Selling security products and services, like insurance, home security systems, and even preventative medicine, often depends on vendors persuading the customer that they are at great risk, and playing on their fears. For IoT products, is that risk real? Have security vendors gone too far in hyping up claims of disastrous global IoT hacking? How much of that is even specific to IoT, or is IoT just a fertile ground for additional FUD-based sales? In this presentation, we’ll debunk some of the FUD, and talk abut realistic risks, and practical steps throughout a product’s lifecycle that IoT vendors can take to reduce vulnerability, lower risk, and avoid common cost and time to market issues. The presentation will leave you with a framework to make sure you’re not overcompensating for security threats, but also not ignoring them. We’ll focus on security realities, practicalities, and best practices rather than theory and doomsday scenarios.