From PSTN to Zero Trust: A Cybersecurity Journey

I am sitting here at my desk — on the third coffee and the gears are finally turning like plastic and metal should. I’ve been at this party since 1993 punching wires and mux boxes for voice and data onto PSTN as a network admin. Yeah, I’m that guy who watched the internet evolve from dial-up migraine to today’s zero-trust labyrinth. And, I kid you not, experiencing the Slammer worm outbreak as a firsthand observer — curator of some VARIETY of the virus at the time — really sort of guided my approach to security.

We didn’t even really call it cybersecurity back then. Just “keep the network up.” “But Slammer spread through networks like wildfire, and out of that chaos, I realized that being reactive is no longer acceptable — you have to plan for it and architect for resilience.” Fast forward 30 years, and today I own P J Networks Pvt Ltd, a full-service security consultancy, where I recently assisted three banks in developing their zero-trust architectures. Oh, and I just returned from DefCon—still feeling the buzz from the hardware hacking village (more on that later).

I’m just going to share some real-world insights that you may find interesting if you’re driven to secure your business, or just curious why that firewall that everyone says is the bomb is really only a speed bump to the modern attacker.

Why Yesterday’s Lessons Matter Today: Why vs. How – A ZTNA Example From Multiplexers to Zero Trust

When you’d slam the network back then, it was rebooting routers, changing cable or putting fires out in the PSTN infrastructure (you remember that? Today, the attack surface is magnitudes larger and the adversaries? Much smarter and persistent.

Thing is the principles never change. You’ve got to know the layout of your network, apply tight access rules, and most importantly, see traffic before it collides with the business. The highest hills to climb were not in technology, but in getting people to kick bad habits.

  • Users are still holding on to poor passwords despite countless trainings.
  • Over-permissioned access remains rampant.
  • And, network segmentation? An all too common exercise in checking off boxes, rather than a lived life.

Zero trust isn’t just the latest buzzword — it’s a mindset:

  • Never trust, always verify.
  • Access controls and monitoring are tight.
  • Micro-segmentation to contain breaches.

Oh, and if someone tells you to just go out and buy a firewall enabled with an advanced form of artificial intelligence, you may want to think twice. That isn’t to say that AI isn’t powerful — it absolutely is — but the vast majority of these marketing proclamations are exactly that: marketing proclamations. In the end, the best defense is sound architecture, good hygiene and constant vigilance.

The Anatomy of a Live Incident: My Experience with Slammer

Late night shift, 2003. The Slammer worm came with no warning. One minute it was all fine, and the next, network latency through the roof. The worm leveraged a flaw in SQL Server, and spread like mad.

What did I learn?

  • Patch management is not optional. If you wait for it to be the perfect time, it’s already too late.
  • The importance of knowing your network topology saved key systems.
  • Established incident response roles and protocols matter more than you’d think.

But frankly, I screwed up plenty of times in there because I got to taking perimeter defenses much too much for granted. Yet those screw-ups sowed the seeds of my passion for security activism.

DefCon and the Hardware Hacking Village: It’s All Fun and Games Until Your Gun Gets Hacked!

Just returned from DefCon (yes,we still young at heart). The hardware hacking village was off the hook. And I mean, we’re so obsessed with digital firewalls, but sometimes your weakest link is your hardware.

Watching people bust open routers and remap their firmware, and “breaking in with physical tampering” made me think of an old school hack we had years ago— where an employee disconnected and physically plugged in devices to funnel data out of a network.

Key takeaway:

  • There is no such thing as an optional physical security.
  • Keep an eye on USB and physical access ports always.
  • Consider using hardware security modules that include tamper protection.

Why Password Policies Need To Get Real (My Take)

Okay, I know that this is probably going to annoy some people in the world of infosec —but overly-complex password expiration policies are actually counterproductive.

Hear me out.

  • Mandating that users change passwords every 30 days results in a lot of reusing of passwords or writing them down on sticky notes attached to the monitor.
  • Complicated composition rules can make passwords harder to remember, resulting in workarounds that reduce security.

My advice?

  • Promote longer passphrases instead of complex passwords.
  • Implement multi-factor authentication (MFA) for everything! (No, seriously, your life depends on it).
  • Put a lot of effort into user education about password snobbery – and rather, focus on things like phishing.

The point is practical security, not checklists for compliance that make your users loathe you.

Quick Take: What Every Business Should Be Doing at This Very Moment

If you don’t have much time, this is what I would recommend — straight from years of messing up, learning, and counseling:

  1. Audit your network regularly. Know what’s connected, and who has access.
  2. Implement zero-trust principles step-by-step. Start with critical systems.
  3. Patch quickly, particularly on known vulnerabilities. Delay kills.
  4. Use MFA everywhere possible. Passwords alone are relics.
  5. Be skeptical of product promises and, in particular, those that are AI-powered. Know what the tool is for.
  6. Educate your team on social engineering and phishing attacks. They are your front line.
  7. Secure your hardware physically. Don’t underestimate insiders.

Closing: Why Experience Trumps Hype

As the founder and owner of my own security company, I get to see it all — the shiny new gadgets, the hype cycles, and, regrettably, the same mistakes over and over.

There’s something comforting there sometimes, remembering how easier network setups used to be (not easy, but easier). But the core basics of network security, the value of good design, and the strength of teams that have prepared—that is the stuff that will always be important.

So, here’s my last thought: don’t go chasing the latest gimmick. Instead, construct your security in the way you would cook a biryani in the slow way, layer by layer with patience, respect for the ingredient, and an idea of what to do when things get hot.”

Cheers,

Sanjay Seth
Cybersecurity Consultant
P J Networks Pvt Ltd

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.