Chief Security Architect
Mohamad Foustok
Mohamad has led the development of secure software and mission-critical security systems for more than 25 years. He designed the first in-browser crypto module to receive FIPS 140-2 certification and the only FIPS 140-3 compliant solution for securing commercial devices in classified spaces.
His career includes direct collaborations with the NSA, CIA, DISA, and DoD to deliver highly secure communication systems, including one of the only software platforms in the world validated to thwart both Spectre and Meltdown attacks per NSA review.
He earned a Bachelor of Engineering degree from Imperial College London and holds a Master's degree along with PhD studies in Computer Science (ABD), maintaining a 4.0 GPA.
Credentials
- BE, Imperial College London
- MS, Computer Science (4.0 GPA)
- PhD studies in Computer Science (ABD)
- Designer of the first FIPS 140-2 in-browser crypto module
Areas of expertise
- FIPS 140-2 and FIPS 140-3 cryptographic module validation
- Secure software architecture
- Mission-critical systems security
- Medical device cryptography
- Spectre and Meltdown mitigation
Articles by Mohamad Foustok
- The 5 Riskiest Medical Devices in 2026, According to New Research
Forescout just published its 2026 Riskiest Devices report, and for anyone working in medical device security, the IoMT section is worth reading carefully.
March 24, 2026
- Medical Device Encryption for Non-Engineers
A practical guide to medical device encryption for QA and Regulatory professionals. Learn symmetric vs asymmetric encryption, key management, and quantum computing implications.
January 8, 2026
- Balancing Security Controls with Usability in Medical Devices: A Risk-Based Approach
Shows how medical device teams can balance cybersecurity controls with clinical usability through risk-based design, collaboration, and FDA-aligned documentation.
September 4, 2025
- STRIDE for Medical Devices: A Complete Threat Modeling Framework
Shows how to use the STRIDE framework to categorize threats, map mitigations, and meet FDA cybersecurity expectations.
July 22, 2025
- Security Architecture as the Foundation of your Medical Device
Explains why secure architecture decisions early in development prevent costly rework and position medical devices for smoother FDA cybersecurity reviews.
June 18, 2025
- Secure Your Medical Device with Cybersecurity Controls
Controls aren't a checklist. They're the implementation of decisions made during threat modeling. Here's how to choose, build, and verify them so reviewers and attackers both find them where they expect to.
February 20, 2025
- Master Data Flow Diagrams for Medical Devices: 4 Critical Components
Unlock the secrets of creating effective data flow diagrams tailored for medical devices.
February 18, 2025
- How to Create an Architecture Security View for Your Medical Device
Walks through building a medical device security architecture view that satisfies FDA expectations and AAMI SW96 guidance.
February 14, 2025
- How to Establish Patch Management and Security Update Process
Provides a step-by-step playbook for building an FDA-aligned patch and security update program for connected devices.
February 11, 2025
- A Comprehensive Guide to Threat Modeling for Cloud-Connected Medical Devices
Guides teams through threat modeling a cloud-connected device using FDA's 2023 cybersecurity guidance alongside AAMI TIR57 and SW96.
February 10, 2025
- Ensuring Secure Software Updates for Medical Devices
The update path is privileged code-execution capability shipped to every device you've sold. If it isn't end-to-end authenticated, you've shipped a backdoor. Here's the architecture that closes that gap.
July 18, 2024
- New Cybersecurity Regulations Make Remote Software Updates Practically Mandatory
Makes the case that remote update capability is now essential under FDA cybersecurity rules and explains how to implement it safely.
July 18, 2024