- Join Our Company
- Email: sales@pjnetworks.com
- Phone: +91-9818361787
I’m just past my third cup of coffee, and I’m sitting at my partly messy desk thinking about what a wacky decades-long ride this industry has been for me, going clear back to ’93 when I started as a network admin … when it was all about voice and data multiplexing over the PSTN, and the web was a novelty. Those first few days molded my view in ways no course can. And yeah, I’ve made my my share of mistakes in my career — some pretty facepalm-worthy mistakes — but that is the learning.
I want to let you inside just a little and write about some things that I experienced that continue to resonate with me. Because cybersecurity isn’t a bunch of shiny buzzwords like AI-powered this and zero-trust that — it’s about looking at real problems, figuring out what’s actually going to work and building something that will still be around next year.
For those who have been around long enough, previously it was the PSTN.
When I started, network security was something of a specialty interest. The biggest headache? Maintaining purity of voice and data streams (TCP and UDP) over the public switched telephone network (which wasn’t built to handle them, only phone calls). That mux (multiplexer) was your best friend and if it went down you were toast.
Fast forward to 2003, and I faced the Slammer worm myself. It’s this little shit, if you recall, that propagated through networks all over the world in a matter of minutes, taking advantage of SQL Server vulnerabilities. It was like watching a slow-motion car crash, seeing corporate firewalls collapse under the weight of traffic. That was a moment for me — the realization that perimeter defense only doesn’t cut it.
But here’s the thing: despite all this history, there is still some resistance among companies. I assisted three banks with holistic zero-trust architecture upgrades in late 2023. Guess what? The technology was not the biggest obstacle, however, but people, and process. Policy code violations overlooked, patching schedules put off, over-permissioned users — stuff I have been preaching about for years, obviously in vain.
Considering that, I’m naturally suspicious of any security product that promises to be a silver bullet — especially if it says AI-powered on the tin. Don’t get me wrong, AI is promising — but don’t forget: attackers are fast learners, too. That’s when let your guard down just because some shiny algorithm says you’re safe, that’s when you get nailed.
Zero-trust is great. But it’s not a fire-and-forget toy. It’s more akin to tuning up a race car:
It requires constant adjustment. And if you do miss any of those, you’ll either blow an engine — or worse, be breached.
Just returned from Defcon & I’m still buzzing from hardware hacking village. If you’ve never seen it, picture a hackers’ playground for breaking into things you never knew could be hacked: IoT devices, embedded chips inside routers and servers, even office printers (yes, printers).
Why am I bringing this up? Because while software flaws hog the headlines, hardware dangers slink in under the radar too — and they are too often absent from corporate security plans. I’ve seen it myself. A bank we recently audited installed the latest in firewalls but forgot to secure the firmware level of their core routers. Even a little backdoor overlooked could be enough to make over their entire network inside out.
Here’s a takeaway:
Software patching without hardware scrutiny? Like doing all the necessary tuning to a car engine, but leaving the gas tank filled with water.
I couldn’t even tell you how many times I’ve inherited networks where the password policy looks like some kind of textbook back-catalog copy/paste: 8 characters, at least one uppercase, a number here and there, change every 30 days… and fuck. Everyone writes them down.
Passwords suck. But to then double down on all those convoluted rules at the expense of usability? The enemy of security. Here’s a cooking analogy for you: like seasoning, password policies can be too little (bland) or too much (inedible). You want balance.
Here’s what I have found effective with my clients over the years, particularly for banking systems:
And enough of this shit about making users change passwords every 30 days unless you have evidence of compromise, OK? It leads to resentment and patterns that are easy to follow.
Part of me, at least, wants to automate everything: I run my own security outfit now — P J Networks Pvt Ltd — and I can tell you, it’s almost unbearable how much I want to automate everything. But managed network operations centers (NOCs) are not just about automation and dashboards. It’s the human in combination with the intelligence systems that you have the best chance against today’s threats.
Here is what I suggest based on actual engagements:
They’d hear these responses: “It’s the firewall service, stupid!” or “You’ve got to spend time thinking about what you need for network protection.” Clients will ask and suggest: Can’t we just buy the best available firewall / set any and all rules we want into it / call it a day? But that is like buying a shiny sports car — you are not necessarily a winner just because you never open the hood, don’t know how to drive or don’t remember to fill the gas tank.
Pressed for time? Advertisement= Here’s what I’d like you to take with you:
I’m hopeful — 30 years in, I continue to see amazing technology advances and to meet passionate, focused people in cybersecurity. But please, people, don’t go on some new silver bullet or AI-hype chase. Your greatest weapon will be what you have built along the way, over the years of tweaks, lessons learned (the hard way), and yes, even failures.
Oh—and coffee. Lots of coffee helps too.
Thanks for indulging me in this little trip down memory lane. If you like, contact us—let’s talk about tightening up your networks, putting those pesky worms on the run, and creating defenses that keep working even when you’re not around.
