My Journey from Network Admin to Zero-Trust Cybersecurity Expert

I’m here at my desk having my third coffee and still buzzing from my recent visit to DefCon — the hardware hacking village blew my mind. You see, I’ve been in this racket for nearly 30 years now, since I cut my teeth as a network admin way back in 1993 (when we were still using a mux for voice and data over PSTN — if you remember that time, tip of the hat to you) and had to do battle with the notorious Slammer worm. This is not just another cybersecurity blog full of buzzwords — instead this is a straight take on what actually work, what often don’t — and why some of those old-school lessons absolutely matters today.

From Muxes to Zero-Trust: My Path

This bring us back to the good old days when managing a network involved tuning your physical gear, chasing down strange packet loss across slow links, and dealing with the mess of voice on top of data over the same lines. Slammer worm was a rude awakening—not because it constituted anything fundamentally new, but because it showed just how fragile everything was. I can recall scrambling into the night to patch SQL servers as calls kept dropping — it was back in the day when “network downtime” meant that the desks really went silent, not just an idle Slack message.

Now fast forward to today, I am the owner of my own cybersecurity company, P J Networks Pvt Ltd, which specialises in firewalls, servers and routers — oh and zero-trust architectures. I recently assisted three banks in upgrading their zero-trust models, and I am still not over how much complexity has exploded. But here’s the catch: Fundamentals matter now more than ever.

Quick Take

  • Old-school network hygiene remains key
  • Zero-trust is not just a buzzword — when done right, it works.
  • Hardware hacking perspectives can show people what to pay attention to (Author’s note: the “What hacking hardware can teach us” talk was truly a standout at ToorCamp)
  • Password policies? Let’s just put it this way, you’re mileage may vary. Often in a frustrating way.

The Slammer Worm Crisis: A Need for Preparedness

Here, I’d like to take a moment to tell a little story. No easy way to slow him.” The Slammer struck quick — like a bullet train. It spread like wildfire and even the hardest of teams couldn’t handle it. What did I learn?

  1. Patch Everything — Yesterday: The way of the Delay is the way of the Doom.
  2. Visibility is everything: You can’t defend what you can’t see. We did not have the capabilities we have today, but even rudimentary logging would have highlighted unusual traffic patterns.
  3. Communication is king: From the helpdesk to the executive suite, everyone needs to know what’s going down. Panic leads to mistakes.

And yet … even with those efforts in place, I certainly made my mistakes. Windows to patch were unchecked, warnings deferred. But every morsel of failure strengthened our defenses.

Zero-Trust: It’s Not Just a Buzzword

When I recently assisted banks to modernize their zero-trust architecture, it became obvious to me — this is not just a pretty paint job. It’s a sea change from the perimeter-focused defenses that I’ve been used to working with. But for many, a key point is missing:

Your network can’t mean everything is trusted until proven otherwise, even on the inside.

That means:

  • Identity is everything. Strong multi-factor authentication is non-negotiable.
  • Micro-segmentation. East-west traffic even within your network should be examined and managed.
  • Continuous monitoring. Trust is re-evaluated all the time, and not just at login.

“But here is where some people go wrong. They become enchanted by vendor claims to AI-enabled zero-trust solutions. And you know what? Sorry, I’m skeptical. AI can help in security — if you grasp its limits. It’s not magic. It’s not going to substitute experienced eyes and good old fashioned vigilance.

My Thoughts on Password Policies (You might want to sit down for this)

I know, I know — passwords are your first and last line of defense. I’ve worked at companies where the password complexity is so severe that users will write their passwords down simply so they won’t forget it. That is akin to locking down your car with a rusty padlock and leaving a key to the padlock under the mat.

My advice:

  • Enforce length over complexity. A long passphrase is stronger than random symbols every time.
  • Use MFA wherever possible. Period.
  • Educate users. It’s true that password fatigue is a real thing but a little empathy and training can go a long way.

And yes, I rant about it once in awhile, to anyone here who will listen. Because bad policy is worse than no policy.

My Takeaway From DefCon’s Hardware Hacking Village

Fresh off DefCon (content-surfing, here). The hardware hacking village was a great reminder that cybersecurity isn’t just about software or cloud services. It’s about the stuff that processes data, essentially. Routers, firewalls, heck, you could even go small and hit those little IoT things ultimately everyone seems to love.

Watching hardware attacks unfold in real time — attacks like side-channel hacks and firmware manipulations — was a wakeup call. Hardware security is often an afterthought for many companies in their list of risks. While we can’t yet know what the long-term impact of this outbreak will be, here’s what I believe the business community should be keeping in mind:

  • Audit your hardware supply chain. Unless there’s trust, the fact that something is a device from a reputable brand (as this is) isn’t enough.
  • Firmware updates are a nightmare you must manage as if they have been On Software and test the hell out of them.
  • Physical security is the King – access to hardware should be strongly restricted.

Pulling it All Together – Your Networks Security Maturity Plan

You want solid security? Here is an unvarnished recipe, a war-tested playbook:

  1. Know your assets inside-out. What is on your network? Where are the servers, firewalls, routers?
  2. Segment your network. Don’t allow everything to talk to everything.
  3. Patch like a maniac. Slammer taught me I can’t take a patching time-out.
  4. Adopt zero-trust principles—smartly. Child’s pose if you have to, just get to it.
  5. Don’t ignore password hygiene—and MFA. Your users will thank you.
  6. Monitor—Relentlessly. Logs, network flows, alerts. This is your early warning.
  7. Review your hardware security. It’s no longer just an IT issue —it’s mission-critical.

One Last Thing: Experience Still Counts

It’s the temptation of the day to chase after shiny new solutions — machine learning, AI, flashy dashboards. For all that, all of those tools do is that: They’re just tools; and security only comes from knowing the basics. From that honed, godly ability to foresee a sizeable burn and their reaction to that burn, having got burnt 35 times and learned from each of those burns over the years.

Remember, cybersecurity is a marathon. Not a sprint. Though I have spent decades in this field, I continually learn, adjust and challenge. And, yes, occasionally launching into rants about lousy password policies or overhyped A.I. tools.

But, hey, that’s the life of a cybersecurity consultant who began his career in the days of PSTN multiplexers, survived Slammer, and now helps banks construct zero-trust fortresses. And wouldn’t trade it for anything in the world.

Or if you want to discuss firewalls, router configs, or want some straight talk on how to secure your network, you know where to find me.

—Sanjay Seth
P J Networks Pvt Ltd
Cybersecurity Consultant since ’93

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.