- Join Our Company
- Email: sales@pjnetworks.com
- Phone: +91-9818361787
I am here at my desk, 3rd coffee of the night currently in hand and wiiiired the fuck up after just returning from DefCon’s hardware hacking village (video to come). However — having worked in this field since the early 2000s (even earlier if you count my knee-deep-in-as-a-network-admin back in ’93-era, juggling voice and data over PSTN lines), there are some real-world learnings that aren’t always mentioned in blog posts or glossy vendor pitches. I want to talk about some of those ones—unpolished and unedited.
I was the one in ’93 who dogfood-ed office phone systems with the data networks. There was no fancy cloud, no hype—just wires and switches and a bunch of manual labor. And let me tell you, that move to IP was quite a scene it stirring, aggravating and damn informative as well.
The basics — never change seem to change some, but the. Back then debugging was like making a souffle without a recipe — you had to look for the smoke. And today? Complexity has increased, but so have the threats. Our networking roots are haunting us where one misconfigured mux could drop calls, today a misplaced firewall rule can breach the limit.
I am a 2003 Survivor of one of the most notorious worms in history – Slammer This worm? A frontline weapon of microseconds, prancing through networks and ravaging critical infrastructure.
I remember the panic. All of a sudden, systems were unreachable and databases crashing and the phone lines were ringing off the hook. One of the clearest things it reinforced is this —speed counts. The speed of defensive measures need to be faster than the exploitation capabilities of attacker.
But, oh man do I have a thing I learned from those days.
For example, The Slammer worm taught me well what a zero-trust security model embodies and how until very recently most organizations thought any of it as a nice-to-have upgrade.
Fast forward to last year: I migrated zero-trust architecture for three of the largest banks. This is my opinion: if you’re relying on perimeter-based models, you are fighting a losing battle against unfair odds.
Security is in General Released : Security in nature has always been the quickest to adhere and follow by the banks histornically. But even they struggle with:
The successful projects had some key things in common:
One of the attendees from a bank was very skeptical about Zero Trusts which they dismissed as yet another buzzword. I get it—cynicism is healthy. They were skeptical until their first phishing and ransomware events; then they soon changed their tune.
Spent all weekend in the hardware hacking village at DefCon A room filled up with engineers and hackers ripping apart IoT devices, routers IOCs (not Indicators of Compromise) not to mention even hacking proficiency in car ECUs, is quite the show if that has eluded you till now.
And to make matters worse, hardware vulnerabilities often bypass all your software defenses. Which means — the network stack, firewall rules, IDS…they don’t mean squat when a hacker can simply flip a switch and change things inside the very device.
It was like one old analogy I love which says your firewall is a gate you have at the entrance to a gated community. But what happens when your attackers discover a secret entrance in the form of a garage or corner window at the basement? The alleged hardware hacking was that non-obvious basement window.
The hardware hacking villages, for instance is a bitter reminder that security encompasses;
The number of organisations that totally overlook this vector slightly, worries me.
The truth is — password policies are BAD. Either that, or you have someone at an organization imposing complicated rules that force users to write down their passwords, or use common patterns.
Everyone: Just sprinkle AI into password managers! and I get skeptical. AI-powered this, AI-powered that. I remain unconvinced until there is a new set of tools which prove they do not just add complexity with no gain in security.
What I recommend instead:
Instead of a blanket policy like ‘change your password every 30 days, beep’], look for stimulus and user behavior due to passord event}.
Ah — the password policy debates will rage on forever. But honestly, optimize for security while minimizing friction. The users are not your adversary; they should be part of your light cavalry helping you against the enemy.
Ever since P J Networks Pvt Ltd was invented and procedurally introduced, I have witnessed many attacks as well defenses live in front of me. Providing security consultancy from SMBs through to banks, I have seen many things fail and succeed.
Clients have said to me in the past that they don’t know where to start as they are getting inundated by all this security crap that promises them the world. There is, however, a dirty secret… there is no silver bullet. Security is multi-layered.
That means:
Sometimes I find myself reminiscing about the good ol days when a silent line on the network meant that all was smooth sailing. And yet, the threats of today are both incredibly pervasive and, at times, nearly impossible to see.
It makes me sound a bit old-fashioned. I do not use AI buzzwords to handwave solutions. Which is why I lean so much more on proven foundations, way too many years of experience and yes, some gut feeling.
Cybersecurity isn’t just technical—it’s human. The intersection of securing data and ensuring business availability. And if I have my learning from all these decades right, it tells me that the answer is to be curious yourself — and to stay humble.
So, there you have it — insights back from the coalface of cybersecurity, I hope these are helpful as you move through your own security woes.
Oh, and keep your third cup of coffee brewing. What was simple and well-understood before is about to become very, very ugly.
