Product Security Performance Framework: Discussion Group
Mon, Feb 23
|Zoom Call
Product security needs better ways to communicate with executives and boards. This is a forum to discuss the challenges of communicating, measuring, and making decisions about medtech product security at the executive level. Closed session; inquire with Shannon for an invite.
Time & Location
Feb 23, 2026, 1:00 PM – 2:00 PM EST
Zoom Call
About the event
The Next Evolution of MedTech Product Security:
From Compliance to Performance Metrics that Support Executive Decisions
Shannon Lantzy, January 2026
Medtech product security is a business- and board-level concern. Medical device product security has become a critical regulatory requirement for market access, and a board-level concern that drives both revenue and risk. Product security remediation has delayed market launches; recalls and audits have driven millions in unplanned postmarket costs; and, in at least one case, inadequate product security design has contributed to company failure.
Executive decisions are made in terms of dollars, but product security doesn’t translate (yet). Product security performance is rarely expressed in metrics that translate to financial, operational, or competitive outcomes. Product security leaders are asked to make consequential decisions — about budgets, organizational design, R&D tradeoffs, and risk acceptance — under conditions of uncertainty, regulatory pressure, and personal accountability, often without evidence that satisfies executive decision-makers.
Existing product security frameworks, best practices, and benchmarks are insufficient to measure performance in business terms. Existing frameworks provide valuable structure and shared language (e.g., NIST, OWASP, JSP), but are often too general to support business tradeoffs, lack objective performance data, and remain disconnected from executive-level outcomes.
The absence of performance metrics contributes to chronic underfunding, poor organizational design, constrained executive decision-making, and missed opportunities for innovation. Even highly capable product security leaders often struggle to justify priorities and investments without evidence that resonates beyond the security function.
There is an opportunity to improve — and right-size — product security performance through pre-competitive research, collaborative benchmarking, and the development of an evidence-driven product security performance framework that is trustworthy, usable, and meaningful to both product security leaders and executive decision-makers.