My Journey Through Cybersecurity: Lessons From the Trenches

It’s afternoon, I’m sitting at my desk, third coffee just hit, and I’m remembering a few of those crazy moments along my journey of cybersecurity. Began as a lowly network admin in 1993, twisting muxes for voice and data over PSTN lines (ah yes, remember when buffer overflow was something you tripped over on a weekend, not some damn worm ready to eat your lunch?) Speaking of worms—remember Slammer? That little bastard gave me a front-row seat to how quickly vulnerabilities could proliferate and why you can’t just patch and pray any more.

Now, fast forward. I run my own security company, have assisted three banks in the last year to further harden their zero-trust setups, and returned from DefCon last week high on the hardware hacking village. Took me back to basics but also showed me some fresh things that have me wanting to share — from a dude who has been in the trenches since the dial-up days and remains excited for what’s next.

Why Experiences Matter in Cybersecurity

The Industries of Revolutionaries Episode 1

It’s like this—cybersecurity isn’t some ethereal concept that you read about from a textbook or on some fancy conference slide. Nah, it’s there in the trenches with you. I’ve witnessed theory sputter against reality — and sometimes it’s been beautiful, and at other times, it’s been wretched.

Take when I was assisting those three banks on their zero-trust updates. The tech? Solid. It’s clients fighting legacy systems, user resistance and deeply embedded “trust cultures” within their organizations that offer up the real test. If you don’t account for human nature and legacy tech debt, your zero-trust project will suffer a slow miserable death.

Oh, and for the record, zero-trust is not some sort of magic pixie dust you sprinkle on your network. It’s a way of thinking — and yes, it’s clumsy. You don’t just block and that’s that. This is a layered process for which you have to continuously verify permissions and make the right context-aware policies, not some sexy AI-powered box that someone’s pitching you in a vendor call. (As an aside: I am perpetually suspicious of any security product sprinkled with AI-powered across the cover. If AI were that effective, wouldn’t we have already eradicated phishing? Spoiler: no.)

Muxes to Modern Networks: Decades of Lessons Learned

Back in ’93, my primary concern was making sure that voice and data mux didn’t crash, because downtime resulted in lost money and irate customers. No slick firewalls, no endpoint detection. No prewired circuits, no one but your wits.

That experience taught me:

  • Simplicity often wins. Simple answers can occasionally lead to complex disasters.
  • Redundancy is your friend. Backup paths, diversions, failover provisionings—vital things even today.
  • Human error, of course, is the ultimate wild card. You can implement all the protocols you wish, but it just takes one mistake or unthinking user — and boom, exploitation.

Fast forward to those Slammer worm days —watching that little packet slamming network worldwide was a rude awakening to how quickly threats spread. Slammer used a buffer overflow, spreading in seconds — it pummelled hospitals and banks too.

Lessons there?

  • Patch management must not be an afterthought.
  • Watching what the network does beat signature-based detection alone.
  • Incident response plans are a thing for a reason, and there’s no time like the present to practice your When All Hell Is Breaking Loose response than when all hell is breaking loose.

Transforming Zero-Trust for Banks: The Hard Part

Completed three zero-trust projects with banks. Banks, especially, are high-stakes environments. Security breaches = broken trust with the public + regulatory nightmare.

What surprised me? It’s never just about tech.

People policies. Legacy tech. Cultural resistance. Breaking down silos between IT and business units.

What worked?

  • Starting small and iterating, not big-bang implementations.
  • Teaching users with real-world examples instead of dusty PowerPoints.
  • The disciplined use of least privilege, but balanced by practical concerns.
  • Constant vigilance — not a checklist item, but a daily practice.

If I had a dollar for every time someone said, “But this slows me down,” I’d be retired and sailing the Mediterranean. Here’s my hot take on that:

Security and usability are not always best friends, but rationalizing lazy implementation is a recipe for disaster. If you don’t have the stomach for making zero-trust right, which exposes all the weak crannies of an organization, please don’t even get started. If you want zero-trust to work, plan the gruntwork — the processes, the upskilling and, yes, spending for real tools.

DefCon and the Hardware Hacking Village: Why Physical Security is Still Important

Just got back from DefCon. Hacking Village of The Hardware — complete eye-opener. In an era obsessed with cloud and software threats, it’s easy to forget about the vulnerabilities of physical hardware.

But the truth? Hardware is the trust base. It doesn’t matter if your hardware is compromised, all the rest is irrelevant!

The village demonstrated how that there’s a cyberattack surface hiding in plain sight across a vast network of humans, for anyone with bad intentions to exploit — from USB devices, to RFID chips, to even the printers in your office. Physical security is still not a concern for people.

From a certain point of view, think of it as a car with state-of-the-art air bags and anti-lock brakes, but somebody steals your keys, or hotwires it: all that air-baggin’ doesn’t do much good.

Hardware security includes:

  • Supply chains (yes, supply chain attacks are real and terrifying)
  • Firmware integrity verification
  • Physical tampering resistance
  • Supervision and remote control over ports USB and serial ports, etc.

And yes, right up until 2024 I’ve witnessed companies taking a short cut, and that is to ignore doing hardware audits because “It’s a hassle”. You know what is seriously more trouble than it is worth? Recovering from a hardware-level breach.

Password Policies: My Never-Ending Rant

I need to admit this to someone. Password policies. Ugh. I have long lost count of the number of times that an organization has deployed insane rules that don’t actually make us any more secure but certainly make our users more miserable.

And no, making your users change their passwords every 30 days DOES not make your network more secure. Sometimes it makes it worse as your users choose weaker passwords, or they write their passwords on sticky notes.

Here’s what I suggest (because I’ve seen what actually works):

  • Replace short complex passwords with passphrases
  • Use multifactor authentication (MFA) everywhere religiously
  • Teach people about phishing instead of imposing arbitrary complexity rules

I understand the NIST guidelines have changed — at last! —but half of the world is still living in the password stone age.

Quick Take: Essential Cybersecurity Bites for Busy Execs

  • Security is not a one-and-done project; you’re constantly adding to and evolving it
  • Legacy systems are your slow-moving landmines – find and isolate them quickly
  • Zero-trust is a belief, not something you buy and install
  • Valuing user education at the same level as the technology
  • Don’t miss the physical hardware bugs — it’s still a big attack vector
  • Password complexity won’t save you; MFA and passphrases do

Conclusion: No Bull From a Long Time Cybersecurity Consultant

This is what I have learned after 30 years in this field: stay curious, keep learning and never underestimate how little, everyday things push us closer and closer to disaster.

Security is like cooking a complicated dish — the ingredients matter (tech, policies, people) but so does timing, technique and a pinch of patience. You can’t rush it or cheat and expect a Michelin star performance.

And, yeah — I’m still that guy that wants to jump and down at an old Cisco router or a new wave of soldering wafting by from a hardware hacking booth. Because for me, the magic of cybersecurity isn’t just the latest shiny widget — it’s about getting under the hood, about the people behind the magic, and how those worlds collide.

So, if you want beef up your security — or are wondering if AI-everything is the answer — keep this in mind: tools are only as good as the people using them.

Stay sharp out there.

—Sanjay Seth
Cybersecurity consultant
P J Networks Pvt Ltd

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.