Course and instructor introduction

Hi, I'm Matthew Clark. And this is Lesson 1.1: Introduction to IoT Product Security. In this lesson, we will review the course prerequisites. You will learn a little bit about me and I will discuss the target audience. Finally, we will review the course syllabus. So let's get started. This course is going to take a holistic view of IoT security from the inside out. This course will instruct the learner on how to set up an IoT product security program. Therefore, the learner will need a solid understanding of security engineering concepts, including technical details and knowledge. We'll deep dive into chipsets. We'll look at developing a proper root of trust, and we'll also discuss a proper security architecture design. The learner will also need an understanding of security management concepts such as building new programs like vulnerability disclosure programs and discussing how the enterprise handles reports from security researchers. The learner will also need to understand common security programs and elements that can be reused, such as risk management, patch management. Finally, the learner will need an understanding of business leadership principles, including soft skills, as well as some experience in navigating organizational politics. They'll need leadership and business acumen and the ability to lead through influence, not by title alone. I think these three points encapsulate really the main focus areas for someone leading a product security program for a business or an organization. If you're looking for certifications to compare this knowledge with, I would say that any learner familiar with the following certification should be okay. The CISSP, the CISM or CCSO or the CISSP-ISSMP or CRISC. So a little information about me. I currently lead the global security efforts for a large multinational manufacturing company which operates in over 30 countries. As part of our product line, we design, manufacture, and sell consumer and industrial IoT products. As a disclaimer, the opinions expressed in this course are my own and not that of my employer. I do have over 20 years of experience in the manufacturing sector. My first position was to help secure a Goodyear facility for Y2K, which was the ultimate fear, uncertainty, and doubt event. I enjoy looking at for security issues in everyday life, like the physical security concerns of this beautiful city in Italy, perched precariously over the water or failures like the security camera where the cables have been cut and left to dangle in the air. My contact information is here, including my email address, LinkedIn information, and my Twitter handle. If you have any questions, please feel free to contact me. If you like the content, please feel free to endorse me on LinkedIn. This course is intended for students who need to understand how to set up a product security program to ensure IoT devices are manufactured securely. If you're a CTO, a CISO, or a product security manager, this is most likely information that will benefit you. The course is designed to provide you with the basic IoT security knowledge and introduce you to concepts that you'll need to consider when setting up a product security program of your own. It's also intended for students that need to use the program itself. But you don't need to be in the manufacturing sector to get value out of the course. If you're a product engineer developing new products, you'll find this information helpful. If you're an application developer writing firmware for constrained devices, you'll find this information helpful. If you're security manager who tasked to secure IoT in the enterprise, you'll find this information helpful as well. So this course builds an understanding of the complex series of decisions that go into IoT product security, such as secure by design principles and developing proper roots of trust. So if you're interested in learning about IoT security, this course will provide you with that understanding and it'll start from the bottom and work it to all the way up through device concept, through to production, through provisioning to secure operation, and eventual decommission of the IoT device. This course is going to dive deeper than an ordinary IoT security class. It's impossible to cover everything in a single class, but we're going to give it a good shot. We're going to approach this particular class as if we work for an IoT device OEM, that's an Original Equipment Manufacturer, a company that designs, manufactures, and sells IoT products. So Module 1, we're going to go through course introductions. That's where we are right now. In Module 2, we'll take a look at product security programs. And three, we will go through secure by design principles. And four, we're going to discuss this concept of hardware root of trust. And in Module 5, we'll go through secure development, and six, secure build, ship, and operate principles. And in Module 7, we'll take a look at privacy. So our course materials include the syllabus, case studies, and reference material. Now, the syllabus we've just covered. In case studies are news, headlines, and stories that are current or current through the last several years, and I've selected those and kind of embedded those in each one of the lessons -- or in many of the lessons, not each one, but these will help reinforce the learning that is going on and kind of take book knowledge and try to apply it to real day, everyday life. And the references are very important and they serve really two purposes. The first one that as an instructor, I've pulled material from individuals who are much more knowledgeable or much more expert in very specific areas, and I've taken their knowledge and used it to supplement the material that we're presenting to you. And so we want to make sure that we give credit -- proper credit for their work and their ideas and so forth. And so I created a rather broad reference list for you that includes those expert opinions and knowledge as well as additional information that is out there that can help you as a learner. So we want to make sure that we give proper credit where credit is due for two individuals. And I'll call those -- many of those individuals out by name and point them out their material out in the reference for you. And also, it's a good opportunity for you as a learner to continue learning outside of the material that I present here in the class itself. So I recommend these references to you and encourage you to seek them out and go and keep learning and continue your learning and development as a lifelong student. Great. We completed the first lesson. So what did we do? We discussed the prerequisites for success, I introduced myself, and you introduce yourself when we talked about the target audience. We reviewed the syllabus together and finally, we discussed the course materials. So we have completed the introduction. We will continue through the course syllabus with Module 1 until we get all the way through to Module 7 and you receive your certificate of completion. So I'll see you in the next lesson.