This course is aimed at IoT practitioners, startups, and those who wish to understand how to practically implement security into IoT products and services. The trainers will take attendees through the basics where necessary and will adapt to the skill range of the attendees, providing individual assistance throughout. The course is therefore suitable for all levels of experience and skill.
Course ObjectivesBy the end of the course, attendees will:
- Be able to secure a connected IoT product from scratch.
- Be able to discuss the main threats and attacks on IoT products and services.
- Know how to research and assess IoT threats and risks as they arise.
- Be able to implement a security reporting scheme in their organization.
- Be able to work effectively with security researchers on reported IoT security issues and concerns.
- Have the knowledge to be able to develop a security patching strategy and product update life-cycle.
- Have a good working understanding of the best practices laid down by the IoT Security Foundation.
- 2-day Course run by security experts
- Buffet Lunches
- Cohort Dinner
- Course Certificate
- Induction to the Training Alumni platform for post-training support & networking
- Optional – 2 nights residential accommodation / breakfast
Course Pre-requisitesThere are no course pre-requisites but it is advised that you familiarise yourself with the IoT Security Foundations publications on which the course is based.
Day 1 09:00 – 17:00Welcome and introductions Course objectives
Session 1: Introduction to IoT and the Security LandscapeAn introductory system-wide overview of the technologies that make up a multitude of IoT services, from hardware through to software as well as the potential vulnerabilities that this world may bring. Attendees will understand why security matters. Refreshment Break
Session 2: Practical Attacks, Threats, and RisksPractical Attacks, Threats, and Risks to IoT products and services Real-world stories and breakdowns of attacks that have occurred, the impact they had, and what measures could or should have been taken to mitigate or avoid them in the first place. This session aims to show the value of a security by design and also practical security and business management techniques for managing security. Lunch
Session 3: Best Practices for IoT SecurityUnderstand the background and rationale for the principles and how to apply them in a real-world context. Understanding and utilizing the IoT Security Foundation User Best Practice Mark. Refreshment Break
Session 4: Securing Connected ProductsThis session gives an end-to-end tutorial on how to secure connected consumer products, from mobile application security to IoT device security, through to cloud services.
Day 2: 09:00-17:00Welcome back Re-cap of Day 1
Session 5: Practical hacking sessionThis session will allow attendees to witness real-world hacking of IoT, but also to use some hacking tools in order to experience how hacks can take place and the impact they can have. Equipment and software will be provided. Refreshment Break
Session 6: Software updates and security update life-cyclePractically implementing a software and hardware update and product lifecycle strategy that works and keeps users secure. Understand the issues and solutions around constrained devices and how to manage them. Lunch
Session 7: Vulnerability DisclosureUnderstand the background, mechanics, and psychology of coordinated vulnerability disclosure and how it is beneficial to your business. This topic will also cover bug bounties and other aspects of working with security researchers. Refreshment Break
Session 8: IoT Security Self-CertificationHow to use the IoT Security Foundation’s self-certification scheme, assess and make your product or service secure, ready for certification.
The course is run across 2 days and prices are exclusive of sales tax.
- Minimal Video 00:00:00
- Vimeo video 00:00:00