0
Get A Free Quote

No Title

  • 01 September, 2025
  • No Comments

Reflections on Cybersecurity: From 1993 Network Admin to Today’s Zero Trust Era

I’m sitting at my desk—third coffee of the day is now in full effect—and considering just how much has changed in the cybersecurity world since I joined as a network admin in 1993. Yeah, 1993. Before we were even all talkin’ about this newfangled PSTN (public switched telephone network) thingy’ to mux voice and data — gaspaldo! That grind, of cabling, terminal, and the squall of continuous modem. That’s back in the day when the threat landscape was a different kind of animal altogether.

Then the Slammer worm happened in 2003 — zippy, dirty, instructive. I watched it happening live as it gutted networks, organization after organization deliberately kicked off the net for hours. Talk about a wakeup call.

Cut to today I have my own cybersecurity firm (P J Networks Pvt Ltd) and recently had the good fortune to contribute to the upgrade of three banks applying zero-trust architectures. Yes — zero trust is no longer some buzzword, it’s a requirement. But before we jump into that, let me tell you a little about how this journey colors the lens through which I view security now.

From Network Admin to Cybersecurity Consultant—The Trenches Teach Lessons

Then, it was all about physical access controls and firewall rules. Even harder when you had a bazillion physical endpoints all still talking to each other over legacy hardware. No cloud, no AI-infused gizmos we keep hearing about all over these days (and, well, I’m skeptical of them AI claims, lemme tell ya). Believe me, it’s not magic, it’s math, folks! You don’t get to call something genuinely secure simply because it’s “machine learning.” That’s marketing fluff.

When Slammer struck, it spread more quickly than any worm before it—taking advantage of a buffer overflow vulnerability in Microsoft SQL Server. The speed was unbelievable. Yet, is was a simple mistake: bad input validation. I switched from consulting patches to advising customers on what I thought might be a better path — waiting for disasters isn’t the answer.

That’s something that still affects the way I speak to businesses in terms of vulnerability management. It’s just like cooking — you don’t wait until everyone has gotten sick to clean the kitchen.” Patch early. Patch often. And don’t ever overlook the ordinary.

Zero Trust: It’s Not Only a Buzzword, It’s the Future

Those three bank matches were a stark reminder of how far we’ve come. They wanted full zero-trust architecture updates, which is always a great-sounding idea, until you dive into the weeds. Implementing zero trust means:

  • Checking every single request for access, regardless of where the request comes from.
  • Strongly restricting horizontal movement in the network.
  • Continuous monitoring and dynamic response.

But here’s the catch: zero trust isn’t just a bunch of new tech to throw on top. It’s an organizational mindset. You have to do a good job of identity verification, along with endpoint management, along with network segmentation.

And — I’ll be honest here — rolling this out at scale sometimes seems akin to trying to change gears in a moving car while changing the tires. Tricky, but doable.

DefCon and the Hardware Hacking Village – What’s There and Why It Still Matters

I just got back from DefCon last week – came out buzzing from the hardware hacking village. There’s something to be said about watching hackers crack open consumer devices with oscilloscopes, soldering irons, and a whole lot of ingenuity. Everyone is always talking about software vulnerabilities, and they ignore that hardware can be flawed, too, and is maybe even more vulnerable.

Think of it as buying a car. You don’t just care how good the GPS system is (software) but that your brakes (hardware) don’t fail. At the village, we were seeing everything from tiny IoT devices to industrial controllers being compromised. On the spot. Exposing actual risks that companies all too often neglect because hardware is “set it and forget it.” Nope. Not anymore.

Quick Take: What You Definitely Need to Do Right Now

Allow me to serve up some rapid hits for busy decision-makers:

  • Patch Management: Don’t delay. Patch your key systems before attackers discover your unpatched exploits.
  • Zero Trust Foundations: Begin with identity and access management. Without strong identity verification, zero trust is just an empty buzzword.
  • Device Protection: Perform regular security checks on physical devices. Just because it’s ‘legacy,’ doesn’t make it safe.
  • Training: Your people are your first line of defense — and often your weakest link.

Password Policies – This Is A Rant But It Matters

The thing about passwords is, they stink. I’ve seen companies put 12-character rules with symbols, numbers, caps — and then users went ahead and wrote them on sticky notes. Or, worse, cycle through shitty, small passwords like car makes (‘Mustang2024!’).

But an enterprise can’t be safeguarded by password policies alone. For now it’s this — tell me that your password’s so complex you forget it instantly, and you’re probably causing more risk.

So, what’s the answer?

  • Use multi-factor authentication (MFA). I wish I could tattoo that on every keyboard.
  • Adopt password managers. They’re not perfect, but they’re better than Post-It notes.
  • And quit making users change their passwords regularly unless you have evidence that their password has been compromised.

Legacy Tech Still Haunts Us

I confess — there’s a piece of me that gets a little misty-eyed about the good old days. Remember when routers didn’t all come with 100 security settings? You just had to trust your perimeter firewall, most of the time. But — and here’s a harsh reality — many organizations continue to use lots of legacy hardware even today.

That’s like driving a 1970s muscle car on the freeway with no airbags because the car is vintage.

Now, I’m not advocating that you rip and replace everything yesterday, but if you’re still running critical networks on unsupported routers or firewalls, you’re just asking for trouble.

Changed Managed Firewalls and Routers and NOC and Servers – All Inclusive Mentality

One thing I’ve learned from running P J Networks is that there’s no longer any one-size-fits-all solution. Organizations require managed network operations centers (NOC) in tandem with intelligent firewall policies, solid connectivity end-to-end, and current routers. Here’s why:

  • Supervised NOC: They monitor proactively to not let the anomalies grow.
  • Firewalls: Not your father’s old ‘block or allow’ – today’s firewalls share info and work with threat intel.
  • Servers & Routers: Keep them lean/tight, patched/up-to-date otherwise they will serve as the entrance.

Together, all of those pieces add up to a security posture that is both durable and requires adaptation. Waiting for the next big breach to do something? Not a strategy. It’s playing with fire.

Final Thoughts—And Some Cautions

I’ll leave you with this: Cybersecurity isn’t a destination; it’s a journey. Since those early days of mixing voice and data over PSTN lines, through the horror of Slammer to the intricate dance of zero trust—my advice has never changed. Stay vigilant. Skepticism the marketing hype — particularly the AI-powered claims that seem too good to be true. And never underestimate the basics.

It’s simple to get hopelessly lost, but don’t forget — security is as much about people as it is about technology. Train your teams, empower your users, and make sure your systems are patched and segmented. Because the bad guys sure as hell aren’t going to wait for your coffee to start working.

And. That’s when you have to be ready.”

—Sanjay Seth

Cybersecurity reflection at P J Networks

Leave a Reply

Your email address will not be published. Required fields are marked *

Categories

Let’s Talk About How Can Help You Securely Advance

Get A Free Quote