- Join Our Company
- Email: sales@pjnetworks.com
- Phone: +91-9818361787
Three coffees down and I’m buzzing – that’s how I feel when I think about my cybersecurity journey. As a network admin from 1993, when we were still wrestling with PSTN lines multiplexing voice and data (yes, some ancient times earlier!), to now owning my own security firm and grappling with zero-trust frameworks for large financial institutions – it’s been one hell of a ride. And here’s the thing: whatever fancy new tech they throw at us, the fundamental challenges just keep coming back to good old block-and-tackle basics: layered defenses, due diligence, and, sometimes, a bit of plain old grit.
I remember the days when the biggest pain in the neck was making sure the voice and data mux over PSTN lines did not drop packets, or even worse call quality, the voice that is. Bandwidth was precious. And firewalls? If they existed they were the size of ovens. And then there was the Slammer worm of the early 2000s — a terrifying signal flare for all of us. That worm moved quicker than a petrol spill in a fireworks factory. I saw it in real time, as networks suddenly ground to a halt, services vanished, and security teams rushed around as if it were a digital war zone.
And, even worse for some to hear, was how many organizations continued to disregard best practices for patch management after that. Here’s a hot take: patching is not sexy; it’s like changing your oil regularly. But do miss that boat, and you’ll stall your engine (or your network). No matter how shiny the firewall or the IDS, fail to patch and you’re asking for it.
Fast forward to now. Recently I worked with three banks to redesign their zero-trust architecture. What’s funny is that banks, which are known for being conservative (as they should be), had a hard time executing on this mandate. Never trust, always verify, is the steadfast rule of zero trust. And it brings with it a shift in thinking, especially for companies that were used to defending the perimeter with a castle-and-moat mentality.
Here’s what I learned from those efforts:
And really, It’s kind of like autopiloting a driverless car that has no brakes other than AI-driven security tools and services. Yes, it could assist with threat detection, sure, but never delegate your responsibility to it. It’s a toolbox, not a silver bullet.
Back from DefCon – buzzed from the hardware hacking village. For those who haven’t been, picture a geeks’ playground, with stations equipped with soldering irons, chip programmers and inquisitive minds disassembling everything from old routers to smart locks.
One thought stayed with me: the physical security concept of hardware is the most often forgotten layer. You can have the strongest of encryption and the most stringent of firewall rules, yet if someone can pop your server room open or panhandle a rogue device onto your network, you’ve lost before you started.
Quick aside: during a hardware audit at a client’s office, I found an unknown device in a network rack. It turned out it was a small Raspberry Pi that someone had attached to monitor — without permission. That little guy was leaking data outside the secure zone! Lesson? Don’t forget the importance of the human element and the risks of physical access.
Oh boy, password policies. Here is my rant for the day: way too many organizations still make users change passwords every 30 days and insist on overly complex requirements that don’t improve the situation at all. You are basically encouraging people to write down passwords on sticky notes or to use a password manager only under sufferance.
My take: length beats complexity.
It’s no different to cooking – there’s no value in sprinkling in exotic spices if your base ingredients have gone off. Strong passwords plus MFA? That’s your bread and butter.
Since I’ve spent time in the trenches, I understand how difficult it can be to keep your infrastructure lean. Operating a Managed Network Operations Center (NOC) is the equivalent of receiving 24/7 eyes on your most valuable assets. I’ve seen so many instances where early warning was the difference between catching a minor blip and dealing with a full-blown incident.
But those are no longer just boxes — they’re firewalls and routers and servers. They are smart machines that require ongoing tuning and checking. You don’t want them to be just a lot of toys covered in cobwebs in your data center.
Cybersecurity isn’t just about throwing money at every shiny new gadget or software solution out there. Its about knowing your environment, your people, your risks – and then applying the right controls with a good amount of skepticism. And yes, that can even mean reverting to old-school basics no matter how much your CTO rolls their eyes.
If you’re a business (whether bank or start-up, or anything in-between), the point is this: Security is not a one-time project; it’s a journey. And, having been in this game since the days when packets were still fighting the good fight to carry digitized voice — trust me, hardy, end-to-end, people-focused security always wins.
I mean, many more cups of coffee and late-night incident responses, and yes, the continued fight to keep your networks secure.
Stay vigilant. Stay curious. And don’t skip your patches.
—Sanjay Seth
CyberSecurity Consultent | P J Networks Pvt Ltd
