029: How to Build Secure IoT Products

Welcome to episode #29 of IoT Product Leadership, a podcast featuring in-depth conversations with product leaders on what it takes to build great IoT products. I’m your host, Daniel Elizalde.     I have a great show for you today. My guest is Matthew Eble, Practice Director at Praetorian, one of the top security consulting firms working on IoT today.     This is the second time I have a guest from Praetorian on the show.  On episode number 2, I interviewed Paul Jauregui, and we had a great conversation about creating a culture of security within your IoT organization.    In this episode, Matt shares his expertise around implementing IoT security and shares the work he did with the Industrial Internet Consortium to develop their latest document called: The IoT Security Maturity Model: A Practitioner’s Guide.    Security continues to be one of the biggest challenges for IoT adoption, and I believe security thought leadership, like the one Matt brings to the table, is extremely valuable for any company building IoT products.     This is an episode no IoT product leader should miss.      About Matt Eble:  As the IoT Practice Manager at Praetorian, Matthew has worked with clients across IoT industry verticals, to include smart cities, automobiles, healthcare, building automation, energy, smart homes, critical infrastructure, manufacturing automation, and retail. This rare perspective has given Matthew insight into the unique challenges each industry faces as they connect their devices, as well as the common problems that appear across IoT implementations.  Matthew has a somewhat unusual background for an information security professional. He started his career at the Defense Intelligence Agency where he sought to counter terrorist use of the Internet. Following that Matthew moved to the CIA’s Directorate for Intelligence where he analyzed foreign threats to critical US government and private computer networks. During that assignment, he received multiple awards for his analysis of a rapidly evolving threat. He then moved to the National Clandestine Service where he planned and managed intelligence collection operations. Notable Accomplishments: • Authored "The Eight Biggest IoT Mistakes and How to Avoid Them" white paper • Presented "The Attacker's Mindset" to Abbott Medical Security Summit • Contributing member of the IIC Security Maturity Model Authors Group • During his government service Matthew received a total of six exceptional performance awards and a personal letter of commendation from a Senior Director of the National Security Council. Certifications: • Certified Information Systems Security Professional (CISSP)  • GIAC Web Application Penetration Tester (GWAPT) Formal Education:  Matthew graduated from Davidson College with a BS in Psychology and from Georgetown University with an MA in Security Studies.   Topics we discuss in this episode:  Matt shares his background and about Praetorian. Why security is such a hard problem for IoT companies. The Security Maturity Model and what problem it solves. Approaching the SMM from a practitioner’s perspective. How IoT companies can make sense of vendor’s messages and avoid exposing themselves to too much risk. The security mistakes every industry makes, and best practices from these lessons learned. Advice for Product Leaders who are new at developing IoT solutions.    To learn more about Matt:  Matt on LinkedIn  Praetorian Praetorian Newsroom   Free download: Don’t forget to download my IoT product strategy template, for free.   Related Resources: What Is An IoT Product Manager? IoT Framework for Product Managers How to Build an IoT Product Roadmap