Up PSTN, Up Zero-Trust: Real Security Lessons from My Desk (Post Third Coffee)

Hey, Sanjay Seth here – the guy who’s still geekin’ out after 30+ years in networking and security. I began as network admin., all the way back in ’93…yes, the time where managing muxes for voice and data over PSTN was what you called a day in the office. The world is a different place now, but one thing still holds: hands-on experience trumps buzzwords.

I write this, lucky me, fresh on the post (well, I just got back in from my office), coffee 3 just taking hold (will likely keep me buzzing into the 5 p.m. hour). I recently completed work helping three banks re-architect their zero-trust model — not small mountain, lemme tell ya — and I’m just coming off of DEFCON, still reeling from the the hardware hacking village. So toss yourself a brew and I’ll actually give you some real insights from the trenches of cybersecurity.

Early days: from network admin to worm hunter

Here’s a good old throwback for ya: in 1993 I was working on the inside of networking, dialing around on multiplexers for voice and data over the PSTN. It was a simpler world—sorta. But beneath the surface, complexity had been building, and I had a front-row seat to the rise of network threats.

Remember the Slammer worm? Oh, I do. I saw that sucker blow up firsthand in the early 2000s, and at that time, worms seemed like something out of a science-fiction novel. Slammer was nimble, cutthroat, and contagious—like a nearly invincible-up-on-steroids virus that spread across SQL servers globally. It reduced entire networks to rubble within minutes. Why watch sysadmins scramble without a game plan? A total mess.

But it taught me a lot. Traditional defences are the enemy of velocity.

And that’s the problem: The vast majority of cybersecurity folks still treat the symptoms, not the disease. We patch, we patch, we patch. But Slammer hollered the future: defense needs to be quick — pro-active — almost pre-emptive.

Life at the Helm of my Cyber Security Company: The Actual Threats Facing Modern Networks

Cut to 2024, am heading up my cyber security shop — P J Networks Pvt Ltd. It’s kind of a strange duality of old school and both cutting edge. I love to get under the hood of servers and switches and firewalls, but the threats? Totally evolved.

Just the other day, I met with three banks, and they all needed a zero-trust facelift, fast. Zero-trust is one of those buzzwords that are thrown around like candy on Halloween. But it’s more than that. It’s about never taking trust for granted — whether it’s within or outside your network. In banking, where all transactions are money — and trust is the currency — you can’t drop the ball in this area.

Zero Trust: What Does Not Work (And What Actually Does)

Banks and other companies want zero-trust, but often get tripped up by what that really means. Here’s my take:

  • Don’t just slap a fancy identity provider on your network and call it zero-trust. It’s more than that.
  • Minimal privilege part 2: Microsegmentation is not your pretty show system; it has to be an armed guard all the time.
  • Multi-factor authentication? Essential, but not foolproof.
  • Constant surveillance — you want it. If you’re not vigilant about your zero trust 24/7, your zero trust is just a buzzword.

So here is the thing that annoys me about zero-trust at the moment: some vendors cover it in ‘AI-powered’ fairy dust for snake oil sales. I’m highly skeptical of those promises — I have yet to see A.I. supplant vigilant human oversight. (A.I. can help, that’s true, but don’t turn over your keys under the belief it’s a silver bullet.)

DEFCON and Hardware Hacking Village: Why Your Physical Security Still Matters

DEFCON 2024 was great—especially the hardware hacking village. I had more spare time on my hands, and I’d spent many hours watching people rip everything from routers to IoT gear apart. Makes you realize that however strong your software defenses, the door is wide open if you neglect your hardware.

A few interesting things about hacking hardware:

  • Backdoors in embedded firmware? More common than you think.
  • Supply chain attacks against routers — yes, routers are the trusted gateways, but also often the weakest link.
  • Many software protections can be undone with physical tampering — don’t underestimate the importance of physical security.

There’s a pet peeve: Too many organizations spend big on firewalls and then overlook security to the physical access at the data center or the edge location. It’s as if someone locked the front door and left the garage wide open.

Password policies – can I have a little rant?

I understand, users hate long passwords. But here’s my rant: Having a trivial password policy is the single biggest vulnerability I can think of.

I’ve seen security teams established absurdly complicated rules that end up backfiring. People might begin writing passwords on sticky notes stuck to their monitors. Or they just dance to predictable beats.

Here’s what I suggest (after decades of suffering):

  • Use passphrases. Consider there a line from your favorite movie or song.
  • Keep your password policy: simple, but long and memorable.
  • Implement multi-factor athentication where it is available —passwords are not enough.
  • Advocate for the use of password managers (I use one and you should too — no shame).

And yes, I understand that some of the larger players promote leagues with parachuting-brontosaurus policies. But here’s the rub — security policies need to be users’ friends, not their enemies.

A whisper of nostalgia: the lessons of old tech which can still inspire today

I’ve got a soft spot I can’t avoid occasionally scratching. You remember the days of dial-up modems, right? Or how about those plain-vanilla static IP networks with little or no segmentation? Crazy how far we’ve come.

But a lot of those early principles are still true:

  • Network segmentation isn’t new — it’s critical (and by gosh, if people weren’t doing that with VLANs and switches before it was cool).
  • Horizon and alerting, even with crude SNMP traps, had schooled us in visibility.
  • Firewalls used to be basic packet filters, and now are next generation beasts that include IDS/IPS, sandboxing and behavioral analysis.

All of which is to say: Before you rush off after the shiny, new fad, remember the fundamentals.

Quick Take: What to Do Tomorrow to Up Your Cybersecurity Game

I’m always thinking of my readers who don’t have time to read my long rambles—so here’s a quick checklist for busy execs and IT leads:

  • Evaluate your network segmentation — how well is your data actually walled off?
  • Review your zero-trust initiatives — are you really practicing least privilege?
  • Don’t take AI-driven security claims at face value — vet your vendors carefully.
  • Spend on physical security — doors, racks, access control, and tamper detection.
  • Reevaluate password policies — longer, simpler pass phrases and required MFA.
  • Keep checking & quick response times — automation is good, but humans need to be in the loop.
  • Don’t stop learning — conferences such as DEFCON can be fountains of insights (and of inspiration).

Final Thoughts From My Desk

It’s a rollercoaster in cybersecurity. I’ve screwed up—believe me, there have been days when I pushed the wrong rule set live, or misjudged a threat. But you learn.

If you have a business today, don’t forget: it’s not just about the current tool or gadget. It’s about adjusting, knowing your surroundings, and marrying technology with good old-fashioned vigilance. Firewalls, servers, routers — these comprise your defensive walls. Sharpen them.

And, yeah, trust your team’s judgment, not hype. For in a world of shiny acronyms and snake-oil solutions, true security is simply a matter of hard-won wisdom.

Now please excuse me — I do believe I could handle a coffee 4.


Sanjay Seth
Cybersecurity Consultant | Founder at P J Networks Pvt Ltd
From network admin in ’93 to your zero-trust buddy in 2024
Still passionate. Still learning. Always caffeinated.

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.