22 July, 2025
No Comments

Reflections on Hardware Hacking and Cybersecurity Evolution

I’m sitting at my desk, 3 coffees in, still half sprung from just returning from DefCon, my head spinning at 20,000 RPMs — the Hardware Hacking Village was a treasure trove of fresh ideas, yet it was also a harsh reality check that hardware security is routinely the red-headed stepchild in this cyber carnival. I’ve been in this game since the early 00’s man, was a network admin as long ago as 1993 when the concept of ‘cybersecurity’ involved making sure your PSTN lines didn’t die under the weight of voice/data muxes – the old school magic no-one teaches about anymore. Because cyber security isn’t a pretty new accessory you just plug in and hope for the best. I’ve watched it transform from simple networking glue to the complex zero-trust architectures of today.

The Good Old Days: Networking, PSTN, and the Slammer Worm Onslaught

Beginning in the trenches as a network administrator, my universe was made up of dial tones, routers and splitters. Ah, those were the days when a network bottleneck meant you had a bitnose on your mux or in which your cables were possessed. But I could never have anticipated the Slammer worm, in 2003 — that jerkwad was the cyberspatial equivalent of a tsunami hitting a fishing village. This motherforking thing spread so damned fast, I recall watching networks fall over in real time. Lesson learned? Patch management isn’t optional. Ever.

Cybersecurity Consultant & The Zero-Trust Revolution Transiting to a New Career in CyberSecurity

Now fast forward — I have my own security company P J Networks Pvt Ltd. I work with firewalls, servers, routers and am a big proponent of Managed NOC services to keep things taut and sane for clients. I have recently assisted three banks in migrating their zt-architectures. It’s everywhere, for good reason. The security model periphery is dead (assuming — but has it ever really been alive).

This is what zero-trust looks like in practice:

Always verify every user and device.
Limit privileges aggressively.
Monitor traffic patterns relentlessly.
Design defences assuming a breach.

It’s not all about cool tech; it’s a cultural thing. Banks are a great case in point, because at one point, the trust boundary at banks was the bank’s fortress wall, it’s now a moat of continual verification.

Quick Take: Zero-Trust – What I Say To Every Client

Don’t just buy a tool. It has to do with integration and process and culture.
Training your staff is as important as the tech stack.
Begin with a small segment to pilot and then scale up.
Watch out for “plug and play” zero-trust claims — they’re typically too-good-to-be-true.

The Hardware Hacking Buzz of DefCon

Hardware security? Man, that’s an eye-opener. You understand how exposed the physical equipment is when you watch the hacks happening live, in minutes. At the hardware hacking village, attendees demonstrated how an attacker can dump firmware, reverse engineer it, or even implant malicious chips. I won’t lie; it shook me.

Here is what it had in me:

Don’t write off the hardware layer.
Security is not just software updates—it’s device provenance and supply chain integrity.
If you can’t trust your hardware, then your whole security model is standing on a house of cards.

Rant Corner: Password Policies-Why They Are Failing Miserably

Here’s my hot take on this matter—password policies suck. They always have.

Mandatory special characters? Users write them down.
Frequent expiry? Users recycle variations.

Two-factor will help, but you can’t just slap on multifactor and be done with it. The industry should stop glorifying passwords as though they are the magical solution. Biometrics, hardware tokens, behavioral analytics go beyond the password box.

My Analogies – Just because Why not?

Consider your network security the way you might consider a classic car — yes, engine tuning is important, but if your doors don’t lock and windows don’t close, all that horsepower isn’t going to keep thieves out. As with cybersecurity, if you don’t have the basics right then your fancy AI algorithms aren’t going to cut it. And while I’m on the subject of AI-powered tools, I’m highly doubtful. AI in security is like cutting bread with a chef’s knife — it might be overkill, but be careful with it.

[Intermission] What I’ve Learned and Continue to Learn from the Past

In retrospect, I understand that I have made a number of mistakes. I didn’t fully appreciate just how quickly the threats were moving early on. But it’s what makes this job interesting. It’s an endless game of cat and mouse — and if you’re in the complacency camp, you’re already lagging.

Some pearls from years on this ride:

Never ignore legacy systems. They’re often the weakest link.
Automation is your friend, but don’t rely on it in a vacuum.
The human factor = biggest weakness and greatest strength.
Network segmentation is not a nice-to-have, it is essential for survival.

CyberSecurity for Business Leaders: What You Need To Know Now

Your cyber defenses are in the same category as your kitchen knives — you have them, but do you use them right? If your business is still employing perimeter-based security, you’re about a decade behind. It’s time to:

Embrace zero-trust principles.
Engage in committed NOC services to get an edge without burning out your team.
Audit all routers, firewalls, and servers a very regular basis.
Get your hardware security game on, especially if you handle sensitive info.

Final Thoughts

I’m still excited about the future of cybersecurity, even if I’m worn out trying to keep up. DefCon put me in mind of the fact that the future attacks are not only going to look less like code and more like chips, firmware, social engineering and goodness knows what else. To my colleagues and business leaders: remain curious and don’t believe everything — particularly when someone tries to sell you the next shiny AI-powered magic solution.

It’s a long way from PSTN to zero trust. And believe me, they’re not done yet.

Sanjay Seth
Chetan Parekh Cybersecurity Practice and Solution Head, P J Networks Pvt Ltd

No Title