PSTN to Zero-Trust: Reflections on 30 Years in Cybersecurity

It’s Sanjay Seth from P J Networks Pvt Ltd here, using that groaner to kickstart this blog post after just drinking my third coffee (you know, the kind that actually helps get your brain ticking). Been in this game since 1993. I was a lowly network admin back in the day when mux (that’s multiplexers for all you acronym lovers) and networking for voice and data were performed over good ol’ PSTN. And let me tell you, the days were dark back then.

Nearly three decades later, I’ve watched the landscape evolve immensely, survived the madness of Slammer worm-from the ground firsthand, and am now at the helm of my own private cybersecurity firm. I got my hands dirty overhauling zero-trust architecture for three banks recently — yup, field trips are dangerous when money’s involved. Also just returned from DefCon, I’m still coming down from the adrenaline at the hardware hacking village. So grab a seat. Let’s talk about real cybersecurity, not fairy tales, about the five things that you’ve got to do today to keep yourself safe: everything from firewalls to good habits, the big stuff and the little stuff.

True Stories That Influence How I Think About Cybersecurity

When you have been doing this as long as I have, you don’t just learn from books — you get schooled hard by real-world crises. The Slammer worm in 2003? It was a wake-up call like no other. One day, your network is humming along, the next it’s been reduced to a crawl under the weight of packets that are wriggling in through SQL vulnerabilities. Yes, we were that defenseless, even if we had the best firewalls at the time.

And it’s funny (or poignant) how the historical cycles repeat — maybe now at an accelerated click.

I still recall how those anxious calls came late at night — systems failing, damage control mode. zero-trust was sort of white papers and buzz talking. We thought perimeter defenses were sufficient. Ha! The last thing you want to do.

Fast forward to today, and I’ve assisted not one, not two, but three banks in migrating to zero-trust architectures. No longer could any of them afford to simply trust anyone who was in their network. Zero-trust isn’t just hype — it marks a monumental shift. You can think of your network like a car. In the ’90s, my go-to would have been, “Just lock your doors and pray no one hotwires it.” Now? We have biometric ignition, alarms, GPS trackers, even driver behavior monitors. Zero-trust presumes the worst and verifies everything.

Why Zero-Trust Is A Must-Have — Especially For Banks

Here’s the twist: Banks should be the obvious target. Their networks contain more keys than Fort Knox. Here’s what it would entail to shift them over to zero-trust architecture:

  • Termination of networks by way of micro-segmentation. No one roams free inside.
  • Each access, even from the inside, must be constantly verified.
  • Using tight least-privilege, meaning that users get only what they absolutely need, and nothing else.
  • Multi-factor authentication is not something you get to choose to do; it is now something you have to do.
  • Addition of live tracking and behavioral analytics to detect anomalies.

But — and this is where some sellers lose me — just slapping a AI-powered security label on something won’t do. I’m highly suspect of solutions heavy on AI buzzwords and light in substance. AI is not magic. It’s a matter of quality data feeding into smart rules with knowledgeable humans in the loop. Otherwise it’s just throwing spaghetti at the wall and seeing if something sticks.

The DefCon Buzz: Hardware Hacking is Still Relevant

I’m just back from DefCon, the hacker summer camp that’s half tech conference, half anxiety-inducing episode of a thriller. The hardware hacking village was mind-blowing — I saw some things that I wouldn’t have thought were vulnerable. I mean, if the chips, routers and servers themselves are corrupted, your nifty firewall is just doorman to a fortress with rotting walls.

I had a hoot watching people break in to seemingly “secure” devices with inexpensive equipment. And it brought me back to those primitive network configurations from the days of old —just some wires, broadcasting bits, but completely naked if wired incorrectly or left exposed to sniffers.

So, takeaway? Don’t forget about the flesh and blood physicality of your infrastructure.

Password Policies—My (Somewhat) Controversial Opinion

Okay, confession time. I complain about this more than perhaps I should. Passwords that are complex are good. But it doesn’t work to make people use convoluted strings they can’t remember. Here’s why:

  • You have to juggle “complex” passwords on post-it notes, which kind of defeats the point.
  • If you have to reset your password too often then you cycle through old passwords or choose something predictable.
  • Length > complexity in terms of passwords. There’s nothing that can trip you up like a short jumble of characters.

I like passphrases — easy to remember, hard to guess. Plus, when paired with MFA, that’s security gold.

Quick Take: What Every Business Needs to Do Now

Short on time? Here’s your TL;DR cheat-sheet, straight from my desk!

  • Forget perimeter-only defenses. Accelerate toward zero-trust by segmenting your network and verifying everything.
  • Invest in monitoring tools that deliver real-time visibility, not only reactive alerts.
  • Don’t trust AI-powered vendors — at least, not blindly. Ask for the evidence, rigorously test their solutions.
  • Keep your hardware refreshed. Just remember: a chain is only as strong as its weakest link (and in cybersecurity, the hardware is frequently the weak link).
  • Re-evaluate password procedures. Use passphrases and require MFA.
  • Train your teams. Humans, of course, are often the weakest link, but they’re also the best defense — if they know better.

What I Learned from Running My Own Security Firm

P J Networks has been a wild ride to run. It’s one thing to understand cybersecurity, it’s quite another to apply it in real companies subject to real constraints. Budgets, legacy systems, client politics, the works.

This has taught me that technology is as crucial as communication.

Businesses like plug and play solutions. But here’s the truth: Cybersecurity is a journey, not a product. It requires ongoing vigilance, updating, training and, most of all, a point of view change.

And if I have one piece of advice to consultants: each client is different, cater for everyone. Stop pushing cookie-cutter solutions Don’t try to solve the problem with the same thinking that created it in the first place. Know their business, their risks, and then craft a defense that fits like a glove.

The Router and Firewall Angle: Why They Remain your Frontline Heroes

There are two routers of my own making, one configured as a gateway, plus Cisco firewalls and more. Here’s why:

  • Routers have multiple jobs, not just traffic directing. They implement policies, look at packets and they generally have security built in.
  • Firewalls are the bouncers. But modern firewalls are doing all that and even more — deep packet inspection, intrusion detection/prevention, and integration with zero-trust frameworks.
  • You ignore those appliances and you might as well leave your back door wide open.

When I first began, setting up a firewall was nightmare. You were that guy, memorizing every IP and port. And today, with next-gen firewalls and SD-WANs and such, the landscape has expanded, however getting even more complex.

Final Thoughts: Security Is a Marathon, Not a Sprint

So finishing this (finally — my coffee is getting cold), here’s what I keep telling clients, and, YES, I’m saying it to you too:

Cybersecurity is not about perfect tools or one-and-done setups — it’s about resilience. There’s a certain way of making clear that you don’t have anything valuable there but also expecting someone’s going to break in and being prepared not just in terms of technology but as a kind of culture.

From fixing PSTN networks in 1993 to fixing zero-trust architectures today, one thing is crystal clear:

The security wall of your network is only as strong as your lowest assumption.

Consider each device, each user, each connection to be a potential threat — and then do the right things to harden whatever you bring into your network. And, perhaps, just perhaps, bring that third coffee along.

Cheers,
Sanjay Seth
P J Networks Pvt Ltd
Your local neighborhood cybersecurity consultant

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.