IoT Security Foundation Interviews Jonny Tyers

The IoT Security Foundation has invited Jonny Tyers to join their interview series to discuss threat modelling in IoT and connected device contexts. We're looking forward to a conversation that gets into the specific challenges of applying threat modelling when the attack surface extends into physical environments and embedded systems.

---

About the interview

The IoT Security Foundation is an industry body focused on improving security across the connected device ecosystem. Their interview series covers security practices, research, and the people working to improve the state of IoT security across sectors.

Jonny has been invited based on Threatplane's experience working with IoT manufacturers and operators, where the challenge of threat modelling is compounded by the physical nature of the systems — devices deployed in hostile environments, with long operational lifetimes and limited ability to be patched after deployment.

What the conversation will cover

The interview will cover how threat modelling for IoT differs from application or cloud security. The core methodology is the same — understand the system, identify what an attacker wants, work backwards to controls — but the threat surface is wider and the constraints are tighter.

Firmware that can't be updated remotely, devices that need to operate offline, and supply chain security across hardware components all introduce considerations that don't arise in pure software contexts. Jonny will discuss how the threat modelling process adapts to those constraints, and why IoT deployments particularly benefit from doing it early — the cost of changing a hardware design after manufacture is orders of magnitude higher than changing code.

The conversation will also cover the challenge for smaller manufacturers building their first connected product without a dedicated product security team.

Watch the interview

The full interview is available on YouTube.