Reflecting on Three Decades in Cybersecurity: Lessons and Insights

I’m sitting at my desk (unfortunately not with a drink in hand) after my third cup of coffee (the one that tastes a bit like it was overthought) and reflecting back on almost three decades of work in cybersecurity. I began my career as a network admin in ‘93 when networking was not as sexy as it is today. Back in those days, I was deeply entrenched in the world of multiplexers (muxes for the uninitiated) that used to pave the way for voice and data over PSTN lines. Remember those? The hum of analogue, switching racks thicker than any smart phone you rock today. It was a funky old world — slower, but in a funny way, simpler. You touched the wires, you sniffed the gear, and security was less about firewalls and threat intelligence feeds and more about locks on the server rack. Then there were worms like Slammer — I had firsthand knowledge of that. Slammer was akin to the digital version of a hopped-up kitchen blender that everyone assumed was off — and instead was pulsing chaos within. It was a reminder of just how vulnerable networks are — and just how much we take that complexity for granted, until disaster strikes.

Evolution of Cybersecurity: From Networking to Zero-Trust Architecture

I’ve watched the cybersecurity industry shift into unimaginable territories since those early days when we first threw gorgeous modern computerization at my exploring community — and that’s part of why I get so very impassioned about what I do. Lately, I had the opportunity to work with three separate banks to update their zero-trust architecture. I’ll tell you one thing, zero-trust isn’t just some buzzword thrown around at elevator pitches — it’s a fundamental change in how we conceive of security, especially in financial services where we keep getting targeted like clockwork. If you believe a firewall on your perimeter, plus an antivirus application, is all you need, you’re dangerously out of touch.

Understanding Zero-Trust: Never Trust, Always Verify

Now, a quick-hot take before this gets too long — zero-trust, in other words, means: never trust, always verify. Period. Gone are the days of trusting anyone and everyone inside the network perimeter. Take banks for example they’re no longer only defending the fortress walls — they’re just as interested in every window and nail and plank in the foundation. And sometimes those premises are virtual. You can’t patch your way out of poor architectural decisions. These projects? They put everything I thought I knew to the test in a healthy way – from detailed identity and access management, to micro-segmentation, to continuous monitoring.

Highlights from DefCon: Hardware Hacking and Persistent Curiosity

And while we are talking about excitement – I just returned from DefCon. Still somewhat high, and not just on Red Bulls. The hardware hacking village was insane, wicked smart people tearing apart hardware like it was Sunday brunch, looking for those dark and secret attack surfaces everyone else would miss. It reminded me how much of cybersecurity is about simple curiosity and dogged persistence. “They’re like a cook who tastes a sauce 1,000 times,” these hackers prod and poke at hardware until it yields its secrets. And yes — it’s exhausting, but it’s thrilling.

Hardware Security: The Often Overlooked Vulnerability

One thing about the hardware security: it’s easy to forget about. Everyone always talks about software vulnerabilities but from the moment you hook up a device — router, firewall, server — you’re exposed if that device wasn’t designed with security at its core. It’s own that the hardware hacking village gives us a cold hard reminder of — manufacturers can’t be trusted to do right for security every time (and to be honest, should we expect them to when security is always an after thought)? Which is why cybersecurity-consultant-me is always nudging clients toward layered defense and stringent validation.

Key Recommendations for Strong Cybersecurity

And OK, let me interrupt and give a quickie list — here’s what I think is worth it, based on years and very recent projects:

  • Know your network topologies— not what is on paper, but what is truly live and alive.
  • Implement micro-segmentation* – don´t throw everything into one big jar and hope the dish tastes good. It won’t.
  • Enforce tight identity rules with MFA — Seriously, I’m tired of bad passwords; why do admins still overlook MFA?
  • Monitoring all the time — automatic alerts, threat hunting, packets streaming in real time. The sooner you notice it, the sooner you fix it.
  • Disable the ‘I believe’ buzzword vendors — I love technology, but AI buzz outpaces reality in current times. Most things branded as AI are more marketing smoke than actual fire.

Quick Takeaways: The Necessity of Zero-Trust Architecture

In case you are short on time, here are the key points: Zero-trust architecture is no longer optional; it is a requirement. Old-school perimeter defenses? Those are restaurants that leave their back doors open. Assume nothing; check everything all the time. Your infrastructure is only as secure as your weakest authorization level, most likely human error.

A Rant on Password Policies

Oh, by the way, I can’t resist a bit of a rant about password policies. Seriously, the industry remains in love with the sound of “my complex password changes every 30 days” is best practice. Uh, no. That’s pretty much the way to teach people just to write passwords down on sticky notes or use the same one a zillion times. Password policies should be intelligent — the longer the better, not overly complex and depend heavily on Multi-Factor Authentication. As a consultant—I’ve watched companies effectively hobble themselves with outdated protocols rather than allow users to understand and implement sane, usable security.

From Retro Networking to Cloud Risks

OK, so maybe retro tech geeks will appreciate this — when I first got into networking, routers and firewalls were these big ass equipment that took an entire room. At that time, to configure VLANs, you spent nights playing with punch cards, and if you were lucky, BNC cables. And now? You can spin up virtual routers in the cloud all while drinking coffee from your smart mug. But with that convenience come new risks. The movement to cloud first architectures is causing the attack surface to explode in ways that few understand yet. Banks in particular are moving crucial systems to cloud deployments — if you don’t layer on zero-trust, you might just as well be flinging open those old analog PSTN gates.

Earned Trust: People, Processes, and Technology

As the owner of a security company, I’ve come to realize that trust must be earned — and maintained — every single second. It’s also not just technology but people, processes, policies. A firewall is not a magic wand. If your I.T. team is not constantly learning, experimenting and adjusting, your defenses will not suffice.

The Complex Nature of Cybersecurity

And it’s messy. Cybersecurity isn’t all code and hardware — it’s psychology, risk tolerance and sometimes politics. Think about it: sometimes clients are looking for the cheapest option, overlooking the current gaps just to cut costs — and that’s a risk they take with their business. I say it straight-up: Half-baked security measures just give you a bigger bull’s-eye. It’s as if you tried to cook a Michelin-star meal with already expired ingredients, because you wanted to save some pennies at the market.

Final Thoughts: Keep It Simple, Solid, and Vigilant

So that’s my current ramble — I’m hopeful and worried. Optimistic because the cybersecurity community is strong, intelligent, and creative. Worried, in part because the other side is too — always changing, always testing. And often I feel our industry’s fascination with flashy AI buzzwords gets in the way of the basics we all need to nail like good firewalls, hard servers, and solid routers. Those are the backbone.

To my colleagues out there who manage networks or run companies, it’s this: Keep it simple, keep it solid, and don’t ever underestimate the importance of continuous education. From early days of muxes on the PSTN to bleeding-edge zero-trust architectures in banks — the fundamentals remain surprisingly the same. It’s about visibility and control, and constant vigilance.

So when you’re poking a firewall rule or considering an upgrade next, think about the days of yore, in analog, when Slammer worms crushed networks, when hardware hacking was still in the cops and robbers stage, and take your security just as seriously as you take your morning coffee. Since both can prevent your day from turning to total shreds.

Best regards from my side of the cybersecurity trenches,
Sanjay Seth
P J Networks Pvt Ltd

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.