My Journey in Cybersecurity: From PSTN to Zero Trust

So, I’m sitting at my desk about to take the plunge into my fourth (or maybe it’s my fifth) coffee of the day — it’s an explanation for the rambling style — but here is the thing: cybersecurity is not just a buzzword for me. It’s been my life from 1993 when I was a network admin. At the time, voice and data mucking over PSTN connections were cutting edge. The analog days, you know, when stuff was still not all that electronic made more difficult than it seems and another story for another time.

Fast forward through several upgrades, a few whoppers (trust me, I’ve had my “what was I thinking?” moments with software packages) and untold pounds in the bank account spent on the Next Best Thing. episodes), and the odd hair-pulling incident such as first hand dealing with the Slammer worm and now I own my own Cyber security firm, P J Networks Pvt Ltd.

Just last month, I finished assisting three different banks solidify their zero-trust architectures — an experience that caused me to reflect on how far we’ve come, and at the same time how some of the problems still remain the same. And I’m still vibrating (literally) from DEF CON’s hardware hacking village. Its just something to see physical exploits against routers and firewalls that reminds me why cybersecurity is an art as much as a science.

Why Zero Trust Is More Than a Buzzword

I’ll just come out and say it: Zero-trust is not a magical unicorn panacea that will make all of your security problems disappear overnight. It’s challenging, expensive, and – for modern workloads in particular – even quite difficult to accomplish (especially in legacy environments). But here’s the hook — when I assisted those banks with their zero-trust rollout, the victory wasn’t simply technological. It was the mindset shift.

You can’t just, you know, slap software on and then click your heels and go home. Zero-trust means:

  • Trust No One.멀지 않다 이것만 기억하자 Never trust, always verify. Every request to be let in is a dare — not a request.
  • Micro-segmentation of networks — restricting what each user or device can see or do.
  • Real-time monitoring and risk-based access decisions, at login and beyond.

These three may appear self-evident, but in practice, they do take a certain amount of discipline that not all clearly successful orgs will exert.

Also — don’t even get me started with password policies. Please. If I see another company mandating that users change passwords every 30 days in a manner that inevitably leads to use of 123456 or Password1, I might scream. If you’re going to go zero-trust, check out multifactor authentication along with risk-based adaptive controls — rather than simply password policeman — for that step in the right direction.

What Slammer Can Teach and Why Old Threats Never Die

Others of you may not recall Slammer — a speedy worm circa 2003 that figuratively kicked whole data centers in the stomach, sputtering the internet to a crawl. When that hit, I was neck deep in managing enterprise networks, watching as a misconfigured SQL server could take down servers across the board.

The scary news is how many of those ancient vulnerabilities still resonate in the systems millions use today. Legacy protocols and devices living on despite long passing their best-before date continue to offer up attack surfaces that hackers adore.

Quick tangent: One bank I recently visited was focusing a lot of attention on rolling out to modern development processes for hosting infrastructure that looked like it would have been right at home in the pre-2010 world. Guess what? All of those were what attackers would call the low-hanging fruit. So I am hard with them — you cannot build a fortress on sand. It’s time to retire that old hardware and ensure that all businesses have proper firewalls and routers that are built to withstand modern threats.

Hardware Hacking: Why It’s Important Knowledge

Lets do this I just came back from DEF CON not 5 and discussing with PCed just before that and I’m still on caffeine and excited of the hardware hacking village. It was eye-opening to watch pros tear through firewalls and routers — hacking into hardware elements most network admins don’t give a second thought — as effective as a stolen wedding suit.

Here’s the thing: Software vulnerabilities can claim all the headlines they want, but hardware exploits can be equally devastating and much more difficult to catch. Backdoors hardwired into hardware, buggy chips, or side-channel attacks — things that can’t be patched or otherwise mitigated with software updates.

If you run security at your company, here’s what to take away from the hardware hacking hype:

  • Be sure you’re sourcing routers and firewalls from reputable vendors — cheap and shady gear will kill you.
  • Seek out devices with secure boot and hardware integrity verification.
  • Don’t skip firmware updates — this is where sleaziest fixes can get slid in.

And yes — I’m the same guy who is skeptical of any AI-enabled device providing security. AI can’t stand in for good old-fashioned vigilance and multiple layers of defense. It could be helpful, but it’s no silver bullet. If anything, it provides a false sense of security, occasionally.

Being Your Own Boss: A Realistic Portrait

It was a humbling experience to start my own company after decades of working for big orgs. All of a sudden I’m in charge of everything — marketing, sales, delivering best-of-breed security solutions, etc. And I’m not going to act like it’s not hard.

But here’s what I’ve learned from experience:

  • Always pay attention to what your client’s wants and needs are … one size does NOT fit all.
  • Avoid overselling fancy tech if it’s not the solution for them. In security, what matters are practical defenses;
  • People continue to downplay user behavior as a risk. “If your employees are clicking on phishing links, adding more firewalls or installing more intrusion detection is not going to help you,’’ said Kelly Bissell, managing director of Accenture Security.

Leading my business, I’m able to take clients through technology refreshes — firewalls, servers, routers — but more importantly, through an organizational change. That’s critical. You could roll out the latest Cisco ASA, if you like, but if your team ignores alerts, or doesn’t patch on the regular, then you are basically rolling out the red carpet for an attacker.

Quick Take: What You Need to Know Now

  • Legacy gear is deadly — Keep your routers and firewalls up to date.
  • Zero trust is a journey, not a product — begin with the mindset shift.
  • Passwords alone? Not enough. Utilize multifactor authentication and adaptive access.
  • Watch your hardware — not only software.
  • Never get lazy with user training — humans are the weakest link.

Final thought: Serving in cybersecurity since PSTN mux and Slammer worm days ensured one thing, a simple, yet profound, lesson – threats change but so must you. It’s a constant chess game. If you had your antivirus program updated, you are currently only one step behind, and if you weren’t updating your antivirus as it comes out, you are several steps behind.

I mean, hey — I’m not here to scare you. I want you out there creating real defenses. Which is to say, the approach needs to include some old-school watch-dogging, some new-school architecture (calling all zero-trust!), and plenty of skepticism (especially for AI hype).

I’ll stop there before I crash of caffeine; thanks for reading. Taking cybersecurity seriously? Don’t forget — it’s personal, it’s technical, and yes, sometimes it’s tiresome. But it’s worth it.

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.