IoT security is something of a conundrum. Pen Test Partners publish independent security research into numerous smart devices, exposing poor security practice by device manufacturers. The ill effects of these failings are felt most by consumers. One of the most common failings in connected tech is around identifying both the user and device. Mistakes and challenges around identity can lead to complete platform compromise, exposing millions of devices at a time. Ken looks after vulnerability disclosure at Pen Test Partners and influences government policy on IoT cyber security. Whilst some disclosures are successful, the majority are a train wreck. Watching vendors try to ignore contact from researchers, fumble or try to silence the process led him to working with regulators in an effort to fix the problems at source. He considers carrot and stick are the only way to resolve smart product security. The work of his team on My Friend Cayla, the vulnerable talking kids doll, was cited as one of the catalysts for California Senate Bill 327, regulating IoT security for California residents. He’s briefed US government departments and spoken at TEDx, DEF CON villages, RSA, Black Hat, BSides and numerous other security events. If you want his attention, just market your smart device as ‘unhackable’. Ken is also a member of the CVE Board.