Reflections on a Cybersecurity Career and the Essentials of Modern Security

I’m sitting here, at my desk (third coffee has kicked in), reflecting on a career that began all the way back in 1993. Yep, back in the day when I was just a network admin and doing the field work on the voice and data muxing over old school PSTN. Those are days I can barely even remember anymore, but the lessons I learned after that? Priceless.

The networking was simpler then, but hardly less intense. We didn’t have elaborate cloud architectures or AI to rely on. Nothing but routers, switches, and an impossibly obstinate refusal to let the lifeblood go dead. But man, when the Slammer worm descended on us in 2003, it was a shock to the system. I remember the sight of worm packets crashing servers like a cyber Tsunami — and of the mad jig we danced to try to contain it. That was a real lesson on our vulnerability of those systems.

Fast forward to today. I own my own cybersecurity company (P J Networks Pvt Ltd) and had the honour in recent times of shepherding three banks through massive zero-trust architecture rip and replace projects.

Understanding Zero-Trust Architecture

This is the thing about zero-trust — it’s not Hogwarts; it’s not a magic wand. No, it’s about busting up that old credenza of “trust everything inside your perimeter.” I have joked often (and occasionally with a straight face) that perimeter-based security is the equivalent of locking the doors of a car and rolling down the windows. Zero-trust power that requires you to verify everything and everyone — constantly. It’s work to make the transition, but after helping those banks I’m convinced it is absolutely essential.

Oh, and we just returned from DefCon—my mind is still racing from the hardware hacking village. It’s a candy store for you security geeks. A lot of hands-on fiddling, and a reminder that often the best security solution is really understanding your hardware through and through. Patches are all well and good if someone can plug into your physical device? You’re exposed.

Real Talk From the Trenches

  • Password policies are not nearly as effective as people think. I have seen banks with strict complexity rules still get hacked because users choose predictable phrases or simply sticky note their passwords. Seriously, think of your password rules like seasoning: a little too much, and you ruin the dish. Too little? Bland and vulnerable.
  • Multi-factor authentication (MFA) is your friend but not all ‘AI-Powered’ MFA is to be trusted blindly. Most of those are rah-rah marketing fluff. If it doesn’t fit in cleanly and you can’t audit it etc. then avoid it.
  • Legacy systems haunt us. When I started working, I worked on networks that were still on hardware developed decades prior. Shoving those inside a modern security framework is like trying to drive a classic car on a Formula 1 track. You can do it, but there will be rough edges.

A last assignment was working on the upgrade of the firewalls in the banking institutions. The lesson? Firewalls are your LAST line of defense — not your first. Lots of people think you just throw up a bunch of layers of firewalls around everything and you’re done with security, but without adequate internal monitoring and segmentation you’re running a fortress with the windows open.

Quick Takeaways for Busy Professionals

If you don’t have time to read the whole post (and I get it, your schedule is bananas)—here’s what matters most:

  • Remember to think of legacy systems not as dead weight, but as living needs that must be rethought continuously.
  • Zero-trust is not a product, it’s a way of thinking.
  • MFA is important, but remember — buyer beware, don’t.ever.believe.your.own.marketing.
  • Security of hardware is just as important as software.

Cybersecurity isn’t just an IT problem — now more than ever, it is strategic. And as banks are increasingly targeted in attacks (and trust me, I’ve seen the reports and the scars), you need more than just tech. It’s about culture and process.

Lessons from Early Network Days

When I was daisy-chaining multiplexers to make voice and data work over PSTN, it was the era of brute force troubleshooting. You hand chased packets, debugged line noise, and made sacrifices to the network gods all the time when circuits went down. Now I troubleshoot entire enterprise systems remotely with dashboards showing every anomaly — but some things never change. You still need patience, an eye for detail, and a good sprinkling of “surely it can’t all be that easy” skepticism.

Those days have left me with an admiration for infrastructure resilience. If your network cannot tolerate even a single point of failure, adding fancy security layers doesn’t matter. It all begins with good fundamentals.

Why I’m Skeptical of ‘AI-Powered’ Labels

AI and machine learning are the buzzwords of the moment. And sure, they serve a purpose. But slapping “AI-powered” on a firewall or phishing detection system doesn’t necessarily make for more secure security. More often than not it’s just heuristics in a fancy coat.

Here’s my take:

  • Ask how, precisely, the AI models learn — and how they deal with false positives.
  • There is no such thing as artificial intelligence.

If you can’t reverse-engineer decisions to intelligible rules, then you have no choice but to put your faith in a black box.

This is not to say AI is without its uses — it’s not. But it’s not a silver bullet.

Hardware Security—Why it Still Matters

At DefCon, the hardware hacking village served as a woeful reminder: the physical attack surface is enormous. Because, think about it — no firewall, no encryption, not much of anything works if a device’s firmware has been compromised or you can directly meddle with hardware.

So from my recent hands-on: I witnessed exploits that enabled hackers to lift keys from hardware modules and to inject stealthy malware. If your security approach isn’t designed to prevent hardware-level threats, you are flying blind.

Final Rants on Passwords and User Behavior

Password policies. Ugh. I’ve certainly made investigations too complex in the past. But here’s the cold truth.

Users are human.
They will choose the least resistance to comply with, which will often mean bypassing controls.

Here’s what works better:

  • Promote passphrases over passwords. Think “correct horse battery staple” (yeah, I’m old school).
  • Use password managers. No, they’re not perfect but they beat sticky notes.
  • Turn on MFA wherever you can.

Security is not about torturing users; it’s about attacking the people who are attacking you without increasing the burden on regular users.

Oh, and by the way, don’t throw all of your eggs into the perimeter-defense basket. Remember when we used to think, once you’re inside the castle walls, you’re safe? In this day and age, that is straight-up dangerous. Don’t trust anyone, not even yourself.

Wrapping Up

With 30 years of networking and security history, it’s obvious that:

  • Technology moves quickly — but people and processes remain the real bottleneck.
  • You learn from the wisdom of those who came before and avoid rookie mistakes.
  • Ticking the boxes doesn’t make you more secure. It’s about adopting the mindset of an attacker and breaking your own systems before others have a chance to do so.

If you’re a business owner today, take it from me (and my many cups of coffee): Invest in a strong, multi-layered cybersecurity approach. And don’t buy tools just because they are shiny or sound ‘AI-powered.’

Ask, learn, challenge. Because in security, if you rest, you’re already behind.

Sanjay Seth
P J Networks Pvt Ltd

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.