Insights from Nearly Three Decades in Cybersecurity

It’s 10:30 AM, I’ve got coffee No. 3 within arms’ reach, and I’m excited to share some stories and insights from a career that’s coming up on close to three decades in cybersecurity. I came into the ranks as a baby network admin in 1993 when PSTN was still cutting-edge and I was managing mqs’ (multiplexers to those who prefer shorthand) for voice/data. We have certainly come a long way since then, but some lessons? They haven’t aged a bit.

Oh, and our very own Slammer Worm Encounter from Years Gone Past

You probably have heard horror stories about the Slammer worm if you have been in the business long. It was 2003, and Slammer landed like a tsunami — crippling networks in mere minutes. I was up to my neck in network operations then, watching entire bank systems buckle under the pressure of it all. It was pandemonium, but also an awakening to a fragility we had overlooked. The point about Slammer — and really any worm — is that it preys on plain-ol’ oversights: unpatched systems, awful network segmentation.

Here’s the rub: even with what we supposedly know, an astonishing number of companies continue to make those very mistakes. And it’s no longer just about patching — the attack surface today is more like a web of sprawling freeway interchanges compared to a simple mux.

Zero Trust: It’s More Than Just Buzz and Here’s How It Recently Aided 3 Banks Revamp Their Architecture

I recently completed multiple projects to upgrade the zero-trust architectures of three banks. And let me tell you, for as much as Zero Trust can seem like the latest marketing buzzword, in reality – it is the game changer.

For the uninitiated: zero trust is the notion of never trusting anything inside or outside of your network perimeter. Each device, user and connection has to be constantly verified. In banking, where data is gold, layering controls appropriately isn’t just great — it’s a requirement.

But there’s the rub — zero-trust isn’t a flip-the-switch operation. It’s iterative, involving:

  • Mapping your resources or assets and verifying access controls.
  • Micro-Segmentation of network zones as a breach containing mechanism.
  • Strong identity and access management with multi-factor authentication.
  • Ongoing tracking plus AI-powered anomaly detection (though I’m personally never one to trust so-called AI-powered magic). (There must be humans in the loop.)

Banks are a good case in point; because their legacy systems are often intricate, layered and hyper-sensitive. So incorporating zero trust without any downtime? It’s an art — and a science.

DefCon and the Hardware Hacking Village: I Am Still Buzzing

I just came back from DefCon, the legendary hacker conference. And, duh, the hardware hacking village? Mind-blowing. I hadn’t done anything too sophisticated, but watching people exploit and tear apart everyday devices — routers, firmware, IoT pieces — it was a reminder of how frequently hardware security gets left in the dust.

You see, we tend to think about software patches and firewalls — the toys I spent years mastering. But the devil is more and more in the device. Especially now that your homes and offices are filling up with IoT devices. They’re small, occasionally inexpensive and frequently designed with security as an afterthought.

If you believe perimeter firewalls are your silver bullet, think again. Plenty of the usual defenses can be bypassed via hardware-level attacks. At DefCon, one instance worked on the level of inserting malware into a router at the chipset stage, offering constant, low-profile access.

Quick Take: What Cyber Story Do You Wish People Would Remember?

  • Never underestimate old vulnerabilities. Worms that slammed, like Slammer (Slammer taught me that old bugs can still bite).
  • Zero trust isn’t a checkbox. It’s a philosophy and process.
  • Hardware security is cybersecurity. If you think otherwise, you can’t ignore that is where software meets silicon.
  • User education is perhaps the weakest link, but also your best defense.
  • Password policies demanding 30 or so characters along with the symbols? Sometimes counterproductive. Best to concentrate instead on passphrases and multi-factor authentication.

From Personal Flubs to Solid Wins

Not my proudest moment, but there was one day early on where I just didn’t appreciate a worm’s velocity—managed to lock myself out of a system in the middle of a patch window. Yes, the man who set up the firewall forgot the key during impatience and bad timing. But messups like that scale you back and make you appreciate the technology and chaos of real-world IT.

That plus numerous other war wounds inspired me to establish P J Networks Private Limited, where we not only get hands dirty, but also believe in calling a spade a spade, guided by experience and not just high and mighty words.

What It Is And Why I’m Obsessed With It And Why You Should Care

disks, macrotasks and minimum values or all attributes in timeseries_exc, or tags or tag_values in tagspec_patterns or namespaces in items spec is a sensitive attribute setattr(name, value, tags=None, tag_values=None, namespace=None)

That’s the thing about cybersecurity — it can sometimes seem like a never-ending arms race. Someone is trying to discover a new backdoor, to expose a server, to deceive your router. Which is why I continue to reassert — your network’s underlying hardware:

  • Firewalls: More than just perimeter protectors. Today’s firewalls do deep packet inspection, application filtering, and connect with threat intelligence.
  • Servers: Keep them patched religiously, segmented thoughtfully, encrypt data at rest and in transit.
  • Routers: Not very sexy, but absolutely key — secure firmware, restrict remote access, and use hardware that can keep good logs.

Consider these your car’s engine, your brakes and your tires. You don’t switch them out every month, but you take care of them. Scrimp here and no amount of fancy tech will bail you out.

The Password Policy Rant That No One Asked For

Okay I’ll just say it — password policies are broken. Too many orgs require insane complexity that has users writing passwords down on sticky notes or using the same one across sites. Here’s my take:

  • There’s no reason to be complicated for the sake of being complicated.
  • Train users on generating strong passphrases (example: four random words).

Most important: require multi-factor authentication.

If your security plan is to have complex passwords, you’re losing.

Wrapping It Up: What After Cybersecurity?

AI this, AI that — now let me be clear, AI tools can help enhance security, but just handing over the keys? No. We need a human-in-the-loop strategy informed by what we have learned in the last 30 years.

I’m an old-timer who had a pulse in the days of dial-up, muxes and punched cards (kinda). And let me tell you — fundamentals don’t change. Patching. Layered defense. User education. Vigilance.

So whether you’re fending off a global bank or your average small-medium business, behind the gorgeous tech, keep something in mind:

  • Solid infrastructure
  • Smart policies
  • People who care

And, perhaps, a nice cup of coffee.

—Sanjay Seth
P J Networks Pvt Ltd

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.