Fundamentals
1. Use your brain
2. C-Suite, don't save money by sacrificing security
3. Developers, you are not security experts, you only know how to call API's to make security (e.g., PKI) work, so listen to your security experts.
4. Security team is on your side so, C-suite and engineering managers pay attention to what your security team telling you
5. Don't use proprietary OS, pick an OS with widespread adoption and solid community support.
6. Listen to your cloud service providers and don't think you can make anything cheaper, better and secappure than the CSP's
7. Use certified container distributions, since most IoT applications use Container technology and micro services
8. Secure all ingress and egress internet interfaces
9. Secure all internal virtual network network interfa. Everces
10. Use cryptography extensively
11. Own and manage all your cryptographic key management ioperations and do not give to you third party. Every CASB has limitations and may provide you with false sense of security.
12. Automate infrastructure and security deployments and verify all security controls are verified and cetified by your security teams.