From Network Admin to Cybersecurity CEO: A Journey Through Changing Threats

It’s 10:15 in the morning and I’m on my third cup of coffee, sitting and starring at my monitor wondering how the hell we’ve ended up here, with the state of cybersecurity so different than it was when I first started out as a network admin in 1993. Yep, 1993. Back when PSTN multiplexers reigned supreme and sharing voice and data on the same circuit was still a bit of magic. They were simpler times — or so I believed. But hacking threats? They were already simmering beneath the surface. I remember the Slammer worm outbreak like it was yesterday — in mid-2003 — how it tore through networks, catching many companies completely off guard (even some of my clients). That’s the experience that continues to influence my philosophy on incident response today.

Fast forward: I am now the CEO of a security company of our own, by the name P L Networks pvt ltd and we specializes in building the firewall server router and the cyber security framework which we all are dependant on, in todays corporate world. Most recently, I assisted three separate banks in transitioning to zero-trust architecture. That project? Tough, but oh-so rewarding. And just last week — hot off the plane back from DefCon — you can still see me buzzing about the hardware hacking village and the sheer creative scope of the hacker.

But here’s the deal: cybersecurity is not all about shiny objects or the hot trend. It’s strategy, folks, and, yes, once in a while, it’s some good old stubborn old-school know-how. And I want to let some of that out with you.

From Network Admin to Security Consultant: What I Learned the Hard Way

In the old days, when you worked on networking, you wrestled with physical cables, mux devices, and dial-up connections. And then, of course, there’s the pain of balancing the limited PSTN bandwidth between voice and data. Those days also had their dangers — remember how easy it was to tap and plain-old unencrypted sniff those lines?

When the Slammer worm struck, everything we’d been told was safe no longer was. Entire networks were crippled across the globe in a matter of minutes. Seeing how quickly clients lost phone and data coverage overnight — in some cases for days — was a harsh reminder of the vital role that patch management, real-time monitoring and an incident response plan that’s not gathering dust in a drawer can play.

Something I wind up saying a lot to clients today:

Patch early, patch often.

— You’d be amazed how much the absence of just one unchecked vulnerability can do.
And yet even today, many entities treat patching as a necessary evil rather than the equivalent of using their first line of defense.

Zero Trust: Its Not Just Another Buzzword

Assisting the banks to transition to zero-trust was an eye-opener even for me.” Zero-trust is not about slapping cool tech or a complex framework on top of rotten foundations. It is a mindset.

Here is how I explained it to them:

Assume breach—always. Your perimeter is a myth in this hybrid world.
Authenticate every user, every device, every connection — and not just once, but continuously.
Isolate your networks as much as possible to limit any potential damage.

Who wants to believe that it’s firewalls and VPNs, and this alone, that keep the threats away. Nope. Zero-trust is you assume everything going on an access point is suspicious, in the same way a heavy-handed security guard would regard everyone at a really low-budget concert.

I have a pretty strong opinion on this: If your CIO is happy with just perimeter security, and not applying strict identity and access management policies, you’re going to have a disaster. But then again, not everyone I speak to agrees — because zero-trust can often feel like making your user experience worse. Yes, frustration sucks, but do we really want the priority of convenience to outweigh that of national defense when the stakes are this high?

DefCon, Hardware Hacking & What Your Company Can Do

It was also an eye-opener going back from DefCon’s hardware hacking village. There’s a big difference between hearing about threats in the abstract and watching a hacker crack through a layer of security inside a small black box on top of a table in front of you.

This is why hardware security remains so crucial — even if you think all of your defenses are purely software-based. Here’s something we don’t hear much about:

The majority of companies concentrate on network-layer or application-layer security.
But you can’t forget about hardened hardware; your entire stack is at risk without it.

Dont forget that firewalls and routers are hardware-based as well. And tampering, side-channel attacks and firmware backdoors aren’t just some hackers’ mythical dreams. They are real, and the more serious difficult they can be leverage d, assuming your vendor doesn’t care too much about hardware security.

So here’s what I’m really pushing my clients to:

Frequent firmware releases (okay I know I am repeating myself, but you might just be surprised)
Purchase devices from sellers with clear security practices
Have physical equipment physically secure when they can be (No your server room isn’t really a closet)

Rant Break: Password Policies are Dead…Lets Just Bury The Corpse Already

Can we have a moment for password policies?
Here’s the thing — I’ve worked in too many places that have had rules that 12-character passwords be used with both upper and lower case letters, numbers, special characters, with a mandatory change every 90 days. The problem?

Users turn to eye-roll-worthy workarounds, such as Password123!
Or write down passwords on sticky notes beside a computer monitor
Or even more dangerously, use the same password for all your systems

Mutual resets every 30 days? Outdated. Mostly just annoying.

Best approach?

Wherever possible, use pass phrases, not complicated single words.
Advocate passwords managers so that users don’t have to remember dozens of credentials.
Use multi-factor authentication wherever you can, because that is where you get actual security gains, far more than making people reset their passwords every so often.

Quick Take: What You Can Do Today

I get it. You’re busy. You want takeaways you can use, you don’t want any fluff. So here’s what I’d suggest:

Take a look at your patch management process. If it’s manual or spotty — fix it now.
Begin instituting zero-trust principles on your network:
- Segment critical systems
- Check identities in real time
- Abandon the fantasy of secure perimeters
Check physical security of your hardware:
- Secure server rooms
- Audit firmware revisions and refresh if older than those shown.
Rethink password policies:
- Encourage passphrases
- Mandate multi-factor authentication
- Train users — do not only enforce policies. Hold regular user security training to improve the social engineering risk posture.

Final thoughts (From my desk, with a tiny bit of worn-out brain)

As I look back over my career, from tuned muxes for PSTN lines to the latest zero-trust frameworks and hardware (In)hacking exposés— one thing is certain: security is changing rapidly. But some basics never change. You can become seduced by the next AI-powered solution or the latest hype, but without mastering fundamental practices, you will always be the one trying to catch up.

And while we’re on AI-powered stuff — I don’t want to sound like a Luddite, but when a security product is heavily marketed that way and never explains its use in context of human monitoring, I’m leery. AI is a hammer, not a magic wand.

So, whether you’re managing a mini-office network or defending a multi-branch bank, concentrate on:

Solid fundamentals
Continuous improvement
Real world testing (yes hack your own environment if possible, doing it safe)

I’ve had plenty of sleepless nights and more than a little caffeine to thank for my understanding of these lessons. I hope in sharing them, I spare you some similar agony.
Stay safe out there.

Sanjay Seth
P J Networks Pvt Ltd
(Posted as a To Whom It May Concern – Cybersecurity Consultant since 1993)

Blog