I spent years working in quality assurance in the Medtech industry — most recently at Stryker, on neurovascular devices that go inside people's brains. The stakes couldn't be higher. Every non-conformance needed to be investigated. Every process change needed validation. Every risk needed to be assessed, documented, and mitigated.
It was exacting, rewarding work. But somewhere along the way, I started paying more attention to a different kind of risk — digital risk. The kind that doesn't leave physical evidence at a crime scene, but can bring down hospitals, leak patient data, and compromise the very systems that keep people safe.
That's when I decided to make the switch.
The Skills Transfer Is Bigger Than You Think
The first thing people say when I tell them I'm moving from Medtech quality into cybersecurity is usually some version of: "That's a big change."
It sounds like one. But when you actually look at what I did every day in a regulated Medtech environment, the overlap with information security is striking.
In quality, I was doing risk assessment constantly — identifying failure modes, evaluating their likelihood and severity, and putting controls in place. That's exactly what a risk analyst does in cybersecurity, just with different threat actors and different assets.
I was managing non-conformances — essentially investigating incidents, finding root causes, and implementing corrective actions. In security, that's incident response. The methodology is nearly identical.
I worked with compliance frameworks — ISO 13485, FDA 21 CFR Part 820, EU MDR. Learning NIST CSF, ISO 27001, or CIS Controls? Different domain, same structured thinking.
"The skills I built in Medtech — precision, systematic investigation, risk thinking, and working under regulatory pressure — are exactly the skills cybersecurity needs more of."
Why Cybersecurity Specifically?
Cybersecurity chose me as much as I chose it. I started noticing how often healthcare systems were being targeted by ransomware. How patient data was being leaked. How the same life-critical devices I'd spent years ensuring the physical safety of were now being studied for network vulnerabilities.
The convergence of medical devices and networked systems — what's sometimes called Healthcare IoT or Medical Device Security — is a space where almost nobody has both the clinical quality background and the cybersecurity skills. I want to be one of those people.
Beyond that, cybersecurity is just genuinely interesting to me. The puzzle-solving. The cat-and-mouse nature of it. The fact that the threat landscape is always evolving, which means you're always learning. After years in a process-driven environment, the dynamism of security appeals to me deeply.
Starting the BSc in September 2025
In September 2025, I begin a BSc in Network Cybersecurity. I'm going in with a clear head about what this is — not a shortcut, but a proper structured foundation. I want to build the technical skills the right way: networking fundamentals, Linux, digital forensics, ethical hacking, risk management, and more.
Alongside the degree, I'm:
- Working through TryHackMe learning paths to get comfortable with hands-on security tools
- Setting up a home lab with Kali Linux and vulnerable VMs for practical practice
- Building this portfolio site to document everything I learn
- Reading widely — threat intelligence reports, security research papers, and anything about GRC (Governance, Risk & Compliance)
What I'm Looking For
Ultimately, I want to work in a role that sits at the intersection of my experience and my new skills. That might be in GRC (Governance, Risk and Compliance), information security management, or eventually security consulting for regulated industries — particularly healthcare and life sciences.
I'm open to internships, junior roles, and any opportunity that lets me contribute while I keep learning. If you're working in Medtech, healthcare security, or you just value someone who understands both regulated environments and security thinking — I'd genuinely love to connect.
This site will grow with me. Every project I build, every CTF I attempt, every piece of research I do will be documented here. Follow along if you're curious.
— Ian McCarthy, February 2025