Reflections on Cybersecurity Evolution from 1993 to Today

It’s where I find myself, after my third cup of coffee today, fingers twitching over a keyboard, reflecting on how much cybersecurity has evolved since I first became a network administrator in 1993. If you’d told that ardent kid tinkering at PSTN muxes for voice and data that someday, he’d be fighting worms like Slammer and helping banks move to zero-trust architectures, he probably wouldn’t believe you. But here we are. And truth be told, the journey has been nothing short of an adventure — with some lessons you’ll simply never find in a textbook.

From PSTN to Zero Trust — A Train on the Tracks of Shifting Assumptions

Beginning in the early 90s, networking was like cars: big and clunky but with a charm that architecture nerds like me couldn’t resist. PSTN multiplexers? Think of them as old engines that once drove voice and data — breakable mechanisms that sometimes failed but were critical all the same.

And then fast forward to the early 2000s, and I experienced the security chaos firsthand when the Slammer worm hit. Slammer, if you recall, was that warp-speed malware racecar that chewed through unpatched SQL servers around the globe in minutes — in 2003. He watched entire networks grind to a halt — and realized, rather rudely, that vulnerabilities weren’t just waiting to be corrected as long lists of code, they were ticking time bombs.

And now, well, today I have my own security outfit, P J Networks, where things got more complicated, but, honestly, some things are still the same. We just recently finished zero trust architecture upgrades in three different banks. It’s massive organizations with sprawling infrastructure, and by the way? It remains a huge obstacle even after all this time to eliminate the notion of trust in networks, implicit or otherwise.”

What I Learned From the Banks’ Zero-Trust Makeover

The zero-trust thing is one of those buzzwords people toss around as if it’s pixie dust. But here’s the reality from someone who just returned from the front lines: It’s not about purchasing tools — it’s about changing mind-sets.

  • Everyone and every device have to be authenticated and authorized at all times.
  • You can’t just throw up a couple of firewalls and call it zero-trust.
  • Continuous monitoring is critical. No more set it and forget it.

In those projects, I observed firsthand how old systems attempted to remain unnoticed. Too many orgs are still relying on perimeter defense — think a castle with walls but leaky gates. And internal threats? Even worse. Employee errors, insider threats — these were just as threatening, if not more.

In what seems to be a pretty accurate analogy, she describes swapping out man and woman as switching butter and margarine. Here’s a little cooking analogy for you (because what else do I know? I mean, if your network is like your kitchen, zero-trust is the recipe that means absolutely perfect hygiene and timing — no shortcuts). You’re not going to be serving poisoned food to your guests just because the knife had power yesterday! Same for networks.

Yet I’m genuinely dubious about the AI-powered security fixes. Don’t get me wrong — AI has its role, especially in anomaly detection, but it’s not a substitute for good architecture and human skill. Plenty of suppliers treat AI as little more than a shiny sticker to slap on products that are not much more than repackaged firewalls with a splash of machine-learning buzz. Been there, seen that — and some are as buggy as Windows 95.

DefCon and the Hardware Hacking Village — Still Buzzing

So I just got back from DEFCON, and wow — hardware hacking village is still one of my favorite bits. There’s nothing like watching people rip into hardware to learn what it isn’t very good at. You can patch software all day, but if the physical layer is wide open, it’s pretty much just a matter of time.

This year, a team showed how to execute attacks on network equipment — routers and firewalls, in particular — that revealed backdoors and untrustworthy firmware that vendors apparently had not seen. And let me state this emphatically: a compromised router or firewall is something many people underestimate the potential of. You guard the gate with a vicious dog of some sort, sure, but what if someone sneaks in, changes the orders he’s supposed to follow, and lets everyone through without your knowledge?

Spoiler alert: The entire concept of perimeter defense feels antiquated, as appealing as dialing a modem today. You gotta think beyond.

Password Policies: My Never-Ending Rant

Ok, now I’m going to get a little provocative. Password policies — and I still don’t understand why businesses push down those silly arbitrary rules you can never get to work the way you want. You know the ones:

  • Must password include Uppercase Lowercase Number Symbol Hieroglyphic?
  • Reset your password every 90 days?
  • Don’t reuse passwords?

Here’s the deal:

  • Long, complex passwords often result in writing down that password on a sticky note posted to the monitor. Seriously.
  • They irritate users and encourage people to take insecure workarounds.
  • And yet, many orgs still believe complexity trumps length. But length counts so much more than complexity anymore.

My advice? Instead, use long passphrases that are easy to remember but difficult to guess. And it’s better — get multi-factor authentication set up. That’s the real game changer.

Conclusion – What I Learnt From Behind This Desk

And let me get this straight – cybersecurity is not about running after the latest shiny thing. It is about learning the basics and growing from there. Here is what I’ve seen so far and would like you to remember:

  • Legacy systems never die. Plan for them, secure them, never forget their presence.
  • Zero-trust is not for everyone. It is a journey, and a battle one must not fight alone.
  • Hardware security remains our weak spot. Start from the physical layer.
  • Password settings are about users, not against them.
  • AI can be helpful, but do not let it overtake the task

Takeaway: What If I’m Busy?

  • Authenticate everything. Always, and no exceptions.
  • Secure your routers and firewalls physically and logically. They are the gateway into your organization.
  • Forget everything about complex password setting. Aim for length and add MFA.
  • Monitor zero-trust network and always prepare for a breach.
  • AI is good, but you have to take control of the situation.

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.