• 22 August, 2025
• No Comments

From PSTN to Zero Trust: Cybersecurity Evolution Since 1993

And here I am, sitting at my desk, third coffee having been already downed but I’m still somewhat peppy, still riding the high of this most recent DefCon hardware hacking village, and thinking, wow how this cybersecurity world has moved me since 1993. It is where I first became a network admin, working voice and data multiplexers over PSTN lines (yes, that’s the public switched telephone network, the one from before broadband was a thing). It’s been a wild ride. I’ve watched, firsthand, everything from the early network Wild West to the infamous Slammer worm, and now, as a small business owner, I help organizations, such as three banks whose zero-trust infrastructure I just helped upgrade. In every member of the cast of characters along the way there are a thousand stories and I guess that this time around, I have mine to tell.

From the PSTN to Zero Trust: Evolution or Revolution?

In the early 2000s, when Slammer worm tore through networks like a wind-whipped wildfire, it was a horror show to see an entire system brought to its knees. The pulse in my ears when our systems were penetrated, I will never forget. It served as a wake-up call to the fragility of networked systems, and the importance of strong perimeter defense. But perimeter defense alone? It’s as if you were trying to lock your car doors, but your windows were down. It’s that attitude that zero-trust architecture is designed to counteract.

Fast forward to today – zero-trust isn’t buzzword, zero-trust is model mandatory. But here’s the thing — I see almost every business out there struggling with this idea the same way I did. Zero-trust is not about not trusting anything. It is about never trusting anything by default, whether you’re inside or outside your network perimeter. It is about authenticating, over and over and over again, every user, device, and connection.

Banks in Recent Projects: What Zero-Trust Actually Looks Like

I literally help 3 banks deploy zero-trust recently. It wasn’t plug-n-play. Neither had the same environments, from legacy mainframes (ah, the memories of those monster servers!) to modern cloud infrastructures. The key:

• Segment your network aggressively. Treat every access request as if it’s originating from a distrusted area.
• Use multi-factor authentication (MFA). It’s no longer optional — no matter how many users gripe.
• Maintain stringent device health verification. No patch? No access.
• Continuous monitoring and logging. If you’re not documenting everything, then you’re flying blind.

And no, simply purchasing AI-powered security tools won’t fix this. I’m skeptical about that hype. AI can aid in detecting anomalies, sure, but not having the basics means flying blind, and trusting AI to find all threats is akin to putting your life in the hands of cruise control on a mountain road – you might survive, but let’s get real: It’s dangerous.

I Still Love Blending Old With New. Here’s Why.

I’m a nostalgic geek (never gonna hide it), and I wish it was more than 1999. I glance at a gnarled old router and say, “There was a time when this baby ran our whole show…” But the 21st-century threats laugh at those defenses. But those old devices teach us the basics: simplicity, reliability and transparency. When you add too many opaque tools on top of one another, you lose that — it’s like over-seasoning your curry until you can’t taste what they put in the pot in the first place.

My advice? Don’t forget the basics:

• Frequent firmware updates – yes, I know, but there it is.
• Business-based segmentation.
• Least privilege access – every user, every device, just what they need to do their job.

Password Policies Rant: Get Ready

Here’s a hot take: Complexity is not synonymous with security. I’m not saying ditch strong passwords, but requiring people to add a capital letter, a number, a symbol and an iambic pentameter every 30 days? That’s called building a bad user experience and predictable password resets.

What works better:

• Passphrases — longer, easier to recall.
• Password management — that kind of thing saves lives.
• MFA — did I mention it? Because I can’t emphasize enough.

If your policy is causing people to write their passwords on sticky notes or invent Password123 just to do their jobs, you’ve failed as a security team.

What You Can Learn from the DefCon CTF Archives Being Leaked: The place to learn from hackers

Just returned from DefCon’s hardware hacking village. The physical is just as important, we know that, but we don’t treat it as such and it’s insane. I watched people hacking routers open like one of those old 90s toolbox jobs, soldering, flashing ROMs, and bypassing the like — hope hammers home it’s often the device which is the weakest link.

Takeaway for businesses:

• Do not forget device physical security. It’s your first protection.
• Tamper-evident seals and routine audits can’t be fudged.
• Monitor your supply chain — because even a tiny hardware backdoor can unravel years of digital hardening.

Quick Take: Here’s What EVERY Business Should Do NOW

• Invest in Zero-Trust fundamentals. Network segmentation + tight access controls.
• Apply MFA and strong password policies. Long pass-phrase > a bunch of heavily random string of characters.
• Patch early, patch often. Keep firmware and software up to date —set it to a rhythm, a new beat, not a chore.
• Monitor continuously. Logs are more than just about compliance, they are your eyes and ears.
• Lock down your hardware access. Don’t be caught with your router open like a granny’s cookie jar.

Last Thoughts Before I Have to Go Get My Fourth Coffee

Cybersecurity isn’t glamorous. Sure, it’s repetitive; sure, it’s reactive; but it’s necessary. Oh, if you’re still not convinced perimeter defense will keep you safe? You’re driving an antique car on a superhighway, and there are no seat belts. Zero-trust isn’t a silver bullet, but it’s the seatbelt and the airbags.

I have made mistakes – I’ve trusted the wrong vendors, underestimated phishing attacks, and yep, I have ignored patches because I took the attitude that It can’t be that bad. But because learning from those scars is the very thing that allows me to be able to help you.

At P J Networks, we love mixing established expertise with new tools — but we never lose sight of the basics. Because here’s a secret: No shiny, future-facing tech can and will replace solid security basics.

So if you want to strengthen your firewalls, enhance your firewall, or rethink your network operations center (NOC) strategy — give me a shout. Let’s take a hard look at cutting through the clutter and protecting your business.