- Join Our Company
- Email: sales@pjnetworks.com
- Phone: +91-9818361787
And here I am now, like third coffee-into-me sitting at my desk — Still vibing off that recent DefCon trip (hardware hacking village? Mind-blowing stuff—more on that later). Been doing this cybersecurity thing since the early 2000s But that was far from the beginning of my path— that would go back to ‘93 as an admin. Yup – those same days that I was fighting PSTN muxes trying to get voice and data to play nice together. Sometimes I miss simplicity — unless you count Slammer worm, which was when things were low point, I think, balance wise.” Anyway, enough nostalgia. Here’s a dose of tough love on security, zero-trust and why your shiny AI-powered security tool just might not be the miraculous salve you think it is.
Getting into administration of networks in 1993 was a world where security was really not built in. You wired up routing and crossed your fingers. Firewalls? They were as a fancy feature for enterprise networks, with few people actually understanding them. Now, let’s fast forward to 2003, but what comes crashing down was Slammer worm, an eight-inch data bomb showing us all vulnerability can happen at the speed of light. I remember spending the night patching servers in a server room with my hair standing on end just to keep the worm from jumping the perimeter.
Skip forward some more, and I’m running my own company, which is heavily focused on cybersecurity — but not forgetting your roots. I’ve just completed working with three banks to completely overhaul their zero-trust architecture. And we wanna tell you, zero-trust isn’t just a buzzword you throw around in board meetings. It’s a change in mindset — a radical rethinking of what ‘trust’ looks like on your network.
With zero trust, it Is possible to trick everyone, and everyone definitely says they are doing it. But the most stumble on execution. Too many orgs slap hard MFA on it and call it a day while leaving the real estate—devices, network segments, internal traffic—wide open.”
Zero trust is never trust anything within your perimeter.
It’s petty, it’s small, it’s relentless. This means:
As I worked on those banks’ zero-trust upgrades, I kind of forgot how complex it can all become — particularly in old, crusty environments. Servers that should have been decommissioned years ago.”&npjefmag=e]{H’H`@servers – Those were the days, my friend.nBTTag=t_AXEM0]H<H&WQl_wsxMBpi{:I@routers – “It seems like only yesterdaynType=journal_articles&D2@1=_M^gM76ZXugdNytRumrQgyFrXfUX7xENV0G3ktr<H5OjIv9G}aN&voor=91c&publicationid=J88&hyperref=glfwf.1972.i0.hyperref&Descriptionmep=STYPE=1&T3=46H15`04!zq<LscgiDC27aROP/j300~v&)journalsearch_csv=JournalTitleMep%20Archive?cas_issn=STG_00381709_153STGDPFelementUrl_v=STG_00381709_153STGDPFelementUrl_ec=STG&cookieSet=1&cookie=32UK&type=0&pos=H&type=0&ref=Type%3Djournal_articles&D2@0=_M^RBjBWWA_af3NJLngUt1gh25aZs8uKmGvZy&voor=91c&publicationid=J88&hyperref=glfwf.1972.i0.hyperref&Descriptionglfwf=gle: journal articles&voor=32UK t\xaaouters, noisy firewalls and servers that should have been turned off years ago.
DA3.00113.nii30177.servers – Those were the days, my friend. The trick? Incremental deployment. Don’t try to boil the ocean. Map your crown jewels, and secure those first.
Just returned from DefCon, and I had to share – if you ever want to have your mind absolutely blown, the hardware hacking village is where it’s at. For hours, I watched pimpled people disassembling old routers and embedded devices, making the case that security by obscurity had been taken out and shot. (Yes, even your swanky IoT gizmos are vulnerable if you’re leaving debug ports open or have not changed the default passwords — but that’s a rant for another day.)
Here’s an item from the village:
The devices are like cars; you would not drive without being able to lock the doors and windows. Everything is an Equal Network Gadget.
Once there is physical access, it compromises you that no other firewall or AI algorithm can protect you from. And that’s why operating a full-service managed NOC with hands-on checks beats a software-only model.
If I had a rupee for every time I’ve been told “our password policy needs a symbol, a number, an uppercase, a lowercase, a smoke signal”…I could buy my coffee in gold mugs. Honestly, here’s my unpopular opinion: having complex password policies often weakens security because users will either write them down or use something as easy-to-guess pattern.
My advice?
And no, changing passwords every 30 days? That’s a dated taxi (pun intended) from the ’90s. Do not rotate your position unless you believe you have been breached.
Automated tools are wonderful, but never substitute for human intuition.
Reflecting on my career from the days of setting up networks to the days of managing P J Networks Pvt Ltd, the theme that “the only thing certain is change” is the singing anthem. But some things are hard to change, threat actors evolving, users erring and technology which so often promises silver bullets but never quite delivers alone.
Remember, cybersecurity is not just about tech—it is a game about people, a game about mindset, and a game about hustling all the time.
So, whether you’re just dipping a toe into zero trust, dealing with legacy gear or contemplating your next firewall upgrade, here’s what you should do: stay curious, stay skeptical and keep learning.
After all, the day we stop asking questions is the day we cease to be safe in our networks.
And now if you’ll excuse me, I need to go figure out my next coffee — because the life of the job is never done.
—Sanjay Seth, P J Networks Pvt Ltd
