Reflections on Cybersecurity: Lessons from Hardware Hacking to Zero Trust

And here I am two lattes in, the laptop buzzing, like so much still vibrating about the Hardware Hacking Village at DefCon. And how, after nearly three decades in this game, I’m still left with that wonderful combination of exhaustion and buzz only pure passion can yield.

If anything, I have always argued that cybersecurity is not just about software or fancy AI-driven solutions (I’m leery of that label)—it is about people, networks and, let’s face it, old fashioned vigilance.

My journey goes back all the way to 1993 when I got my start as a network admin. I sometimes want to take a moment to remember when the biggest headache I had was balancing multiplexers for voice and data over PSTN. Yeah, back in the analog age, I learned a few things about patience and grit. And viewing network traffic on those physical lines also made me understand the invisible highways that now ferry our data. Those days impacted my VISION.

And then along came the notorious Slammer worm — now, that was a bad day. I remember the fear that worm caused when it was taking entire systems offline within minutes. It was a clear wake-up call: Security couldn’t be an afterthought. How Slammer took advantage of SQL servers, primarily unpatched hosts, was a reminder that patch management isn’t sexy—but it’s critical.

From Network Admin to Security Company Owner

Fast-forward to today — I own my own security company and I assist people with a landscape vastly more complex. I only had it happen the other day with three banks as they upgraded their Zero Trust advocacy.

Zero Trust — boy, that term is thrown about a lot without understanding — in any case. Here’s the—or at least part of the—problem: Zero Trust is not like something you buy off the shelf, nor is it an item you check off a to-do list. It’s a mindset shift.

Understanding Zero Trust in the Field

So, what does Zero Trust really look like at the working level in the field based on my boots-on-the-ground experience?

  • Never trust, always verify – at the network edge and at everything (users, devices, services)
  • Assume breach – build defenses that address that precept
  • Limit lateral movement – if your network’s like a metropolitan area, Zero Trust puts fences around each building so if a burglar gets in, they don’t get the whole block

And, banks, of course, mean highly regulated environments to work with. Compliance, user experience and security are a tough group of friends to keep in balance. Folks are so often heard going on about that performance hit or user friction. But here’s my view: if your Zero Trust investment causes your business to decelerate, you implemented it wrong. Period.

Password Policies: Love Them or Hate Them

And now you can’t spiral into a diatribe without bringing up password policies. Boy, do I love to hate them. So many times, I’ve seen companies mandate complex (and dumb) password rules that only serve to drive users to write them down or re-use passwords. That’s akin to locking your car and leaving the keys taped to the windshield.

And if you want actual security, rethink complexity in favor of password hygiene. Promote passphrases rather than gibberish. Enable multi-factor authentication — no excuses. And let there be no more mandating of passwords for all systems that must be changed every 30 days unless there is evidence of compromise. It’s a textbook case of policy over common sense.

Back to Basics With Security Fundamentals

Now, I understand, it’s not really a news alert anymore, but here’s the reality: they still boil down to basics. Strangely, after nearly 30 years, so many organizations still trip over basic hygiene. However, the picture is changing.

I just came back from DefCon (I had been working on it, pun), and the Hardware Hacking Village was a sight to behold. So often when people do hardware hacking — and if you haven’t explored it, do — you know, are just riveting and fascinating, sometimes scary. When protective digital measures fall short, attackers often shift to hardware flaws.

I watched as apparently innocent IoT devices, routers, and even a firewall could be physically tampered with, or fooled. This speaks to an important consideration for businesses, you are only as secure as your firewall or router and its hardware and operators.

Remember those days before everything was all cloud-based, when network admins had to go to the server room and bounce a box? Uh, well, physical security is still a thing.

And again, like cooking, cybersecurity is all about layers of flavor — every ingredient counts. You don’t just throw everything in a pot without a lot of planning. You prepare the vegetables, season them just so and cook slowly.

Same with networks—as in, every security layer of defense depth (firewalls, IDS, endpoint protection, user training) helps. But, let’s face it—no firewall, no router, not any of them, is perfect. You will have misses. The key? Detection and response. Watching your network like a hawk.

That includes analyzing logs, detecting anomalies and responding to incidents. You cannot just ‘set and forget’ and if a security vendor says you can? Be skeptical.

And I still laugh (or cringe) when I remember the old days grasping for network configs or ignoring potential disaster. But those lessons are gold. They are a reminder that there is no destination in cybersecurity, only a journey.

Quick Take on Cybersecurity Essentials

  • Security fundamentals are basic — patches, physical security, and sane password policies.
  • Zero Trust is a philosophy — never trust, always verify, limit lateral movement.
  • Hardware hacking is the next frontier — don’t forget about physical attack surfaces.
  • Follow-up and vigilance trump prevention-only strategies every time.
  • Be wary of buzzwords — particularly the overuse of AI-powered, without specifics.
  • User training is as important as any firewall or IDS.
  • And, perhaps, don’t make people change their passwords just because policy says so.

Today, cybersecurity isn’t only about tech — it’s about strategy, culture and people. You can have the best firewall, the best on the market, but if you don’t have a team that knows how to respond to incidents, then that would be like having a very expensive car with nobody driving.

My advice? Keep learning, stay humble, and never forget the basics that are so easily forgotten.

And hey, if you want stories about PSTN mux escapades, Slammer worm near-meltdowns, or DefCon granulars, hit me up. Regardless, at least for now, I’ll make yet another cup of coffee, roll up my sleeves and continue giving customers a fighting chance to build security that works.

Sanjay Seth—P J Networks Pvt Ltd

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.