10 August, 2025
No Comments

Walking the Cybersecurity Tightrope: Lessons from Over Three Decades

As I sit here at my desk, finishing the 3rd coffee (close to a 4th), I reminisce on what is now over three decades of walking said cybersecurity tightrope. in IT as a network admin in 1993 managing both voice and data over PSTN passed through mux. PSTN: For the kiddos that are reading this that stands for Plain Old Telephone System; ). Analog=rebuilt muscle cars: beautiful, sturdy and slow as hell compared to the light speed pavement of the digital super highway. But I revel in that nostalgia — keeps me humble.

Anyway, where was I? I remember now — the cybersecurity rollercoaster I have been on since around 2001. I saw worms like Slammer chew through systems at unholy velocities, I’ve spent the last month working with three banks to upgrade their zero-trust infrastructures and I just got off the plane from DefCon where my ears are still ringing from the Hardware Hacking Village. The odor of solder and boards the down-most tier of geek ecstasy.

Real Experiences to Reference

Slammer worm, 2003: Database security – the hard way
Instant upleveling zero-trust for banks — not just in theory but with hands-on battle-tested deployments
DefCon Hardware Hacking Village – How Makers Look at Weaknesses in the Unseen Way

I have broken these down below, as well because well here is the thing — cybersecurity isn’t all buzzwords and marketing fluff.

A wake-up call (Slammer Worm)

Slammer worm was a kaleidoscope to DB2 server vulnerabilities spreading through internet within minutes. I was neck deep managing the network performance at that time — making sure voice and data muxes are not getting choked up. Bam, Slammer hit and systems were being knocked offline in seconds.

The blunders of a tourist, but with the urgency of a chef in a kitchen fire at a restaurant during rush hour — just run around creating more chaos trying to mitigate damage.

What that moment has taught me is:

Patch fast. Even waiting hours is too leisurely.
Just ensure that you monitor your network traffic attentively as this will be the best way to checonge how visible you are.
Design layers of defenses instead of assuming perimeter defenses will fail

This basic lesson caused me to put many layers of defense in every environment I built.

Zero-Trust Architecture: The Real Player

Three banks recently came to me for zero-trust architecture reboots, and while it solved many of their networking problems, that silver bullet is missing in action. That takes careful planning, real buy-in from the teams and yes – a lot of customization.

Reality Check: Zero-trust means never trusting anyone or anything, NOT EVEN things inside the perimeter. Never.

Which for those projects meant that I advised:

Multi-factor authentication at all access points.
Strict least-privilege policies on a per-user basis
Micro-segmentation (to silo critical assets).
Continuous Monitoring and Behavioral Analytics.

Ten years ago, these banks would never have thoughtdreamed of having visibility and control. But — and it is a giant however — these efforts are all for naught if you do not kill uses. Zero-trust implementations turned into tick-box exercises – a recipe for disaster

At DefCon and The Hardware Hacking Village With… Why They Matter

Just got back from DefCon, the hard ware hacking village there was my favorite. The world of cybersecurity spent many years paying attention to software vulnerabilities and forgetting that as great as the software may be, the hardware is the point at which matter conforms to security.

Here’s a fun fact: There are many hardware bugs that are like those hidden rust spots on an old family heirloom car ( you won’t know they’re there until the breakdown)!

The sight of a $20 toolset causing hackers to bypass chip level protections restored my faith in my skepticism of AI-powered or magic box security solutions. Automation is great, but us humans are the reason craft, curiosity and creativity exists.

Quick Take

If you are in hurry and want to read the takeaway points only.

Some lessons to take away from the Slammer worm:

Patch early, patch often.
Zero-trust is important only if it is completely implemented 100% correctly with continuous enforcement.
Severe hardware vulnerabilities will come back to haunt you if not addressed.
Be skeptical of hype. Security is craft not a clickytickbox.

Time For My Soapbox: Password Policies Are Still Trash

Oh, passwords. Can I rant? Complexity rules are one of those things everyone loves to argue about. But, for the love of god, quit making your users change passwords every 30 days. It backfires. People either pick piss weak, predictable passwords or they write them down.

Here’s what I advise:

Use passphrases longer than a weirdly mixed up character arrangement
Gear up for multi-factor authentication (MFA) – your best shot here.
Watch out for stolen credentials.

For example, passwords are like the little cooking salt; less, no taste; more, disaster. Balance is key, friends.

A tidy bow to wrap things up — just like a good NOC report.

I have seen how business risks had evolved as am now running my own cybersecurity company — P J Networks Pvt Ltd. NOC services firewalls servers routers, stuff wears out but how do you secure them.

If you believe a new AI driven firewall is all it takes to secure your network, think again. People who know how the network actually works, from the old PSTN mergers to the modern cloud morass that is our lifeline.

This is the one simple secret sauce that I share with all my clients:

Mixing strong managed NOC with professional Firewall and Server config.
A consultant that has seen the failures and successes up close (yes, me).
Train your team consistently Security isn’t set-and-forget.

And that’s my little slice of desk today. Three coffees deep, slightly tired but excited. The cybersecurity landscape is like battling a 24/7 dragon — but so are we. Continue to be weary, continue to be curious and for the love of GOD please have sane passwords.

Until next time,

Sanjay Seth
P J Networks Pvt Ltd Leading Cybersecurity Consultant

No Title