0
Get A Free Quote

No Title

  • 16 August, 2025
  • No Comments

Reflections on Cybersecurity: Lessons from Decades of Experience

I am here at my desk — on my 3rd cup of coffee this am, the all too familiar fatigue / adrenaline blend that us security people are addicted to. Sometimes I wish my brain was not wired like that (with a career starting in the dark age of 1993 as a network admin playing with some muxes for voice and data over the good old PSTN). Oh those were the good old days, no cloud, no crazy firewalls … just pipes and switches. And what a journey it’s been. Having personally fought the Slammer worm (I really am starting to believe we will never be safe) and now working tirelessly to help banks build strong, zero-trust architectures with my company. These are just a couple of real experiences and lessons learned along the way that you probably would not expect.

Back in the Day: All You Could Do Was Network

I would have laughed that in the early 90s if you had said I was waiting for the day when I’d be fretting over AI powered hacks or zero-trust networks. We had fucking cables and dial-up modems and agoda knows there was the one time the multiplexer threw a fit. Security was seen as a checkbox, not asa philosophy. But then Slammer hit in 2003. Remember that nightmare? That worm downed banks and airlines and any other company with a lame SQL Server. It hit one of our clients, and I was on-call. It spread very quickly, seemingly as if someone had hit the fast forward button for malware.

Unfortunately, we then learned that it turned out classic perimeter defenses were only a speed bump for the attackers. That and something about a castle-and-moat security model just feels wrong, doesn’t it? At this point, it was getting hard not to go with the cliché — Trust no one.

What I Learned and How I Messed Up in Running My Cybersecurity Business

Fast forward to today. At the turn of my career, I lead P J Networks Pvt Ltd, a company dedicated to cybersecurity, managed NOC, firewalls, servers and routers. Those Sisyphean demands increase when instead of managing clients you are in charge or running your own firm. And man, I gotta say, its quite a jungle out there.

I recently assisted three of the world’s largest banks in re-imagining zero-trust architectures. These are not exactly the laid-back banks of security — they’re more like the Fort Knox of the digital world. But they too had an over-reliance on legacy systems.

So, here are a few quick truths that I have learned from these projects :

  • Zero trust is not a buzzword. It’s a mindset shift.
  • You can slap a solution and be done with it. It’s about continuous validation.
  • The same legacy infrastructure can also serve as a shroud for vulnerabilities, much like that cheap muffler hides the rusting exhaust (gosh damn car analogies are back).
  • End users remain the weakest link – knowledge is not optional.

So, once again: AI-powered security tools ARE NOT a silver bullet. I am so skeptical of any answer that relies on AI without transparency. AI is not a substitute for good architecture; it is an imperfect… sort of a tool.

Buzzing on Hardware Hacks After DefCon

Oh — and DefCon only just ended. Then the hardware hacking village by itself was crazy. While everyone freaks out about remote exploits and software bugs, the physical layer is ignored. Until it’s too late. Watching security researchers bear $5 hardware and smash locked-down murderous encryption (using little more than a soldering iron and screwdriver) jogged my memory layer protection reigns king.

Reality Check time: that shiny new firewall or server? Cybersecurity is not just bits and bytes. It’s also who can touch your machines, your wiring closets—or your servers in the back room.

Quick Takes: What Every Business Should Have Known Yesterday

  • Zero-trust architecture — THE future.
  • Password Policies are Damned to Hell — If complexity doesn’t meet usability then the only result will be user frustrations.
  • Son Managed NOC Services For Less Headaches and Downtime.
  • Never forget physical access threats (lock those server rooms!).
  • AI is a great tool, but it is quite stupid as well — do not trust on blind faith.

Rant about Password Policies

Another thing I can’t shake, password policies. We make them so complicated, so crazy, that users either write them down or work around them. There’s no one size fits all. Still, businesses everywhere are holding onto antiquated policies — such as forcing users to reset their passwords regularly, which only serves to weaken security. Instead, consider longer passphrases, biometric factors, and—yep—multi-factor authentication. It’s not sexy but it works.

Because really, mandatory special characters, numbers, uppercase that expire every 30 days is somewhat like telling someone to prepare a five-course meal with nothing but a spoon. Maybe, but no one is going to do this properly.

Managed NOC and Firewalls Still Make A Difference

Now cloud and SaaS everywhere, some think they are not risky because lazy to “outsource” everything. That’s a dangerous myth.

And here is what I learnt running a managed NOC.

  • Blind spots still exist.
  • Real-time activity monitoring and immediate response is required.
  • Proper firehall configuration is not plug-and-play. It’s an ongoing process.
  • Patching Server and Routers are not optional on time.

These are fundamentals. Technology has evolved, but the discipline is still the same.

Take on the Future Trends — The Road Ahead

I am somewhat (ok, perhaps quite) skeptical about today’s all-encompassing AI fever used for cyber security products. A lot of shiny objects: They have potential, but so far it may be mere hype. The reality? The enemies are only becoming more intelligent, and even they use AI against us.

This is why I always encourage a combination of the two:

  • Good architecture (never trust always verify).
  • Processes (monitoring, incident response).
  • Educated users (i.e. the human firewall)
  • Layered defenses (network, device, physical security)

And yeah, sometimes gotta hit up the old-school. Firewalls, servers,Routers (when set the way they should be), are still some of your first line heroes.

The Wrap (via my fourth coffee)

The most significant lesson I would pass on in reflecting on my career from when I was first loosed upon the world with my accreditation as a network administrator back in ’93 is simply this:

  • Security isn’t a product. It’s a journey. And it’s tough. But it takes patience, diligence and sometimes being big enough to admit we don’t have all the answers (yeah right…I’ve made a lot of those mistakes).
  • Startup, bank, or mid-size enterprise — you have been warned.
  • Don’t trust your perimeter.
  • Build everything assuming breach.
  • Educate your team.
  • Stay curious and adaptable.

Also, for heaven’s sake, do not forget the sheer willpower of copious amounts of coffee can work wonders to keep everything going.

Thanks for reading. Stay safe out there.

– Sanjay Seth, P J Networks Pvt Ltd

Sanjay Seth - PJ Networks Pvt Ltd Cybersecurity

Leave a Reply

Your email address will not be published. Required fields are marked *

Categories

Let’s Talk About How Can Help You Securely Advance

Get A Free Quote