0
Get A Free Quote

No Title

  • 15 August, 2025
  • No Comments

From Network Admin to Cybersecurity Expert: A Journey Through Time

Wild West, sitting here at my desk — third coffee hallucinations in full effect — thinking about the rollercoaster ride I have experienced from when I was a network admin all those years ago back in 1993 (funny how that date echo’s the opening to Joe Walshs ‘Life’s been Good’). Back when dial-up was king; and multiplexers, for voice and data over PSTN, were a part of the grind. Unbeknownst to me, it would not be much longer before I was going toe-to-toe with the infamous Slammer worm itself — an experience that continues to inform much of my world-view on network security today. Now I head up my own security company, PJ Networks Pvt Ltd, which recently completed zero-trust architecture implementations for three banks. Fresh off DefCon myself — still recovering from the hardware hacking village, full of so much creativity and bravery in one little tent.

I still have a love for cybersecurity, as it has not only been a job but my ever-evolving passion — and sometimes my headache. However, let’s jump to the chase about all that I have learned, what is real and working; the low hanging fruit that is not complying (check box); if done properly can truly be a meaningful security for your business.

From Network Admin to the Slammer Worm Frenzy: The Early Days

For 1993, the focus was pretty simple. PSTN — multiplex critical voice and data Use case: Make sure that your PSTN lines are still humming, that the network did not topple over. The sexy part was… well security wasn’t it. Firewalls were basic and antivirus was only reactive, nobody talked about zero trust.

After that came the Slammer worm, in 2003—which should have been a wakeup call to all parties. That tiny piece of code, a spreading virus that blacked out whole systems in minutes. I recall the hours spent awake attempting to correct it, observing packets flood in and stifle our bandwidth.

Thing is, Slammer wasn’t just a worm — it was the harbinger of the change. We could no longer trust networks by default. The very connectivity of that fabric was under threat.

Zero Trust: Way More than just a Word — Practical Upgrades from the Field

Now this was 2020 and I had since then gone on to help three major banks go knee-deep in zero-trust upgrades. This is not compliance with a new flavour of cybersecurity fad. It’s about rethinking network design:

  • No implicit trust. Never.
  • Micro-segmentation so if you are breached, it does not all fall down.
  • Real-time authentication and verification at the point of service, not just when someone logs in
  • End to end encryption in transit and at rest

Despite the fact that the established banks are often ahead of the game, legacy systems are not going to disappear anytime soon. What I helped establish, was the tiered strategy where:

  • Identity And Access Management (IAM)
  • Device posture assessments
  • Real-time monitoring and analytics

So you can’t just buy off-the-shelf and hope for the best. However, the zero-trust architecture selected by each organization should fit. A cookie-cutter solution is like putting petrol in your classic car. It’ll run, but will it last?

What Comes After DefCon — Hardware Hacking and You

Just got back from DefCon. If you have never been, the hardware hacking village is something special. Folks bending chips, cracking devices, könnte EverydayTechPath zum angriff verwenden. It reminds me that security is no longer simply software. Everywhere: firmware, IoT devices, hell it’s probably on your office coffee machine (which btw I wouldn’t trust even with my credit card info)

You have to wonder, what made each of these companies so vulnerable — it boggles the mind; everyone had their firewalls and endpoint protection in place. Hardware is the new layer that nobody knows how to protect, and leaving it wide open is akin to not closing your car’s hood before parking on the street overnight.

Fast Take: Next Steps You May Wish To Consider

Ok, I know time is tight. So what can you -the real customer- do right now to improve your security processing?

  • Audit network devices—Are network devices patched and hardened? Your undoing can come from Legacy routers and switches
  • Micro-segmentation: Divide network into sections.
  • Multi-factor everywhere — there is no excuse for this.
  • Re-evaluate your password policies — oh I know, a rant is coming: Password complexity MAY do more harm than good Keep it to a minimum length and only allow some ascii special character symbols, like Twitter does.
  • Consider software AND hardware and firmware-based assets for your vulnerability management effort

Don’t follow the same password policy rant

Oh geez, this one gets me every time. Password policies!!! come on people!! — Time to stop every user changing out $’ for &’ and then adding a capital letter this alternate day. This is a recipe for weak security as people just end up getting lazy or even worse write their passwords on sticky notes.

A more fitting analogy is if you kept asking a chef to bake a cake and every single day, the recipe got switched up on them, with basic ingredients being banned from this “cake”. That cake is not going to taste good and the password will do her no more good.

I like passphrases over passwords. Because guess what? To me, longer and catchier is better than complex but unmemorable on every occasion. And I get it, biometrics and AI-powered password managers make for low-hanging fruit but before you go off on how great of an idea it is to just fully trust AI with your security keys we still have a long way to go. It’s support, not a cure-all.

Managed NOC & Firewall Management – Why this should be on your strategies

For me, running my own shop, I get to see it all — the companies with holes in their walls, networks gasping under the weight of improperly configured systems, logs going unread until days after raids have ceased.

The NOC (Network Operations Center) as a game changer in your portfolio and how to manage it properly. You need:

  • Continuous monitoring (not periodic checks)
  • Analysts with expertise in what is normal and can quickly identify anomalies
  • Pretty automated alerts with clever filters (so you do not have to get a whole lot of noise)

Firewalls? They remain your frontline defense — but they need to be more intelligent / aware:

  • Stateful inspection
  • Integrated intrusion prevention systems
  • Integration with SIEM tools for threat correlation

And remember—firewalls aren’t set-and-forget devices. Because they require frequent tuning and updates.

Nostalgia and Moving Forward

I prefer to remember those hoof beats of long ago — before every blinking light had a twenty-six page instruction manual or meant the wifi was down again — and seeing just how far we have come. And also just how much complexity we have introduced that sometimes obscures the fundamentals. Great security isn’t sexy tech, it’s boring fundamentals done well every time.

Closing Thoughts

If you are considering to armor your business more secure with some cybersecurity, do not somewhat just go with the flow. You need to look at whole a system from your oldest router to the new IOT Slave device. People and process, not just products. Oh and get a coffee as well. You’ll need it.

And lastly — if you want to discuss zero-trust upgrades in the real world, hardware vulnerabilities, or have a war story of your own, hit me up.

Stay safe out there.

— Sanjay Seth
Founder & Cybersecurity Consultant
PJ Networks Pvt Ltd

Hardware hacking at DefCon
Hardware hacking at DefCon

Leave a Reply

Your email address will not be published. Required fields are marked *

Categories

Let’s Talk About How Can Help You Securely Advance

Get A Free Quote