RBM 15.4: How to build a career in cybersecurity with Heath Adams

Another fine episode in the show's "new format"; kudos to the entire podcast team!

 Here are a few additional tips for guarding against IoT vulnerabilities:

Further to Sara's warning about buying cheap gear, it also matters where you buy it from. It may be tempting to save money on more expensive, higher-quality electronics by purchasing from a third-party vendor like Amazon, or another reseller that the manufacturer designates as an official channel. But this leaves you vulnerable to fraudulent and copycat gear that makes its way through the distribution supply chain. In fact, there was just such https://www.justice.gov/archives/opa/pr/leader-massive-scheme-traffic-fraudulent-and-counterfeit-cisco-networking-equipment involving resale of tens of thousands of bogus Cisco networking devices on Amazon, eBay, and other sites both official and unofficial. Buying your equipment directly from the manufacturer is your safest strategy, even if it costs a bit more.

My next suggestion is to isolate all of the IoT gear away from your main computers and wireless devices. In most small office and home (SOHO) scenarios, your router will have a Guest Wi-Fi connection that is (typically) segregated from the primary local network to which your computers and devices are connected. Assigning all of the IoT gear to the Guest network will instantly provide you a considerable degree of privacy and protection -- the toaster might know what your dryer is doing, but not what you're emailing to the attorney.

If you have to provide a password to a contractor for, say, connecting a thermostat, be sure to change the Guest network password after they are finished, and then reconnect all of your IoT devices. 

And, as Sara also recommended, just don't connect anything that's not really necessary. Oh, and if your router is end of life (i.e. more than five years old), or you're connecting everything directly to the equipment from your Internet Service Provider, it's time to https://www.ic3.gov/PSA/2025/PSA250507. 

Now, for those who were inspired by Heath Adams' tips for getting starting in cybersecurity, you can extend the concept of isolating IoT on your Guest Wi-Fi, and in doing so, learn foundational info about computing environments. Here's how...

A key cybersecurity strategy is to use network segmentation to isolate many different types of equipment and users from each other on the overall network. As result, an attacker may be able to compromise one device, but not move laterally to compromise others. As an analogy, think of it like an apartment building in which every unit has its own locks on the door... a thief may break into one unit, but stealing from many is much less likely.

This concept of network segregation  is just as applicable in a SOHO situation as at the company office. For example, you could separate the media devices (e.g. TV, streaming box, smart speaker) from the rest of the IoT appliances -- your oven doesn't need to know what program you're currently binging.

And you can keep going... it would be wise to isolate any of your employer's work computers that you use at home from the personal computers at home. Or you might want to isolate your personal computers from those of the tenant living in your accessory dwelling unit. And if you want to build a home cyber lab for experimentation, you definitely want that at a healthy distance from the rest of your network gear. Etc.

In order to accomplish this, you'll need a router (or similar network device) that allows for creation and configuration of multiple Virtual Local Area Networks, or VLANs. The one I purchased (manufacturer direct) is the https://www.peplink.com/products/soho-routers/b-one/. It has tremendous capability for this exact type of network segmentation and other forms of easy-to-perform configuration / experimentation, all of which enhance security and privacy while helping you learning about network environments. (This is not a paid endorsement, I'm just a very happy customer.)

Cheers!