We’re securing systems… but ignoring the fastest growing attack surface.

While studying IoT security, one thing became clear:

It’s not the big systems that worry me anymore.

It’s the small, always-on, barely monitored devices inside the same network.

Smart cameras. Sensors. Wearables. Controllers.

Individually harmless.

Collectively… a blind spot.

The problem isn’t one vulnerability

It’s this:
• Devices that are always trusted
• Minimal visibility into what they do
• Weak or inconsistent updates
• Constant background communication
• Growing faster than we can track

At scale, this creates something dangerous:

A network you don’t fully understand anymore

Why this matters

IoT devices are rarely the final target.

But they can become:
• Silent entry points
• Internal visibility nodes
• Pivot points between systems
• Long-term unnoticed presence

Not because they’re powerful —
but because they’re overlooked and trusted.

What I’m learning

IoT security is less about the device itself…
and more about:
• How it fits into the system
• What it communicates with
• What assumptions exist around it

Because risk doesn’t always come from complexity.

Sometimes it comes from what we stop paying attention to.

I wrote a deeper breakdown on this 👇

https://dev.to/blackcipher/the-iot-blind-spot-the-part-of-the-network-we-keep-ignoring-53eg

Curious to hear your thoughts —

#CyberSecurity #IoT #IoTSecurity #InfoSec #RedTeam #ThreatIntel #EmbeddedSecurity #BlackCipher

⚙️ Technical Spotlight: New Session at BSides Luxembourg 2026

🚗🔐 𝗙𝗥𝗢𝗠 𝗖𝗔𝗡 𝗙𝗥𝗔𝗠𝗘𝗦 𝗧𝗢 𝗖𝗢𝗥𝗣𝗢𝗥𝗔𝗧𝗘 𝗙𝗜𝗥𝗘𝗪𝗔𝗟𝗟𝗦: 𝗟𝗜𝗙𝗘 𝗢𝗙 𝗔𝗡 𝗔𝗨𝗧𝗢𝗠𝗢𝗧𝗜𝗩𝗘 𝗦𝗘𝗖𝗨𝗥𝗜𝗧𝗬 𝗥𝗘𝗦𝗘𝗔𝗥𝗖𝗛𝗘𝗥 – Hrishikesh Somchatwar

Step inside the world of automotive cybersecurity in this 40-minute talk, where modern vehicles become complex attack surfaces spanning hardware, firmware, and cloud systems. From CAN bus manipulation to telematics abuse and backend exploitation, discover how real-world constraints shape both attacks and defenses in connected vehicle ecosystems.

Learn how attackers exploit in-vehicle networks, diagnostic interfaces, and wireless modules, and why securing cars is fundamentally different from traditional IT. Through practical case studies, this session highlights how even small vulnerabilities can lead to large-scale operational and financial impact in automotive environments.

Hrishikesh Somchatwar (@storytelnhacker) is an independent security researcher, bestselling author, and international speaker specializing in hardware and automotive cybersecurity. He has presented at leading global conferences and is known for combining deep technical expertise with engaging storytelling through his talks and The StorytellingHacker platform.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/

📲 View full schedule & build your agenda: https://hackertracker.app/schedule?conf=BSIDESLUX2026

#BSidesLuxembourg2026 #AutomotiveSecurity #EmbeddedSecurity #IoTSecurity #HardwareHacking #CyberSecurity

🐢 𝗟𝗮𝘁𝗲𝘀𝘁 𝗿𝗲𝘃𝗶𝗲𝘄 𝗵𝗮𝘀 𝗯𝗲𝗲𝗻 𝗱𝗿𝗼𝗽𝗽𝗲𝗱! 👇

This week, Jose Miguel Parrella evaluates an embedded security book, 𝙀𝙣𝙜𝙞𝙣𝙚𝙚𝙧𝙞𝙣𝙜 𝙎𝙚𝙘𝙪𝙧𝙚 𝘿𝙚𝙫𝙞𝙘𝙚𝙨 by Dominik Merli...

📝 Check out Jose's full review: https://cybercanon.org/engineering-secure-devices/

#CybersecurityBooks #EmbeddedSecurity | @jmp

𝗜𝗻𝘁𝗲𝗿𝘃𝗶𝗲𝘄 𝘄𝗶𝘁𝗵 𝘁𝗵𝗲 𝗖𝘂𝗿𝗮𝘁𝗼𝗿𝘀 𝗼𝗳 𝘁𝗵𝗲 𝗡𝗲𝘄 𝗖𝗣𝗦𝗔-𝗔 𝗠𝗼𝗱𝘂𝗹𝗲 𝗘𝗠𝗕𝗘𝗗𝗗𝗘𝗗𝗦𝗘𝗖! 🔐

We spoke with Felix Bräunling and Isabella Stilkerich about the new Advanced Level module #EmbeddedSecurity for Architects. They share why embedded security matters, how safety and security intersect, and which skills architects need to design secure embedded systems.

Dive into the full interview 👉 https://t1p.de/k3rzl

#CPSA #AdvancedLevel #SoftwareArchitecture #EMBEDDEDSEC #SecurityByDesign #EmbeddedSystems #iSAQB

We’re excited to introduce our newest #CPSA #AdvancedLevel module: EMBEDDEDSEC – Embedded Security for Architects! 🥳

This module provides software architects with essential knowledge to design secure and trustworthy embedded system architectures. Participants learn how to identify protection-worthy assets, derive security goals, and select effective control measures. 🔐

Learn more 👉 https://t1p.de/kl41w

#SoftwareArchitecture #EmbeddedSecurity #EMBEDDEDSEC #EmbeddedSystems #iSAQB

Embedded systems are everywhere – and highly attractive targets for attackers. 😱

In this #SAGconf session, Lorenz Pfeuffer and Felix Bräunling give an insight into the new #iSAQB Embedded Security curriculum, showing how to identify risks, choose effective countermeasures, and design more secure embedded systems.

Learn more about this session 👉 https://t1p.de/eztdg

#SAG2025 #SoftwareArchitecture #EmbeddedSecurity #CyberSecurity #EmbeddedSystems

Virtualization on ARMv8-M with the CROSSCON hypervisor running Zephyr RTOS and a TLS client.
The demo on LPCXpresso55S69 showcases a secure TLS application setup ready for 2FA integration.

Watch here 👉 https://youtu.be/GpKOEpA1aTQ?si=3hc8Hb-N_WUlhVfK
#Zephyr #ARMv8M #TLS #RTOS #EmbeddedSecurity #CROSSCON

We're honored to welcome F-Secure Corporation to ITSPmagazine and add them to the incredible lineup of clients we've created content with.

Sean Martin, CISSP and I had a fascinating conversation with Dmitri Vellikok about F-Secure's transformation from traditional #endpointsecurity to something far more ambitious: predicting #scams before they happen.

"How F-Secure Transformed from Endpoint Security to Predicting Scams Before They Happen"

Here's what caught my attention: 70% of people believe they can easily spot scams, yet 43% of that same group admits to being scammed. This disconnect drives F-Secure's approach to embedded, invisible #infosecurity that doesn't rely on consumer vigilance.

The company holds 55% global market share in operator-delivered consumer security, partnering with telecom providers to embed protection directly into networks and applications.

Their "scam kill chain" framework protects consumers at every stage of fraudulent attempts, and they're using AI to predict threats 18-24 months ahead.

Dmitri's insight: "Consumers don't really care or want to understand what the problem with #cybersecurity is. They just want the problems to go away."

Sometimes the best security is the kind you never have to think about.

Full audio interview: https://itspradio.com/episodes/how-f-secure-transformed-from-endpoint-security-to-predicting-scams-before-they-happen-a-brand-story-conversation-with-dmitri-vellikok-product-and-business-development-at-f-secure

Company directory available at ITSPmagazine.com

Watch the Full Video and subscribe to our Fast Growing YouTube Channel

https://youtu.be/zDQlWUmCLk8

#FSecurity #Infosec #EmbeddedSecurity #ITSPmagazine #BrandStories #tech #technology #contentmarketing