Build for Failure, Not Perfection

if I could change one thing about how the industry approaches IoT security, it's build it from the ground up. Build your device in mind. Build your device for failure. play I mean, it's and again, I'll get into more detail probably a little later, but it's not a question of whether or not an attacker can get into your device. It's when and how much money and time it can be. you know, the only secure device is under an ocean. someone onces at the like in cement under a ocean um Someone once told me back in the government, and it's just you need to make your device so secure that the time and money and investment that it takes to break into it is not as lucrative as what you're getting from it. So you need to just make their life incredibly difficult. There is no completely secure device. You're just limiting the amount of security issues you can possibly have by as much as possible. You're minimizing threat vector. You're trying to eliminate as many of the openings into your devices you can. But really, honestly, you just need to make it as difficult as possible for them to make their time not worth it. um So if we can start helping people understand that, and I think the EU Red and CRA are a huge wake up call for the IoT industry for people who never really thought of IoT, I mean, IoT security. um It's a huge wake up call because now they're mandated. So I think a lot of IoT devices are going to start being purpose built with security in mind moving forward. But if there's anything I can stress is do not wait until you need it, plan for needing it at some point and purpose build your device with security in mind rather than retrofitting it at the end as a kind of a panicky moment because your device got hacked there's a vulnerability that kind came out. You need to think about this stuff well before that ever happens. So the earlier, the better is what is what I can give.