0
Get A Free Quote

No Title

  • 06 August, 2025
  • No Comments

From Network Admin to Cybersecurity Consultant: Reflections on Zero Trust and Security

Third coffee on the desk, still dazed from the DefCon trip last week and three different banks ask for help to upgrade their zero trust architectures. If you had told me in 1993 while crawling inside PSTN mux racks that I’d be knee deep in zero trust 30 years later I would have laughed at you But here we are. And this blog post? In my case, it is me regurgitating years of network-y experience (like being a Security Architect at Microsoft and friends with the people who built Slammer) and living in hardcore cybersecurity consulting.

Network Admin to Cybersecurity Consultant: A Little Back Story

Oh yeah, was a network admin in 1993 (before the internet as we know it existed because weird and wild land of the intertubes)…when muxes were your friend moving people’s voice on top of their data through PSTN lines. They were simpler times and way more dangerous. Those technical limitations forced you to be really clever.

Flash forward to 2003 and I experienced my first worm hell — the Slammer worm that ripped through all levels of SQL servers globally. That real-time meltdown? Pure nightmare. It showed me how real-time threat response and rapid patching works well before patching was a “thing.”

Currently, I own a security company, P J Networks Pvt Ltd., which deals primarily in cybersecurity, managed NOC services and firewalls, servers & routers. My team only last week worked with three banks on zero trust — another buzzword but this one in fact can change the security posture when done correctly.

Why Zero Trust And Why Banks?

The concept around a bank is that it is bulletproof as in they have vaults of gold or something similar right? The network is the true vault — and its only as good as the trust model it operates on. Traditional perimeter-based defenses? Dead. The threats have changed and with it almost everything in the architecture.

Fad or no fad, zero trust is a must

— Act as if the enemy already breached everywhere.

This may include — Validate everything before giving access.

0) Reduce east-west traffic within the network.

So it is not just that with the change comes fancy tech, but you need middle-out mindset shift across Ops, IT and Security folks.

Bank Case Studies in Zero Trust Deployments

I have even been in the room where it happens — creating, deploying, tweaking.

  • First bank? The issue: old legacy systems that pre-date most of the modern protocols for authentication. Solution? Secure with layering auth, inject micro-segmentation and continuous verification.
  • Second? Heavy on hybrid cloud infrastructure. We created a customized conditional access system augmented by endpoint detection and response.
  • Third? Extremely high numbers of internal users; user behavior analytics was crucial for spotting anything anomalous in real time.

But not all smooth sailing:

  • Vendor fatigue is real. There is no one size fits all solution.
  • Staff resistance. Zero trust means more friction, and yes, users will hate it sometimes. I get it. This is why training and phased rollout are important.

I can still recall the time (stress management lessons right there) when I was patching a last-minute vulnerability two… hours before go-live.

Lessons from the Snort / Slammer Worm Era

All right, let us get back to some nostalgia. Some worms, Slammer among them, spread so explosively that you felt like a forest watcher in front of a PC instead of an arsonist on steroids. And the weird part? A worm that weaponized a vulnerability so basic and easy to patch for something so catastrophic…

But Slammer also was responsible for a lot of my security philosophy; it forced me to confront that I’d made the right basic choices, even though others had decided otherwise.

  • Patching is non-negotiable. Even if you hate downtime.
  • Is it All About Visibility on Your Network I see, you can’t punch what you don’t see.
  • Automation helps—but do not trust it blindly yet (remind your team they are the brains of the firewall, not the other way around)!

Why Physical Security Still Matters: DefCon and The Hardware Hacking Village

I worked and went to DefCon over the weekend… end up spending half of my time at the hardware hacking village. Mind-blowing stuff. It is humbling to see security go beyond what malware/phishing can break, but also sticking wires and probes in physical devices.

Makes you think. How many companies are discounting hardware security, assuming that network-level defenses are enough?

Spoiler: Not enough.

Hardware tampering plagues us with the terminal supply chain attacks (you might have head about those).

Firmware-level attacks evade numerous conventional defense mechanisms.

This is why — especially with these high-value assets— I always push clients to a hardware security module (HSM) or as much tamper-evident hardware as the environment will afford.

My Not So Popular Opinion on Password Policies

Oh good grief, rants on passwords are another subject that cannot be helped. Password gets a bad rap, everyone loves to hate on the password, but here is a pro-tip: it’s not the password that is wrong, it’s the policies.

  • Forced periodic resets? Annoying and usually counterproductive.
  • Crazy sticky note complexity rules that the users write down? Security theater.

My suggestion: Write more complex specifications. Use passphrases. Couple passwords with MFA.

Your users will thank you. And your SOC won’t get inundated with a deluge of alerts.

Short Answer: What Every Business Can Do Today

No fluff. If you are on a time crunch, here is where you should begin:

  • Review your network architecture: legacy systems can be ur worst backdoor.
  • Start with adopting zero-trust principles: trust no one, all users and devices are suspicious until proven.
  • Invest in Monitoring and Incident Response: Visibility Trounces Guesswork
  • Don’t just send memos—EDUCATE your users.
  • Be Skeptical of anything claiming to be AI-Powered — VelvetCover – Ask what specific methods were Appiled before you believe in it.

Final Thoughts

Security is not a tech problem, it is a business problem and gets bundled up in tech words. Lessons from the days of PSTN mux cables to contemporary zero-trust architectures and taking over hard drive management firmware at DefCon make a core point:

If you want to help keep your business safe, other than layered defense and being constantly vigilant, you need a bit of good old fashion know-how.

I am exhausted but excited — this industry never sleeps and neither should your security strategy. Keep learning. Keep questioning. Oh, and get your 3rd coffee out again.

That’s just my perspective from the coal face.

Sanjay Seth

P J Networks Pvt Ltd
Cybersecurity — Managed NOC & Firewalls, Servers, Routers

Sanjay Seth at DefCon Hardware Hacking Village

Leave a Reply

Your email address will not be published. Required fields are marked *

Categories

Let’s Talk About How Can Help You Securely Advance

Get A Free Quote