Reflections on 30 Years in IT and Cybersecurity

It’s just after my third coffee of the morning here at my desk, and you know what? I am still energized — and not only from caffeine, but rather from the spectrum of experiences I’ve collected during my more than 30 years in IT and cybersecurity. I was working as a network admin in 1993, when we were scrabbling voice and data down PSTN lines (yes, that’s in that dinosaur period when we did broadband with dial-up AOL and the term zero-trust hadn’t been conceived in anyone’s imagination).

I’ve seen it all, from the filthy Slammer worm that tore through networks like a tornado, to the most recent hotness at DefCon’s hardware hacking village, where once again, the creativity involved with breaking (and making) secure systems has amazed me beyond reason. Today, I am running P J Networks, my own security consultancy, leading clients — including banks — through the intricacies of modern cybersecurity like upgrading zero-trust architectures. And here’s the thing — if you’ve watched hackers evolve over decades, you know cybersecurity is not about gadgets or shiny buzzwords. It’s about knowing people systems and most profoundly trust or lack thereof.

Evolution of Network Admin to Cyber Security Consultant in Timeline

In ’93, years ago when I was young, I got my first job as a good network admin, and at that time, voice and data over the Public Switched Telephone Network was how it was. Multiplexers, circuit-switched networks, analog lines — it was all quite fragile, but elegant in its way. I recall having to fix line noise caused by a squirrel that had chewed through a cable. Threat actors today feel so much more complex, while the basics? Reliability and vigilance remain king.

The turnaround was the Slammer worm (for those who remember). That tiny bug raced through networks in 2003, infecting almost every system that had a SQL server, and exposed gaping holes in how companies patched and kept an eye on their networks. I learned this the hard way — no more blind trust, no more thinking a firewall alone would do the job. Slammer was a call to arms of sorts that security had to be baked in to the architecture of networks.

Zero-Trust One More Buzzword in an Overhyped Market?

Recently, I consulted at three large banks while they upgraded their zero-trust architectures. This wasn’t simply something to check off a list from a compliance perspective — it was a complete overhaul in how we accessed and protected resources. Don’t trust anyone, check everything first and then allow access. Sounds simple but implementing it? Far from it.

In the trenches, here’s what I found out:

  • Trust assumptions in legacy systems are usually deeply ingrained.
  • Pulling out implicit trust, without leaving systems broken takes a lot of upfront effort to plan.

Zero-trust means more process and culture and less tech. But — here’s the catch — I still see companies slap an AI-powered sticker on their security tools and hope for miracles. I’m skeptical. Good security isn’t the result of AI magic, it’s achieved through good architecture, smart policies and constant vigilance. AI is a tool, yeah — but don’t count on it to solve sloppy human oversights or truly bad network design.

What I Learned at DefCon Hardware Hacking Village and Beyond

Just came back from DefCon. Yeah, still buzzing with ideas. The hardware hacking village is something every security pro needs to see. Seeing people reverse-engineer everything from routers to IoT devices was a reminder that every device — however secure it’s supposed to be — is a weak link.

I mean your network as an old car. You can have the most state of the art super brakes (firewalls) in the world, but if you have a busted steering system, (vulnerable hardware) your still gonna crash. Rusty Bolts In cybersecurity hardware vulnerabilities, firmware exploits, and side-channel attacks are those rusty bolts that can bring down even the fanciest modern setup.

One of the things I occasionally rant about — password policies. I know, complexity and rotation used to be the password gospel. But here’s the deal: Forcing users to maintain complex passwords they forget, or constantly rotate, just results in bad habits — sticky notes and Password1! on screens. We don’t need more bad, out-of-date punitive policies; we need more good, effective policies: like password managers, and MFA.

Quick Take What You Need to Know Right Now

  • Security is as much psychology as technology — build systems that expect mistakes.
  • Zero-trust is not a buzzword — it is a change in mindset and needs support at an enterprise level.
  • AI is no silver bullet — beware overhyped solutions.
  • Hardware security is the forgotten stepchild — ignore it at your peril.
  • It’s time to reconsider password policies — complexity isn’t the only indicator of strength.

Cybersecurity Today A Dose of Reality From My Desk

If my career has impressed upon me anything, it’s that no security control operates in a vacuum. Your router, server, firewall – they’re all pieces of a jigsaw puzzle which as to fit together just right.

The firewall? It’s your moat. But if you leave the drawbridge wide open — like: you get phished, or have terrible endpoint security — you’re a goner. And yes, I didn’t believe that social engineering-led attacks were impactful early on. Hindsight is 20/20, but it serves as a humbling reminder that tech controls are only as good as the humans operating them.

Deal with servers and network devices like they are living beings. Patch them often, watch logs like a hawk, and segment your network like you’re slicing a roast on Thanksgiving — slow and methodical.

Not to mention that you should never overlook old technologies as a learning aid. In an early network set-up, when the internet was still in its infancy, I learned some basic principles of traffic flow, authentication and fault tolerance that flashier newer things sometimes skimped on.

Final Thoughts Before I Need a Coffee

Cybersecurity is not some theoretical notion cloistered in marketing babble and hype. It is real and messy and you cannot think your way toward it without boots-on-ground understanding.

And here’s the twist — as much as the landscape is in flux, the core features are unfuckwithable:

  • Know your system.
  • Assume breach.
  • Believe no one without checking.

I’ve been lucky enough to witness this transition over its entire course — from dial-up multiplexers to cloud zero-trust deployments, from the era of Slammer worms to the current wave of hardware hacking demos at DefCon.

And so if you’re thinking about your position in the context of security, keep this in mind:

It’s not simply a matter of having the flashiest gear or the latest AI-powered firewall. It’s about discipline, vigilance and a willingness to learn — often the hard way.

Which is why we don’t just sell firewalls or servers at P J Networks. Instead, we offer a partnership — built on decades’ worth of tried-and-true real-world experience.

And hey — if my password rant or AI-powered tools skepticism rubs some feathers on the community the wrong way, cool too. Someone has to be the voice of reason around here.

Time for a refill. — And until next time — keep those eyes open, and keep that coffee strong!

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.