Reflections on Cybersecurity Evolution and Zero-Trust Architecture

Here I am at my desk — third coffee kicking in — thinking about how much cybersecurity has changed since I began as a network admin in 1993. Yes, I, in those days, I was up to my knees in voice and data multiplexer setup over the PSTN circuits. That was back when the threat landscape was more straightforward, though no less significant. Fast forward nearly three decades, and I am now the head of my own cybersecurity company, P J Networks Pvt Ltd. I’ve just helped three banks improve their zero-trust architecture — and it’s this project that has brought home how important that shift of mentality is when it comes to seeing off modern IT security threats.

But let’s face it — cybersecurity is not just reading whitepapers or watching webinars. It is about crisis management when your network is being Bredolab/Slammer wormed (yes I have experienced that chaos first hand), adjusting to constantly changing threat, and, unfortunately, learning things the hard way on the job.

The Early Days Looking Back and What We Learnt from the PSTN Days

To truly understand today’s security challenges, you need to appreciate where they began. But early on in my career, they had not so compatible with each other shared multiplexers for voice and data — like cooking two different dishes on the same stove. One misconfiguration and you would have one little hole and you would be out in the wild serving up vulnerabilities. When PSTN ruled, data didn’t get secured by some nice firewalls or AI. Nope. It was more about solid network hygiene and knowing your physical lines like you know yourself.

It was like witnessing a wildfire rip through a parched forest when the Slammer worm hit. It took minutes to spread, and it overwhelmed systems that had barely detected the threat beforehand. That was a game changer — I realized that speed of detection and response was the difference in getting better or worse when it came to security.

Owning A Security Company Running Your Business vs Owning A Business

Now look at today — the cyber battlefield is a lot different, as are the solutions. People often get caught up in buzzwords, but I’ve been pretty dubious of anything that’s touted as AI-powered without some real substance behind it. The thing is: AI can be a double-edged sword. Great for automation, no doubt — but to trust without verifying? Dangerous territory.

At P J Networks, I’ve found that strategy and humanity-based architecture beats hype every time. For instance, assisting three banks last quarter to improve their zero-trust model was not just a matter of flipping a switch. It was engaging for hours, assessing, discussing, begging, and, yes, sometimes brutal conversation with leaders who thought, Why fix what’s not broken?

But here’s what zero-trust really should mean: Trust NOTHING, verify EVERYTHING.

  • Divide your network up, just as your car’s engine parts are partitioned. A failed part causes the others not to blow up.
  • Ensure identity verification is absolutely rock solid–no password shortcuts! (And don’t even get me started on those absurd password expiry policies — it’s like asking everyone to change their car keys on a weekly basis. Which makes zero sense.)
  • Continuous monitoring is your dashboard warning lights — it you ignore them you are probably going to crash.

DefCon I remember(a): The Hardware Hacking Village

A lot of things have changed since 2007.

Just returned from DefCon, which is the closest thing to a yearly pilgrimage for those of us security folk. The hardware hacking village? Mind-blowing. It was very reminiscent of the early days of building networks like the one I helped build — in your face, gritty, gut-level. And seeing hackers pull apart gadgets was like witnessing chefs taking apart recipes — though in this case, your recipe is your router, your firewall, or those IoT gizmos we’re all so keen to dismiss.

Here’s another lesson — the physical security of devices is just as important as digital safety nets. As with your car, if you leave the router or firewall physically exposed, then, well, you’re leaving the keys in the unlocked car and wondering why the car is gone the next morning. Hardware hacking is a major blind spot for the vast majority of companies.

Passwords The Necessary Evil?

I could rant about this for days. Password policies tend to be security theater rather than true defense. Revoking passwords every 30 days? A waste of time, and usually counterproductive.

Why? Because…

  • People pick lamer passwords or tack on a ‘1’ at the end
  • IT locks people out more than it locks attackers out
  • It’s a misallocation of time and resources

Better solutions are things like multi-factor authentication and educating people as to why they are important. The key is balance. Hard to hit, but key.

Quick Take – What I Want You to Know

  • Network security is a marathon, not a sprint—embrace lessons from old-school methods but don’t let them trap you.
  • Zero-trust isn’t just a buzzword — it’s an essential framework for modern networks.
  • Don’t automatically trust AI-powered security tools without knowing what makes them tick.
  • Physical security is cybersecurity — don’t forget your hardware is hackable.
  • Reassess password policies — aim for usable and strong.

Final Thoughts My Two Cents

Spending more than 25 years in security, you pick up a few scars — and stories. I’ve done things that were wrong (oh, plenty), but every last one of them taught me something. One thing I am sure of: Security is about as much culture, training and mindset as it is technology.

That’s why, when I work with clients — whether they’re banks or hospitals or smaller businesses — I say this: You can have the best firewall, but if your people are not on board, you’re done.

So, yeah, it’s a fight all the time. But also an exciting one. Whether you are learning from worm outbreaks that have occurred in the past, deploying zero-trust models in the enterprise today, exploring hardware weaknesses in a DefCon village, the basics are remarkably similar:

  • Be vigilant
  • Be adaptable
  • And never stop learning

And if you’re still with me (filled up on coffee or not), keep in mind … cybersecurity isn’t just an IT problem. This is a business imperative that is only going to get bigger.

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.