- Join Our Company
- Email: sales@pjnetworks.com
- Phone: +91-9818361787
I am sitting here at my desk, second coffee of the day in hand and still reeling from walking the hardware hacking village at DefCon — not just by the crazy awesome projects that I saw, but by the fact that many of the people who were in the room don’t realize what a bright future they have in front of them and how once they get paid or organize their project better that I, and the people like me are no match for them.
It is moments like these that remind me why I got into this cybersecurity thing back in the early 2000s… and way before that when I was a network admin in 1993. Yeah, that old school time in which being able to control multiplexers for voice and data on the PSTN was “bleeding edge” networking technology. It was a time when the biggest threat we could think of was a ‘dropped call’ instead of a worm bringing down your whole house of cards.
Fast forward — today I work for P J Networks Pvt Ltd, and we’re in the thick of helping firms, particularly banks, transition to zero-trust architectures. Just helped three banks do the upgrade, finally transitioning from a trust but verify to a never trust, always verify world. And let me tell you, going from a PSTN muxwhatever to zero trust has been like cooking a complicated recipe without a recipe—it’s all on-the-fly, but by the end you have a dish worth eating.
In the early 90s, when I was wrestling with network gear that seemed as if it belonged on a sci-fi movie set, security wasn’t really — well, it wasn’t at the forefront of the list. It was only by having the lines stay up (barely) that we were happy, if voice quality simply did not suck. That was before worms like Slammer made their appearance, erupting onto the scene in 2003 and bringing down systems and networks worldwide in a few minutes. I had a front-row view into that chaos. Servers crashed, banks were hit — just bonkers.
The thing about those early viruses and worms is they were the rude awakening that the Internet wasn’t just a playground—it was a battlefield. And honestly, lots of organizations, myself included, were caught flat-footed. I’ve screwed up – I once underplayed a patch delay that almost permitted Slammer to eat through a client’s network. Lesson learned.
That is why I love proactive security now. It’s just like taking care of your classic car — you’re not only going to start fixing it when the engine has seized.
Zero trust architecture — It’s a term that is used so much that it’s almost tired by now. But here’s my feeling, having worked on three bank projects recently:
For a bank, adopting zero trust is like ditching dial-up for fiber optic. This is not plug-and-play; this is a complete overhaul. But the benefits? Worth it. We shrunk attack surfaces and made traversing within networks near impossible for attackers.
But, crucially, providing a zero-trust experience doesn’t have to add more friction for end users. It’s a difficult trade-off — and I don’t believe the claim that security has to be painful to work. Not even close. Security that impedes business is security that’s going to lose.
I just returned from DefCon — still full of ideas and perhaps some jet lag, too. The hardware hacking village is a toy box where secure-seeming devices see their clothes torn off (respectfully), plugged-in backwards, and prodded until their secrets are laid bare. It was seeing hackers attack microcontrollers, sniff I2C buses, and circumvent physical security that made me remember this: every single thing is vulnerable, unless you expect it.
Here’s one takeaway for business leaders: It’s not just about software security — you need to consider hardware, too. Your firewalls, routers and servers are not just pieces of boxes collecting dust. That supply chain and the physical security around your equipment could be the weakest link.
There’s a couple things you definitely want to keep an eye on:
I’ll be honest, I continue to be completely mystified by password policies. The repetition of that forced complexity with randomly selected symbols and length? Please. You don’t want to end up causing your users to write their passwords on sticky notes, because they’re too complex to remember.
It would be better to use a passphrase model instead — like thinking of a sentence or the lyrics to a song. Namely, so easy to remember! and so hard for a hacker to crack. And please — halt the arbitrary expiration policies! Resetting passwords every 30 days has no value unless you believe (or know) your password has been compromised. It merely trains users to choose weaker passwords or write them down.
And when somebody says ‘But we need it for compliance’ I say—compliance is the minimum security. Minimum isn’t enough.
I began as a network admin, way down in the weeds with voice and data multiplexing, and I’ve watched the vistas shift from bare wires to threat ecosystems. It’s like watching a classic car grow into a modern beast of a machine with electronics inside you don’t even really understand. But the central tenets of maintenance, vigilance and the importance of knowing how things fit together—those never go away.
I own my own company so I can take all of these hard lessons and focus on what works, not just what looks good on paper.
Cybersecurity is an ever-evolving target and if you think you’ve finished, you’re already behind. The distance from managing PSTN muxes to zero trust, from Slammer worm wake-up calls to gossiping over hardware hacks at DefCon, is evidence of that.
As you no doubt know, your security is only as good as your weakest link — hardware, software, human error — and, yes, those password policies you mutter about under your breath.
So here is my counsel — don’t just settle for compliance. Don’t just buy into the AI hype until you’ve dug deep. It’s about the basics–focusing on zero trust, actual zero trust and not just the buzzword, across all layers, from physical to virtual.
Besides — what do you need, a partner who’s been in this game at least as long as your modem was a 56k tone song? Because cybersecurity is not just work for me — it’s a caffeinated obsession.
Ok, my fourth coffee, let’s do this.
