David Dashti — Product Security · QA/RA

Cybersecurity in medical software development

Securing medical software from design through market clearance — and, increasingly, the AI moving into the devices themselves — at Hermes Medical Solutions, Stockholm.

Experience

Hermes Medical Solutions

May 2024 — Present

QA/RA & Security Specialist

Stockholm, Sweden

QA/RA & Security Specialist at Hermes Medical Solutions, ensuring NIS2/ISO 27001 compliance, regulatory clearance, and V&V processes for nuclear medicine software solutions.

Learn more about Hermes Medical Solutions

Philips Healthcare

Mar 2022 — May 2024

Incident Support Specialist, Nordics

Stockholm, Sweden

Remote Service Engineer providing Level 1 support for Intellispace Portal (ISP) and Intellispace Cardiovascular (ISCV) in the Nordics and UK/Ireland, troubleshooting incidents and supporting system deployments.

Learn more about Philips Healthcare

Karolinska University Hospital

Jun 2021 — Dec 2021

Biomedical Engineer, Medical Imaging and Physiology

Stockholm, Sweden

Biomedical Engineer at Karolinska University Hospital, providing first-line support for imaging equipment and managing RIS/PACS incidents, gaining expertise in clinical workflows, system architecture, DICOM/HL7, Active Directory, and ITIL.

Learn more about Karolinska University Hospital

SoftPro Medical Solutions

Oct 2020 — Jun 2021

Master Thesis Student

Stockholm, Sweden

Master Thesis Student at SoftPro Medical Solutions, integrating Medusa inventory management with radiology workflows and optimizing quality assurance processes for medical equipment.

Learn more about SoftPro Medical Solutions

Södersjukhuset - SÖS

Jun 2020 — Jun 2021

Biomedical Engineer, Radiology Department

Stockholm, Sweden

Supported radiology equipment and IT system management in a radiology department, contributing to contract evaluations, participating in workgroups, analyzing IT systems for operational improvements, assisting with workflow optimization, and maintaining system documentation.

Learn more about Södersjukhuset - SÖS

Scania Group

Jun 2016 — Aug 2016

Technician, Engine Analysis

Södertälje, Sweden

Autonomous role managing troubleshooting processes, communicating across production chain, and creating documentation and work routines.

Learn more about Scania Group

Finnish Defence Forces

Jan 2014 — Jan 2015

Platoon Leader, 2nd Lieutenant

Dragsvik, Finland

Platoon Leader (2nd Lieutenant) in the Finnish Defence Forces' marine commandos, responsible for the day-to-day command of 150 soldiers and field operation command of 30 soldiers, with intensive training in leadership, stress resilience, and organizational skills.

Learn more about Finnish Defence Forces

Scania Group

Jun 2012 — Aug 2012

Technician, Engine Analysis

Södertälje, Sweden

Junior role working in a team of engineers and technicians as part of second-line support, acquiring troubleshooting skills.

Learn more about Scania Group

Education

Företagsuniversitet

Oct 2024 — Dec 2024

Certificate

Cybersecurity Fundamentals Course

View certificate

KTH Royal Institute of Technology

Aug 2018 — Jun 2021

Master of Science - MS

Biomedical Engineering - Computer Science

Master's Thesis - 'Improving Quality Assurance of Radiology Equipment Using Process Modelling and Multi-actor System Analysis'

Lund University

Aug 2015 — Jun 2018

Bachelor of Science - BS

Biomedical Engineering

Bachelor's Thesis - 'Development of a User-friendly Method of Processing Data from Ergonomics Measurements Utilizing Inclinometers'

Academic Work

GitHub

Loading GitHub stats...

About Me

David Dashti - product security specialist for medical software

Product security specialist for medical software. I build security into medical devices from design through premarket submission.

I'm a biomedical engineer working as a QA/RA & Security Specialist at Hermes Medical Solutions, where I secure nuclear-medicine imaging software and help clear it for market — premarket cybersecurity, threat modeling, and security risk management, grounded in FDA premarket guidance and IEC 81001-5-1. As AI moves into these devices, I've started an early gap analysis against the EU AI Act to understand what it will ask of us. I also build my own tools — an internal RAG system over company data, still a work in progress, and in-house security tooling and tests.

Current focus areas

  • Premarket cybersecurity for medical software (FDA, IEC 81001-5-1)
  • Security risk management and threat modeling across the product lifecycle
  • Supporting market clearance for medical devices (FDA 510(k), EU MDR)
  • Securing the AI now entering medical devices — an early EU AI Act gap analysis, underway

Technical skills

Windows Server, Unix/Linux, Docker, Kubernetes, PowerShell, Bash, Python, Rust and Git

I care about making healthcare technology safer and more trustworthy — protecting patients by making sure the software, and increasingly the AI, inside their care is secure by design.