My Journey in Cybersecurity: Lessons from the Past to Today

I’m here at my desk with three coffee going cold — of course I am; and now I’m thinking back to where the whole cybersecurity story began for me. It was also 1993 and in those days I was also up to my eyeballs overseeing networks and multiplexers for voice and data over the PSTN. No one called it cybersecurity back then, but the seeds were sown. Fast forward to the present, as I’m operating my own security outfit, PJ Networks, and you can begin to understand how much has changed — and not changed. But it’s not all nostalgia; it’s real-life lessons learned on the ground, some hard-won, some almost painfully obvious once you look at them with fresh eyes.

“At that time, our network was pretty insecure,” the IT professor says.

The Slammer Worm Incident: Speed Over Perfection

If you know what’s been going on, you remember Slammer. If you don’t, count yourself lucky — but do ask a network veteran some time. That little worm had hit networks around the world like a sledgehammer in 2003. I was looking at it on my screens in a financial institution, patches flying out of the door and systems falling down left and right. We scrambled and pushed hard, and sometimes in ways we wouldn’t for other products — but we had to.

What I learned then? Speed trumps perfect. Slammer doesn’t give you a moment to hesitate; it’s a sprint, not a marathon. And the old habits — waiting for perfect testing before rolling something out — are thrown out the window when you’re under attack.

Zero Trust: Why It Matters in Today’s Cybersecurity

Cue last year, as I helped three of the world’s largest banks upgrade their zero-trust architectures, and I told all three the same thing. And zero-trust isn’t just a buzzword, or a box to be checked. It’s about assuming breach and operating with the agility to find and fix as quickly as possible. You want to stop a worm? Now it’s about more than patching: it’s about controlling access, segmenting networks and — most important of all — trusting nothing and no one unless it is verified.

Zero Trust: Not Just a Buzzword But a Lot of Work

But there’s the rub with zero-trust: It’s easy to sell in a PowerPoint deck, but devilishly hard to get perfectly right. I’ve observed teams go overboard with tech — A.I.-enabled firewalls, snazzy cloud solutions — that purport to solve everything. Spoiler: they don’t.

Lately, since my return from DefCon (yeah, that hardware hacking village is still the fuckin’ bomb to me–gadgets and gizmos that you swear were from a Bond movie), I’m more skeptical than ever of these so-called AI-powered solutions. Don’t get me wrong — I love the kind of advances that help automate threat detection and response. But let’s not forget that AI is a tool, not a silver bullet. It’s only as effective as the data it is fed, and the most sophisticated algorithms can be duped.

Some teams rely far too much on AI and forget the basics of things like deep packet inspection and strong access policies. And here’s a list of what I believe any bank—and heck, any company—should focus on when evaluating, designing for and adopting zero-trust strategies:

  • Routed network segmentation. No flat networks.
  • Good multi-factor authentication. Passwords alone? Please.
  • Real time response and active inspection procedures.
  • Vendor risk management: Trust partners less than your own staff.
  • Regular inspections and red-teaming.

And I know what you’re thinking: easier said than done, right? But I’ve been in those war rooms, I’ve witnessed the mayhem when a breach comes crashing down — and believe me, you want these controls in place long before the flying fickle finger of fate points in your direction.

The Password Policy Rant

O.K., I did say I have a rant — here it is. I think password policies are the dumbest things on the planet. No, and this is not that they are important (they are). Only because, decade after decade, companies won’t stop making the same mistakes.

Let’s be honest. How about passwords that are complex, but that you have to change every 30 days? Useless. The tell people to write them down or re-use the same 3 passwords ad infinitum. And give me a break with all these complexity requirements: uppercase, lowercase, numbers, special characters — blah. If you want actual security, here’s a crazy idea:

  • Go with passphrases, not passwords. Brute force attack breaking party trick went to those long memorable sentences and not ‘P@$$w0rd!’
  • Enable multi-factor authentication across the board. It’s the biggest-value weekend.
  • Forget arbitrary expiration policies — change only when there’s proof of compromise.

Believe me, user behavior is the actual weak link—not the password policy. Stop making your users feel miserable and at least provide them with tools and processes that DO protect their (and your) credentials.

Hardware Hacking Village: Why I Haven’t Lost My Marbles

Am back from DefCon — and wow, the hardware hacking village remains my favorite. Possibly because it brings me back to those early days of working on multiplexers and physically patching cables, diagnosing actual gear. There is something visceral about physically poking the attack surface of routers, switches, and IoT gear that you just don’t get from software logs.

Here’s why you should care:

  • Hardware weaknesses are not given enough attention in enterprise security plans.
  • Anyone with physical access can break into devices no matter what security measures you implement in your software.
  • The hardware supply chain is often its own hidden risk — not just fake chips but also backdoors slipped somewhere along the way by bad actors.

When we upgraded zero-trust at those banks, we didn’t just stop at putting in software firewalls and identity management. We went deeper:

  • Locked Hardware Interfaces.
  • Implemented physical access controls.
  • Reviewed firmware for abnormalities with proprietary tools.

Here’s a clue-your firewall isn’t all airtight, if a person can pop the case and monkey with the insides without you knowing it.

Firewalls, Servers, and Routers in 2024 as I See Them

So listen, I’m old-school and all that, but I am not stuck in the past. The fundamental principles that I learned in the ’90s are still relevant — but they need to be updated. Firewalls are not just a line of defense — they belong to a multilayered puzzle.

For businesses that are truly security-minded, especially those that deal with sensitive data (i.e., banks), here’s a few nuggets:

  • Firewalls should be smart, sure, but don’t trust all features labeled “AI-powered” without a critical look.
  • Servers must be locked down tight, patched religiously, and vigilantly monitored. No exceptions.
  • Routers are the unsung heroes (or villains — if exploited, they serve up a golden ticket to attackers).

I always tell my clients: Treat your network gear as you do your cars. You can’t just buy a sports car and never change the oil or check the tires. Same goes for routers and switches. Keep them current, maintained and cared for.

Quick Take: What Do You Do Today?

  • Quit fretting about swapping passwords every month: Move to passphrases and turn on multi-factor.
  • Pay attention to zero-trust basics — not AI magic fantasies.
  • Test your hardware security Hands-on: Reality and risk in checking your hardware’s water tightness.
  • Get network segmentation correct. It is your strongest defense against the spread of worms and malware.
  • Maintain your firewalls, servers and routers, patched, and respected like the machines they are.

One more thing before I go: I screw up too! Miss a patch there, misconfigure a rule here. But that’s all part of the process. Cybersecurity is not rock science, there isn’t a map, and every new challenge is like tuning a vintage engine, respect to the old wisdom and adapt with the new tech.

So whether you’re just starting out or you’re knee-deep in running an enterprise network, keep in mind: fundamentals count. The tools will keep changing. The threats are not going to go away. But the things learned in those early days, the Slammer worm, the sweat during zero trust deployment? They’re your compass.

And oh! — more coffee, always more coffee!

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.