Reflections on the Evolution of Cyber Security Since 1993
I am sitting at my desk, my third coffee finally kicking in, contemplating how security has changed since I was a network admin in the year 1993. Yeah, 1993. Back when we struggled with the muxes for voice and data on PSTN lines. Back then, those machines seemed as ancient to us as rotary phones now do — but they were building blocks for everything we know today.
The Early Days of Cyber Security
And, to be fair, those days were formative — if you want to have a deep understanding of cyber security, you need to know the roots. Because the challenges are, well, pretty much the same. But they have grown up bars now.
Several years later I was directly involved with the Slammer worm incident and watched cyber warfare in real time. Its signature infection, Slammer, landed like a radioactive bomb back in 2003 and delivered this harsh lesson: your weaknesses do not wait for you to fix. They take every misstep and the repercussion of the fail a lot quicker than any human can respond. I still remember the madness — banks, government systems, businesses taken down. Back then, I was down in the bowls trying to fix networks and contain damage.
Modern Cyber Security Services and Zero Trust
Now? We provide a 360-degree proactive security service from our own venture, P J Networks Pvt Ltd in the field of firewalls, server security, router and endpoint protection built up on zero-trust model. And the Zero Trust preach becomes a do We recently assisted three banks in bolstering their zero-trust architecture. That experience was intense—and enlightening. Or more accurately, when considering your networks, zero-trust is just not a buzzword or compliance checkbox.
We even need to treat every user as hostile and build friendly UX around that, which is a tectonic shift in design thinking. Let me tell you, that is a hard sell — especially with legacy infrastructure humming merrily beneath the radar.
Insights from Cons and Hardware Hacking
Oh — and I returned from Cons now. The hardware hacking village? Absolutely mind-blowing. The creativity, the mere bravado of what those hackers create and destroy — tube radios as network sniffers, soldering guns as wands — that reminded me why this field never becomes dull.
But I digress, how did it make you feel or is nostalgia my caffeine talking? If you are reading this and reflecting on where your company stands with your security posture, here is what I want you to take away:
Why Zero-Trust is Non-Negotiable Today
Zero-trust isn’t just a catchphrase; it’s part of the fabric that your business needs to thrive (and survive!) in the current threat landscape. This used to be trust as I know it from my times as a network admin: Trust the LAN; inside the perimeter is good, outside is bad.
But guess what? TOASTED: Gone, gone, gone are the days of that perimeter; cloud adoption, remote work, BYOD and let’s face it — bad habits encouraged by turn-your-head-the-other-way network admins mean that this myth has been enough to get a free pass through the crackiest of ILBs.
- I do not trust anybody or anything
- Continuous, not just at login
- Micro-segmentation to contain breaches
- Least privilege access policies
Covered three banks that we pulled out of legacy VPN tunnels and flat networks into proper zero-trust everyone a winoment with Firewalls. As such, we need to: increase visibility, decrease attack surface, and apply top-notch access controls. Yes, it is a complicated one—but take my word, it is worth the time.
So here is my controversial statement: if your firewall is still doing rule-based enforcement and applying deterministic logic to its behavior, you are living in the dark ages. BUT — and this is a big but — I am not here for AI-powered security unless there are independent proofs of behaviors. AI is part of the solution — but it’s not magic and you will be bitten if you blindly believe that black-box models are the way forward.
Learning from Slammer—Patch Quickly, but Don’t Overreact
Slammer was so fundamental. We experienced first hand the way in which an unpatched SQL Server buffer-overflow was able to freeze the net virtually overnight. It was a very bitter pill to swallow — patching isn’t do-it-later game. It has to beNot of course, but very🙂
- Test in a staging environment — don’t just push to production.
- Have Rollback-Ready Backups
- Order Priority 1 Vulnerabilities By Exposure
Now, I have been as guilty of this here as anyone (lost sleep over it). Which, by the way, already caused a short yet painful downtime in customer production (even if just due to falling qps). After all, it turns out that fast and furious isn’t always best.
Your Frontline: Firewalls, Servers and Routers
I am asked this same question a lot: In the world of Cloud and AI is there still room for firewalls? My answer: absolutely. However, this firewall of 2024 has no resemblance to the ’90s hardware box. It’s evolved:
- Stateful and next-generation firewalls that do deep packet inspection
- Integration with SIEM and SOAR platforms (for immediate alerts)
- Zero trust policies and micro-segmentation support
We need to continually harden servers, routers etc. Keep up with your network hygiene. Patch those routers, folks. Even exploits of long-patched firmware on such routers inside the perimeter.
One (admittedly contrarian) anguine opinion of mine: policies that require you to change passwords every 30 days typically make the security worse. We pick horrible passwords or leave them written down. Instead, focus on:
- Length over complexity
- Multifactor authentication everywhere
- Password managers (seriously, encourage your team to use these)
Password policies are the seasoning you add to your stew — too much salt, and you ruin the whole pot; just enough, and it sings. When you do awkward, user hostile processes like password resets of leagues way beyond a pinch of salt you might as well be throwing in salt by the bucketload.
Quick Take Your Cybersecurity Snapshot
- The weak link in your armour is legacy infrastructure Modernize or segment aggressively.
- Zero-trust isn’t optional. It’s a must.
- Never trust AI-powered hyped blindly, ask how it operates.
- Patch management is your #1 defense — but not with only the velocity
- Firewalls aren’t dinosaurs. They’re your gatekeepers—with new tricks.
- Password policy must be user friendly and secure both.
What I Learned This Year at DefCon
Other than showing me how fucking old I am (shells head), the hardware hacking village at DefCon was a blast. The best part of this is hackers reverse engineering embedded systems, sniffing secrets from containers and tiny devices you didn’t know could leak payloads — absolutely terrifying and uplifting all at once.
It illustrates how you could be infected with malware by a threat actor due to your IoT devices that are associated with your networks. That reinforces the inescapable fact: security is not a product you just purchase over-the-counter and forget about. It’s a process. Constantly adapting, learning, updating.
Final Thoughts from My Desk
I enjoy security because it is a puzzle that never ends. Not only do you need to be a little bit tech geeky, but you also have to be a strategist and kind of like a psychologist understanding that there is not only technology at stake here, but rather the human factor behind the security.
The way we approach security is to batten down the hatches so much, no one can get in (or out), but things have changed. It’s about balance. Visibility, control, resilience.
And one more thing. Now, do not drool over the newest shiny AI toy and neglect the fundamentals. In the end, it is often the lowest bar these controls set that saves you on game day: basic firewalls and strong management of firewall configurations, patched servers and a sane password policy.
Heres to many more cups of coffee, many more lessons learned, and hopefully, a little less vulnerability in this digital world for us all.