From Network Admin to Cybersecurity Consultant: A Journey Through Modern Cybersecurity

It s 9:45 AM and I ve already had my third coffee; not just from caffeine am pulse but from the tornado modern day cybersecurity is. I began my path all the way back in 1993, a poor network admin, dealing with muxes and PSTN circuits hauling voice and data. Yes that right — before cloud, before everything was encrypted, when networks where haphazard spaghetti and patch-panels held the universe together. I have many memories going back to even 2003 like the Slammer worm hitting me like a freight train, teaching me things no textbook ever could. Over the past couple of years of running my own security consultancy, I ve continued to assist on the front lines—working with three banks overhauling their zero-trust architectures most recently and just returning from a DefCon in which the hardware hacking village revived my (predisposed) relationship with physical security.

Network Admin Turned Cybersecurity Consultant — A Revolution (or Evolution?)

Working with networks in ’93 was reminiscent of driving that old manual—you had to know your stuff, tread lightly and have a great feel for where those gears were. We had to know the hardware like the back of our hand. Muxes converting voice into teeny tiny digital signals, routers running in the fractional megabits range and PSTNs that fell over if you sneezed wrong. And then the worms, and viruses—the Slammer worm was a particularly brutal reminder. It ousted the seeming impervious SQL servers over night, at a pace caught everyone off-guard. It bashed networks into oblivion.

[laughs] Patch management was a joke—about as closed as having a screen door on the side of the submarine. Who would have guessed that a worm could spread to half of the internet in less than ten minutes? And Slammer taught us, in particular, just what that does: reactive is a one-way ticket to getting smashed. Which is laughable, because after all this time most companies still believe that if you stick a firewall in front of your servers then magically things will be secure. Spoiler alert—it won t.

Zero-Trust Architecture — It is Not a Buzzword

For the last few weeks, my fingers have been numbed to type in assisting 3 high-street banks with their zero-trust architecture redesign. So there is one major problem with Zero Trust — it is not a product. It is a degree of wrestling with the human psyche that is comparably challenging to converting to electronic fuel injection on a classic muscle car. You have all of the parts but if they are not fine tuned, it is just noise.

This is what I pounded into those bank teams.

  • Never trust, always verify. No exceptions. The days of perimeter-based defense are numbered, if not already dead.
  • Microsegmentation is your friend. This section is all about dealing with the inevitable infection and limiting your blast radius by essentially breaking your network into little pieces.
  • Identity and access management — not just MFA, but continuous verification based on user behavior, device posture and location.
  • Automation for policy enforcement. Outfitted in traditional sci-fi garb, I proceeded to do think-binary-edit-hex-type things: simply opening up the fervent Poweeeeeer Acl Management Planet (PAMP) console and munging gackety-spak to manually configure ACLs, syscall-level or firewall rules gone were those days. It needs to be automated and be self-adaptive.

And yet — and yet! — in a year where the tech industry is falling apart at an almost Amity Island pace, many orgs are still thinking about zero-trust as putting another box in their rack or picking up the latest AI-powered security SaaS. Eye roll My stance? Yes, I know — I am a cynical bastard (to be fair, I advise caution with anything sporting the moniker AI-powered that does not lay out exactly what its AI is learning from and how fresh its data is-updated).

DefCon and the Hardware Hacking Village: Physical Security Is Still A Thing

Freshly return from DefCon — going through the post-hardware hacking village adrenaline high. There is something deeply primal about cracking open devices to find out what makes them tick — Smart Cards, IoT things or even industrial control systems. While software is given the lion s share of attention, its physical protection counterpart is literally the gatekeeper.

The simplest things — locked cabinets, tamper-resistant seals, RFID badges that can be cloned faster than you can type a password into a laptop and so on. If the bad guys can get to it, and it s not secure, all the firewalls in the world won t help.

True story: Banks I have serviced that pay six-figures to Forify their network, where also the janitor and delivery guy could walk right up to a rack. Take that Ferrari you just paid £4500 for and leave the garage open. It annoys the crap out of me — yet it occurs all the time.

Password Policies: The Evil They Are!

Sorry, let me go on a short rant because I have to get this off my chest — and I am very opinionated when it comes to password policies being bad. Seriously.

%%% Complexity requirements and many forced resets? — %%% Counterproductive.

Here is what compressing your passwords security feels like to the kitchen crew fighting against them being too crunchy:

  • At least twelve characters, including uppercase and lowercase letters, numbers, special characters.
  • Change every 30 days.
  • No more past 10 password reuse.

Guess who remembers these? No one. Except that one IT guy who still writes them on sticky notes stuck under the keyboard.

Better approach?

  • Use long, memorable pass phrases. Like Purple_Boat_Tastes! Better7 instead of P@ss1
  • Use passphrases and MFA together If it is implemented correctly, MFA is your second-block building and quite possibly the most powerful control.
  • No more mandatory bi-monthly password resets (although do so if you suspect a breach)

However, if we ALSO require more complex password rotations, you are asking users to skimp on the security best practice of a long passwords. What is complexity — the overcooked souffle of jargon?

Quick Take: One Thing You Might Want to Know

  • The Slammer worm taught us that we needed to start patching proactively (rather than at the behest of some annoying security team). And if you are anything but quick and clever to patch, you can hang your security hat up; you will be performed.
  • Zero-trust is: people, processes and tech working together — not more gadgets
  • Rethink Password Complexity policies. As italicus pointed out by combining usability + MFA over unforgivingly long gibberish.
  • Physical security (yes, looking after the metal box in a locked room) is still part of the equation. Don t overlook it.
  • Use sparingly AI-powered buzzwords. So, if you are curious to understand that just question yourself how these AI learns and adapt? If you dont get it, dont buy it.

What I learnt, and my advice for the newbie me!

Regrets, I have a few—I can still picture my younger self wiring muxes as a network admin, crossing fingers the PSTN would not melt down, swearing at slow connex. So if I could go back and whisper some advice in my ear it would be this:

  • Understand your network inside and out, and treat as an attacker understands it better than you.
  • Keep learning — this field changes even more rapidly than my morning shuffle to the coffeemaker.
  • Trust, but verify –not only your vendors, but even the tools that are widely in use.
  • Record EVERYTHING (annoying but necessary),
  • … And most of all — do not be blinded by bright tools; fancy tar gobs will never ever replace understanding the real issue over blindly patching symptoms.

Final Thoughts on Cybersecurity Today

All Rights Reserved—This is going to be a recurring theme: Cybersecurity is not set it and forget it. This is the fight we face, this is a constant tug of war, and frankly it can wear you right out. But, hey, it wouldnt be called life if it was easy now would it?!

3 takeaways for IT leaders If you work at a business that is increasingly dependent on sound IT infrastructure (that would be all of us these days), then consider these lessons from someone who has been doing this long enough to have first touched packet-switched networks the equivalent of 100+ years ago. How secure you are depends in part on how willing you are to always be learning, to question what you re told, and occasionally get a little dirty (whether that s with wire or the inside of some piece-of-crap hacked-together device I made at DefCon).

Grab your coffee. Tighten those policies thoughtfully. Oh — and please do not forget, security is not just tech, it mix of people, process & culture as well. After all these years at P J Networks Pvt Ltd, I still try to keep in mind that every day.

And yes—third coffee definitely helps.

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.