Capture and prioritize cybersecurity metrics that matter

We work with you to customize product risk dashboards that capture, quantify, and prioritize qualitative metrics, enabling you to make quick and accurate decisions. Get the Medcrypt advantage as we show you how to tie your data to dollar-based risk metrics, impacting your bottom line.

Contact us >

Make quick, accurate decisions that impact your bottom line

Our customized product risk dashboards enable you to capture, quantify, and prioritize the qualitative metrics that matter to you.

See case study   >

Increased efficiency and ease-of-use

Our product risk dashboards use mathematical modeling to help you capture and prioritize qualitative metrics, ensuring you are able to make quick and accurate decisions that impact your bottom line.

Accurate and optimized scoring model

Manual scoring methods suffer from two major problems: they aren’t repeatable and they aren’t scalable. Our model automates this process, so you can keep your experts working on critical business efforts instead of repetitive manual scoring.

Quantify financial impact of risk

As the adage goes, “You can’t measure what you don’t track.” Understanding the financial impact of particular risks ensures that you’re concentrating your efforts on the areas that matter, as well as increasing overall confidence in your risk management approach.

Accurately estimate R&D budgets

By understanding your overall risk level for each device as well as across your devices, you can more confidently assess your product development and manufacturing  budget needs and allocate resources accordingly.

Proactive and effective stakeholder communication

Our product risk dashboard provides a clear and simple communication tool for internal and external stakeholders, increasing regulatory confidence in your risk management approach.

Increased return on investment

Develop and implement policies, including maximizing the impact on key KPIs. Make more sound investment decisions to reduce patient risk, while maintaining or improving business outcomes, timelines, and project scope.

CASE STUDY

Helping our customers succeed

Don’t just take our word for it. Our MDM client has been able to more accurately and realistically estimate budgets for product development and manufacturing using our product risk dashboard. Their leadership also uses the dashboard to develop and implement policies to make better decision to maximize ROI.

Challenge: Accurately and realistically estimate R&D budgets

Problem: Risk scoring was inaccurate, impacting risk mitigation
This MDM needed to report device-level cybersecurity risk to corporate stakeholders. They had created a prioritization scoring model and formula, but it had some unexpected mathematical errors. These errors biased their understanding of their overall risk level and impacted their resultant risk mitigation resource allocation and strategies.

Client’s original approach: Prioritization scoring model
This enterprise MDM’s security team had created a prioritization scoring model based on objectively identifiable qualitative metrics. As they worked with us, we discovered that their proprietary formula had inadvertent mathematical errors that impacted the accuracy of their risk analysis and mitigation. They also ran the risk that the FDA would find issues with their scoring, impacting FDA approval and increasing time-to-market. Our experts worked with this client to analyze and optimize scoring to eliminate errors and ensure repeatability for remediation.

Our scalable, repeatable solution

Results:
The full scope of this effort’s results are pending, but thus far, the client has seen that the revised model allows for consistent application of standardized policy and quality requirements. Our product risk dashboard enabled them to more accurately and realistically estimate budgets for product development and manufacturing. Our client’s corporate leadership uses the product risk dashboard to develop and implement policies, as well as for development of targeted Key Performance Indicators (KPIs). These have enabled our client to make more sound investment decisions, including determining whether the the return on investment is favorable for the development and implementation of an internal Public Key Infrastructure (PKI) program.

Optimized scoring model tied to dollar-based risk metrics:
We worked with this leading MDM to identify mathematical errors in their formulaic approach. This resulted in significantly different CVSS scores, often higher than what the MDM had realized. We also created a product risk dashboard to enable them to more accurately and realistically estimate R&D budgets.

Meet our experts

Our team of former FDA analysts and reviewers provides the best-qualified, credentialed, and experienced product security benefit-risk assessment in the world.
Contact us today   >
Naomi Schwartz
Sr. Director of Cybersecurity Quality and Safety
Naomi is a regulatory, compliance, and standards expert. She employs gap analyses, proposes mitigation strategies, and optimizes cybersecurity frameworks to address risk and uncertainty for device commercialization and to meet regulatory requirements and guidelines. Naomi has 20+ years of systems engineering experience.

Prior to Medcrypt, she was a premarket reviewer and consumer safety officer in CDRH for 6+ years, focusing on software, interoperability, and cybersecurity for connected diabetes devices. Her industry leadership and strategic direction include crafting standards and recommended practices for wireless diabetes device security, managing postmarket triage for cybersecurity vulnerability disclosure. She holds an MS in Electrical and Computer Engineering from Carnegie Mellon University and is a Certified Quality Auditor.
Seth Carmody, PhD
VP, Regulatory Strategy
Seth has 10 years of medical device experience and provides strategic direction for cybersecurity products and services for the regulated device market.

Prior to Medcrypt, he spent 8 years at the FDA, architecting technology policy and laws that impact software-enabled medical devices, including the FDA’s medical device cybersecurity policies. His industry leadership and strategic direction extends to several high-profile industry frameworks including the Joint Security Plan (HSCC), MITRE’s Rubric for Applying CVSS to Medical Devices, and MDIC’s Playbook for Threat Modeling Medical Devices. He has authored several medical device cybersecurity papers and won several information security awards. He holds a PhD in Chemistry from Indiana University.
Cynthia Peralta
Sr. Director, Encryption, Key Management and PKI
Cynthia is a Public Key Infrastructure and cybersecurity expert. She provides critical and high-value insight and design of cybersecurity components, including cryptography and key management, that form the basis of security trust. She has 24+ years of experience in enterprise application, systems security, embedded device security, and device architecture & design. She handles FDA letters, including Refuse to Accept letters.

Prior to Medcrypt, she worked at several Forbes top 100 global organizations, including GE Digital, where she built out GE Healthcare’s encryption, key management, and PKI infrastructure.
Matt McKenna
Sr. Director, Product Security
Matt is a threat modeling and risk management expert. He supports clients in their journey to adopt a total quality framework, which is  necessary to go to market with reasonable and planned resources and cost. He also handles FDA letters, including Refuse to Accept letters.

Prior to Medcrypt, he led cybersecurity, technology direction, and national security efforts at a number of companies, including MITRE, National Grid, and Becton Dickenson. He holds a BA in Computer Science from Rhode Island College.
AJ Reiter
Director, Strategy and Organizational Transformation
AJ specializes in enterprise digital transformation, program development, continuous process improvement, and cybersecurity. He assesses organizational security and implements actionable transformation plans and services to achieve executive targets.

Prior to Medcrypt, he spent five years doing management consulting, providing comprehensive business transformation services to Fortune 500 clients in various industries, including Pharmaceuticals, Defense, Consumer Packaged Goods, and Medical Devices. He has a BS in Economics from Georgetown University, where he captained the 4x national champion Georgetown Sailing Team.