From PSTN to Zero-Trust, My Cyber Journey

I sit at my desk in the office drinking my third latte (yes, I need that many) thinking back on a career that started in 1993 and that started with me as a network admin. At that time, all the buzz was about keeping those clunky PSTN muxes humming along for voice and data. If you would have told me 20 years ago that I would be discussing zero-trust architectures for banks, or excited about hardware hacking villages at DefCon, I would’ve laughed, and asked you to check the settings on your router. But here we are. And the cyber landscape? It’s crazier than ever.

Early Days of PSTN Security

When I was screwing with voice and data muxes across PSTN lines, security fortresses were absurdly simple—or so we believed. Hell, I even personally wrangled the Slammer worm myself in the early 2000s. If you recall that evil thing, there, it spread so rapidly it was as if the internet sneezed and it gave everybody a cold.

I learned two key lessons from that experience: Playing catch-up is no way to react to an attack. You gotta be proactive.

Owning P J Networks Pvt Ltd and Zero-Trust Projects

Cut to today and I own P J Networks Pvt Ltd, where we make security equipment, firewalls, servers, routers, the whole works. Lately, I’ve assisted three banks in updating their zero-trust structures. That was a monster of a project but truthfully, the type of challenge that kept me inspired (and deprived of sleep).

Quick Take Your Zero Trust Strategy is More Important than Ever

  • Assume breach. Always.
  • Never trust, always verify.
  • Over-network segments like there’s no tomorrow.
  • You can’t negotiate least privilege.
  • Audit each access point on a regular basis.

Banks, in particular, would love it like oxygen. If you’re still hewing to a mentality of perimeter defense as though it’s still the ’90s, you’re basically locking the front door but leaving all the windows open.

Confession Time Password Policies— You Drive Me Nuts

Oh god, the arguments over password policy. I even made the most basic of mistakes—enforce stupidly complex passwords and no-one can remember them, “oh look, there’s a sticky note on the monitor with the password… or worse they use the same one everywhere”.

Here’s the reality: Complex is not secure. Length and uniqueness matter much more.

Imagine it like cooking. You don’t pour every spice on the rack into it and hope it turns out O. K. You balance the flavors. Similarly, password policies must be a balance: too strict, and people start working around them anyway, defeating the purpose; too loose, and, well, you’re asking for it.

Look, if your policy is “must contain upper case, lower case, number, symbol and a haiku,” you’re doing it wrong.

DefCon Recap Hardware Hacking Village 2018

We are just coming back from another fantastic year at Defcon! This was the second year that we took over one of the rooms in the Hardware Hacking Village.

I recently returned from DefCon—still high, that is, from the hardware hacking village. This portion of the conference always makes me wonder how frequently we do not consider the physical attack surface. The data center lock down You can secure your data center all you want, but if someone can tamper with your gear physically? Game over.

Some cool takeaways:

  • Hardware bugs are real and far more prevalent than most people realise.
  • Older devices — yeah, those beloved retro boxes — tend to be the biggest culprits, typically.
  • Physical access control should be no looser than network access control.

And I am going to have a hot take: I still don’t completely believe in many of the “AI powered” security solutions that want to sell magic. Help comes from A.I. — but it’s no cure-all. Being blindly dependent on these machine learning models without appreciating the contexts I just mentioned is like having cruise control in a car and not respecting the road sign.

Why I Love Firewalls, Servers, and Routers as Key Links in the Security Chain

The only problem is? Here you have a series of devices that essentially are your first, and, done properly, last line of defense.

From my early network gear wrangling days to running my own security consultancy, I’ve seen just about everything. Good, solid hardware should not be underestimated. Some of the nastiest breaches originate with misconfigured routers or aging firmware. These, for me are the keys to keeping it tight:

  • Keep firmware up to date. No exceptions.
  • Keep your network segments — trusting nothing by default on the inside.
  • Employ firewalls not only to stop clear threats, but to follow and log everything.
  • Harden your servers: minimum services in, strong authentication out.

It’s like keeping a classic car in good shape. You can’t polish it and hope it runs. You got to do an engine check, an oil check, a tire check, a break check, everything — or you’re living in a death trap.

Real Talk Challenges on the Road to Zero-Trust for Banks

Banks don’t inhabit a fantasy land — they have legacy systems, regulatory walls and politics. Doing so resulted in daily challenges, when we were helping them modernize their zero-trust practices:

  • Integrate with legacy systems that amounted to trying to cram a new engine into a classic chassis.
  • User unwillingness to face “too much” access-dialogs.
  • Security controls vs. Business flow (you know, business has to keep working at the end of the day).

But slowly, we chipped away. Multi-layered security, network segmentation, strong user policies, ongoing monitoring became the new standard.

Some Lessons Learned

  • Zero-trust isn’t a product; it’s a journey.
  • Education is key — you can’t just slap tech on anything and people will follow.
  • Trust is a continuum, not on-off.

What More Companies Should Know About Cybersecurity

See, now, I’m old enough not to have made all the mistakes early on. I was the guy who, at least sometimes, thought all you really needed was a decent firewall. Spoiler: it’s not. Not anymore.

Here’s my two cents:

  • Cybersecurity isn’t a check box; it’s a continuous product.
  • Ops teams, dev teams, execs – everyone needs to be individually invested in its success.
  • If you believe that your small business is not a target, think again. Attackers gravitate toward the path of least resistance.
  • And please — do yourself a favor — don’t surrender all your security to some one-click AI tool and leave it at that.

Final Comments Because I’m Just Not Smart Enough

Thanks for sticking with me, if you’ve made it this far. I know my style isn’t perfect (whoop-dee-damn-doo!), and yeah, I’m writing this on coffee fumes and what’s left of hyper-focus post-DefCon.

But cybersecurity is a marathon, not a sprint. Whether you’re defending a bank or a tiny start-up, the principles are the same: Know your attack surface, assume breach, and keep hammering away at those weak points.

And bear in mind, technology changes — humans, not so much. So invest in your people as well as your firewalls. Because that is, at the end of the day, your best defense.

Okay, time to make another cup of coffee. Stay safe out there.

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.