0
Get A Free Quote

No Title

  • 02 September, 2025
  • No Comments

Cybersecurity Then and Now: Insights from a Veteran Network Admin

Sitting here at my desk — third coffee in, still honestly buzzing — and I’m thinking about how cybersecurity in 2020 compares to when I started all those years ago in 1993 as a network admin. Yup, the days before we carried massive multiplexers for voice and data over PSTN, and a firewall meant something more mechanical than virtual. The longing can hit pretty hard — like the first time I saw the Slammer worm tear through a network at the speed of light. Those were the days. But you know what? Every one of those moments made me who I am today, founder of my own security company, and the guy who helps enterprises — particularly banks — step up to bulletproof zero-trust architectures.

I want to walk you through some real-world stories from my own practice, the lessons they taught — and why even today as AI and fancy buzzwords are going around, some fundamentals just can’t be skipped, tolled or merely referenced and forgotten.

Early Days: Network Admin to Cybersecurity Consultant

Life of a network admin seems like years away. Back in those days, it was the Wild West when it came to networks. You had to know everything, basicallly — routing, switching, phone systems — the whole shebang. Kinks in dial-up lines, the difficulty of multiplexing voice and data signals to one line, it was a bit of a game figuring out what went wrong. And you were learning fast: A minor misconfiguration could take an entire office offline.

I still have memories of the attack of Slammer worm in 2003. The first rapid moving worm I ever saw on the Internet. This was like watching a wildfire – devices compromised in seconds, taking down entire infrastructures in minutes. At the time, the industry was still playing catch-up when it came to the methods used by malware. Firewalls and antivirus responded to attacks rather than preventing them.

That moment was a turning point in cybersecurity for me. It was no longer just about plugging holes. It was about anticipating, isolating, and — God forbid — assuming that every damned thing and person else around you might already have cocks in their pockets and secure agents on speed dial.

Why We Need to Help Banks Make the Shift to Zero Trust

Fast forward to today: I’ve worked with three of the largest banks in India in recent months on implementing zero trust. Yes, three banks. All of which had their own legacy systems, user behaviors, and internal politics — meaning the technical work was just half of the battle.

Why zero trust? Because in case you didn’t notice, perimeter-based security died a long time ago.

If you’re not familiar with the term, here’s what zero trust is:

  • Never trust any people or devices, no matter where they are on the network.
  • Continuous verification — before you can abuse access to anything.
  • Least privilege access. Just enough rights to perform the job- no more.

Sound complicated? It is. In addition, it’s the best defensive against adversaries in the modern environment, especially insider threat and ransomware.

Some hints we deployed while rolling out those banking upgrades:

  • Segmentation of networks possible down to micro-level to isolate sensitive data systems
  • Robust multi-factor authentication (MFA)‚ and when I say that, I mean no more of that SMS junk. Use apps or hardware tokens
  • Real time monitoring and analysis leveraging SIEM tools for anomalous activities. But if we’re being real—fancy dashboards aside—intuition and experience still matter a lot.

Oh, and the human firewall training? At one bank I had to push hard against password policies. Way too many people are still using their dog’s name or ‘password123’. It drives me nuts. Pro tip: long passphrases > complex gibberish. Humans remember MyDogLikesCarrots2! way better than Pb4$k! xQ.

DefCon and The Hardware Hacking Village: Life Lessons

Back from DefCon and boy does the hardware hacking village still blow me away. Where else are you able to watch pen testers dissect credit card readers or consumer IoT devices live on stage?

Here’s the catch: Too many companies are still not paying attention to the security of their hardware. It’s like locking your house and leaving the back door wide open. Hardware bugs, firmware backdoors, insecure supply chains — what a headache.

A demonstration had also demonstrated how trivial it was to compromise a basic router, by taking advantage of an open JTAG (Joint Test Action Group) port.

That stuff is close to home. We lock down our clients’ networks, install firewalls, patch servers — but if the devices on those networks are compromised physically, it’s game over. So my take? Security shouldn’t be an afterthought. It has to begin from the hardware.

And that AI-fueled security hype? I’m skeptical. Yes, A.I. can assist with threat alerting and automation. But blindly accepting AI-forged decisions is like giving your car keys to the robotically augmented Uber driver you don’t know. Always supplement AI tools with human expertise.

Quick Take: What Every Company Needs to Keep in Mind

  • Zero trust is not a buzzword; it’s a requirement.
  • Legacy is something we don’t need: patch or replace — don’t neglect old equipment
  • Password practices that make your team hate you backfire—embrace memorable passphrases
  • Threats to hardware are material, if often underappreciated — especially routers and firewalls
  • AI is a tool, not a savior. Stay skeptical

My Top 5 Practical Cybersecurity Tips from Real Experience

  1. Cut through access control complexity: Leverage role-based access paired with tight least privilege. Complex – Too much geeky stuff for users and even for the admins.
  2. Segment and isolate: Divide your network into zones, so an attacker can’t move sideways easily
  3. Relentless training: Human error is still the top reason for breaches. Phish-proof your staff
  4. Patch like there’s no tomorrow (because for many of you, there may not be) vulnerability is inevitable
  5. Invest in monitoring: but don’t just look at alerts—train your editors to notice what really counts

Conclusion—Or, I Guess I Could Rant Forever

For me, who has been in cybersecurity since the ’90s, it’s like watching the gradual evolution of sea reptiles into land-roaming dinosaurs into flying birds, except in this case, cables and multiplexers have slowly become cloud services and zero-trust. Whether I’ve let them down​, I’ve been there too, missed some early sign​s​ in my own career ​​– including the time an unpatched router almost ​took out a client’s network through a silent attack​.

But the constant? “Security being not a checkbox exercise.” It’s a practice, a culture that you grow in your organization.

And — for all the flashing-tech, new buzzwords — the human element still reigns.

This is the thing: you shouldn’t be blinded by shining new security vendors or whatever tool is the talk of the town. Look at your environment realistically. Ask If your teams are prepared, if your controls make sense and if you are really ready to face the threats that count.

Because, at the end of the day, security is not a matter of being perfect.” It’s about being ready.

And I can’t wait to see what the following 10 years holds.
Sanjay Seth
Cybersecurity Consultant, P J Networks Pvt Ltd


Cybersecurity Expert Sanjay Seth

Leave a Reply

Your email address will not be published. Required fields are marked *

Categories

Let’s Talk About How Can Help You Securely Advance

Get A Free Quote