0
Get A Free Quote

No Title

  • 19 July, 2025
  • No Comments

Journey of a Cybersecurity Consultant: From PSTN to Zero Trust Networks

I’m sitting here at my desk, having downed my third coffee, thinking about the roads that got me here today. Cybersecurity consultant of a few eras (yep was a network admin in ‘93), founder of P J Networks Pvt Ltd, I’m currently still coming down off my caffeine high from just getting back from DefCon’s hardware hacking village. It’s wild how different everything is now. But some things? They never do.

But here’s the thing – when I got started, I was stringing networks and working with multiplexers, so that voice and data could get it on together over the old PSTN. Remember those days? No cloud, no fancy AI-powered doohickeys (to be frankly honest, I’m still skeptical of the fuss over that, too). Pure tech, plugged in and humming.

Fast forward to the early 2000s — Slammer hit us like a runaway train. I saw up close how brittle the best-laid infrastructures actually were. Whole offices are dropped in minutes by some little piece of malware rampaging through unchecked. It was a harsh lesson for a fresh-faced admin with grand visions.

Today, I operate my own security company where I shepherd organizations (mostly banks currently) through the labyrinthine realm of modern cybersecurity, with an intense concentration on zero trust architecture. Just finished helping three banks upgrade their technology. And I do not say this lightly if zero trust is not on your mind, you’re already behind. The old perimeter defenses? They’re yesterday’s factory locks.

The Stories That Form My Reality

  • Slammer worm, 2003: Watching a network fail in seconds — do you want to see it that way, when not if you will encounter malware. Lesson learned? Assume breach, always.
  • Voice and data on PSTN: Competition for limited bandwidth, also no real alerts—security was largely aspirational, not actionable.
  • Recent bank projects: Multifactor authentication — lock that shit down, micro-segment your networks, continuous monitoring — all table stakes.
  • DefCon hardware hacking village: It’s one thing to discuss vulnerabilities, another to watch them dismantled physically. Hardware remains the unsolved frontier.

And this brings me to an important issue: The greatest threat does not come from hackers or malware. It’s complacency. After all these years consulting with my customers, and running our managed NOC (Network Operations Center), I still have customers relying on firewall configurations written a decade ago, or, god forbid, just a password policy that couldn’t have five-character passwords, it would break things.

And don’t even get me started on passwords. The manner in which many companies attempt to motivate complexity with unending resets and arcane rules? It’s a recipe for disaster. People just write them down. Here’s a cooking analogy: You can season and season to your heart’s content, but if the grocery store was selling a bad piece of fish, the meal is a disaster! Likewise, not all the security layers will help you if your actual authentication is weak.

Quick Take

  • Zero trust isn’t a buzzword — it’s a reality.
  • Old systems without good segmentation? High risk.
  • Procedures for choosing complex passwords should be a matter of smart management, not irritation.
  • AI-powered security tools? Use with care — and always know what’s under the hood.

Elevating Zero Trust in Actual Banks: a Case Study

Yaptaappworking with banks, and the bank is a serious and urgent institution. Because banks are constantly at risk, not just from external threats but from insider mistakes. Here’s a glimpse:

  1. Micro-segmentation is a game changer. Instead of building one massive fortress, we drilled into lots of smaller areas. Gotta think that you’ve got a few security perimeters in your network.
  2. 2FA everywhere. No exceptions. It makes IT teams crazy sometimes but it’s non-negotiable to reduce phishing and credential theft.
  3. Continuous monitoring with behavioral analytics. We also employed anomaly detection to rapidly identify abnormal user actions. Imperfect, but better than flying blind.
  4. Legacy integration struggles. Many banks continue to rely on aging mainframes or custom-made apps. Lassoing those into a zero trust model can be a long-term effort of time and creativity.

But — and this is important — technology is not a panacea. You need to get buy-in across the org. Security isn’t just IT’s job. It’s everybody’s responsibility.

More Image: How I Learned to Break Hardware at DefCon

DefCon Hardware Hacking

Wandering through the hardware hacking tents was exhilarating. Once you realize that you can physically torture or probe something you trust — your firewall, some router, even a “secure” server — it changes the way you think.

Until recently, such hardware vulnerabilities have been an afterthought, but that is changing rapidly. Here’s a brief snippet of what stayed with me:

  • Side-channel attacks aren’t sci-fi. Power analysis, electromagnetic interference — all that is real and has weight.
  • Supply chain security? Critical. If an insider plants a tampered chip early in the chain, you’re toast.
  • Hacking becomes easier thanks to open-source hardware tools, for better or worse. We must raise defenses accordingly.

When I work with clients, I frequently tell them the network is like a car, you can have the greatest engine, however, if someone is able to undo the wheel bolts, you are immobile.

Mistakes I’ve Seen (and Lived Through) Often

  • Overreliance on perimeter security. Old school thinking. Just don’t.
  • Ignoring user education. I can’t stress this enough. Even though there are technical defenses, if you don’t train your users, those defenses will fail.
  • Deploying fancy AI tools without comprehending them. Trust but verify! AI is no magic, it’s just math and data.
  • Underestimating physical security. From the plugin of a USB drive; or a console getting lost.

A Rant on Password Policies as I See Them

I know compliance frameworks just love password complexity rules. But in application, 15-character-required passwords with mandatory changes every 30 days? You’re putting people on a path to fail. They’ll have passwords scribbled on sticky notes stuck to the monitor or, worse, repeat passwords across every site. You’re better off:

  • Requiring passphrases that people can remember (so something like CorrectHorseBatteryStaple)
  • Enabling multi-factor wherever possible
  • Training users in phishing techniques — not mindlessly changing passwords

Safe doesn’t mean user-hell. There’s a balance.

Wrapping It Up: What Companies Can Do Now

See, I’ve been doing this for 30 years now, and I’ve watched this industry go from physical wiring closets to cloud firewalls with thousands of virtual appliances running. And as swift as tech changes, some threats remain constant. Your best bet:

  • Adopting zero trust, but don’t make it a checklist exercise
  • Have your architecture audited regularly —old habits die hard.
  • Remain perennially educated — users are your first, and often most fragile, line of defense
  • Test your hardware security — physical controls are just as important as digital ones
  • Ask about hype: That slick product powered by AI? Ask how it works, before handing over your keys

I’m excited about what’s coming next — particularly developments with machine learning and hardware security — but it’s also exhausting. Cybersecurity isn’t a theory and it isn’t a tool. It’s a mindset.

And as usual, from PSTN multiplexers to zero trust networks, I’m here at the console – coffee in hand – prepared to help you make sense out of all this change.

Stay sharp,

Sanjay Seth
Cybersecurity Consultant
P J Networks Pvt Ltd

Leave a Reply

Your email address will not be published. Required fields are marked *

Categories

Let’s Talk About How Can Help You Securely Advance

Get A Free Quote