Reflecting on 30 Years in Cybersecurity: From PSTN to Zero Trust and AI Skepticism

I’m just beyond my third coffee and staring at the screen, reflecting on 30-odd years in the game. Think about beginning in your career in 1993 as a network admin, looking after voice and data multiplexing, or mixturing as we say here In Atlanta, over PSTN lines well before the cloud was even a glimmer in tech’s eye. Fast forward to today — still waist-deep now running my own cybersecurity company specializing in firewalls, servers, routers, and yes, all of those modern-day nightmares. Let me give you a couple of real experiences in the trenches — experiences that form my view on cybersecurity, why I’m increasingly skeptical of every AI-powered buzzword, and how actual zero trust implementation looks good even if it’s just a PowerPoint bullet point.

The Early Days and Lessons from Digital Attacks

M0K,CPUHistoryandD5K The firstSearchEngineDeath simply refers to a task that we ran on M0K, dedicated to taking anF RMSpacket andfinding which strand of DNAit originates on.

I began as a network admin, and my universe was analog switches, and maintaining voice and data over circuit-switched PSTN networks was nonsexy work, but it kept me grounded. The technology is now primitive — slower, perhaps — but mistakes were not an option then. When the Slammer worm hit in 2003, I was in the thick of it watching as it blew through networks at warp speed — one of the early lessons that an infectious digital attack spreads faster than anything biological (and with far greater consequences).

Here’s the other thing about Slammer: It was a wake-up call. Suddenly, patches were no longer nice-to-haves; they were required. Regrettably, we all too often come across businesses that, even now, treat the management of patches as a chore. Let me be blunt — if you aren’t patching you may as well be leaving keys under the doormat.

Now: PJ Networks and Zero Trust for Banks

It not like running PJ Networks is merely business — it is a resposibility that I take seriously. I recently helped three banks redesign their zero-trust architectures. Hoo boy, was that a journey. You see, zero-trust gets a bad rap — it’s not simply a tech stack you bolt onto your infrastructure. It’s a change in culture and design. These banks learned what I refer to as the Three Realities of Zero Trust:

  • Zero Trust Default: Every user and device, inside and outside the network perimeter, is always authenticated.
  • Least Possible Privileges: No permissions are assumed (users get only what they absolutely need).
  • Continuous Monitoring: Trust but verify is done… it is verify all the time.

I’ll cop to the fact that the transition was not a seamless one. Some old systems clung to life like an old rusty car that wouldn’t start on a cold morning — you had to have patience, plan carefully and use a lot of elbow grease. This isn’t fast, but the return? Massive shrinking of the attack surface, plus more checkable audit trails that somehow add up.

Meanwhile, Straight from DefCon: Hardware Hacking Village Buzz

Just returned from DefCon — the energy at the hardware hacking village still has me jacked (and not just because of all the late-night espresso). To see experts pull apart and poke holes in what much of the world thought was secure hardware was exhilarating, and terrifying. We overlook the importance of physical security in cybersecurity. Almost all companies seem to be concentrating all their effort on software (firewalls, IDS/IPS, endpoint security), while leaving massive security holes open in their hardware.

To use a metaphor, think of your hardware as the body of a car. ​But no matter how shiny the paint (software), if the frame is rusted, or can be pried open with a screwdriver by a motivated attacker, well, the entire ride falls apart.

Quick Take for the Busy Folks

  • Patch early, patch often. No negotiations.
  • Zero trust isn’t a product — it’s a way of thinking.
  • Hardware security matters. Don’t just close the software doors.
  • Approach AI-led hype with wariness; it’s all too often marketing rather than magic.
  • Password policies? Stop torturing users. Think smarter, not harder.

Password Policies: Ranting Because I Just Can’t Help Myself

I’ve been in this game for long enough to know that password policies are usually the weakest link – ironically designed to enhance secuirty but are doing the opposite. Length over complexity, folks. I’ve observed administrators impose some of the most arcane password rules on their systems, which just end up ensuring that users are writing passwords on post-its or rolling their password over every couple of weeks — which does you absolutely nothing.

Let me be bold: if your password policy leads you users to bad habits because it frustrates them, you are doing it wrong. Instead, consider these:

  • Use passphrases, not random strings of characters.
  • Adopt multi-factor authentication — don’t depend solely on passwords.
  • Eliminate arbitrary expiration dates, unless there’s obvious evidence of a compromise.

Cybersecurity as cooking — you have to have the right ingredients, skillfully balanced. Over-spiced passwords ruin the dish.

Firewall, Servers, Routers – The Backbone Is Still Relevant

With all the buzz around zero trust and AI, don’t neglect the fundamentals. Firewalls, servers and routers are still the rules of the road for network security — sort of like the axles and wheels of a finely tuned automobile. They are the antidote for traffic congestion and the bad stuff.

Here’s what I always examine when I consult:

  • Firewalls: Clean rules or just a mess? Loose laws are open doors to trespass.
  • Servers: Are they patched? Hardened? Monitoring? Nothing screwed up on my software from yesterday that needed tidying up like crumbs?
  • Routers: Default passwords changed? Firmware updated?

Both are no-brainers — and yet so easy to neglect. And, yeah, sure, detection and endpoint security matter — but if your crypto’s weak, all that is a house of cards.

A Personal Account: When I Got Burned

Not gonna lie — I’ve had my moments when I’ve screwed up. Early in my career on a large migration I missed a small router mis-configuration. Result? Unauthorized access resulting in a leak of client data. It was a stunning defeat — scorched my ego yet honed my awareness.

That is why I stress attention to detail. The attackers love your mistakes.

Skepticism Around AI-Powered Solutions

I go everywhere and I hear people selling AI like it’s the panacea. Listen, I understand — machine learning can automate threat detection and response. But if you believe that plugging in an AI-inspired gizmo mystically fortifies your network, congratulations: You’re living in a fantasy world.

There can also be cases where AI models produce too many false positives — inducing alert fatigue.

In fact, some of the models fall prey spectacularly to (new or adversarial) attacks.

Human expertise? Indispensable. AI isn’t a crutch; it should be a tool.

In Conclusion – What I Want You to Know

Cybersecurity is a marathon, not a sprint — and they who treat it like a checklist won’t get far. Whether it’s running a PSTN network or protecting banks with zero trust, the principle in its essence has been the same; trust no one and verify everything, and never underestimating the basics.

So when you consider your security design, remember:

  • The devil is often in the details — patching, configurations, password policies.
  • Trust is like an onion, it has layers, not just a name.
  • The hardware is as important as the software.
  • Be skeptical of flashy solutions.

And perhaps, just perhaps, have a good cup of coffee in the process. Because, as with any tough problem, cybersecurity takes grit, perseverance and a little caffeine.

Now please, if you don’t mind, I have to pour my fourth cup.

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.