Reflections on 30 Years of Cybersecurity: From PSTN to Zero Trust
I’m sitting here at my desk, with my third cup of coffee and the one that will really take full effect with the caffeine, thinking on the wild ride of cybersecurity from when I first started as a network admin back in 1993. It was at a time when I was up to my elbows working with the network and multiplexers for voice and data over PSTN lines. Yep, those were good old days, back when the good old days were like standing on the shoulder of an analog and everyone-but-you-was-zoom-zooming by in digital sports cars. But here we are, decades later, facing off against cyber threats that make those early ones appear to be child’s play. My career — from killing the original Slammer worm in short order as my first job in a Security Operations Center (SOC), to leading my own cybersecurity company — has taught me a lot. And more recently, assisting three banks in redesigning their zero-trust architectures taught me a few lessons the hard way.
Allow me to tell you the actual stories to accompany the buzzwords, the restless nights — and the rare successes.
The beginning: The network admin hustle
When I began, network management was very manual grunt work. Think about patching routers, cajoling multiplexers to do what was never supposed to be allowed, and praying that the feral PSTN would not drop you mid-voice conference. Security first wasn’t a thing; it was security last — if you thought about it at all. Then there was the Slammer worm, in 2003. If you remember that chaos, you know of what I speak.
The Slammer worm was a flash flood. It took advantage of a weakness in Microsoft SQL Server and left worldwide networks in ruins within minutes. I saw servers and routers actually choke on traffic, as if they were a car engine that had been flooded with gas. Quick updating was necessary — but no one had yet built a muscle for leaping into action. Lesson learned: Vulnerabilities can escalate from zero to crisis-mode in moments.
Running My Own Security Vendor: Lessons From The Trenches
Many years later and I am now running P J Networks Pvt Ltd — we provide cyber security solutions including firewalls, server hardening and secure routers. That’s a far cry from the 1990s when firewalls were considered a luxury, not a necessity. But it’s still happening even now, with all these technologies, and I see a lot of the same basic mistakes:
- Dependence on singular security mechanisms. (Never trust just your firewall.)
- Bad password policies (and don’t even get me started on mandated complexity rules – they do more harm than good).
- Overreliance on AI-powered security that’s often nothing more than marketing spin.
And this is the thing about passwords: Stop demanding complexity for complexity’s own sake. So people will write it down or do these ludicrously simple substitutions. Instead concentrate on multi-factor authentication and long passphrases. It’s like cooking: you can add a ton of spices, but if your base isn’t right, your dish isn’t going to taste good, no matter how fancy the garnish.
Zero Trust: Beyond the Buzzword—A Must
I recently assisted three banks in revamping their zero-trust architectures. Banks are also high-value targets — customer data up to and including cold, hard cash is riding on their networks. Zero trust does not mean locking everything down; it means you know and verify every user, device and connection in real time.
What we did:
- Micro-segmentation: Fragmenting networks into tiny slices to confine the impact of a breach — the idea is akin to having fire doors in a building, rather than just one big one leading out.
- Continuous authentication : Not just upon logging in, but ongoing validation.
- Strong endpoint security: Making sure that all connecting devices are hardened and monitored.
Banks can now catch deviations in milliseconds instead of over hours or even days. But there’s a catch — even though zero trust is often advertised like a silver bullet. It is hard, it is time-consuming and it never stops needing attention. Yet, ignoring it? It’s a risk you don’t want to take.
Just Back From DefCon: Hardware Hacking Village & More
I’ve come back from DefCon myself, having spent most of my time at the hardware hacking village—dissecting IoT devices and embedded systems is my version of relaxation. It’s unsettling — and yet also somehow fascinating — how many of the devices we rely on in business (and in our homes) are riddled with security holes. I mean, a router or a server can be a black box to many of your admins, but hackers? They dissect it like a kitchen utensil, and they play with every circuitry and find every keyhole.
And it’s a harsh one for me. Your firewall, server or router isn’t just a piece of software that runs on a screen, it’s a physical thing that can be attacked at the hardware level. So:
- Don’t neglect firmware updates.
- Physically secure your hardware.
- Know the supply chain threats.
To fail to do so is the equivalent of locking the car doors with the windows down.
Quick Take: What You Need to Know Right Now
- Cyber threats are developing quickly – patching is not enough.
- Zero Trust matters for financial systems and critical infrastructure — not just hype.
- Shift the emphasis on to usability plus MFA and take an entirely new look at password policies.
- Don’t blindly believe in AI-based security solutions – question, prove, test.
- Hardware security is an afterthought. And don’t skimp on physical and firmware defenses, either.
- Security is a long-distance run, not a sprint. Plan for continuous improvement.
On Passwords: A Small Rant
Yes, I’ve been as guilty as anyone of imposing some pretty crummy password rules over the years. But now? After watching how users react over the years, I am convinced that mandatory complexity to make passwords strong is a fool’s errand. Here’s why:
- Complex passwords result in forgotten creds and sticky notes adhered to monitors.
- Users generate easily guessable replacements (Password1 is NOT secure).
- Password fatigue leads to reuse across sites which often entails risk.
Instead, teach your users about passphrases and pair it with multifactor. That’s really the only way forward.
Pentagon’s Cloud Proposal is Both a Nostalgic and Evolutionary Moment: From PSTN to Zero Trust
Now and then, I wax nostalgic over changing times—from analog multiplexers that one might manage over PSTN lines (you remember those?) to the encrypted, zero-trust-fostered cloud firewalls of today. “And that would be like trading in a vintage Beetle for a Tesla.
But — and here’s an unpopular opinion — I think there’s a fair amount of hype that the security industry itself runs with. It’s all about the latest gadget or buzzword and they miss the fundamentals. You can’t forget:
- Strong architecture
- Patch hygiene
- Skilled people
There is just no substitute for that, no matter how many fancy widgets appear on a dashboard.
Final Thoughts
Cybersecurity is personal for me. It’s now 30 years fighting on the front line and I still feel that adrenaline rush — or dread — when a new worm or strain of ransomware breaks out. The terrain will continue to shift, new threats will arise, and the bad guys will continue to innovate. But so will we. And when it comes to finding the common ground for real security, fuggedaboutda myths and marketing fluff — just be great at the basics, learn from real experiences (for example, ones I’ve shared), and doubt the hype (particularly the so-called AI-enabled magic).
Don’t believe the shiny badge or buzzword. Trust the sweat, the scars and the lessons — like mine — acquired over decades in the trenches.
And if you need help — real firewalls, servers, routers security, not this cookie-cutter stuff — you know where to find me. Because locking down your network ain’t a one-and-done kind of gig. It’s a lifelong commitment.
Ok, fourth coffee it is. This fight never stops.