Reflections on Three Decades in Network and Cybersecurity

I’m here after my third coffee — yes, again with the third coffee — and I’m feeling that familiar buzz you feel after cruising through the hardware hacking village at DefCon. Geez those people will never cease to confound Grumpy Cat! It’s as if some paradise for grown-up geeks is here, playing with everything from old PCI bus cards to IoT devices, you’d swear were designed by someone who slept through security class. Anyway, I figured I’d share some thoughts, experience and some gripes I have after over 30 years of rubbing up against the edges of the network and cybersecurity world — just the way I see it from where I sit at my desk.

Network Admin Days 1993: Building from the Ground Up

In ’93, I was wading up to my neck in networks and muxes (muxe for voice and data over PSTN). If you’re shaking your head at the jargon, here’s the best I can put it: back then the internet was this raw beast, and I was one of the mechanics crouching under the hood when it started to roar to life. It was a universe where patching wasn’t as automated, firewalls were more “fancy packet filter” than they are today, and routers were essentially the young, slightly clumsy but über-motivated guy in your network’s pit crew.

Fast forward a few years, to the Slammer worm and its outbreak — a real eye-opener. Slammer was a great example of how fast things could go wrong. I recall the panic, the frenzied patch deployments, and the realization that our systems were far more brittle than I had imagined. It was not merely a wake-up call; it was a thunderclap. And that’s when it began to click for me: contemporary cybersecurity needed to be not only defensive, but elegant, scalable and yes, at times, infuriatingly Byzantine.

Network Admin to Pres of Cybersecurity Firm

Today, running P J Networks Pvt Ltd, I help organizations — primarily banks lately — erect fortress-like redoubts of zero-trust architectures. This is not a new concept to me but still in 2024, lots of companies think it is some mythical beast. The thing with zero trust is this:

  • Always verify, never trust. Period. No longer will we have wide-open internal networks that are based on the assumption that insiders can be trusted because they have credentials.
  • Micro-segmentation is key. Segment your network into tiny little cells, so even if somebody sneaks in, they won’t be able to roam free.
  • Vigilance and responsive policies. “We’re not dealing with the good old ‘set it and forget it’ firewalls anymore,” he said.

Lately, I’ve assisted three banks in remaking their zero-trust installs. The tricky part? Getting users to understand that just because someone is on the network or VPN, it doesn’t necessarily mean they’re safe — and no, your password policy being a nightmare of complexity isn’t magically doing a damn thing here (rant on that later). Those banks today do device posture checks, constant auth, and some would impress even a 90s network admin like myself in terms of network segmentation. Yet … those legacy systems struggling to reinvent themselves for the moment also served as a reminder of how far, and how hard, we can get stuck.

Quick Take: What Zero Trust Is and Isn’t

  • More than a fancy firewall or identity system.
  • It’s a layered approach: people, devices, data and network.
  • Should be transparent to the user yet sensitive enough to identify inconsistencies.
  • If it’s clunky or leads to a zillion password resets, you’re probably doing it wrong.

DefCon and the Hardware Hacking Village: Why It’s Important

Just came back from DefCon for and wow the hardware hacking village still sil in awe. For the uninitiated, its a spot where hackers dissect everything with chips — ancient routers, security cameras, even automotive electronic control units. Here’s what left me buzzing:

  • So many IoT devices are inexcusably insecure because security was an afterthought. Sounds familiar? Yep, you know, those clunky old routers from the late 90s.
  • Hardware attacks aren’t that scary, so if you can get your hands on a device, the hardware model is the way to bypass most software controls.

The distinction between IT security and OT (operational technology) is becoming increasingly blurred. Banks, factories, hospitals: They all have hardware to be defended.

It’s a timely reminder of how if you’re in cyber defence, you need to keep an eye on the larger picture—beyond just bits and bytes, but all the boxes that users plug in and out of, control and compute with.

Missive Regarding Passwords A Never Ending Whine

I know, I know — passwords are annoying!!! Complicated policies encourage people to take to them sticky notes or, worse, to reuse them everywhere. Here’s my controversial take:

  • Forget making them do 15 characters including weird symbols when the user experience is a pain in the ass.
  • Instead, concentrate on multifactor authentication (MFA). Require that on any critical system.
  • Think of the gap between a strong password and one they might actually be able to remember without resetting it every other week.
  • Biometrics? Good when implemented well. But no silver bullet.

I’m very wary of any AI-powered password manager, or authenticator. AI is a wonderful thing, but it’s not magic pixie dust that fixes sloppy security practices. Use the technology wisely, but don’t just throw buzzwords at the problem.

The Bottom Line Firewalls, Servers and Routers Are Still the Solution

Sure, cloud and AI are all the sexy buzzwords currently, but what it’s still all about at my desk and over years of client configurations:

  • Firewalls: Yes, real hardware (ideally, or at most a rather-tuned firewall. Many orgs rely on default configs or older rules
  • Servers: Requires hardening; patch management is not a choice.
  • Routers: Often neglected in security planning but are a crucial chokepoint.

Here are some of the things I always drive home with my clients:

  • Regularly check firewall rules — if you don’t need the port open, close it.
  • Patch server OS and applications, but ensure all patches are tested beforehand. Nothing like a patch blunting the sharp edge of essential banking software.
  • Check the configuration of the router for any unauthorized changes.

A Closing Word from a Cybersecurity Consultant

There’s one thing 30 years of experience has taught me — cybersecurity is not a destination; it is an ongoing journey. Technologies shift, threats shift, but the underlying principles remain in place. You ever think back to when you were working with PSTN muxe heavily? It’s just that now it’s the ethernet and fiber replacing the coax, but human nature, and human error, never really changes.

Keep your defenses layered. Don’t forget the physical attack surface. Great usability should be held dear in your security policies; if people can’t work with them, they will go round. Finally, remain skeptical — especially when shiny new solutions promise to be the end-all in cybersecurity.

Well, time for coffee No. four. If you’ve made it this far — thanks for flying with me! I trust my old-school stories, brusque opinions and advice help readjust your cybersecurity posture.

And remember — security is not merely a checkbox. It’s the engine that keeps your digital car running (or your kitchen standing without burning down the house). Take it no less seriously.

Until then from my office to yours,

Sanjay Seth
Cybersecurity Consultant
P J Networks Pvt Ltd

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.