Photo by Tomáš Malík - High Angle View of Lava in a Volcano
I’m starting a podcast soon called “Life Sciences Today”. Once a week, I’ll be chatting with people changing the life science industry. It will be available on all Podcast channels - Apple, Google, and Spotify. Be the first to know!
👉 If you enjoy reading this post, feel free to share it with friends! Or feel free to click the ❤️ button on this post so more people can discover my writing. 🙏
Is diversity a political or a functional requirement?
I look at the importance of diversity of thinking in a community and in tech.
Simplicity, not uniformity.
Resilience, not imposed standards.
Diversity, not political ends.
At first glance, diversity seems to make our lives more complex.
In fact I learned from my experience with my team at FlaskData, that diversity of age, ethnic, gender, religion makes a team much stronger and simplifies how we deal with challenges in dark times as we can rely on the young people to challenge older and older people to support the young. Older women can replace young women on maternity leave. Older men can replace younger men on combat reserve duty.
This sort of diversity is functional and apolitical.
In a sense it's simply the old adage about not putting all your eggs in one basket.
The Microsoft monoculture is a threat to patients and national security.
This is a topic I seem to revisit every few years. This week, was time.
First, there was a cyber attack on Israel payment card infrastructure.
Then my good buddy, Mike Zeevi, sent me an email, this week. Mike got me into the medical device cyber business. He’s the authority on software verification & validation (V&V) for Israeli medical device vendors—there are over 2,000 of them.
The FDA has turned ruthless on cybersecurity reviews for medical devices. They’re not just checking the guidance—they’re enforcing it hard. And yet, developers—whether in-house or outsourced—are still coding away on Windows without asking basic questions like, What security processes should we follow? What documentation does the FDA require?
A wakeup call we’ve ignored for 22 years
Back in 2003, Dan Geer, Rebecca Bace, Peter Gutmann, Perry Metzger, Charles Pfleeger, John Quarterman, and Bruce Schneier wrote a report titled: CyberInsecurity: The Cost of Monopoly—How the Dominance of Microsoft’s Products Poses a Risk to Security.
Dan Geer, one of the most respected security minds in the world, was fired by AtStake for co-authoring it. AtStake was a supplier to Microsoft.
Their report warned that Microsoft’s overwhelming market dominance—especially in U.S. federal agencies—was a U.S. national security threat. Too many critical systems running the same OS meant that one vulnerability could trigger cascading failures across essential infrastructure.
In 2011, Congress held hearings on the immediate cybersecurity threat to the U.S. Listen to the video recordings, and you’ll hear the concern: a single virus compromising government PCs and exposing sensitive personal information.
Now, let’s fast forward to July 19, 2024.
CrowdStrike - the Global Windows Meltdown
A faulty update from CrowdStrike caused global chaos, disrupting 8.5 million Windows devices. Airports, hospitals, financial systems—all hit. Payment terminals failed. Healthcare systems crashed.
Linus and MacOs systems were unaffected.
The world didn’t grind to a halt because of a Linux update. It happened because Windows is the brittle backbone of too much critical infrastructure.
In 2025, 85% of the U.S. government is still running Windows—still vulnerable to the same failures we were warned about 22 years ago.
Microsoft’s lobbying machine succeeded.
If you call national security threats a success.
Get my latest book on 22 ways your business will fail
Debunking the Microsoft Fanboy Myths
The Microsoft monoculture groupies love to parrot the same weak defense:
“All operating systems have vulnerabilities. Windows is no better or worse than Linux or MacOS. If you patch properly, everything will be fine.”
This is incorrect. Here’s why:
A monopoly creates a massive attack surface. Microsoft controls 85% of U.S. government systems. That’s an irresistible target for cyber adversaries.
Lock-in prevents alternatives. Microsoft deliberately makes it hard to switch. Integration between Windows and its ecosystem discourages competitors and keeps users trapped.
Windows is incredibly complex. And complexity is the enemy of security. The more bloated the system, the more vulnerable it is.
Microsoft’s monoculture enables cascade failures. If Windows goes down, it takes entire industries with it. We saw this with CrowdStrike.
Fixing one flaw creates more flaws. Windows has crossed the complexity threshold where every security patch spawns new vulnerabilities.
Even non-Microsoft systems suffer from Microsoft’s failures. Compromised Windows environments can spread malware beyond their own systems.
Microsoft treats security as a PR problem, not a technical one. Security updates are leveraged as lock-in mechanisms, forcing customers into new licensing schemes.
Windows in Medical Devices: A Disaster Waiting to Happen
If Windows is a national security risk, then using it in hospitals is a nightmare.
Medical devices today are networked, data-driven, and mission-critical. Many of them run Windows. The same Windows that just crippled global infrastructure.
Let’s break it down.
Reason #1: Windows is Too Complex for Medical Devices
Complexity is the enemy of security.
With complex software:
There are more design flaws
There are more software defects
There are more attack vectors
We’ve already seen entire hospital networks infected by Microsoft malware. And it’s not just credit cards on the line anymore.
If your credit card gets stolen? You cancel it.
If a patient monitor crashes mid-surgery because of a Windows update? People die.
Reason #2: Patients are not MS Office users
Patients in hospitals are not MS Office users. But Microsoft’s system management strategy is built for corporate IT—not for patient-critical environments.
In IT, you assume:
Systems will be patched regularly
Machines will eventually get infected
Crashes will happen
That’s unacceptable in medical devices. These systems must run forever. They must be fail-safe. They must not crash every few days.
Microsoft’s Latest Security Failures
Microsoft’s security failures aren’t embarrassing. They are actively endangering national security.
2023: A China-linked cyber-espionage attack on Microsoft Exchange Online steals 60,000 U.S. government emails.
2025: Russia-backed Midnight Blizzard infiltrates Microsoft, stealing credentials and sensitive data from federal agencies and Microsoft executives.
The solution: End the Microsoft Monoculture
Unlike an office, a hospital is a hostile, heterogeneous environment. Medical devices must be fail-safe, resilient, and secure by design.
That means:
No more Windows in medical devices
No more Windows in critical infrastructure
No more pretending the Microsoft monopoly isn’t a problem
Yes—it’s a tall order. Yes—it means retraining programmers. Yes—it means moving to embedded Linux.
But what’s the alternative?
If we don’t act, the next CrowdStrike-level failure won’t just shut down airports. It will shut down hospitals. And people will die.
Time to wake up.
If you’re over 45 -
I help people aged 45-60 working in the life sciences turn their hard-won expertise into personal wealth and freedom.
My beliefs:
• Joy is your best friend.
• Ego is your worst enemy.
• Discipline is your strongest superpower.
• Kindness is your biggest asset
To learn more about the program -