- Join Our Company
- Email: sales@pjnetworks.com
- Phone: +91-9818361787
It’s 9:30 a.m., and my third cup of coffee is finally starting to kick in, and I’m contemplating a career that began all the way back in 1993. I was a newb network admin, and I was playing the PSTN multiplexers—yes, those monstrous creatures that embodied the voice and data transport medium, long before anyone knew what VoIP was. Fast forward more than two decades, and today, as the founder of my own cybersecurity firm, I have the opportunity to assist some of the largest financial institutions in enhancing their zero-trust architectures. But first — a little stay-curious adventure into some lessons from the real world, from the trenches. Because here’s the reality: cybersecurity is more than shiny tools or buzzwords. It’s about learning what really goes on in the network, the blood, sweat and tears behind every patch and protocol change.
First of all, we’re under far more physical threats than most of us would like to admit — backward and forward ducking until they fried the circuits, hardware that weighed more than most adults, etc. I was right in the thick of things when the Slammer worm came around in 2003, babysitting SQL Servers over excruciatingly slow WAN connections. Slammer, unlike anything anyone had seen, raced across the Internet in seconds. It was like watching a slow motion car wreck playing out in fast forward — no one had a clue what hit them.
I remember the scramble — scrambling for patches, having to explain to many teams that a worm was not at all the same thing as a virus (in fact, many of these teams I swear still didn’t understand the difference.) And that was my first harsh reminder about readiness and the ugly realities of the vulnerability landscape in modern IT.
But now? I recently finished up projects with three major banks on upgrading their zero-trust architectures — environments where the default is suspicion. And, honestly, it’s exhilarating to see how far we have come. However, some basics have not changed:
Everyone and their dog is talking about zero trust. And yes, the idea isn’t novel — the principles of least privilege and strong authentication have been around forever. But zero trust architectures are also about more than just slapping multi-factor authentication on every app.
Lately, working with banks on zero trust, I realized that they too have a trap, and it’s very much related: following compliance check boxes instead of actually solving valid security problems. Some teams treat zero trust as if it were a refrigerator magnet — a sticker you can slap on the fridge and move on.
This is what I always say to my clients:
And yes, I’ll be opinionated here. There are so many security offerings claiming AI-powered everything with no explainability or real-world effectiveness. Much of that AI is really just fancy heuristic detection laced with buzzwords. Keep your skepticism sharp.
I have just returned from DefCon — holy cow. The hardware hacking village all on its own was like turning the clock back to the early days when I was doing network switches that people actually unboxed and they opened up and they screwed around with. Watching the current generation finding all these weird and wonderful backdoors just makes me remember why I love this industry.
One experiment grabbed my attention: hacking the so-called secure by default, seemingly innocuous IoT devices which companies had deemed secure. Spoiler: None of them are secure out the box.
It recalled to me the days when I was managing my routers and firewalls at PJ Networks—we depended on the strength of perimeter defenses. But perimeter Alone is a fragile thing. A chink in the armor hardware-wise—and the branch is broken.
Okay, here is my hot take — please, please stop adding a bunch of random complexity to passwords and forcing people to change them every 30 days. It’s an archaic obsession that undermines good security.
Think of it instead like tuning a classic car — where the engine isn’t running better when you’re randomly interchanging parts by routine. It needs consistent care:
The fact is, password fatigue is a serious issue. People will resort to reusing passwords or predictable patterns just to get by.
At P J Networks we have inherently specialised in looking after critical behind-the-scenes infrastructure that often goes unnoticed. Firewall rules are only as effective as the policies that you put into place, and that’s where we shine in hands-on experience.
I once had to troubleshoot a large financial client were a router ACL was misconfigured, and allowed lateral movement in their segmented network. One rule overstepped (yes, it was a human error) and a carefully orchestrated deployment wound up opening the door to bad actors.
If you’re counting on your team alone to ensure everything remains airtight, you’ll likely be in for a rude awakening. NO managed NOC services can CORRECT these errors before they grow into disasters. Some of our key focus areas:
Call it regular maintenance for your classic car: Neglect it, and you’re begging for inconvenient breakdowns.
From those PSTN mux days to the newer zero trust architectures in banks today, I’ve learned that one thing about cybersecurity: It’s a marathon, not a sprint. Technologies and tactics may change, but the underlying principles — understand your environment, assume compromise, maintain a relentless insistence on validating your security — are constants.
And please, don’t forget: No shiny new tool is going to save you if your basics don’t own. Laugh at my early necessity if you like, but also learn from it.
See you at the next DefCon, or drop me a note if you’d like to talk about your zero-trust journey. There’s nothing better than a solid coffee-induced brainstorm to keep us one step ahead of everyone else.
