By: Hugh Shepherd
April 14, 2021
Course Review: IoT Product Security
By: Hugh Shepherd
April 14, 2021
Course: IoT Product Security Instructor: Matthew Clark
Cybrary's IoT Product Security course is an outstanding training offering. This is an excellent course to learn how to design and implement an IoT product security program. The course covers the requirements necessary to set up a functioning IoT product security program for organizations that design, manufacture, and sell IoT devices for use by consumers or industries. The course is taught from the perspective of a CISO or Senior Director in the company.
Overall, this is a highly informative course and provides excellent details on the topic of IoT. The instructor, Matthew Clark, exhibits a deep understanding of the topic. The instructor does a great job providing background information on IoT, in addition to more advanced topics. This enables the learner to understand the roots of IoT and where it is heading. He does an excellent job explaining complex technical topics in an easily understood manner that greatly supports the learning experience. Clark's style is straightforward and, at times, entertaining, which helps to keep your attention and is informative at the same time. Other topics discussed include product security program fundamentals, security by design, and privacy, among other module topics.
The instructor does a nice job of covering the most important aspects of the topic. Students will gain an understanding of how to handle IoT and similar technologies within the enterprise securely. Furthermore, to cover any gaps or topics not discussed in detail, the instructor provides supplemental material to cover these areas. For those interested in standing-up an effective IoT Security program, this course is fantastic.
This is an advanced-level course that provides a little over 8 hours of instruction (8 CEU/CPE). The course's target audience includes CISO, CTO, CPSO, senior security and engineering directors, managers, engineers, and practitioners. Additionally, the course assumes learners already possess a foundation in leadership and security management and practical experience applying security engineering concepts, security management practices, and business leadership principles. However, both technical and non-technical cybersecurity and/or IoT enthusiasts will benefit from this class.
As previously mentioned, included with the course are supplemental materials to enhance the learning experience for students. The instructor incorporates relevant case studies into the lecture to illustrate how many of the discussion topics are applied in real-world situations. Also, there is a course reference sheet and resources page listing the materials and additional resources to help students continue learning.
After completing this course, students should understand the activities that support securing IoT devices. Some of the learning goals include:
- Designing and building a risk-based IoT product security program
- Identifying security program elements necessary for implementing an IoT product security program
- Identifying and understanding principles of hardware roots of trust and how they can be used by product engineering teams to securely design and develop IoT devices.
- Implementing a vulnerability disclosure/management program that incorporates bug bounties to promote proper identification and bug disclosure.
- Understanding how to secure IoT device manufacturing and provisioning practices.
- Understanding relevant legal and regulatory changes related to security and privacy impacting the global IoT market.
- Demonstrating the practical application of CISSP, CISM, CRISC, and other industry certification knowledge in real-world scenarios.
Cybrary offers several learning resources related to IoT, security program development, and information security in general. You can explore and sign-up for these learning resources on the Cybrary website. Listed below are just a few related resources available on the Cybrary website:
