Insights from Sanjay Seth on Cyber Security and Zero-Trust Implementation

It’s Sanjay Seth here — tapping at my keyboard after my third coffee (still no spills, thank God). In this game since ’93, I was a network admin, when “voice and data integration over PSTN mux” was cutting edge. Securing networks in those days was akin to using duct tape and hope to cover a hundred holes that were all leaking at once. Jump to today and we have my own cyber security company, three decades of campaigned cyber con worm, lift and shift three banks’ zero trust and back from DefCon I’m still buzzing from the hardware hacking village. Here’s how it’s gone for me — and (just maybe?) you’ll be spared some of the potholes I steered into along the way.

True Stories that Shaped my perspective on Cyber Security

At the beginning of the century, when the Slammer worm was pummeling networks across the globe, I was knee deep in incident response. It was a harsh reality of how fast things can escalate when a basic SQL exploit lands on your infrastructure. Slammer wasn’t simply a worm; it was a remedial lesson. And, more frightening still, demonstrating to me in person the necessity not only of reactive defenses, but of proactive surveillance.

I still remember sitting in front of my console and seeing traffic floods go exponentially up—think of watching a traffic jam when you are on the Mumbai local train, but the cars are actually evil packets. My staff scrambled, we patched what we were able, but it served as a reminder: prevention is more than a buzzword.

Now, with my company, I have led zero-trust builds for three of India’s largest banks. This wasn’t as simple as just flipping a switch — it meant grasping their legacy systems (which, believe me, about as often as not looked like vintage cars requiring custom parts) and threading modern identity-centric security through them without breaking them. Zero-trust isn’t a product; it’s a change in mentality — and a tough sell in some cases.

At DefCon, the hardware hacking village reminded me how much that physical layer remains open. You can create all sorts of fancy firewall rules and anomaly detection, but if someone can just plug a device into your switch, you’re done. It’s the equivalent of having a fancy car alarm with auto-tracks but leaving the doors open for anyone to enter.

Lessons of the Past— Why They Still Make a Difference Today

You can’t create the future if you disregard the past. The basics of networking haven’t changed — packets still flow, protocols still matter and misconfigurations still occur. Here’s some home truths:

  • It’s the legacy systems, stupid. They tend to skirt new policies — like a classic car without seat belts.
  • Human error is king. No security solution can correct poor habits or thoughtless clicking.
  • Putting too much trust in shiny tech is dangerous – especially if it’s running on AI. Yeah, I said it. AI is frequently little more than a shiny veneer on ancient problems.

Remember the simple days of firewalls. I sure do. They were just the bouncers — dumb, brutish, but efficient if set up properly. The firewalls of today are fire-breathing dragons, but you still have to give them they right rules or they will choke.

The Zero-Trust Reality Check

It’s been said a million times already (or so it feels), but until trust is no longer a factor, who trusts zero-trust? Here’s the problem.It’s complicated. Deploying zero-trust isn’t just dumping every system into a cloud vendor’s product in the hope of the best. It involves:

  • Reconsidering all access privileges.
  • Micro-segmentation — you gotta slice your network like a perfect lasagna.
  • Continuous authentication — not a one-time thing
  • Intensive device attitude discrimination.

For those banks I assisted, the hardest part wasn’t the tech; it was the culture. Persuading people not to trust anybody, even within the walls, as old habits die hard. Ouch, but the threat landscape doesn’t care how comfortable you are.

Password Policies – Is the Insanity Over Yet?

I’m going to indulge in a rant here — because password policies make me testy. Returning to the same passwords every 30-60 days? Useless. Complexity rules that require you to create a Frankenstein password? Not effective and generally results in post-its being applied to monitors. I prefer:

  • Longer passphrases, that you can even remember! (Think CorrectHorseBatteryStaple, instead of Xy912pL)
  • Multi-factor authentication everywhere. (And I do mean everywhere; no exceptions, as it has to be the default.)
  • Inform not Tyranny

Passwords are the first thing you order at a restaurant called cybersecurity. But if the maître d’ is nasty, and shifts your table five times, you’re not coming back.

Hardware Security Isn’t Sexy—But It Will Keep You Safe

If You’re Still Ignoring It, You’re Toast

The hardware hacking village at DefCon was enlightening. People were cajoling boxes into betraying secrets with some TLC and ill intent. All you software vulnerability tuned network admins need to wake up:

  • Still need to improve their physical port security.
  • Device inventory and tracking is very basic and very neglected.
  • Hardware tampering detection should be mandatory, not optional.

This reminds me of my early days in PSTN muxing— if you can’t trust the physical network, that fancy firewall of yours is just theatre.

Quick Take: What You Really Need to Know About Cybersecurity Today

Short on time? Here’s the skinny:

  • Know why the past kept on hurting you. You cannot protect what you do not know.
  • Zero-trust is hard work that requires patience — it’s a marathon, not a sprint.
  • It’s human factors over tech every single time. Training matters.
  • Password policies are due for a re-think — long passphrases + MFA is the future.
  • Don’t be suckered in by the AI-enabled label without inquiring what it really means.
  • Concrete security is no less important than digital. No excuses.

Final thoughts – why should your security strategy be like a well-cooked curry?

Here is the one. I’ve been looking for a good analogy — security is like cooking a good curry. You need the right ingredients, carefully measured, simmered over time. And adjusted for taste – apparently, you cannot make a security pancake. Yep, and sometimes, you overshoot the fire and burn the first batch. I know I have. But you learn, adjust the flame, and try again.

I am often asked if there is a “silver bullet” in cybersecurity? I’ll give it to you straight – there isn’t. It demands your attention, your suspicion, and your dedication to the boring but critical details. If you are tired, overworked, bored – welcome to the club. If you are thrilled to learn – feel free to stick around. But, in the end, your users, your data, your reputation hangs in the balance, and taking your eyes off the prize will eventually catch up. And trust me – I know what happens when you just stop care.

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.