0
Get A Free Quote

No Title

  • 11 August, 2025
  • No Comments

Reflections on Cybersecurity: From DefCon to Zero-Trust and Beyond

Instead here I am, at my desk with the third coffee on hand– and still buzzing over everything we saw in DefCon’s hardware hacking village –pondering just how much has changed in cybersecurity since I first cut my teeth as a network admin back in ’93. That’s right—so long ago that I was already waist-deep in multiplexers sending voice and data waltzing neatly down the PSTN before a good part of you had even figured out what ‘the internet’ was. Those were the days.

Then in 2003, along came the Slammer worm and made us all realize just how solid our networks were — if you thought they were stable before then! I can recall nights where I holed up in a systems troubleshooting loop attempting to patch all the things as fast as I could while the worm spread quicker than fire in Redwood National Park. The experience alone changed my view on cybersecurity. Not as one- time patchwork or firewall configurations but as ongoing, deliberate exercise.

Skip forward a few decades, I now own my own cybersecurity company — P J Networks Pvt Ltd. — where we have been up to our eyebrows in large-scale zero-trust architecture implementations at three major banks the last several months. Zero-trust is more than just a buzzword, and I can attest to this sentiment. It is relentless confirmation; No one gets a free pass anymore. Regardless of how secure you thought your network was yesterday, trust absolutely nothing.

How Real Experience Trumps SEO Snake Oil

Look, I get it. The industry loves its fresh buzzwords — especially the AI-powered crowd. This expression makes me raise an eyebrow, every time. Then AI could help us—but it’s not a silver bullet. There is a security angle to AI, but anyone peddling that as your messiah in reality has something they want to con you into buying…which probably isn’t what you need.

But the thing is: Security is like a construct with certain fundamentals. These principles have not changed since my earliest days in dealing with dial-up and PSTN multiplexers through the Slammer worms.

  • Network visibility is king. Can’t protect your traffic and devices if you don’t see yourself.
  • Patch management is non-negotiable. In the case of Slammer, it was successful last year – because organizations ignored for too long.
  • User security awareness is your best defense Humans mess up. Always. Train them.

Banking on Zero-Trust Architecture

Recently I was helping out three banks upgrade to Zero Trust. For the uninitiated, zero-trust nearly translates as never trust; always verify. It is a mentality — one that forms the basis for a technical mindset called assume breach.

Some key takeaways:

  • Micro-segmentation is your friend. Workload isolation: indicative of micro-segmentation which minimizes lateral movement in case of an attack.
  • MFA is not optional when it comes to cyber security. Even so, I still come across clients who simply view it as a pain point.
  • Continuous monitoring rocks. Manual audits? Old-school. You want real-time insights.

Building this for banks has only made me realize more than ever its not just tech. A lack of culture, management buy-in, and consistency will break your zero-trust journey.

Bottom Line: The Most Important Information Right Now

If I understand your business and you’re pressed for time, here is the punchlist of what you can do today to improve security:

  • Start with a network audit. Understand what devices, users and dataüBERUV devicesANGEO.users.datatables;;
  • Deploy MFA every ~where~, and to everyone No excuses.
  • Patch everything you possibly can – don’t be the next company impacted by Slammer 2.0
  • Reduce user privileges according to roles. No one gets the keys to the entire kingdom.
  • Invest in tools for continuous monitoring (not just logging but also active alerting).

Some Fond Memories, and a Small Rant

I occasionally reminisce upon the vintage console screens for network routers. Green text on a black background, dirt simple. But you could just look and you always knew. Now? So its all buried under those fancy GUIs and dashboards filled with graphs and charts — which are super cool, until they become overwhelming. Give it Context: Similar to cooking up a dish and over-doing your spices.

Cooking a curry is the one cooking that everything just needs to be mixed add ons top and simmer, security is much like that. It takes the right spices,fresh veggies,timing and a lot of simmer’s patience. Adding an AI seasoning to the concoction just for the sake of it, but if your base is not solid your meal will still suck!

Of the same subject — password policies All of us have a tendency to overthink on them unnecessarily. Complex passwords, changed often, and inclusive of upper/lower case letters with symbols is the cyber version of salting your meal to a dangerous level. Which of course results in users writing their password down on a sticky note and sticking it under their keyboard. I have an idea, focus more on length then complexity and secure it with MFA. Both your users and your security will thank you.

That DefCon Buzz

Recently returned from DefCon, and I found the hardware hacking village nightly mesmerizing. After watching experts open up literally any device you can imagine with a scalpel-like accuracy then discover exploits in what the average joe would view as being locked down appliances — it was a reality check: “OK, so your firewall may be fire-proof but if this tiny piece of hardware (which could be like an IoT camera or badge scanner) is using technology developed by n00bs, you’re essentially screwed.

Business hardware security is often neglected. Hardware has become a bigger target, but the conversation always revolves around software patches and user training. We get started in this space at P J Networks. Well, in the “hybrid world” of today server, routers and firewalls plus IoT all need to work together so the security must be end-to-end.

My Advice? He Is Always Taught_Be Driven as a Classic

Take an old Ambassador for a spin on the mad lanes of Mumbai? No power steering, no airbags. You had to be alert. That car demanded constant attention. Same with cybersecurity:

  • Your defenses can’t be auto-piloted.
  • This is not simply going out to buy some shiny new gizmo.
  • You gotta stay on guard 24/7 and not just when everything goes to shit.

But the good news is that tools today are better than ever. If you implement managed NOC services, next-gen firewalls, robotic servers and routers that are smart enough to defend themselves then you will sleep better at night, but only if they were installed with integrity.

But never get complacent.

Final Thoughts

The one constant across my over 30 years of networking and security — from the EPO days through Slammer madness, zero-trust evolutions, and now the front lines of hardware security — is this:

Cybersecurity is not a destination, but rather a journey Sometimes draining, sometimes exciting, always changing.

So to you, from my 3 cups of coffee deep brain, I say :

Do not only follow the latest trends of buzzwords Leverage it for yourself, know your tools and armory when you start forming defenses. Decisions based on your prior experience, not flashy marketing. After all, your security is only as strong as the weakest link.

Well, here’s a little secret — sometimes that weak link is a piece of hardware you did not lock up, or it is a password policy that was too difficult.

Stay sharp. Stay curious.

Until next coffee,
—Sanjay Seth

DefCon Hardware Hacking Village

Leave a Reply

Your email address will not be published. Required fields are marked *

Categories

Let’s Talk About How Can Help You Securely Advance

Get A Free Quote