Honestly I've never heard the term "network of things" used before. I can only assume it is meant to describe devices that are on the network, but don't have internet access. Regardless, IMHO the best VLAN practice is to set up a "IoT" device VLAN that has internet access and a VLAN for IoT type devices that should NOT have access to the internet. Whether that is called NoT or not I don't know.
On the IoT VLAN(s) with internet access you will place things like smart TVs, and streaming devices/media players that obviously need to access the internet to work.
On the NoT VLAN(s) without internet access you should put all the other devices like printers, appliances, "smart" plugs/switches, other "smart" devices like thermostats etc, cameras, phone systems, etc. Of course I would break that down into several different VLANs as well with cameras on one, digital phone system on another, printers on a 3rd, smart devices on a 4th, etc, etc, etc.
Your regular computers, cell phones, mobile devices, etc should be on their own VLAN as well. Rules can be set so these devices can initiate communication with devices on the other VLANs, but not the other way around.
You probably want a "Guest" VLAN as well that has internet access, but is isolated from everything else on the network (ie cannot access the other VLANs).
Finally, if you want to access any of these devices externally while away from your local network, a VPN connection is the best way to do this vs port forwarding.