Discover / The Internet of Things (IoT) / Reading path

Build with IoT: connected devices, explained

@codesherpaBeginner → Expert
10
Books
61
Hours
4
Stages
Not yet rated

This curriculum takes a beginner from zero IoT knowledge to confident builder and security-aware practitioner across four tightly sequenced stages. Each stage builds on the last: first establishing electronics and embedded fundamentals, then connecting devices to the cloud, then architecting real IoT systems at scale, and finally confronting the security challenges that make or break real-world deployments.

1

Foundations: Electronics & Embedded Thinking

Beginner

Understand how microcontrollers work, how to wire up sensors and actuators, and how to write basic embedded code — the physical building blocks of every IoT device.

Study plan for this stage

Pace: 10–12 weeks total, roughly 20–25 pages/day across 5 days a week. Spend ~2–3 weeks on "Getting Started with Arduino" (it's short and project-driven — read it cover to cover, then immediately replicate every circuit), ~4 weeks on "Programming Arduino" (denser code content — read one chapter, then code

Key concepts
  • Microcontroller architecture: how the Arduino's CPU, flash memory, SRAM, and I/O pins work together as a self-contained computer (Banzi, Ch. 1–2)
  • The Arduino programming model: setup() vs. loop(), digital vs. analog I/O, and the role of the IDE and bootloader (Banzi, Ch. 3; Monk, Ch. 1–2)
  • Digital and analog signals: digitalWrite/digitalRead for binary states, analogWrite (PWM) and analogRead for continuous values, and why the distinction matters for sensors and actuators (Monk, Ch. 3–4)
  • Fundamental electronic components: resistors, capacitors, transistors, diodes, and LEDs — their behavior, how to read datasheets, and how to calculate values (Platt, throughout)
  • Sensors and actuators: connecting input devices (buttons, potentiometers, temperature sensors) and output devices (LEDs, motors, buzzers) to a microcontroller and reading/driving them in code (Banzi, Ch. 4–5; Monk, Ch. 5–6)
  • Serial communication basics: using Serial.print() for debugging, and the concept of UART as a foundation for device-to-device communication (Monk, Ch. 2)
  • Breadboard prototyping and circuit safety: reading wiring diagrams, avoiding short circuits, current-limiting resistors, and systematic debugging of hardware faults (Banzi, Ch. 2; Platt, throughout)
  • Libraries and code organization: importing and using Arduino libraries, breaking sketches into functions, and understanding why modular code is essential as projects grow (Monk, Ch. 7–8)
You should be able to answer
  • After reading Banzi's 'Getting Started with Arduino', can you explain in plain language what a microcontroller is, how it differs from a general-purpose computer, and why that difference makes it suitable for IoT devices?
  • Given a new sensor (e.g., a photoresistor), can you use the principles from Monk's 'Programming Arduino' to wire it up, choose the correct resistor value, and write a sketch that prints calibrated readings to the Serial Monitor?
  • From Platt's 'Make More Electronics', can you explain what a transistor does, why you would use one to drive a motor from an Arduino pin, and how to calculate the base resistor value?
  • Can you trace the full data path of a button press — from physical contact, through the circuit, into a digitalRead() call, through an if-statement, and out to an LED — citing the relevant chapters from Banzi and Monk?
  • What is PWM, how does analogWrite() implement it on the Arduino, and what kinds of actuators can it control? (Monk, Ch. 4)
  • How would you systematically debug a circuit that isn't behaving as expected, drawing on the troubleshooting strategies described across all three books?
Practice
  • Blink-and-beyond ladder (Banzi): Start with the classic LED blink sketch, then progressively modify it — change the timing with a potentiometer (analogRead), add a second LED with independent timing, and finally add a button that pauses/resumes blinking. Each modification must be wired on a breadboard before changing the code.
  • Sensor dashboard (Monk, Ch. 3–6): Wire up at least three different sensors (e.g., a temperature sensor, a photoresistor, and a pushbutton) simultaneously. Write a single sketch that reads all three every 500 ms and prints a formatted table to the Serial Monitor. Practice using Serial.print() for debugging intermediate values.
  • Motor control with a transistor (Platt + Monk): Using the transistor theory from Platt and PWM from Monk, build a circuit that drives a small DC motor at variable speed controlled by a potentiometer. Calculate the base resistor on paper first, then verify on the bench.
  • Component scavenger hunt (Platt): Before each chapter in 'Make More Electronics', pull the featured components from a starter kit, measure their values with a multimeter, and record results in a lab notebook. After the chapter, re-examine each component and annotate your notes with what you now understand about its behavior.
  • Mini-project — smart nightlight: Combine all three books into one integrating project. Use a photoresistor (analog input) to detect ambient light, a transistor-driven LED array as the output, a threshold set by a potentiometer, and Serial output for debugging. Write the code in modular functions as described in Monk Ch. 7–8.
  • Code-reading drill (Monk): Pick any five sketches from 'Programming Arduino' that you did NOT write yourself. For each one, read the code first (no running it), write a plain-English description of what it does, predict the output, then run it and compare. Document every surprise in a log.

Next up: Mastering how a single microcontroller reads sensors and drives actuators on a bench creates the essential mental model for the next stage, where those same devices must communicate over networks — turning isolated embedded nodes into a connected IoT system.

Getting Started with Arduino
Massimo Banzi · 2008 · 118 pp

Written by Arduino's co-creator, this slim book demystifies microcontrollers and gives hands-on confidence with hardware and code from page one — the perfect on-ramp before anything else.

Programming Arduino
Simon Monk · 2016 · 200 pp

Bridges the gap between blinking LEDs and real programs; covers sensors, shields, and communication protocols (I2C, SPI, serial) that every IoT device relies on.

Make More Electronics
Charles Platt · 2014

Builds genuine electronics intuition — voltage, current, resistors, transistors — so you understand WHY circuits behave as they do, not just how to copy a wiring diagram.

2

Connecting Things: Networking & the Cloud

Beginner

Learn how devices communicate over Wi-Fi, MQTT, and HTTP; send sensor data to the cloud; and use platforms like AWS IoT or similar to store and act on that data.

Study plan for this stage

Pace: 6–8 weeks total: Weeks 1–3 cover "Getting Started with the Internet of Things" by Pfister (~20–25 pages/day, including hands-on tinkering time); Weeks 4–7 cover "Building Wireless Sensor Networks" by Faludi (~20 pages/day with lab sessions); Week 8 is a consolidation week for review, project work, a

Key concepts
  • Device-to-cloud communication fundamentals: how a microcontroller sends data over Wi-Fi using HTTP REST calls, as introduced in Pfister's Cosm/cloud examples
  • The publish/subscribe messaging model: understanding topics, brokers, publishers, and subscribers as the backbone of lightweight IoT messaging (MQTT concepts reinforced across both books)
  • Sensor data pipelines: reading a physical sensor value, formatting it (e.g., as JSON or a simple string), and transmitting it reliably to a remote endpoint — the end-to-end flow Pfister walks through step by step
  • ZigBee and mesh networking: how Faludi's XBee radios form self-healing mesh networks, contrasting with single-hop Wi-Fi to show when each topology is appropriate
  • Addressing and network topology: PAN IDs, coordinator vs. router vs. end-device roles, and how packets are routed in a ZigBee mesh as detailed in Faludi
  • Cloud platform roles: data ingestion, storage, rules/triggers, and dashboards — mapped onto real services (Pfister uses Cosm/Xively as the teaching example; readers should generalize the pattern to modern equivalents like AWS IoT Core)
  • Power and bandwidth trade-offs: duty cycling, sleep modes, and low-data-rate design decisions that Faludi emphasizes for battery-operated wireless nodes
  • Security basics at the network edge: API keys, device authentication tokens, and why open endpoints are dangerous — introduced in Pfister and extended by Faludi's discussion of network isolation
You should be able to answer
  • After working through Pfister's examples, can you trace the complete journey of a single sensor reading — from the physical pin on the microcontroller, through Wi-Fi, over HTTP, and into a cloud data stream — identifying every transformation the data undergoes?
  • Pfister structures his cloud interaction around a RESTful API. What HTTP verbs does he use, what does each one do to the data stream, and how would you adapt this pattern to a modern platform like AWS IoT Core or ThingSpeak?
  • Faludi introduces three XBee network roles: coordinator, router, and end device. What is the specific responsibility of each, and what happens to the network if the coordinator goes offline?
  • Using Faludi's coverage of ZigBee mesh networking, explain how a message from an end device in one corner of a building reaches a coordinator in another — what makes this routing 'self-healing'?
  • Both Pfister and Faludi deal with the challenge of unreliable connectivity. What strategies do each author recommend for handling dropped packets or lost connections, and how do those strategies differ given their respective hardware contexts?
  • Faludi dedicates significant attention to power consumption. What hardware and software techniques does he describe for extending battery life on a wireless sensor node, and what trade-offs do those techniques introduce for data freshness?
Practice
  • **Pfister end-to-end pipeline lab:** Wire up a temperature or light sensor to a Wi-Fi-capable board (e.g., Arduino + Wi-Fi shield, or an ESP8266), replicate Pfister's HTTP data-upload sketch, then swap the endpoint from his Cosm example to a free modern alternative (ThingSpeak or a local MQTT broker) — document every change you had to make and why.
  • **MQTT broker exploration:** Install Mosquitto locally, then write two small scripts (one publisher, one subscriber) that mirror the publish/subscribe pattern described in the books. Send simulated sensor readings every 5 seconds and log them to a file; then intentionally kill the publisher and observe broker behavior.
  • **Faludi mesh mapping exercise:** Using Faludi's coordinator/router/end-device framework, draw a scaled floor-plan of your home or workspace and design a hypothetical ZigBee sensor network for it — label each node's role, justify placement decisions, and identify single points of failure.
  • **XBee AT-command walkthrough:** Following Faludi's XCTU and AT-command chapters, configure two XBee modules (or use an XBee simulator) to join the same PAN, send a text string from one to the other, then change the PAN ID and confirm communication breaks — this concretely demonstrates addressing.
  • **Cloud rules & alerting mini-project:** Using any free IoT cloud tier (AWS IoT Core free tier, Adafruit IO, or ThingSpeak), create a data stream fed by your sensor, then configure a rule or trigger that sends an email or webhook when a threshold is crossed — map each platform concept (thing, certificate, rule, action) back to the vocabulary Pfister uses.
  • **Comparative write-up:** Write a one-page technical memo comparing Wi-Fi + HTTP (Pfister's primary approach) with ZigBee mesh + a gateway (Faludi's approach) across four dimensions: range, power consumption, cost, and complexity. Conclude with a recommendation for a specific scenario of your choosing (e.g., a 20-node warehouse monitoring system).

Next up: By mastering how individual devices communicate and push data to the cloud, the reader has the raw data flowing reliably — the natural next step is learning how to process, analyze, and act on that data at scale, which leads directly into IoT data analytics, edge computing, and building smarter applications on top of the connected infrastructure established here.

Getting started with the Internet of Things
Cuno Pfister · 2011 · 194 pp

One of the clearest beginner-level books on moving data from a microcontroller to the internet; introduces MQTT and cloud endpoints in a hands-on, project-driven way.

Building Wireless Sensor Networks
Robert Faludi · 2010 · 322 pp

Focuses on real wireless protocols (ZigBee/XBee) and mesh networking — essential vocabulary for understanding how IoT devices talk to each other and to gateways.

3

Systems Thinking: Architecting IoT at Scale

Intermediate

Design end-to-end IoT systems — edge devices, gateways, data pipelines, and cloud back-ends — and understand the engineering trade-offs involved in production deployments.

Study plan for this stage

Pace: 10–12 weeks total, reading ~25–35 pages/day. Week 1–3: "Designing The Internet Of Things" (McEwen) — focus on prototyping philosophy and hardware/software co-design. Week 4–7: "Building the Internet of Things" (Kranz) — focus on enterprise architecture, business integration, and scaling strategies.

Key concepts
  • End-to-end IoT architecture: edge devices → gateways → data pipelines → cloud back-ends, as framed by McEwen's layered design model
  • Hardware/software co-design trade-offs: McEwen's treatment of constrained devices, connectivity choices (Wi-Fi, BLE, Zigbee, LoRa), and iterative prototyping
  • Enterprise IoT integration patterns from Kranz: connecting OT (operational technology) with IT systems, ERP/CRM hooks, and organizational change management
  • Scalability and operational concerns from Kranz: fleet management, OTA firmware updates, device lifecycle, and data pipeline throughput at scale
  • IoT threat landscape and attack surfaces: Russell's taxonomy of physical, network, application, and data-layer threats specific to constrained devices
  • Secure-by-design principles from Russell: mutual TLS, certificate management, secure boot, code signing, and least-privilege firmware
  • Privacy and compliance considerations: Russell's coverage of data minimization, GDPR-relevant patterns, and regulatory frameworks for connected products
  • Engineering trade-offs in production: balancing latency vs. bandwidth, local vs. cloud processing (edge intelligence), cost vs. redundancy, and security vs. usability
You should be able to answer
  • Given a new IoT product brief, how would you apply McEwen's design process to select appropriate connectivity protocols, hardware platforms, and cloud integration points — and what trade-offs does each choice entail?
  • Using Kranz's enterprise integration framework, how would you architect an IoT deployment that bridges legacy OT infrastructure with modern cloud data pipelines, and what organizational hurdles must be addressed alongside the technical ones?
  • What does a production-grade device lifecycle look like — from provisioning and onboarding through OTA updates to decommissioning — drawing on both Kranz's operational guidance and Russell's security requirements?
  • Using Russell's threat modeling methodology, how would you identify and prioritize the top five attack surfaces in a smart-building IoT deployment, and what specific countermeasures (protocol, firmware, and network) would you apply to each?
  • How do you decide what computation belongs at the edge versus the gateway versus the cloud? What factors — latency, bandwidth cost, data sensitivity, and device capability — drive that boundary, as discussed across all three books?
  • How do the security controls described by Russell (secure boot, mTLS, certificate rotation) interact with the scalability and fleet-management concerns raised by Kranz, and where do genuine tensions between security and operational agility arise?
Practice
  • Architecture Blueprint: Choose a real-world IoT scenario (e.g., smart agriculture, industrial predictive maintenance, or connected healthcare). Draw a full end-to-end architecture diagram — devices, gateways, message broker, data pipeline, cloud back-end, and dashboards — explicitly labeling every design decision with the trade-off it resolves (McEwen + Kranz).
  • Protocol Shoot-Out: Build two minimal prototypes of the same sensor node (e.g., a temperature reporter) — one using MQTT over Wi-Fi and one using CoAP over a constrained network simulation. Measure and compare latency, payload size, power draw, and reconnection behavior. Document which scenario each protocol wins and why.
  • Threat Model Workshop: Using Russell's STRIDE-based approach from 'Practical Internet of Things Security,' produce a formal threat model for your architecture blueprint. Identify at least 8 threats, rate each by likelihood and impact, and specify a concrete mitigation (e.g., certificate pinning, network segmentation, signed firmware) for every HIGH-rated threat.
  • OTA Update Pipeline: Implement a minimal but secure OTA firmware update flow for a microcontroller (e.g., ESP32 or Raspberry Pi). Include code signing verification on the device side and a rollback mechanism. Trace how this satisfies both Kranz's fleet-management requirements and Russell's firmware integrity controls.
  • Data Pipeline Stress Test: Stand up a local pipeline (e.g., Mosquitto → Node-RED or Apache Kafka → InfluxDB → Grafana) and simulate 500 concurrent device publishers. Identify the bottleneck, apply one architectural change (e.g., partitioning, batching, or edge aggregation), and measure the throughput improvement — connecting findings to Kranz's scalability discussion.
  • Trade-Off Decision Log: As you read all three books, maintain a running 'Decision Log' — a table with columns: Decision, Options Considered, Chosen Approach, Book/Chapter Reference, and Rationale. Aim for at least 20 entries by the end of the stage. This artifact becomes your personal IoT architecture playbook.

Next up: ">Mastering end-to-end system design and security hardening at this stage equips the reader with the architectural vocabulary and threat-awareness needed to tackle the next stage's deeper specializations — whether that is advanced edge AI, large-scale data analytics, or industry-vertical deployments — because every advanced IoT topic assumes a solid, secure, scalable system foundation to build upo

Designing The Internet Of Things
Adrian McEwen · 2012 · 336 pp

Zooms out from individual devices to full product thinking: hardware, software, connectivity, and business model together — the right mindset shift after mastering the basics.

Building the Internet of things
Maciej Kranz · 2017 · 260 pp

Covers enterprise-scale IoT architecture, data flows, and integration patterns, giving the intermediate learner a map of how large real-world deployments are actually structured.

Practical Internet of Things Security
Brian Russell · 2016 · 382 pp

Introduces security architecture at the system level — a bridge book that frames security as a design concern before the dedicated security stage that follows.

4

Security: Protecting What You Build

Expert

Deeply understand the attack surface of IoT systems — firmware, protocols, cloud APIs, and physical hardware — and apply concrete defenses at every layer.

Study plan for this stage

Pace: 8–10 weeks total: Weeks 1–6 cover "The IoT Hacker's Handbook" (~25–30 pages/day, including lab time for each chapter's practical exercises); Weeks 7–10 cover "Hacking Connected Cars" (~20–25 pages/day, with deeper focus on protocol analysis and threat modeling sessions). Reserve 1–2 days between boo

Key concepts
  • IoT attack surface mapping: firmware, hardware interfaces (UART, JTAG, SPI, I2C), RF protocols, mobile/cloud APIs — as catalogued in The IoT Hacker's Handbook
  • Firmware extraction and analysis: obtaining firmware via physical dumping, update interception, and filesystem unpacking (binwalk, Firmwalker) from Gupta's methodology
  • Exploitation of embedded systems: buffer overflows on constrained devices, hardcoded credentials, insecure bootloaders, and debug port abuse covered in The IoT Hacker's Handbook
  • Protocol-layer attacks: sniffing and fuzzing MQTT, CoAP, Zigbee, Z-Wave, and BLE as demonstrated across both books
  • Automotive-specific threat modeling: the CAN bus architecture, OBD-II attack vectors, telematics unit vulnerabilities, and V2X exposure detailed in Hacking Connected Cars
  • API and cloud backend security: broken authentication, insecure direct object references, and over-privileged device tokens — addressed in both books' cloud/backend chapters
  • Hardware hacking fundamentals: using logic analyzers, oscilloscopes, and bus pirate-style tools to intercept and replay signals, as shown in The IoT Hacker's Handbook
  • Defense-in-depth for IoT: secure boot, code signing, certificate pinning, network segmentation, and OTA update integrity — countermeasures discussed in both books
You should be able to answer
  • Given an unknown IoT device, what is the systematic reconnaissance and attack-surface enumeration process described in The IoT Hacker's Handbook, and which physical interfaces would you probe first and why?
  • How does Gupta's firmware extraction workflow differ between a device that exposes a UART shell and one that requires direct NAND/NOR flash dumping, and what tools are used at each step?
  • What makes the CAN bus inherently insecure according to Hacking Connected Cars, and how does Knight demonstrate that a compromised telematics unit can pivot to safety-critical vehicle systems?
  • How do the cloud/API attack techniques in both books (e.g., insecure device authentication, token reuse) compound physical hardware vulnerabilities to create end-to-end compromise chains?
  • What concrete mitigations — spanning secure boot, signed firmware, and mutual TLS — do both authors recommend, and at which layer of the stack does each control apply?
  • How does the threat modeling approach in Hacking Connected Cars (applied to automotive ECUs and V2X) generalize to other safety-critical IoT verticals such as industrial control systems or medical devices?
Practice
  • Hardware lab (Handbook-driven): Acquire a cheap consumer IoT device (IP camera, smart plug, or router). Use binwalk to extract its firmware, mount the filesystem, and search for hardcoded credentials, insecure services, and outdated library versions — replicating Gupta's firmware analysis workflow.
  • UART/JTAG reconnaissance: Identify and connect to a debug UART port on a development board (e.g., a Raspberry Pi or ESP32 running custom firmware). Attempt to obtain a root shell or bootloader prompt, documenting each step as Gupta outlines.
  • Protocol fuzzing lab: Set up a local MQTT broker and a simulated IoT publisher. Use a fuzzer (e.g., boofuzz) to send malformed MQTT packets and observe crash or unexpected behavior, mirroring the protocol-attack techniques in The IoT Hacker's Handbook.
  • CAN bus simulation (Hacking Connected Cars-driven): Use a virtual CAN interface (vcan on Linux) with tools like can-utils and Wireshark to replay and inject CAN frames. Attempt to spoof a sensor reading (e.g., a fake vehicle speed), replicating Knight's CAN injection demonstrations.
  • API security audit: Deploy a deliberately vulnerable IoT API (e.g., from OWASP IoTGoat) and perform the broken-authentication and IDOR attacks described across both books. Document findings in a structured pentest report with CVSS scores.
  • Threat model a real product: Choose a connected consumer device (smart lock, EV charger, or dash cam). Build a full STRIDE threat model covering firmware, RF protocol, mobile app, and cloud backend, then map each threat to the specific defenses recommended in both books.

Next up: Mastering the attack and defense techniques across firmware, protocols, hardware, and cloud APIs in this stage equips the reader to engage critically with IoT standards, regulatory frameworks, and large-scale deployment architecture — the natural focus of an advanced stage on IoT governance, scalability, and production hardening.

The IoT Hacker's Handbook: A Practical Guide to Hacking the Internet of Things
Aditya Gupta · 2019 · 340 pp

Takes an offensive, hands-on approach to IoT security: firmware extraction, hardware hacking, and protocol analysis — knowing how attackers think is the fastest path to building defenses.

Hacking Connected Cars
Alissa Knight · 2019 · 272 pp

A rigorous case study in attacking a complex, safety-critical IoT domain; the methodology and threat-modeling techniques transfer directly to any connected device ecosystem.

Discussion

Keep reading

Paths that share books, cover the same subject, or open a related topic.

Shares 3 books

Build things with Arduino

Beginner8books62 hrs4 stages
Shares 1 book

Build your own home security camera system

Beginner9books62 hrs5 stages
Shares 1 book

Raspberry Pi projects: start building

Beginner9books96 hrs5 stages
Shares 1 book

Get into robotics: build your first robot

Beginner6books79 hrs4 stages
Shares 1 book

Set up a smarter home

Beginner6books52 hrs5 stages