Reflections on Cybersecurity Evolution and Zero-Trust Architecture

Sipping my third coffee here at my desk, it got me thinking about just how far the world of cybersecurity has come since I first cut my teeth as a network admin in 1993. It was PSTN lines and multiplexers doing voice and data in those days, and if you wanted to get your hands dirty you spent hours wrestling with routers that were like little starfleet bridges. The funny thing is, though, that some of those early lessons have stayed with me, informing how I think about today’s cyber challenges.

Back in those days, security was… well, not always an afterthought. It was simply more about keeping the network up than concerned about what type of shady access some malicious person might attempt. But the Slammer worm in 2003? That was a game-changer.

That Slammer Moment

I remember well the bedlam that surrounded the outbreak of the Slammer worm across the Internet. It was like watching a digital wildfire burn everything up — until, suddenly, all those long-dormant vulnerabilities exploded in our faces. From where I was standing, manning the network infrastructure, it wasn’t abstract at all. Devices crashed and connections dropped and we scrambled to patch systems that, let’s face it, were never built to handle something like that.

The lesson? Patch management is not code for corporate mumbo-jumbo, it’s life or death.

Why Zero-Trust When History Keeps Repeating

Fast forward to today. I currently lead P J Networks Pvt Ltd and I help clients, including some banks more recently, migrate to zero-trust architecture. Three banks to be exact. From which I’ve learned, if there is such a thing as a one phrase summary, it’s this: zero-trust is the only way forward. So you can’t just waft your hand about here – To trust any part of your network perimeter is like leaving your car key in the ignition overnight in a sketchy neighborhood.

Banks are a particularly hard group to please. Not only is their data valuable, it is life-essential for their customers’ confidence. Zero-trust for them was It meant:

  • Segmenting down to the micro level.
  • Implementing strong multi-factor authentication, and not “just passwords.”
  • Ongoing surveillance and risk assessment, with “real-time” reprioritization.

But here’s the thing: many orgs do zero-trust partly right and still end up falling flat because they’re stuck in old network assumptions. They believe if you’re inside the network, you’re safe. Nope. It’s that mentality that allows breaches to continue to slip past.

DefCon Buzz: Hardware Hacking Village Secrets

End to end since DefCon—just returning from the hardware hacking village, in which DIYers and pros dismantle gadgets in search of weaknesses. What got me was how it’s far too often the weakest link is not software at all — it’s the little chunks of hardware we use without a second thought.

Think of it as a recipe: you have the freshest ingredients and the fanciest technique in the world, but if the thermostat on your oven is busted, the whole thing might be a waste. Same for security hardware.

Stuff like:

  • Tampered IoT devices
  • Supply chain backdoors
  • Bypassing device firmware protections

These are the fights most businesses aren’t yet prepared to wage. And to be honest, I don’t trust any AI-driven security measure that offers to solve this problem for me. AI is a tool, not a silver bullet.

My Opinions Warning Some May Not Be the Same As Yours

  • Password policies. Ugh. Let me complain—requiring users to change their complex passwords every 30 days? Pointless. All it does is make users frustrated and write passwords on sticky notes or re-use them everywhere. Instead? Capitalise pass-phrases and multi-factor authentication. Use your brain.
  • Perimeter fire walls are a necessary part of the solution, but they are no longer the silver bullet — even my first firewall brick from the 90s appreciated this. The attacks of the day are internal and external, from every direction.
  • Zero-trust architecture is often overhyped as a product you can buy. Nope — it’s a frame of mind and a work in progress.

Quick Take I Wish Everyone Knew

  • No security is “set it and forget it.” You must constantly evolve.
  • Zero-trust isn’t a nice-to-have — start segmenting and monitoring right now.
  • Patch patch patch. Don’t put it off.
  • Multi-factor > complex passwords.
  •  Hardware security is as important as software.

What We Learned in the Pandemic and How You Can Use It Today

Here’s some distilled wisdom from my 30 years of playing this game:

  1. Practice least privilege concept. If someone doesn’t need an answer, don’t provide it. That sounds simple, but many are getting it wrong.
  2. Build layers of defense. No one layer is perfect. Firewalls, IDS, intrusion prevention, endpoint security, access controls–all par for the course.
  3. According to Maples, manage your network like a car engine. Seek out the oddballs in advance, before they develop into failures.
  4. Train your people. Tech alone won’t save you.
  5. Don’t automatically trust vendors, or buy into shiny new AI-powered tools. Always do your homework.

Nostalgia Time Ah The Good Old Days Of PSTN

It makes me long for the day, every now and then, when the simple days of PSTN — The Public Switched Telephone Network keep coming to mind. Voice and data multiplexed, channels reserved, … a lot less moving parts. But that is also why the internet era is so much messier. Complexity invites attackers.

Yet today’s security tools frequently ignore how valuable simplicity is; over-engineering can be as much a problem as the problems it ostensibly solves.

Operating P J Networks Pvt Ltd Real Life Use

Starting and running my own cybersecurity company lets me mix old-school grit with cutting-edge tech every day. Clients aren’t just looking for tech solutions, but real-world advice.

Look at the recent bank projects:

  • Challenges: Legacy systems, regulatory requirements, segmented network holes.
  • How: Don’t boil the ocean, automate enforcement, eliminate implicit trust zones on the fly.
  • Result: A better risk profile, stronger audit trails and more satisfied compliance teams.

I’m proud. But you know what? It was really grueling. Security isn’t sexy — it’s the long game.

In Closing

Cybersecurity goes way beyond whiz-bang tools or talk about cool and high-end features. It is not about securing every bit and byte, but about understanding the why behind the threats, learning from past disasters (think Slammer worm), and building resilient systems that do not break under pressure.

Whether you’re a small business or a behemoth bank, believe me, security demands commitment, skepticism and, occasionally, some level of caffeinated obsession from the individuals charged with keeping everything (and everyone) safe.

And believe me — you don’t want to be the next headline on a breach because you didn’t practice the basics.

Huge Cheers from the desk of a (slightly tired but always very excited) cyber vet,
Sanjay Seth

P J Networks Pvt Ltd

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.