The Glass Office: A Statistical Deep Dive Into Smart Office IoT Risks, Access Control Failures, WiFi Bleeding Into Public Spaces, and the Physical Social Engineering Threat No One Is Talking About

Executive Summary

The modern smart office is a paradox. It was designed to increase productivity, reduce energy costs, and streamline operations. Instead, it has quietly built one of the most exploitable attack surfaces in enterprise security. With 21–24 billion IoT devices now connected globally, 32.5% of corporate network devices operating outside IT control, and 57% of enterprise IoT devices classified as "highly vulnerable," the smart office has become a distributed collection of unlocked doors — both digital and physical.

This article examines the convergence of three threat vectors that most security teams treat in isolation but attackers exploit as a single chain: IoT device sprawl in smart offices, WiFi networks that bleed far beyond building perimeters, and physical social engineering tactics like tailgating that turn coworking spaces and shared offices into open invitations for malicious actors.

The numbers are stark. The average enterprise network now hosts approximately 35,000 connected devices spanning 80 different types. Insider threats cost organizations $17.4 million annually. 71% of organizations report feeling at risk from physical breaches due to tailgating. And 48% of all connections from IoT devices to corporate IT systems originate from high-risk devices with known vulnerabilities.

When you layer the explosive growth of coworking spaces — 8,854 locations across 159 million square feet in the United States alone as of Q4 2025 — onto an IoT threat landscape where 98% of device traffic lacks encryption, the result is a perfect storm that most CISOs haven't even begun to model.

“Deleted” Doesn’t Mean Gone: The Nancy Guthrie Case Just Exposed the Uncomfortable Truth About Your Smart Camera

The FBI recovered Google Nest footage that shouldn’t have existed. Here’s what that means for every smart camera owner who thought their data was private. On February 1, 2026, 84-year-old Nancy Guthrie — the mother of NBC’s “Today” co-anchor Savannah Guthrie — was abducted from her home in Tucson, Arizona. When investigators

Secure IoT HouseSecure IoT House

Part 1: The Smart Office Attack Surface — By the Numbers

21 Billion Devices and Counting

The Internet of Things crossed the threshold from emerging technology to business-critical infrastructure sometime around 2023. By the end of 2025, an estimated 19.8–24 billion IoT devices were active worldwide, with projections pushing past 29 billion by 2030. North America alone accounts for over $430 billion in IoT market spending.

But the real story isn't the headline device count. It's what's happening inside your office building right now.

The modern smart office typically deploys IoT across these categories:

• Access control systems: Badge readers, biometric scanners, smart locks, turnstiles, and intercom systems connected to centralized management platforms
• Environmental controls: HVAC sensors, smart thermostats, lighting automation, occupancy sensors, and air quality monitors
• Surveillance: IP cameras, motion detectors, facial recognition systems, and video analytics platforms
• Connectivity infrastructure: WiFi access points, Bluetooth beacons, mesh network nodes, and cellular repeaters
• Productivity devices: Smart displays, conference room booking panels, digital whiteboards, wireless presentation systems, and IoT-enabled printers
• Building management systems (BMS): Centralized platforms aggregating data from all building automation subsystems — elevator controls, fire suppression, emergency lighting, water management, and energy metering

According to Palo Alto Networks' 2025 Device Security Threat Report, which analyzed over 27 million connected devices across 1,803 enterprise networks, the average enterprise network hosts approximately 35,000 devices spanning 80 different types. That's not 35,000 laptops and phones. That's 35,000 connected endpoints, many of which IT has never inventoried, patched, or even acknowledged.

The Visibility Crisis

Here's where it gets dangerous:

• 32.5% of all devices on corporate networks operate entirely outside IT control — this includes IoT devices like smart TVs, thermostats, and occupancy sensors, along with personal devices brought in under BYOD policies
• 39% of IT devices registered in Active Directory lack an active EDR or XDR agent — these are company-owned computers and servers that should be protected but aren't
• 48.2% of all connections from IoT devices to corporate IT systems originate from high-risk IoT devices — think an outdated security camera with known vulnerabilities connecting directly to a server holding customer data
• 57% of enterprise IoT devices are classified as highly vulnerable due to outdated operating systems or missing encryption
• 98% of IoT traffic lacks encryption, making sensitive data readable to anyone capable of intercepting it

The most common attacks exploiting these gaps aren't sophisticated zero-days. They're brute-force attempts — Palo Alto Networks logged 3.48 billion brute-force password attempts and 2.7 billion Apache Log4j exploitation attempts across their monitored networks. These attacks succeed because the visibility gap between knowing a device exists and understanding its actual risk posture is enormous.

Building Management Systems: The Crown Jewel Nobody's Protecting

If IoT devices are the unlocked windows, building management systems are the master key ring sitting on the front desk.

Claroty's 2025 analysis found that three-quarters of building management systems contained flaws known to have been actively exploited by hackers. These are the centralized platforms that control HVAC, fire suppression, elevators, and physical access — the systems that, if compromised, can literally lock people inside a building or disable fire alarms during an emergency.

The smart building market was estimated at approximately $126.6 billion in 2024 and is expected to reach $571.3 billion by 2030. And 87% of business leaders plan to invest in smart building technologies in the near future. That's a lot of money being poured into systems that, as Claroty's CSO Grant Geyer described it, amount to "the cyber equivalent of putting a 'kick me' sign on someone's back."

Real-world impact isn't theoretical. In 2024, Omni Hotels was targeted by a cyberattack that disrupted reservation systems, check-in systems, room key cards, and payment processing — all connected through their building management infrastructure. The attack demonstrated how a single compromise of building IoT can cascade across every operational system simultaneously.

The Doorbell Surveillance State: A Technical and Statistical Analysis of Smart Doorbells, Law Enforcement Partnerships, and the 67 Million Daily Strangers at Your Door

An estimated 60+ million packages arrive at American doorsteps every single day. Over a third of those homes now have a camera pointed at whoever drops them off. Here’s what the numbers actually tell us about the largest distributed surveillance network ever built — and who really controls the footage. Executive

Secure IoT HouseSecure IoT House

Part 2: WiFi Bleeding Beyond the Perimeter

The Invisible Problem

Every enterprise WiFi deployment leaks signal beyond the building's physical perimeter. It's a fundamental reality of radio frequency propagation — WiFi doesn't stop at the wall. A typical commercial access point broadcasting at standard power levels can be detected 100–300 feet beyond the exterior walls of an office building, depending on construction materials, antenna configuration, and environmental conditions.

For a ground-floor office, a street-level parking lot, or a multi-tenant building with a coffee shop on the first floor, this means your corporate network's WiFi signal is available to anyone with a laptop and a directional antenna. In dense urban environments, this problem compounds — multiple organizations' networks overlap, creating a radio frequency environment where an attacker doesn't even need to be particularly creative to find an exploitable signal.

Coworking Spaces: The WiFi Security Nightmare

The problem escalates dramatically in coworking and shared office environments, which now represent a $20.96 billion global market with 42,000 spaces worldwide — expected to reach 44,000 by 2026. In the United States alone:

• 8,854 coworking locations as of Q4 2025, up from 8,420 in Q3 — a 5% quarter-over-quarter increase
• 159 million square feet of coworking inventory across the United States
• 5.5–6 million total coworking users globally
• 42,000 coworking spaces worldwide, with the U.S. commanding the largest share
• The North America coworking market is valued at $5.67 billion in 2025, projected to reach $9.56 billion by 2030 at 11% CAGR

The typical coworking space has approximately 90 members at any given time. Each of those members brings their own devices — laptops, phones, tablets — running their own operating systems, their own software stacks, their own security configurations. Or lack thereof.

Most coworking spaces provide WiFi with a single shared password for all members. This is not enterprise-grade security. This is the digital equivalent of giving every tenant in an apartment building the same front door key and hoping nobody makes a copy.

The attack vectors in shared WiFi environments include:

• Packet sniffing: Intercepting unencrypted traffic on shared network segments
• Evil twin attacks: Setting up a rogue access point that mimics the legitimate network SSID
• ARP spoofing: Redirecting traffic through an attacker's machine for man-in-the-middle interception
• Network vulnerability scanning: Probing all connected devices for exploitable weaknesses
• Brute-force attacks on workstations: Targeting devices visible on the same network segment
• DNS poisoning: Redirecting web traffic to malicious sites through compromised DNS responses

The solution — WPA2-Enterprise with per-user credentials, VLAN segmentation, and 802.1X authentication — is well understood. But the vast majority of coworking spaces don't implement it because it adds complexity and cost. Even WeWork, the largest coworking operator globally, experienced a cyberattack that brought operations to their knees, demonstrating that even the biggest players haven't solved this problem.

Corporate vs. Coworking: A Security Comparison

The gap is enormous. And it matters because enterprises are increasingly choosing coworking. In a 2024 WeWork survey, 59% of companies planning to increase workspace in the next two years said they're choosing flexible space over traditional offices. Corporate teams now make up 27.6% of the coworking market. Amazon executed one of Manhattan's largest 2024 leases inside a WeWork facility — 304,000 square feet.

When a Fortune 100 company puts employees in a coworking space, those employees are connecting corporate devices to shared networks, accessing corporate cloud resources through infrastructure the company doesn't control, and working alongside strangers who paid $30 for a day pass.

CBRE's $400 million acquisition of Industrious in January 2025 signals that this convergence of corporate and coworking is accelerating, not retreating.

Your Smart Doorbell Is Watching More Than You Think: The Privacy Nightmare of Always-On Home Devices

The camera protecting your front porch might be the biggest threat to your privacy inside your home. Here’s a number that should keep you up at night: 87% of Americans have no idea how their doorbell camera data is being used. That statistic, from The Zebra’s 2024 consumer survey, means

Secure IoT HouseSecure IoT House

Part 3: Physical Social Engineering — The Analog Attack Vector

Tailgating: The Simplest Hack That Still Works

While security teams pour millions into next-gen firewalls and AI-powered threat detection, attackers continue to walk through the front door. Literally.

Tailgating — following an authorized person through a secured entrance without presenting credentials — remains one of the most effective and least defended attack vectors in enterprise security.

The statistics are sobering:

• 71% of organizations report feeling at risk from a physical breach due to tailgating (Boon Edam survey; Ponemon Institute)
• 48% of organizations have been compromised by tailgating — an unauthorized person following someone through a secure door
• 54% of organizations have found doors propped open or left unlocked, creating unrestricted access
• Over 40% of organizations reported at least one physical security breach in 2024
• Nearly 1 in 10 data breaches stem from physical security compromises (IBM 2024)
• 20% of key cards are lost or stolen every year, often going undetected for weeks
• 70% of internal breaches involve someone who had partial access and exploited a system gap

The human element makes tailgating nearly impossible to eliminate through technology alone. People hold doors. It's social conditioning. In a tailgating exercise conducted by security researcher Colin Greenless, 17 employees, when asked politely, simply gave him their passwords. No hacking required. No zero-days exploited. Just a confident stranger with a clipboard.

The Coworking Tailgating Multiplier

Traditional corporate offices at least have the structural advantage of controlled entry points — badge readers, security guards, reception desks, mantraps. Coworking spaces, by design, optimize for openness.

Physical security challenges unique to coworking environments:

• 24/7 access with minimal staffing: Many coworking spaces are open around the clock with no staff present after business hours, creating extended windows for unauthorized entry
• Multiple unmonitored entry points: Main doors, side entrances, emergency exits, loading docks, and shared building lobbies
• Shared PINs and keycodes: When everyone uses the same 4-digit PIN to enter the building, that PIN is effectively public information
• Transient membership: Day-pass users, trial members, and guests cycle through daily with minimal identity verification
• Glass-walled offices: The open, modern aesthetic of coworking spaces — all that glass and natural light — means screens, documents, and conversations are visible and audible to anyone in the space
• Shared printers and displays: Conference room smart TVs, shared printers, and presentation systems store data and connect to networks that dozens of companies also use

A malicious actor doesn't need to tailgate past biometric scanners at a coworking space. They need a credit card and an email address to buy a day pass. Once inside, they're on the network, in the physical space, and sitting three feet from employees of companies they may be targeting.

48% of coworking members cite lack of privacy as a top concern. They're right to worry.

From Physical Access to Full Compromise

Physical social engineering isn't just about stealing laptops. Once an attacker gains physical access to a corporate or shared office environment, the exploitation chain accelerates:

1. Device theft and tampering: Unattended laptops, phones, and USB drives are trivially accessible. An attacker can install a hardware keylogger, plant a rogue USB device, or simply walk out with a machine.
2. Network device access: Physical proximity to network infrastructure — switches, access points, patch panels — allows an attacker to plug in a rogue device, tap network cables, or reconfigure equipment.
3. Credential harvesting: Shoulder surfing (watching someone type passwords), photographing whiteboards with credentials or architecture diagrams, or eavesdropping on phone calls with authentication codes.
4. IoT device exploitation: Physical access to IoT devices like IP cameras, badge readers, or smart displays allows firmware extraction, credential recovery from device memory, or replacement with compromised hardware.
5. Social engineering escalation: Once inside, an attacker has the social proof of physical presence. "I'm from IT" or "I'm the new contractor" becomes far more believable when you're standing in the office wearing a lanyard.

Part 4: The Insider Threat Convergence

The $17.4 Million Annual Problem

Insider threats represent the intersection where IoT vulnerabilities, physical access failures, and human factors converge into a single, devastating risk category.

Current insider threat statistics paint an alarming picture:

• $17.4 million: Average annual cost of insider-led cyber incidents per organization in 2025, up from $16.2 million in 2023 (Ponemon Institute 2025)
• $4.92 million: Average cost of a breach caused by a malicious insider — the highest of any initial attack vector for the second consecutive year (IBM 2025)
• $4.67 million: Average cost of breaches caused by compromised credentials (IBM 2025)
• $2.7 million: Average total breach damages from insider threats over a two-year period (Ponemon Institute 2025)
• 45% of all data breaches stem from insider threats — employees and contractors (Ponemon 2025)
• 81 days: Average time to detect and contain an insider threat incident (Ponemon 2025)
• 260 days: Average time to resolve a malicious insider breach — the second longest of any attack vector (IBM 2025)
• 60% of organizations cannot detect insider threats within a week of occurrence
• 55% of insider incidents result from employee negligence
• 25% of insider incidents are caused by criminal or malicious insiders
• 89% of malicious insider breaches are financially motivated

The scale is staggering. Organizations are experiencing an average of 13.5 negligent insider incidents per year, along with approximately 6.3 malicious insider events. In total, 57% of companies experience between 21 and 40+ insider incidents annually.

IoT as the Insider's Enabler

The convergence of IoT sprawl and insider threat is particularly dangerous because IoT devices provide insiders — or anyone who gains physical access — with attack vectors that bypass traditional IT security controls entirely.

According to Ponemon Institute research, cloud and IoT devices have become primary channels for insider-driven data loss, with 59% and 56% of incidents occurring through these vectors respectively. When an insider can exfiltrate data through an unmonitored IoT device, the organization's investment in DLP, email filtering, and endpoint protection becomes irrelevant.

Key IoT-insider convergence risks:

• Shadow IoT: Employees connecting personal IoT devices to corporate networks without authorization — one of the fastest-growing enterprise risks
• Shadow AI: Employees using unauthorized AI tools connected to corporate data; breaches involving shadow AI cost an average of $670,000 more than other breaches (IBM 2025)
• Compromised IoT as lateral movement: An unpatched smart TV or conference room display can serve as a pivot point into segmented network zones
• Physical IoT manipulation: Badge cloning, camera blinding, and sensor tampering by insiders who understand the building's systems
• Data exfiltration via IoT channels: Smart printers, IoT-connected displays, and building systems that connect to external networks can serve as covert data exfiltration paths

Third-Party and Supply Chain Amplification

The insider threat doesn't stop at your employees. Third-party vendors, contractors, cleaning crews, delivery personnel, and coworking neighbors all represent potential insider-adjacent threats.

• At least 36% of all data breaches originated from third-party compromises in 2024, up 6.5% year-over-year
• 30% of breaches in 2025 were linked to supply-chain or third-party failures — double the previous year
• Mandiant observed that 5% of initial infection vectors in 2024 were due to insider threats, driven largely by North Korean IT workers posing as legitimate job applicants

In a coworking or shared office environment, the concept of "third party" becomes meaningless. Everyone is a third party. The startup two desks over, the freelancer who bought a day pass, the cleaning crew that comes in after hours — they all have some level of physical access, and in most shared spaces, they're all on the same network.

Part 5: Attack Scenarios — Where It All Comes Together

Scenario 1: The Coworking Pivot

An attacker purchases a $30 day pass to a coworking space where a target company has a team of 15 employees. The coworking space uses WPA2-PSK with a single shared password posted on the wall. The attacker:

1. Connects to the WiFi and runs a passive network scan, identifying all connected devices including the target company's laptops and any IoT devices (smart TV in the conference room, shared printer, VoIP phones)
2. Identifies an unpatched IoT printer on the network and exploits a known vulnerability to establish a persistent foothold
3. Uses the compromised printer as a pivot point to intercept print jobs containing sensitive documents
4. Captures credentials from unencrypted traffic between employee devices and cloud services
5. Walks out after 8 hours with enough access to conduct a full-scale intrusion remotely

Total cost to the attacker: $30 and a day of patience.

Scenario 2: The Smart Building Lateral Move

An attacker gains physical access to a corporate office lobby — either through tailgating, a social engineering pretext (delivery driver, HVAC technician), or by exploiting a propped-open door. Once inside:

1. Locates an IoT occupancy sensor or environmental monitor on the corporate network — these devices are rarely segmented and often use default credentials
2. Compromises the IoT device and uses it to scan the internal network, identifying the building management system
3. Accesses the BMS, which controls HVAC, lighting, access control, and surveillance — three-quarters of which contain known exploitable vulnerabilities
4. Disables or loops specific camera feeds, unlocks doors to restricted areas, and accesses the server room
5. Plants persistent access hardware (rogue access point, cellular implant) for long-term remote access

The attacker never touched a firewall, bypassed an EDR agent, or triggered a SIEM alert. The entire attack chain ran through the IoT/OT layer that most security teams don't monitor.

Scenario 3: The Insider-IoT Exfiltration

A disgruntled employee at a financial services firm decides to steal proprietary trading algorithms before departing for a competitor. The company has robust DLP on endpoints, email filtering, and USB port restrictions. The employee:

1. Identifies an IoT-connected smart display in a conference room that connects to an external content delivery network for firmware updates
2. Transfers the target data to the smart display's local storage through an internal file share that the display uses for presentation content
3. Exploits the display's external connectivity to exfiltrate the data during a firmware update window, blending the exfiltration traffic with legitimate device communications
4. The DLP system, endpoint monitoring, and email filters see nothing — the data never touched a monitored channel

Average time to detect this type of insider threat: 260 days. By then, the algorithms are in production at a competitor.

Part 6: What Needs to Change

For CISOs and Security Leaders

Network Architecture:

• Implement true microsegmentation that isolates IoT devices from corporate IT systems — not just a separate VLAN, but actual zero-trust network policies that restrict IoT device communications to only the specific endpoints they need
• Deploy Network Access Control (NAC) that discovers and profiles every connected device, including IoT, and enforces policies based on device type, posture, and behavior
• Conduct regular WiFi signal analysis to understand where your network is detectable beyond your physical perimeter, and implement signal attenuation or directional antennas where leakage creates risk

IoT Device Management:

• Build and maintain a comprehensive IoT inventory — you cannot secure what you don't know exists
• Establish firmware patching cadences for all IoT devices, with SLAs that match the criticality of the systems they connect to
• Replace IoT devices that don't support encryption, don't receive firmware updates, or use hardcoded credentials — they are active liabilities, not assets
• Monitor IoT device traffic for anomalous communications patterns, especially outbound connections to unfamiliar endpoints

Physical Security Integration:

• Converge physical security and cybersecurity under a single governance framework — these are not separate disciplines when an IoT badge reader and a cloud-based access control platform are the same system
• Conduct regular physical penetration testing, including tailgating attempts, badge cloning tests, and social engineering exercises
• Implement anti-tailgating technology at critical entry points — turnstiles, mantraps, or at minimum, door sensors that alert when multiple entries occur on a single badge swipe
• Enforce "no tailgating" policies with regular security awareness training that makes employees comfortable challenging unknown individuals

For Organizations Using Coworking Spaces

Before signing a lease or membership:

• Audit the coworking operator's network architecture — demand VLAN segmentation, WPA2-Enterprise, and dedicated bandwidth for your team
• Verify physical access control mechanisms — keycard access with individual credentials, security cameras, and visitor management processes
• Require contractual security SLAs covering network monitoring, incident response, and breach notification
• Assess the building's broader IoT infrastructure — who manages the cameras, access control, and building systems, and what security standards do they follow?

Operational practices:

• Require all employees to use company VPN for all traffic, regardless of network trust level
• Provide employees with privacy screens, cable locks, and encrypted portable storage
• Establish clear policies for secure printing, conference room usage, and unattended device procedures
• Treat the coworking WiFi as a hostile network — because it is one

For Policymakers and Standards Bodies

• Extend IoT security certification requirements (such as the UK's PSTI Act and the EU's Radio Equipment Directive) to commercial building systems, not just consumer devices
• Require coworking operators to meet minimum cybersecurity standards as a condition of commercial licensing, similar to health and safety requirements
• Mandate physical security standards for shared office environments that include access control, visitor management, and network segmentation requirements
• Develop industry frameworks for smart building security that address the convergence of IoT, physical access, and insider threat — current standards treat these as separate domains

For Cybersecurity Researchers

• Investigate the actual prevalence of WiFi signal leakage beyond commercial building perimeters and quantify the exploitable attack surface
• Study the insider threat multiplier effect in coworking and shared office environments versus traditional corporate offices
• Develop threat models that account for the IoT-physical-insider convergence attack chain
• Quantify the risk differential between corporate offices and coworking spaces using real-world incident data

Conclusion: The Building Is the Attack Surface

The smart office was sold as the future of work — more efficient, more comfortable, more connected. And it is all of those things. But every sensor, every badge reader, every smart thermostat, and every WiFi access point is also a potential entry point for an attacker who has figured out what most security teams haven't: the building itself is the attack surface.

When 32.5% of your network devices are invisible to IT, when 57% of your IoT devices have known vulnerabilities, when your WiFi bleeds 300 feet past your front door, and when anyone can buy a day pass to your coworking space for $30 — your perimeter isn't your firewall. It's the physical walls of the building you're sitting in. And those walls aren't keeping anyone out.

The convergence of IoT proliferation, the coworking explosion, and the ancient art of physical social engineering has created a threat landscape where a $30 day pass and a confident smile can be more effective than a million-dollar exploit kit. Until security teams start treating physical access, IoT management, and insider threat as a single, integrated risk domain, the smart office will remain the easiest way into the enterprise.

The door is open. In 48% of organizations, literally.

Sources and Methodology

IoT and Smart Office Statistics:

• Palo Alto Networks, 2025 Device Security Threat Report (27M devices, 1,803 enterprise networks analyzed)
• Forescout, Riskiest Connected Devices of 2025
• Claroty, Smart Building Management Systems Analysis 2025
• IoT Analytics, Global IoT Device Count Projections 2025
• Grand View Research, Smart Office Market Report 2025–2030
• IMARC Group, Smart Office Market Size and Forecast 2025–2033
• AVIXA, IoT Security Solutions in Smart Office Environments

Coworking Market Data:

• CoworkingCafe, U.S. Coworking Industry Report Q4 2025
• Allwork.Space, Coworking Statistics and Key Trends 2026
• Mordor Intelligence, North America Coworking Spaces Market 2025–2030
• Grand View Research, Coworking Spaces Market Report
• Deskmag, Global Coworking Survey 2025
• Commercial Property Executive, Top 10 Metros for Coworking Space

Social Engineering and Physical Security:

• Boon Edam / Ponemon Institute, Physical Security Breach Survey
• IBM, Cost of a Data Breach Report 2025
• Verizon, 2025 Data Breach Investigations Report
• Acre Security, Access Control Trends 2026
• MetaCompliance, Tailgating as a Cyber Threat
• MWGroup, Physical Security Breaches Analysis

Insider Threat Data:

• Ponemon Institute, 2025 Cost of Insider Risks Global Report (8,306 interviews)
• IBM X-Force, 2025 Action Guide
• Cybersecurity Insiders, 2024 Insider Threat Report
• Secureframe, Social Engineering Statistics 2026
• DTEX Systems, 2025 Cost of Insider Risks Analysis
• Kiteworks / Ponemon Institute, State of File Security 2025

WiFi and Network Security:

• SecureW2, Coworking Wi-Fi Security Best Practices
• DNSFilter, Cybersecurity in Shared Coworking Offices
• KirkpatrickPrice, Information Security Concerns for Shared Working Spaces
• isofy, Coworking Space Wi-Fi Security Strategies

This article is part of the SecureIoT.house editorial series examining the intersection of physical infrastructure, IoT deployment, and enterprise cybersecurity risk. For the companion piece examining residential doorbell camera surveillance and law enforcement partnerships, see "The Porch Panopticon" on secureiot.house.

Andrew is a cybersecurity consultant and Managing Member of QSai LLC, operating the CISO Marketplace ecosystem. With 15+ years of experience and 400+ security assessments across healthcare, energy, and Fortune 100 companies, he specializes in offensive security, vCISO consulting, and IoT risk analysis. Connect on LinkedIn or visit cisomarketplace.com.