0
Get A Free Quote

No Title

  • 28 August, 2025
  • No Comments

Reflections on Cybersecurity: From PSTN Multiplexers to Zero-Trust Architecture

It’s a little past the middle of the morning here, and I’m sitting in my chair at my desk, out back, my third cup of coffee resting on my deskstand (which I’m using now), strong enough to keep me buzzing but not strong enough to shake the caffeine, as I sort through the morning writing and such.

I’ve been in this game a while. I cut my teeth as a network admin in 1993, the era in which dialing into your office network was equal parts patience and technical knowledge. PSTN muxes (those multiplexers that combined voice and data over the telephone lines of old—they date from the early 1990s) were my bread and butter. And let me tell you, those were some resilience-inducing days, because each byte you sent had to be whispered oh-so-carefully across some of the most brittle pipes you could possibly imagine.

And let’s jump ahead to now, having personally lived through storms like Slammer worm (yes that worm from 2003 from which we couldn’t recover for HEAVY minutes worldwide – crazy times but wow) Now, I have my own security agency, P J Networks Pvt Ltd. We manage everything from network operations centers to firewall, server, and router security—all part of that whole security pie businesses require in a world that has new risks appearing faster than your average car coming down the highway.

Why Cybersecurity Is the Most Exciting Career

Writing about cybersecurity is like looking for a criminal and knowing the suspect.

Here’s the thing: it can be tempting to become distracted (and even to believe) in buzzwords like zero-trust or AI-powered solutions (don’t even get me started on that last one — I’m, in general, a non-believer in the snake-oil sales of solutions that are pushing AI as a silver bullet; it’s NOT magic). In my opinion, real-life cases are the best consultation and solutions, not a presentation or marketing brochure.

Three banks recently hired my team and me to develop their zero-trust architecture. Zero trust, let me tell you, is really not just a new sexy buzzword. It is a fundamentally new mindset. It’s the equivalent of going from a classic gasoline car to an electric car. Oh sure –– both may get you from Point A to Point B, however your fuelling, your maintenance, heck even the experience behind the wheel is different.

What Zero-Trustin’ Actually Looks Like

  • Never trust any device or user by default, ever. Verification Verification is required for every transaction, request and connections.
  • Leverage micro-segmentation to create “zones” in your network that contain breaches if they occur.
  • Strong identity verification — not only passwords, but multi-factor authentication (MFA). If’ you believe periodic forced password resets are improving security, I’m sorry to say you are mistaken— they only make things worse. Regular forced resets prompt users to reuse passwords or to write them down. (Yeah, I’m a little cranky about password policy, but it’s a hill I’ll have to die on.)
  • Ongoing watch, not set it and forget it.

So if your security framework doesn’t reflect these, you’re effectively leaving the backdoor open with a welcome mat.

What I Learned in the Hardware Hacking Village at DefCon

I just returned from DefCon and am on a bit of buzz – and no, not just that jetlag effect. I saw the hardware hacking village and it was mind blowing watching people tear into the stuff you use everyday and demonstrate how an innocent IoT device can become an espionage device in your living room or office without you even knowing it.

Here’s a stark reminder that software patches are only half the battle. I have seen companies spend a king’s ransom on software defenses only to find themselves blindsided because their hardware was not designed with security in mind.

A favorite sample I remember: a router I tested that, when turned on, had a debug port wide open right out of the box. This is not supposed to happen, but it does, because in the world of manufacturing they rush things. That means someone with physical access could just ignore the lot of it and go to town.

What This Means for Businesses

It’s not just a matter of software for your infrastructure anymore. Treat your hardware as akin to the foundation of a house. And if it is weak, everything else crumbles. And when I am consulting and trying to get really comfortable with companies’ problems, I will push for:

  • Comprehensive hardware audits
  • Limiting physical access to network equipment (servers, routers, switches)
  • Rule-based approach for vendor vettings; only use hardware from vendors who value security

And I say that fully knowing that some organizations still see physical security as a “nice to have.” Not anymore. It’s mission-critical.

Reflections from the Early Days — Stuff I’ve learned since 1993

It was the first few years of my life that taught me more than text books ever could. PSTN multiplexers were my first introduction to operational patience and troubleshooting, and how small things can lead to big outages (and how it taught me some humility). “I would mis-remember passwords, lock folks out, mess up routing tables. But you learn. You pivot.

Once, during a large core network refresh we missed updating firmware on a relatively unimportant core switch. It caused sporadic outages that took hours to troubleshoot. Painful—but invaluable experience.

Security isn’t about perfection. It’s about resilience

You can havethe fancy tools, but if your team isn’t rehearsing, testing and learning from REAL incidents, you’re just playing with toys.

Quick Take: What I’d Tell Any Business Now

  • Quit pretending defense at the 3-point line will cut it. It’s gone; perimeter is porous.
  • Multi-factor authentication (MFA) is not optional.
  • Patch early, patch often — but verify patches don’t break shit.
  • And don’t forget about insider threats, as people mess up or get phished.

Build a security culture — not just policies on paper

Most importantly—invest in regular audits. And not just checklists of compliance, but full, hands-on security assessments.

Final Thoughts (After That Third Coffee… )

Each decade has had its ‘big thing’ in cyber security — from worms, such as Slammer, to ransomware today. The basic principle is still the same, though: Trust no one, verify everything, and always be prepared for the unexpected.

And hey, if this post steered you away from even one little slipup, my day is complete.

Here’s to secure networks (and maybe an extra cup of coffee). Cheers!

Sanjay Seth
Cybersecurity Consultant
P J Networks Pvt Ltd

Cybersecurity Consultant Sanjay Seth

Leave a Reply

Your email address will not be published. Required fields are marked *

Categories

Let’s Talk About How Can Help You Securely Advance

Get A Free Quote