Internet of Things (IoT) have become prevalent in every day life. Harmless as it may seem, this new breed of devices have raised a number of privacy and security concerns. Security issues may come at different levels, from deployment issues that leave devices exposed to the internet with default credentials, to implementation issues where manufacturers incorrectly employ existing protocols or develop proprietary ones for communications that have not been examined for their sanity. On the hardware side, a device may also be vulnerable. An attacker with physical access to a device may be able to alter its functionality. Meanwhile, cyber-physical systems (CPS) comprise the backbone of national critical infrastructures such as power grids, transportation systems, home automation systems, etc. Because cyber-physical systems are widely used in these applications, the security considerations of these systems should be of very high importance. We will provide detailed examples of our experimentation with CPS devices. We will then present solutions that have been proposed by both industry and academia. Besides the introduction to the IoT and CPS security, hands-on labs are also prepared for all audience. Commercial smart devices (web cams) will be provided where audiences can practice on how to identify security vulnerabilities of modern connected smart devices as well as how to exploit these vulnerabilities. The performed hands-on labs will cover hardware attacks, device authentication, remote access, and MITM attacks. Potential solutions to secure these devices will also be discussed in the hands-on labs.