It has been an amazing journey serving as the Research Lead for the Internet of Things (IoT) at Rapid7 for past 10 months. I came into the role with more than a decade of experience as a security penetration tester and nearly 15 years of experience conducting security research across such areas as protocol based attacks, embedded device exploitation, and web vulnerabilities, so taking on the role, as Research Lead for IoT was the next obvious progression for me. Being able to focus on IoT specifically has made this job more fun and exciting.
So why the focus on IoT research? IoT, while driving significant productivity gains for businesses and consumers, has become the wild west of technology, creating a number of security challenges for all of us. By creating a focused effort in IoT research we can better serve our customers and the security community at large by sharing the knowledge we gain during these efforts. Rapid7’s mission is to empower IT and Security to effectively and safely design, build and deploy technology innovation, and we see IoT as a major driver of innovation across industries. IoT is expected to hit over 20 billion connected devices by the end of the decade, and I anticipate it will also continue to be an ever-changing area of risk. A focused effort is critical to better securing our new IoT driven world.
I plan to take the opportunity this role has provided to help forge a path that will add value to the security community at large. For example, my research over the last 10 months has focused on examining a number of IoT technologies from enterprise to consumer-based products, exposing a number of vulnerabilities in their ecosystems. During these research projects we have successfully worked with a number of IoT manufacturers to help them better secure their products and, very importantly, helped them to expand their working knowledge in the area of security. The knowledge gained from these research projects has done more than just uncover vulnerability exposures, it has also helped us shape, identify and develop an understanding of issues plaguing IoT. Additionally, we have been given the opportunity to work with a number of customers, manufacturers and organizations to help better define methods around mitigating security issues related to IoT.
Moving forward I am very excited about the opportunities this research role will provide, allowing me to continue to expand my knowledge and understanding in all areas of IoT security. I plan to continue focusing our research efforts across multiple areas of the IoT discipline, including consumer, enterprise, medical, and industrial. Combined with all the IoT research efforts currently being conducted across Rapid7, we plan to work closely with our customers, IoT manufacturers and the security community at large to continue advancing our knowledge and expertise to better secure the new IoT driven world. Combined with our Strategic Services offering, we are able to extend this knowledge to a wider number of organizations seeking to make the Internet of Things more secure and resilient.