The Internet of Things (IoT) security landscape is concerning, with 1.51 billion devices breached in the first six months of 2021 and an estimated 29 billion devices expected by 2030. Consumers and device builders are becoming increasingly aware of the importance of device security, but it often becomes an afterthought in product development. Security should be considered a foundational component from the start, built into the system architecture. Threat models need to be established to protect against accidental misuse, bad actors, and state-sponsored hacking. Rules and regulations can provide guidance, such as avoiding weak authentication and following standards like ISO 27001. A secure device implementation requires hardware-based root-of-trust, defense in depth, compartmentalization, certificate-based authentication, renewable security, and failure reporting. Secure boot and factory provisioning are also crucial to control and manage the code running on the device. The cost and risk of insecure devices must be weighed against the importance of a secure implementation, with decisions made early on to prioritize security over other considerations.