0
Get A Free Quote

No Title

  • 28 July, 2025
  • No Comments

From Network Admin to Cybersecurity Consultant: A Journey Through Zero Trust and Hardware Hacking

Oh, it’s a little after 10:00 AM and my third cup of coffee is kicking in, and I’m sitting at my desk thinking about a career that began in ’93, when network admins like me were the gatekeepers of data and voice multiplexing over PSTN lines. It was a simpler time, until we all realized otherwise, at least, when worms like Slammer stomped a boot straight through the guts of corporate networks all over the world. Hell, who am I kidding – I kind of miss getting my hands dirty patching routers and troubleshooting old school hardware. But here we remain, decades after the term was popularized, with the battlefield having only grown — from physical cables to amorphous cloud services to A.I.-powered buzzwords so atrociously marketed that they sometimes make me roll my eyes.

But I digress. ———Today I want to offer you some true unfanciful experiences from my journey, dropping in the lessons learned during my transition from network admin to cyber businessman – P J Networks Pvt Ltd. And recently, I’ve been up to my neck assisting three large banks implement their own zero-trust architectures, a playpen that is both tantalizing and fraught with danger. Oh and I’ve just return from DefCon — am still in Vilnius — and I’m hyped for the hardware hacking village (more on that another time). So, strap in — this one’s a doozy.

In the Beginning – Networking in the 1990s and the Slammer Incident

Juggling voice and data with PSTN lines and what would today be called dinosaur-level hardware. We were paving the way for what would become the future internet. The Slammer worm? I saw that monster firsthand. It was like watching your well oiled machine catch a viral cold — and this was a virus that made servers cough and sputter and slurp.

The thing about Slammer: It wasn’t the first worm, but this baby spanned the globe in a matter of minutes, knocking thousands of systems offline — banks not least among them — and raising almighty hell. As the incident made alarmingly clear, traditional defenses guarding the perimeter of organizations were no longer sufficient. And so my love for evolving security architecture was born.

Fast forward — Running P J Networks Pvt. Ltd.

When I started my own company, it wasn’t because I needed a paycheck; it was because I wanted to build security beyond the firefighting, security that is proactive, layered, intelligent protection. We’re experts in cybersecurity, managed noc services, firewalls, servers and routers. This combination helps our clients not just plug holes, but build resilience.

Recently? We were fortunate (if you can even say that) to assist three banks to throw out the full zero-trust stack. And this ain’t just fancy jargon. Zero Trust is a state of mind; it means to regard each request — whether from within your network or from outside — as a potential threat. No trust by default.

The Zero-Trust Adventure: Lessons from the Bank

Banks are an interesting case, because they have no risk tolerance, period. They don’t just want to stay out of breach. To guard against any exposure — and to do so transparently with customers.

Here’s how we went about upgrading them to zero-trust:

  • Audit and map all user access – Use the data and the information you have gathered to audit and map all user access. No guesswork. Who is accessing what, when and from where? You need full visibility.
  • Micro-segmentation to prevent attackers from going sideways. If something gets out, containment’s automatic.
  • Continuous authentication & monitoring. Not at login alone but ongoing — behavioral analytics have a huge role.
  • Legacy System Integration. The banks had old-school hardware humming away underneath — upgrading was mad coordination to do without breaking stuff.
  • Enforcement at the Edge. Firewalls and NOCs in lockstep to direct traffic, sift out abnormalities, and enforce least privilege.

But, here is my little rant — password policies are the worst. Banks love their complicated passwords and forced expiry but unless done thoughtfully it just annoys users and makes them do “creative” things. Oh how I wish more people would just require passphrases (with minimum length) and multi-factor, and call it good.

DefCon and the Hardware Hacking Village: The Learning Continues, The Wow Factor Lives On

In from DefCon and shit — the hardware hacking village was mind blowing. Physical security is still the Achilles’ heel in a cloud-obsessed world of cracking software. Here’s something many underestimate:

  • Exploiting firmware in smart devices You can skip firmware protections for smart devices
  • USB ports are still a key vector of attack
  • Wireless chips sporadically speak too freely

Watching hackers reverse-engineer chipsets and create their own tooling convinced me: Cybersecurity can’t be network-centric only. It has to be holistic — from the chip to the cloud.

And I’ll confess — I’m highly dubious of all the “AI-powered” solutions that are being crammed down our throats of late. Don’t get me wrong, AI/ML has its place, but it’s often oversold by marketing hype what the tech can actually do. Human expertise, context, and experience? They still win the day.

Some Hard-Won Nuggets of Wisdom

With the career that I’ve had, here are some best practices that I have learned, some from screwing up, some from victories:

  1. Don’t trust the perimeter. Like a castle with hidden passageways, attackers figure out how to get in. The network boundary is porous.
  2. Visibility is king. You can’t defend what you can’t see happen.
  3. Legacy tech is a blessing and a curse. It is stable, but too often it winds up brittle, and difficult to secure. Plan upgrades carefully.
  4. Human factor matters. ‘Policy-lite’ will create frustration as well as a culture of distrust — train and enable your people.
  5. Hardware matters. Do not forget about physical security; after all, breaches can begin with a USB stick or compromised firmware.
  6. Zero trust isn’t plug-and-play. It’s a journey, and so it needs tailored strategies and patience.

Let me put it this way (and believe me, I love the metaphor), cyber-security is like taking care of a sweet old car that you own and adore. Yes, modern cars have all the bells and whistles, but if you know the engine inside and out, select the best fuel (and, let’s be honest: the right tools), and maintain things with regular tune-ups (patches, monitoring), something clicks.

Quick Take: What You Need to Know Today

  • Slammer showed us that doing perimeter defenses isn’t enough — go zero trust.
  • Zero trust: Never trust, always verify — always.
  • Legacy systems require special attention; don’t disregard them.
  • Traditional hardware hacking and physical security are “very much a real threat”.
  • AI-powered tools? Wear with caution —the hype is not all that it seems.
  • The rules for passwords should be intelligent, not just complicated.

Incredible world we live in. The threats are always changing, and to be honest, so are the disturbingly creative attack vectors. But with experience, a trained eye and maybe a few shots of caffeine, we can stay out in front.

And you’re still running that same rusted firewall from 2005? Well — perhaps it’s time to give me a ring.

Until next cup,

Sanjay Seth
Cybersecurity Consultant
P J Networks Pvt Ltd

Hardware Hacking Village at DefCon

Leave a Reply

Your email address will not be published. Required fields are marked *

Categories

Let’s Talk About How Can Help You Securely Advance

Get A Free Quote