Sanjay Seth: A Journey Through Cybersecurity and Network Administration

You can find me poring over the third cup of coffee at my desk in P J Networks Pvt Ltd, where caffeine & cyber threats walk hand in hand. I have been in the game since 1993 when I was a Network Admin responsible for managing voice and data over PSTN — yeah that long ago. Back in it day, networks = lots of copper wire, multiplexers = hope-no-one-throws-a-spanner-in-the-works. Jump ahead 30 years, and I own a business fighting the war in cyberspace protecting businesses from the onslaught of fraud — yet, we live in an era which is well… just a tad more complex.

Here is the deal — cyber security is not something that you just wake up one day and start doing it. Years of experience, lots of screw-ups (quite a few cringe-worthy), and the ever-changing world of tech threats. I invite you on a journey — something so real and so close to my heart.

Lessons from the Early Days: PSTN Era and Slammer Worm

Yesteryear, while I was directing voice and data traffic over PSTN — Public Switched Telephone Network it wasn´t actually all nostalgia with rose-colored glasses. We had to manage muxes (multiplexers) running voice and data streams as one system was built on top of the other. One misconfigured link that created degraded voice quality or worse, outages.

The notorious Slammer worm of 2003? Damn, that hit home. I remember the bedlam — it all started with a buffer overflow against Microsoft SQL Server, and system after system folded in minutes. We were sitting there, helpless feeling as entire networks just ground to a stop. So, confession time: at the time, patch management was not (let’s be honest) as widely regarded as patches themselves should have been. That lesson stuck with me. Patch early, patch often.

Starting My Own Security Company Now: Beyond Firewalls

While running P J Networks Pvt Ltd is a story of numerous challenges, but winning is always connected to lifelong learning. Nowadays it is no longer just the business of selling firewalls, servers, and routers. Today, cybersecurity is a complete solution. In the past few months I had helped these three different banks evolve to a zero-trust architecture. These are not just buzzwords, no it is not zero trust.

It’s about considering breaches as a when and not if, and building systems that never rely on any device or user being fully trusted — be it inside your network perimeter or outside. Sounds heavy? It is. Banks, in particular, do not have the luxury of having a weak link.

With zero trust upgrades, my approach is essentially:

• Micro-segmentation. Chop networks into bite-sized, isolated pockets so when bad actors arrive, they don’t go left or right.
• CISO: Not just the firewall- but AI for monitoring (with a pinch of skepticism, however)
• Multi-factor authentication as non-negotiable. No exceptions.

I still make jokes about those companies that hold on to password complexity policies as if it were the holy grail, because my experience then was: Hot take here: length trumps complexity, always has. Sorry folks, a password such as “P@ssw0rd!” is not safe. However, what “correcthorsebatterystaple” represents is more than a meme—it’s a bastion.

From DefCon: No Updates? WTF, Here’s a Response

So, just coming back from DefCon (if you’ve never been the meeting of top tier hackers, life long hacker culture and some of the biggest brains on earth). The hardware hacking village was beyond sick. Watching specialists tear down IoT devices, routers and embedded systems hammered home the fact that cybersecurity is about more than software patches and firewalls. Another layer (often overlooked) is hardware security—the physical layer.

Firewalls and IDS’s (Intrusion Detection System) if you think that this is all that the network perimeter provides.

Here’s what I took away:

• Problem 1: Hardcoded Credentials- While the number of devices shipped with hardcoded passwords has decreased, many still ship this way. Of course you know this… but do your clients?
• Sometimes, physical tampering could be a real-life attack vector; especially in industries dependent on embedded systems (like banks, manufacturing and healthcare).

Security lasts a lifetime — and hardware is only as strong as your weakest link if you treat it that way.

TakeNote: The Headlines Every Business Needs to Hear Today

• Zero Trust is here to stay. Don’t trust internal networks by default
• Patch management is never overrated. Bottom line: Slammer proved it decades ago—it’s still true.
• Hardware security matters. Deploy mechanisms instead of black boxes
• Password policies need to favour passphrases. Length > complexity.

Then be on the lookout for all the AI-powered hype. It is easier said than done and that’s where AI come into play, but as you might have guessed, it is not a silver bullet.

AI-Powered Security Debate— My POV

I have to say: I am very weary of any security product that markets itself as AI driven. Here’s why.

AI is not a magic wand It all comes down to data! Machine learning can allow an AI to sift through mountains of logs and spot patterns that humans wouldn’t see, but as always GIGO — garbage in, garbage out. Garbage in, garbage out. Teams can become complacent by relying too much on AI and fail to get the basics right, like patching and hardening.

Plus, let’s face it — hackers develop new and more intelligent attacks using AI for themselves. A mature, functioning AI system without the proper fundamentals is just like building a car on top of an overused, and rusty big engine.

Anecdotes: The Ways I Screwed-Up and What I Learned

Boy, have I made the rookie mistakes. One that still keeps me up at night — Early in my career I had underestimated a DDoS attack because we only depended on perimeter defenses. Here, the attackers circumvented to throttle traffic through a less prominent vector. Lesson? Always assume your firewall is not going to catch everything. Defense-in-depth is no buzzword. Its defense in depth, so layer security also, layers of defence.

Another is — how many times have we heard that password policies are “set and forget”? Mix that with piss poor user training and you have users treating passwords like Post-it notes (‘tell your CEO to stop recycling “Summer2021!”’)..

The fundamental security, which is the one that sometimes falls to be over:

• Regular backups
• Least privilege access
• Employee phishing training

That’s just table stakes.

The Mindset of a Network Administrator Still Matters After All These Years

Although now doing consulting and running a company, the network admin from 93 never completely died. There is a practical hands on mindset to think about when it comes to cybersecurity:

• Diagnosing issues end-to-end, not just on paper
• Balancing usability and security. (No security is better than one that breaks the system)
• Knowing your gear. Firewalls, routers, servers — I have configured thousands of models from old Catalyst switches to today’s next-gen firewalls.

And friends, knowing your hardware is more than just for nostalgia. This is about understanding those limits — the single point of failure, a firmware vulnerability or how default configurations can be abused.

In Closing — I Could Get That Going All Day

So — yeah, after all these years — from configuring voice muxes on PSTN lines, to architecting zero-trust frameworks for the top banks; I am still learning. Instead cybersecurity as a whole, is a journey not a destination.

Here’s my message:

• Make sure cyber security is a priority for you, but don’t be cowered by terms with no meaning
• Even with zero trust, do not forget about the human aspect.
• We talked about IoT hardware being easier to attack than software.
• Question leprechaun AI cures to difficulties, as well as suppliers promoting such solutions.
• And drink that coffee, it makes a difference.

I’m excited about the future. Our defenders are constantly changing to meet new threats. And me? Like the blog, like each client and even like my coffee, I share at a time.