’s, and standards mandated significant updates as well. Lastly, we have learned a few things since the first edition.
2.Who is the main target audience for your book and what will they appreciate the most about the book?
Mainly medical device and software/firmware engineers, including engineering management, and anybody else involved in the development and market release of secure medical devices such as software testers, quality and regulatory affairs, etc. But we also hope to reach company executive decision makers, contract manufacturers, FDA and similar regulators, product/project managers, sales, and marketing personnel.
3.What do you see your book being most useful for?
We hope that the practices we are laying out in the book help medical device manufacturers produce more secure devices and do so efficiently and reliably. In the long run we hope that it will help to improve the security posture of our larger medical device ecosystem, across hospitals and patient homes, and will lead to a reduced security risk for devices, and consequently a lower safety risk, for patients. We know it is being used as we work with clients who hold up the first edition with a bunch of post-it notes hanging out of the pages, one client told us that around the office, the first edition is referred to as the “Blue Bible”.
4.How did you find the writing of the book? Do you have a specific process or are you quite methodical in your writing approach?
Given that this was an update of an existing book, we took the approach of identifying topics that were new and chapters that required updating or expansion. Once we had identified the respective authors (the three of us and a few contributing guest authors) we set to work with a regular review and touch-base cadence. Admittedly, with this being an update, things did not always go as linear and as intended but overall, we stuck to the plan.
5.What challenges did you face when writing the book and how did you overcome them?
We found creation of the 2nd edition much more challenging than the first, for several reasons. One is, with the 1st edition we started from a clean slate, which was much easier than making changes and updates (we increased content by almost 75%) for the 2nd edition. Secondly, while working on the 2nd edition, some significant changes in applicable regulations and standards occurred and several times we had to go back, and update content that was already written, but now out of date. As with the 1st edition, we included several external contributors for sections and sub-sections and had to manage a couple of unplanned events, including job changes and, unfortunately, medical issues. Lastly, since the first edition and due to the same regulatory drivers that made the 2nd edition necessary, our day jobs have gotten a lot busier, and finding the time to create this second edition was often difficult.
6.What advice would you give to other engineers who are considering writing a book?
Start with the end in mind. Think about what an engineer who is new to this topic would need to know and provide balanced coverage of the entire spectrum of required knowledge. Buy (or borrow) a book from the publisher and familiarize yourself with its style, layout, graphics, etc. It will look different on your screen than it will look in the printed book.
7.What are you working on next?
“Medical Device Cybersecurity for Engineers and Manufacturers” 3rd Edition Because the changes to this industry are happening at a record pace, and someone must document them!
Learn more about the book on our websites:
ARTECH HOUSE USA : Medical Device Cybersecurity for Engineers and Manufacturers, Second Edition
ARTECH HOUSE U.K.: Medical Device Cybersecurity for Engineers and Manufacturers, Second Edition
More Security content here Security and Privacy – Artech House Insider