From Slammer to Zero Trust – 20+ Years of Learning in Cybersecurity

I’ve been doing screened and tangle-cord stuff since 1993 as a network admin juggling voice and data over PSTN. The early days had an appeal of their own, in the days when network security was nothing more than a blip on the radar. But in the present, as I run my own cybersecurity outfit for P J Networks Pvt Ltd — the stakes could not be higher. And, after my third coffee this morning, I’m still aglow from my visit to DefCon — the hardware hacking village was insane. So with that let me throw out some thoughts and anecdotes that may aid you in navigating today’s increasingly complex security landscape — especially if you’re managing banks or enterprises still grappling with how to catch up to zero trust.

First, the Way We Used to Be

For the industry, the Slammer worm in 2003 was a shot across the bow. I remember those frantic hours as it traveled networks, knocking out connections at an unfathomable speed. That on-the-ground experience—beyond just seeing headlines—vividly emphasized the necessity of proactive security, not just reactive patches. Slammer was a jolting wake-up call that no system, however tiny or fragmented, was too small to be safe.

That was a different world and the world has changed unutterably. Zero trust? It wasn’t even a buzz word at that time. Well, now I’ve assisted three of the largest banks upgrade all of their zero-trust architecture end to end. And here’s the thing: It’s not about shutting all of these things off for security’s sake alone. It’s about thoughtful, continuous verification.

Quick Take What Is the Secret to Zero Trust’s Success

  • Trust no one, verify everything — even internal traffic.
  • Micro-segmentation to control the scope of breach.
  • Least privilege principle — every user and every device receives no more and no less privilege than necessary.
  • Ongoing surveillance with adaptive access.

Sounds simple, right? No. But necessary. It’s so frustrating for me at times, because people amass zero trust as the next checkbox to check, rather than place it as part of this strategic shift. It’s culture as much as it is technology.

Real Talk Why Password Policies Suck

So O.K., I confess — I have this love-hate thing with password policies. Once upon a time, we thought that complex passwords and regular updates were the answer. Today, I’m dubious about making people jump through hoops that don’t meaningfully enhance security. Here’s what I’ve discovered over the course of thousands of client engagements:

  • Forcing 8-char passwords with symbols is security theatre if they’re just written down by users.
  • Regular password updates are often counterproductive — users often choose weaker ones or adopt similar versions across multiple services.
  • Multi-factor authentication (MFA) makes a world of difference anyway—and that’s where to focus.

It can feel like trying to rein in wild stallions, persuading organizations to drop a few old habits in favor of some smarter, user-friendly options. But hey, it’s progress.

Networking Old School Meets New Security

I still have a soft spot for good old routers and switches (yes, those boxes that rarely get mentioned). They are the foundation of everything — firewalls and IDS/IPS need solid networking. Those early days setting up mux for voice and data over PSTN seem like a history lesson from another age compared to the software-defined everything we have today, but the principles stand:

  • Secure the edges. That is firewalls, next-gen IDS/IPS, and well segmented VLANs.
  • The default configs are not to be trusted. Rework the default passwords, and disable unnecessary ports and services.
  • Keep firmware up to date. How many breaches do you think are caused by vulnerable router operating system bugs?

Hardware is the foundation. You’re effectively giving them the keys, if a router or switch is compromised.

My DefCon Buzz Hardware Hacking Village Thoughts

I spent an inordinate amount of time at the hardware hacking village.

Just returned from DefCon and— man— the hardware hacking village was off the chain. Watching the everyday devices get turned against their owners was a stark reminder why cybersecurity can’t exist in an island of software. A couple of takeaways:

  • Embedded and IoT is the wild west. No standardization, piles of legacy tech, with some incredibly poor authentication built right in.
  • Physical security is at least as important. Sometimes the way into a network is through USB or serial console ports no one thought were important.
  • Not all the weak links are people or code — sometimes, it is just a 5 dollar chip with literally zero protection.

If you are not looking at the hardware side, you are essentially working with blinders on. And in this wild frontier, just as with users and apps, you cannot trust but verify when it comes to circuits and chips.

Practical Tips for Business Leaders

Most of you reading this are too busy running your organizations. — security is likely one of many priorities you’re tackling. Here’s my take-no-prisoner advice forged out in the wild:

  • Invest in people who understand your business and your tech. Automated tools are wonderful, but nothing compares to experience.
  • Don’t believe the hype about AI-powered silver bullets. For security, AI can equal more noise. Focus on proven fundamentals.
  • Stress test your incident plans, in real life, not just table tops. The real thing will not be so seamless.
  • Think of zero trust as a journey, not something you can buy and install it overnight.
  • Prioritize network segmentation. If you think of it like cooking a recipe, if every ingredient mixes together, you’re going to have a bland or a spoiled recipe and the way you react to something is very much by combining these flavors. Segmentation keeps flavors separate and threats corralled.

The Most Painful Mistakes I’ve Made in 14 Years of Running Two Businesses

  • Underestimating insider threats. The helpers are not all helpful.
  • Skipping patches because they might break something. Guess what—breaches break more.
  • Believing security is only an IT issue. It’s everyone’s job.
  • Overdesigning architectures with cool toys as opposed to a solid design.

And yeah, there were things I didn’t expect early on. But every false step sharpened my methods.

In Closing for Now

From the spaghetti nest of PSTN circuits in the 90s through viruses like Slammer, with zero-trust deployments at banks, and when all hell breaks loose at DefCon with hardware hacking, you know the drill: security is whack-a-mole. But with patience, ongoing learning, and sometimes a bit of plain old common sense, you can keep ahead.

Thanks for hanging in there — now go pour yourself a coffee (or your third) and ponder for a moment what security actually looks like in your world. Because let me tell you, it’s not just about computers, it’s about trust, resilience, and being woman enough to own up that you made a mistake at times.

Sanjay Seth
Cybersecurity Consultant
P J Networks Pvt Ltd

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.