About

Inoculis helps founders get their IT and cybersecurity in lockstep with the product and GTM roadmap.

Christian Busch, Founder of Inoculis

Christian Busch

Founder, Inoculis

Certified Information Systems Security Professional, ISC2Certified Information SystemsSecurity Professional (CISSP)

The story

Why this practice exists.

Twenty-five years in enterprise software. AI/ML platform on patient data at Elevance Health. IoT platform at SAP. Digital product practice at Cognizant. Cross-functional teams from 2 to 160 people. Stanford GSB. Silicon Valley accelerator mentor. Certified Information Systems Security Professional (CISSP) by ISC2.

I started Inoculis after watching medical device founders close to me hit year five and find that IT decisions made years earlier had quietly locked them out of customers. The CISO in the hospital or lab buying center asks for compliance certifications before the instrument can land on the hospital network. The technology choices were defensible on their own at the time. The compliance posture around them was not, and by the time hospital security review surfaced the gaps, the fix was six figures and a year of GTM delay.

Most early-stage scientific medical device and health-tech founders treat HIPAA, HITRUST, NIST, and FDA as a year-three problem. Year three is where it gets expensive. Inoculis sets the direction on those frameworks at day one, so the company around the product is compliant before procurement, hospital security review, or an FDA audit starts asking, and so leads stop stalling on questionnaires the founder did not know were coming.

None of this is caused by stupid decisions. It is caused by smart founders who do not yet know what they do not know. Every gap is preventable on day zero. Almost none are preventable on day 1,095.

The practice

What Inoculis is.

Inoculis is a Silicon Valley owner-led fractional CIO and CISO practice for medical device, SaMD, IVD, and life science startups, 1 to 100 employees, selling to hospitals, laboratories, providers, payors, and consumers. Based in Menlo Park, CA. Remote service nationwide.

I work with a hand-picked network of veteran SME contractors, mostly former Google, Meta, Amazon, or Cisco engineers, brought in for firewall, network, and specialty software work. The advisor in your leadership cadence is me. The depth behind the advisor is the network.

The boundary

The boundary.

We focus on the company’s operational IT, security, and compliance posture: laptops, SaaS, network, WiFi, identity, file storage, QMS selection, vendor security responses, and the framework readiness your customers will require. The firmware and embedded software inside the device itself stays with your R&D and engineering team. We coordinate with R&D, Quality, and Regulatory on device-specific artifacts but we do not own them.

The name

The name.

Inoculis carries three evocations:

Oculus
the eye: see the risk early.
Inoculate
long-term protection through preparation.
IS
Information Systems.

What we believe

What we believe.

  1. 01

    Compliance is a forward-looking discipline, not a backward-looking checklist.

    The frameworks (HITRUST, HIPAA, ISO 27001, NIST 800-53) are not the goal. The hospital deal that requires them is the goal.

  2. 02

    Senior judgment is the product.

    You are not buying hours. You are buying which decisions get made, and which ones get stopped before they cost you.

  3. 03

    We are the buyer’s advocate, not a vendor.

    We take no resale margin and no referral fees. Judgment is the only thing we sell, so our incentive is the leanest stack that does the job.