Background
Bob Haack serves as a subject matter expert in cybersecurity regulatory affairs, specializing in supporting medical device manufacturers with FDA cybersecurity submissions. His primary focus is ensuring submission readiness and completeness in alignment with the FDA’s evolving cybersecurity requirements. Bob provides expert guidance in the development and evaluation of Secure Product Development Frameworks, and advises on key security activities including risk assessments, implementation of security controls, and the establishment of robust security policies to meet regulatory expectations. His personal mission is to embed cybersecurity into core product design, development, and lifecycle processes, and to foster a culture of cybersecurity within health software environments. Through consulting, collaboration, and respectful engagement, Bob aims to position cybersecurity not as a barrier, but as a strategic enabler of innovation and compliance.
Education
Bob holds a Bachelor’s in Business Administration. He is also a Certified Information Security Manager (CISM) and holds a GIAC Security Leadership Certificate (GSLC).
Experience
Bob has over 35 years of experience in the medical device industry. Prior to joining MCRA, Bob has been part of STERIS, KARL STORZ Endoscopy America, Johnson & Johnson, and MedSec. He has experience working with different technologies ranging from robotic surgery, to minimally invasive built for purpose devices, to software as medical device products. He has created and managed processes in Quality Assurance, Operations, Production, System Validation and Product Cybersecurity. He has implemented cybersecurity programs at KARL STORZ Endoscopy America and Johnson & Johnson. Bob has participated in Health Sector Counsel work groups, AAMI SM-WG05, CISA SBOM, and TC215 to help actively develop standards and guidelines specific to medical devices and health software. Notable deliverables include ANSI/AAMI SW-96:2023, IEC 81001-5-1, IEC TS 81001-2-2, CISA SBOM Framing Software Component Transparency 2024.
Overview
Bob Haack supports the MCRA Digital Health program with security expertise for clients throughout the total product lifecycle of health software, including; Software as a Medical Device (SaMD), Software in a Medical Device (SiMD), Artificial Intelligence / Machine Learning (AI/ML) devices.