0
Get A Free Quote

No Title

  • 29 August, 2025
  • No Comments

Reflecting on Cybersecurity: From Dial-Up to Zero Trust

A little jittery — OK, I’m on my third cup of coffee — I’m sitting here at my desk waxing nostalgic, and looking back at how far we have come in the world of cybersecurity since I began my career as a network admin in 1993. That year, I was hip-deep wiring multiplexers for voice and data on PSTN lines, working out the warts of dial-up and slow, clunky connections. And if you had asked me what a ‘worm’ was back then — I’d pointed to one in the garden, not some malicious code gnawing through our networks. Fast forward to the early 2000s and the arrival of the Slammer worm — it was like a digital tsunami, surfing into unprotected networks across the globe and forcing IT professionals to reconsider everything they’d previously known about security.

Here’s the thing. Well, this is the experience that I bring to cybersecurity now–today at P J Networks, I run my own security company and I try to draw heavily from the mistakes I made as a way to help others avoid the same mistakes I made–and trust me, there are plenty. Last month alone, for instance, I helped three banks upgrade their zero-trust architectures, and I’m still riding the high from the hardware hacking village at DefCon.

But enough backstory. Let’s have a serious discussion of real cybersecurity, and why I think businesses — regardless of size — need to start being serious about it now.

The Slammer Worm: The Day that Changed the World

When Slammer struck in 2003, most of us in the trenches began to fully understand just how wan our networks actually were. Slammer spread like the plague, leaping on SQL vulnerabilities in minutes and bringing down huge swaths of the internet. My team rushed to close up vulnerable servers, but the worm demonstrated something critical: perimeter security is no longer enough.

You’re building a castle with a moat, and you leave the back door open. You can no longer just depend on firewalls and antivirus. That’s when the seed of zero trust began germinating — even if the term wasn’t coined back then.

Zero Trust is Not Only a Buzzword

I’ve been assisting three banks to deploy zero-trust architectures lately, and it’s very gratifying to see how far the concept has moved since the early 2000s. But here’s the thing: Zero trust is not a silver bullet. And any vendor that tells you it has a plug-and-play, AI-powered zero trust solution? Be skeptical. Sure, AI is amazing, but it’s not magic — it needs context, tuning, and yes sometimes even a heaping helping of humanity behind it all.

So what is zero trust? In other words — it’s the philosophy of never trust, always verify at work. That means:

  • Continuous verification of each device, user and connection
  • Network microsegmentation to limit the blast radius of a breach
  • Enforce least privilege access controls.
  • Watching all of it and logging for anomolies

Sounds complex? It is. But banks are doing it correctly by blending strong technical controls with clear policies and employee training.

The Hardware Hacking Village at DefCon Services Learned

I just came back from DefCon and I must say – the hardware hacking village was an eye opener. If you believe that cybersecurity is all about software, think again. There are still massive threats to guard against in terms of physical security — and hardware tampering. From pen testing IoT devices with nothing but a soldering iron, to abusing legacy routers and firewalls, the village showed me yet again the importance of scrutinizing everything.

Here’s why this is important for your business:

  • Firewalls and routers are not magical black boxes. Physical proximity can equate to total domination.
  • Legacy Systems May Work, but They’re Often on Unsupported Firmware. That’s a ticking time bomb.
  • Managed NOC services (that’s Network Operations Centers, btw) can spot oddities early—but not if the hardware itself is compromised.

Oh, and yes, I am guilty of not considering hardware risks early in my career. Ain’t nothing like losing a week to troubleshooting because someone stuffed a rogue USB device into the server room!

Passwords: The Weakest Link? Absolutely.

I’m going to whine about this here — because it matters. Password rules are insane. And not in a meaning–cool way. Requiring Users to Change Their Passwords Every 30 Days? Terrible idea.

Passwords are like salt in cooking that way. Too little, and the dish is flat. Too much, and it’s inedible. If you make it too complex, your users will start writing it down on sticky notes, or typing Password123! with different combinations.

Here’s what works better:

  • promote passphrases — you know, a sentence, the sillier the better but still memorable
  • Use multi-factor authentication everywhere
  • Regularly educate users—not just once-a-year training

Old Tech, Nostalgia: Helpful, But Dangerous

I enjoy reminiscing about the glory days of networking — PSTN, dial-up modems, that delightful handshake of a 56k link. But nostalgia can also be a security risk. More than often, legacy systems sit in the back office, executing important functions but overlooked for upgrades or patches because it’s too risky to change it.

But here’s the risk: outdated systems = zero security updates = juicy target for attackers.

Don’t turn your infrastructure into a museum of relics because you’re scared of an upgrade. I have witnessed more breaches caused by old hardware than new zero-day vulnerabilities.

Practical Advice for Businesses Right Now

I’m often asked Sanjay, what’s the one thing I should fix today? There is no silver bullet, but if you don’t have much time or money, these are my quick tips:

  • Enable multi-factor authentication (MFA) everywhere
  • Segment your network—no more flat networks. It’s like putting the fire doors in your building.
  • Firewall and router firmware should be regularly audited and updated
  • Train your employees on phishing and social engineering — it’s still the No. 1 attack vector
  • Subscribe to a NOC service that will monitor your platforms around the clock and react quickly

Quick Take

For those juggling a million things in the air, here’s the TL;DR:

  • Slammer demonstrated that perimeter defenses were insufficient
  • Zero trust = never trust, always verify.
  • Hardware hacking is a thing, and it’s scary
  • Password policies suck. By lfarache # 4: Passphrases + MFA Instead of telling your users what can’t be in their passwords, why not tell them their passwords must be a certain length (finally, the longer the better) and then allow them to use whatever format they feel like using.? We do Passphrase, and then we and about half a bazillion others use MFA.
  • Ancient systems are dangerous—patch or perish
  • Outsource to Managed NOC to have early detection of threats

Why I Do What I Do (Even on Tired Days)

Some days it feels as if I’m fighting the same battles I fought back in the ’90s — bad configurations, missed patches, misplaced faith in AI-powered technologies. But each time a client finally nails their zero-trust policy or catches an attack early thanks to our managed services — it’s worth it. Because at the end of the day, security is not just about tech — it’s about people, and process, and a mental shift.

And hey, if you made it this far, thanks. Few want to read about ancient multiplexers or Slammer today but that is what counts. They remind us to keep on fighting.

Rushing home from work, grabbing that third coffee, and pondering why cybersecurity is a never-ending game… just know you’re not alone. We are all of us working it out, one patch, one policy, one network segment at a time.

Cybersecurity Image

Leave a Reply

Your email address will not be published. Required fields are marked *

Categories

Let’s Talk About How Can Help You Securely Advance

Get A Free Quote