My Cybersecurity Journey and Insights on Zero-Trust Architecture

It’s the middle of the morning at my desk, coffee number three — and, to be honest, I’m still feeling the rush from DefCon’s hardware hacking village. Circuit and Code old hat since the early 90s, began with a very tired network admin back in ’93. Get into routing voice and data multiplexing over PSTN lines before the Internet was this behemoth we grapple with today. It was a different world. Then there was the Slammer worm — that notorious monster that brought down networks faster than you can say buffer overflow. Its lesson was not to underestimate the chaos that can be unleashed by small packets of malicious code.

Step forward 30 years, and I have my own security outfit, P J Networks Pvt Ltd, advising clients — particularly banks — on how to negotiate this crazy complex security landscape. Lately, I’ve been assisting three banks in reworking their zero-trust architectures. So, if you want raw, no bullshit real life stories and none of the faff – here’s what I’ve learned, direct from the front line.

The Good Old Days: Networking Back Before Everything Went All Cloudy

I mean, back in ’93, you tell me in 30 years, we’d be fighting AI-powered threats (ugh, don’t EVEN get me STARTED on that buzzword) and practically living inside firewalls — I probably would have laughed. And yet here we are. I was knee-deep in voice- and data-multiplexers for the plain old telephone network. It took patience, engineering thought and a whole lot of hope.

Then came the Slammer worm in 2003 — a worm so quick and destructive that it traveled through networks and left devastation in its wake. I recall staying up all night, hand-cranking packet captures, to track down infected boxes. Slammer was a wake-up call — a lesson that speed and scale in cyberattacks had taken a huge jump.

Zero-Trust: Buzzword or more?

I recently assisted three banks in upgrading their zero-trust architecture, and here’s the deal: zero-trust is more than just a fad. It’s a necessity. And nowhere is trust more decisive than in banking, where the penalty is not just exposing your data but people’s life savings and trust.

Zero-trust means:

  • Trust nothing, but verify it all.
  • Lateral movement should be restricted by way of micro-segmentation.
  • Multi-factor authentication as standard on all devices.

But — and this is key — it’s never a plug and play fix. And with banks often carrying legacy systems that cannot tolerate downtime, your zero trust implementation needs to be surgical. You can’t simply rip and replace overnight. It takes planning, and yes, sometimes yelling at vendors whose products don’t want to play nice together.

My recommendation: Roll out zero-trust in stages. Give priority to essential assets and thoroughly test before deploying such policies across the enterprise.

Hardware Hacking Village @ DefCon: Still My Favorite Place To Play

Just came back from DefCon and what did I see at the hardware hacking village? Fascinating stuff. It was a reminder of why I got into this whole game to begin with: breaking things to find out, building better defenses.

The hardware hacking stations went from cracking NFC cards to playing with embedded systems that drive everyday infrastructure. It’s really the old-school electronics with modern attack vectors that’s the wake-up call. Such as this demonstration of how an unsecured Internet of Things device could be co-opted to leak network access in a matter of minutes — no joke.

It’s like this: Software vulnerabilities are the noisy celebrity neighbors we all kick out of bed at 3 a.m. Hardware insecurities are the slow-burning, silent killers we never see coming.

If your security strategy doesn’t involve such checks, then you’re leaving one heck of an open window.

Quick Take: Important Things I Have Learned in my Cybersecurity Journey

  • Old-school network cleanliness still counts. Patch those devices, watch traffic and segment your networks.
  • Password policies have to be rethought. Seriously, if you’re still making your users change their password every 30 days, you’re doing it wrong. Contemporary guidance is for longer passwords and passphrases, and less frequent mandatory changes — unless there is reason to believe a breach has occurred.
  • Zero-trust is not plug and play. Read More: Phased-Implementation Decisions Are Not Reasonable for COVID‐19 Phased implementations are most effective.
  • That hardware can be your downfall. Don’t ignore it.
  • Don’t believe anything that has the term AI-powered. Because that word is typically just a marketing buzzword with little meaning.

Why I am still sceptical about AI powered security

I’ll admit it: I am skeptical of all AI-powered solutions. The hype is real, the promise of AI undeniable, but the hype also occasionally gets ahead of what the tech can actually do today. In most products, AI-powered is a gloss not a spine.

Here’s my take:

  • AI is brilliant at helping to to automate threat detection and process big logs. But it’s not a magic wand.
  • Dependence on AI can lead to complacency. human judgment is still necessary.
  • There may be bias in AI models, or some are sensitive to adversarial inputs.

I’ve watched companies throw money on shiny AI features instead of doing work under the hood to address fundamental architectural flaws. So yeah —we can wait and see, but let’s demand hard evidence of effectiveness.

What I’ve Learned the Hard Way (And Other Advice From the Source)

No trip is mistake free. In the beginning, I undervalued social engineering. One of which was a phishing email that duped my junior staff. The moral: People are the weak link, no matter how strong your firewalls.

Also, I’ll never forget helping manage a state-of-the-art firewall that ended up exposing critical assets due to misconfigured NAT rules. Rookie mistake? Maybe — but when you’re balancing all those client environments and you’re tired after back-to-back deployments, it happens.

The takeaway? Never think your setup is flawless commerads. Always test. And then test again.

Analogies That Make at Least Some Sense to Me

Now, when it comes to your network, picture it like an old school car: you can go ahead and throw the latest GPS and sensors in, but if your brakes don’t work (legacy systems, poor patching), you’re eventually going to end up like Maxwell Smart, driving through a parking lot window. Zero-trust is something akin to adding seat belts, air bags and anti-lock brakes simultaneously — a blanket of safety instead of a single patch.

And passwords? They are the Internet version of your timing key in your car’s ignition. Why change it for the sake of change? Pointless—and frustrating. Use a strong, complex key and follow who’s got access, in reality.

Closing Thoughts: More Than Just Packets Guarded

After more than three decades as a journalist in this space, I remain excited — and at times daunted — by the rate of change. It’s exhilarating. And exhausting.

Security is not just tech. It’s all about the people, processes and culture. Whether you are the owner of a small business or a bank that stands to lose billions, here are a few things to keep in mind:

  • No technology is foolproof.
  • You can never relax and stay vigilant.
  • Be very familiar with your surroundings.
  • Hybrid methods prevail: mixing old-school wisdom and new-age tech.

I guess if there’s anything to be learned from my story, it’s that security is a journey, not a destination. And sometimes you’ve got to roll up your sleeves, get into the weeds — and have some fun.

On to your secure and robust networks,

Sanjay Seth
Cyber Security Consultant at P J Networks Pvt Ltd

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.