On the Internet of Things, Failure is a Virtue

Fail fast, fail often applies to securing the IoT just as much as to IoT product development, argues Cisco's Marc Blackmer.
Fail fast, fail often applies to securing the IoT just as much as to IoT product development, argues Cisco’s Marc Blackmer.

In-brief: Cisco’s Marc Blackmer argues that fail fast, fail often is as relevant to securing the IoT as it is to developing new IoT products. 

What I love about the Internet of Things (IoT) is its disruptive nature. The IoT will help to further democratize technology. And as connectivity and technology become more accessible they will facilitate creativity and innovation.

Marc Blackmer, Cisco Systems
Marc Blackmer is a Product Marketing Manager for Industry Solutions at Cisco Systems and the founder of 1NETRRUPT, a high school cyber defense competition.


Just today, I was in touch with a high school student who is co-founder of a start-up with a brilliant idea for a Raspberry Pi-based online gaming platform. Based on a $35 computer, an Internet connection, crowd-sourced funding, and a boatload of talent, these guys are going for it.

This, my friends, is what gets me so excited about the IoT. We are at a point where economics is a vanishingly small barrier to entry and talent, creativity, and motivation are the currencies of the realm. I guarantee stories such as the one above will play themselves out by the thousands around the world.

[Read more examples of Marc’s security thought leadership here.]


How many of these efforts will be successful? Very few. But that’s not important. Why not? Because failure is an inseparable component of innovation, and it needs to be valued as such. You may remember my previous post about the startup scene in Spain. One of the shifts that I witnessed there and in other European countries is the removal of the stigma associated with failure. This shift is a key to fostering innovation and entrepreneurship. By accepting failure as a natural part of innovation, those who are willing to take the risks are free to learn from their mistakes and try again, rather than give up after the first try.

[Read more thought leadership on Security Ledger here.]


I can tell you from personal experience that work environments where I’ve been encouraged to push the boundaries and where failure was seen as an opportunity to learn have been where I have been the most productive. They have also been the most personally rewarding. Conversely, organizations that punish failure inhibit innovation and doom themselves to mediocrity – or worse.

Of course, there are limits to the maxim of “fail fast, fail often.” As the joke goes: “If at first you don’t succeed, so much for skydiving.” In other words, accepting failure should never be an excuse for being reckless or shirking responsibility for the consequences of your actions. You’ll never learn from your mistakes if you don’t take ownership of them. And, in the context of start-ups, your actions may directly affect others’ financial well-being. In those instances, you have a moral duty to do your best for your people. So: be bold, but have a plan.

I can hear you asking, “What about failing when it comes to cybersecurity?” True: failure in the context of information and data security can’t be good. Defenders must be right every time and the bad guys only need to be right once.  But if we want to make the IoT a safer place, failure needs to be accepted as a way to learn and improve -and that’s true with security, also. By irrationally holding on to outdated or ill-conceived concepts we are setting ourselves up for failure. Instead, we should be constantly challenging ourselves to find the weak spots and new avenues of attack before the bad guys do.

So what about my young friend and his co-founders? Will they fail? I can’t say with any certainty. I have no doubt that, with his talents, maturity, and motivation, if this venture fails, it will serve as a foundational lesson on which he’ll build future success. Those who can use failure as a tool to learn and improve are the ones who will have the biggest impact on shaping the IoT, and I can’t wait to see what they do.

One Comment

  1. “Fail fast, fail often” is a well know algorithm for learning (to the extent that the failure is not inconsistent with survival — you don’t let 2-year-olds fail fast with a box of matches).

    Having said that, let’s start from something more advanced than ground zero. We already know a couple of key failures, so let’s start from a baseline of not relearning those. I’d start with a minimum for every IoT device that has at least the following attributes:
    1. immutable ID
    2. secure boot
    3. whitelisting

    This is only the first step of the three step approach to IoT cybersecurity, but the bare minimum. The three guiding principles should be:
    1. Harden the Device
    2. Secure the Comms
    3. Monitor and Manage

    Finally, there are IoT applications that will have Safety implications (and they may not be obvious at first glance). For these you need to not only fail fast and often, but also safely.