My Home Office Reflections on Cybersecurity and Hardware Hacking

This is my home office a little after mid morning — third coffee on the stove and still buzzing from last weeks DefCon hardware hacking village. Right here, up close and personal…man it gets no better than being right on top of the sparks <grins> – both in a literal way and metaphorically getting ya’ fired up for what and why we do what we do in cybersecurity. My name is Sanjay Seth and I have been playing with networks and security since the early 90’s; those were the days when I used to manage networks as a network admin, handling voice and data muxes over PSTN connections. In 1993 — and really, it was a different time. However — those early days, the worms which learned me good (yes, Slammer, I mean you: that one hurt!) and my journey into consulting with a little bit of my own security operation at the end has made me realise one single thing: there is no panacea.

I want to take you through some real-life experiences the following reason being this, Cyber security is not a cake walk, its not an abstract game. It can be raw, messy and yes, fuckups happen, or you maybe cry in the datacenter (figuratively speaking but quite close to the truth). And If You Are Really Lucky Pass These Lessons Along. Here it is: grab your coffee (or just your favorite modern caffeinated beverage, I don’t care) and let me tell you what still holds up after decades at the camp.

A Long Way from PSTN to Zero-Trust

Do you remember PSTN and all the time when nobody knew what voice and data convergence were, and felt only a specialists headache? I was in the weeds: managing these circuits, muxing voice calls over data lines etc. That auld lang syne probably sounds archaic to most, but being constrained with low bandwidth and monotonic protocols is just formative for how I wrap my head around network security. Microsegmentation? Manual firewall rules? That was the norm.

Jump to now: My crew just assisted three banks in upgrading their zero trust architectures. Everyone is after the new shiny zero trust buzzword but let me tell you, zero trust is not created equally! This is not just a technology that you acquire and plug it into work together with. It’s an orchestration challenge calling for deep identity and network segmentation, continuous verification — and if you really want to ensure that your hands are clean, those old-school packet inspection methodologies that have been casually tossed aside like they were cards with which Jokers had been replaced.

Here’s what I always emphasize:

— Zero trust approach isn’t about a sea of NOs and praying too hard for the best.
Well, its actually about minimalist and well-managed trust boundaries;
Identity may be necessary but the reality is the network layer still bites you if you’re not careful ~ people are quick to look at solutions around identity,
Therefore, when issuing zero trust frameworks for banks — entities with intricate, pre-existing infrastructure — the real challenge was to bring modernity into policy without revamping legacy hardware. And that means routers with firmware older than most security teams. It’s still not glamorous. But it works.

A WORM SLAM: THE UNPLEASANTLY REALISTIC, FIRSTHAND VERSION (THAT YOU NEVER WANT)

In 2003, the Slammer worm wreaked havoc on the internet in mere minutes; a reminder of how quickly exploits could spread outwards (it was also an example of something people would do underground played at scale). The frantic hours monitoring traffic blow ups and desperately trying to patch systems before the worm went on break entire networks will be a memory that sticks with me for dear life. It was… terrifying.

Cybersecurity, at its root, can never be strictly reactive — a lesson Slammer taught me and one that I always tell my clients. You can patch, you can detect but if you do not consider scaling architectures for preventing fast spreading and horizontal movement As long as it is in a related architecture, good luck

Just a quick list of Slammer inspired lessons which I still live by today.

  • Always assume breach — consider no device trustworthy by default.
  • Network audits can also help with better network configuration: – And lastly, network segmentation reduces blast radius — do not underestimate this.
  • Fast incident response can literally save your whole org

I know, I know its just gimmick buzzwords — but they come from the great school of hard knocks.

Hardware Hacking Trivia Night: Strategy + Recap

I just returned from DefCon and the hardware hacking village is like nothing I have ever experienced Watching white-hat hackers disassemble routers, switches and even legacy PBX hardware was a sobering reminder that the devil often resides in the physical layer. It also reinforced my skepticism of the “AI-powered” security tools that rose up, promising miracles. Yes AI can help but when your hardware is open to a $20 soldering iron, no software algorithm saving you.

And yes, I get it. Our two hottest topics are AI and machine learning. Only if you behave in ways appropriate to this technology, not a _blind_ reliance on its encouragers. I’m not against innovation. As a sidenote, question everything branded “AI-powered”. Are they well versed in your environment or is it smoke and mirrors? But in some cases, all it takes to be more secure than an AI agent’s “anomaly detection” is hardening a firewall, or installing kernel updates from 2010.

Password Policies: My Never-Ending Rant

OK, full disclosure — I am a bit of a stickler when it comes to password policies. I understand, complexity is required but for the love of god — do not demean your users by requiring 15 character passwords with special symbols every two weeks and then moan about call centre calls.

So this is what has worked for me (not rocket science)

  • Replace complex passwords with strong passphrases (in easy to memorize, hard to guess form)
  • Apply MFA wherever possible — something you have, not only something you know
  • Laz: Phishing — the real enemy; not password policies.

Overengineering password rules — not addressing Phishing and MFA is like putting better locks on a car but leaving the windows down. You’ll still get robbed.

In Brief: What I Would Go Back and Tell Myself in 1993

  • The importance straight segmentation can be your saviour for networks.
  • The dirty laundry pile but constitutes logs.
  • Never rely on one security layer — defense in depth is not a cliché.
  • User training is not nice to have. It is mandatory.
  • And keep coffee close by. Always.

Why your firewall is still (one of) your biggest friends

You can have all the shiny new tech on the planet, but not said device will ever replace knowing your firewalls, routers and servers backwards. I have been on engagements where companies are spending millions upon security solutions and have no basic traffic filtering because some firewall rule was placed with intention and never reviewed.

Here’s my take:

  • Firewalls should be audited consistently, and not just for major audits.

The Often-Overlooked Frontline: Routers and Switches

Over-flash your firmware to wrath tijiimates a lump road Blocker acreally on somefus a side note ever (elix be Birchbridve?) -whether it is once year land tide patching
If you do use anagency, stick to those who provide detailed logging and good support (not just marketing hypeajan — one man)
Security is still primarily about how well you design and run your network, regardless of what the headlines tell you.

Closing Thoughts

The buzz from that last cup of coffee has long worn off, but my head is spinning as I think about the security experience of decades past — PSTN voice muxing tozero trust deployments for banks, panicked Slammer days to laid back DefCon hardware hacking village. The best practices of cybersecurity change, but the basics tend not to. More of the messy, more of the complication. So be skeptical of each Shiny promise, especially the “AI” ones. Don’t ever forget that people and process are as (or more) important than technology.

And maybe just maybe — if you do all that, your network will live through the next Slammer — or whatever the future worm holds. Until next time, keep those firewalls tight, mind your trust boundaries, and yes — bring on the coffee!

Cheers,
Sanjay Seth

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.