Let's Talk About Med-Sec

unadulterated hot takes on medical device cybersecurity

© 2026. All rights reserved.

DICOM Security 102: Diving into Files

16 Apr 2026

DICOM Security 102: file format internals — the 128-byte preamble, TLV elements, and why integrity is opt-in nobody opts into.

dicom medical-devices

Threat Models and Whitewater River Paddling

11 Apr 2026

The same risk-thinking that runs a medical device threat model runs a whitewater rafting trip. A side-by-side.

threat-modeling risk

Medical Device Security: The IT vs OT Security Debate

10 Apr 2026

Medical device security doesn't fit cleanly into IT or OT. Where each analogy works, where it breaks, and why devices lean OT.

medical-devices ot-security

DICOM Security 101: Network Security with Nmap

09 Apr 2026

DICOM Security 101: network-level attack surface, what Nmap's DICOM scripts actually do, and a walkthrough of my fingerprinting PR.

dicom medical-devices nmap

Threat Modeling Generation Taxonomy

08 Apr 2026

All threat modeling methods abstract reality; what differs is the entry point. A taxonomy of how generation methods produce threats.

threat-modeling

The Security Mindset: A Field Guide for Junior Engineers

07 Apr 2026

A field guide for junior security engineers — divergent thinking, persistence, and the mindset multiplier that beats any tool or cert.

career medical-devices

Beyond Threat Model Templates

06 Apr 2026

Asset-centric templates can't capture business risk. A more matured take that mixes templates, process, and user-needs threat modeling.

threat-modeling

PASTA, Attack Trees, Did We Do a Good Job, and the Infrastructure Nobody Built

05 Apr 2026

Scoring timing (CVSS vs CWSS vs SSVC), PASTA's gaps, where to start a model, and the threat-modeling infrastructure nobody has built yet.

threat-modeling risk cvss