0
Get A Free Quote

No Title

  • 04 September, 2025
  • No Comments

The Evolution of Cybersecurity: From PSTN to Zero Trust and Hardware Hacking

As I sit at my desk after my third cup of coffee today (yes, that’s probably too much caffeine), I’m reflecting on how much the landscape has changed in cyber security since I first cut my teeth in the business as a network admin back in 1993. At the time, I was in charge of the network muxes for voice and data over PSTN lines. It was simpler, or so we thought. Security? Actually, we didn’t even call it that. But there was this tinge of danger, like a fizzle with a long fuse.

Fast forward to today, I’m managing my own cybersecurity firm, advising clients to navigate the intricate nature of modern threats. Up until just recently, I’d closed out work with three banks modernizing their zero-trust architecture — a world away from those old PSTN times. Oh, and I just returned from DefCon; I am all about the hardware hacking right now. It’s hard to beat Q&A with the greatest hackers on the planet as a way to remind yourself why this job is never dull.

Why Real Experience Matters

It’s easy to spew buzzwords or grab a hold of flashy marketing terms — AI this, zero trust that. But here’s the thing: as I lived through gut punching early internet worms and how we’ve transformed into today’s threat landscape, I learned what works and what’s all hoopla. Consider the Slammer worm: I recall its worldwide explosion through the Internet back in January 2003, attacking SQL Servers worldwide as if it were a giant tsunami, and at Internet speeds. It served as a wake-up call that resulted in serious lock downs on my networks back in the day — stuff I still consider when architecting modern defenses.

And let’s be real, all the fancy shmancy dashboard stuff does not substitute for cold, hard experience. Knowing how attackers think, where they tend to poke, and how infrastructure actually behaves under attack is not something that can be faked. It’s like you’re trying to tune up a classic car and you don’t have any idea what the roar of the engine sounds like — you just don’t get it.

Zero Trust in Action- A Real-World Example

Assisting three banks with zero trust migrations was an eye opener. Everyone yammers on about zero trust as if it were a checked box on a compliance form — nope, it’s a mindset shift.

These were places with legacy systems — you know the sort — monoliths stuck together with duct tape and prayers. They yearned for better segmentation, identity verification on steroids and more granular access controls. The result?

  • Dynamic access policies. No more wide-open internal networks.
  • Multi-factor authentication everywhere. Because passwords by themselves are trash — more on that in a minute.
  • Continuous monitoring and analytics. No resting on laurels.

But zero trust isn’t just about tech. It’s also about culture, process and buy-in from all stakeholders. If your users think zero trust is a pain, then you’ve already lost the game.

Quick Take — Here’s What You Need to Know:

  • Legacy infrastructure can frequently undermine your best security policies.
  • Trust, but verify continuously — trust nothing and no one, even your systems.
  • MFA isn’t just an option anymore — but don’t get suckered into SMS-based second factors; they’re not secure enough.
  • Monitoring is not a set-it-and-forget-it proposition. It requires the right people to know what to look for.
  • Anyone can be a hacker, even with hardware and the vulnerability can impact anything.

PSTN to Modern Networks – The Ghost of Networks Past

I can still recall spending nights swapping voice and data muxes over PSTN lines –– the means of communication before the days of broadband. These legacy systems turned out to be surprisingly robust — but they also didn’t have a care in the world about today’s threats.

When Slammer struck, networks seized up in minutes. I’ll never forget the panic of seeing systems grind to a crawl. That worm took advantage of a known SQL server vulnerability — a reminder that patching and defense in depth aren’t buzzwords, they’re life savers.

That experience changed the way I think about risk:

  • Patch early and often. Ignorance is expensive.
  • Defense in depth is not optional. Multiple layers translate to more work for attackers.
  • Legacy systems are liabilities. If you’re still operating something with roots in the ancient world, you’re a target.

Password Policies — Allow Me to Vent Why is everyone so afraid this?

Passwords. Oh boy. I’ve lost track of how many organizations I’ve seen requiring an abstruse password — and then users write it on a post-it or enter the same old tired passphrase again and again.

Here’s the truth:

A strong password complexity requirement that doesn’t have any good support just ends up frustrating people — and that tends to be the enemy of all good security.

What I would rather you do:

  • Pay Attention to Length, Not Complexity. Also up for discussion: A long, memorable phrase is better than a 15-character salad of letters and characters.
  • Employ password managers — no more making people remember anything.
  • Train your team about phishing — far too often the weakest link.
  • Use MFA liberally (though not SMS as a second factor again).

Your security is only as strong as its weakest link — and often enough, that’s poor password hygiene.

Hardware Hacking – The Unheard Of Battlefield

So I just got back from the hardware hacking village at DefCon, and it was awesome. Look, we all love software vulnerabilities — but the physical is where attackers can sneak sometimes and before you know it they’re wrigglin’ all up in your business.

I’ve seen everything from RFID relay hijinks to clever side-channel leaks on devices that were supposedly secure. It reiterated a key point that:

  • Your physical assets need to be protected just as much as your servers and cloud workloads.
  • Hardware vectors must be considered in security audits (eg IOT devices and peripherals).
  • Don’t imagine software is the wild frontier here — your risk surface extends to chips, cables, even power supplies.

So Where Does That Leave Us?

Because, for all those PSTN mornings to zero trust nights, all these years later, I’ve learned something: Cybersecurity is less about striking silver bullets and more about constantly implementing smart practices. Whether it’s the basics such as firewalls, managed NOC services, routers and servers, or endpoint protection, there is no substitution for the basics!

Remember:

  • Always be skeptical of the AI-fueled hype — neat tech, sure, but do not believe the claims without evidence!
  • Buy from people who understand your business and the growing threat environment.
  • Keep an eagle eye on those legacy systems — they can be Trojan horses.
  • Talk to your users, not just your tech teams. Security is everyone’s job.

I’d be lying if I said I didn’t miss a million things the first time (or the hundredth). But every stumble, worm infestation and sleepless night makes every success all the sweeter.

Keep your eyes peeled, stay curious — and keep the coffee flowing.

Cybersecurity illustration

Leave a Reply

Your email address will not be published. Required fields are marked *

Categories

Let’s Talk About How Can Help You Securely Advance

Get A Free Quote