My Cybersecurity Journey and Lessons Learned

It’s me, Sanjay Seth here—writing this shortly after my third cup of coffee today, so I’m wired, but hopefully not too out in the stratosphere, still having spent decades in the real-world cybersecurity trenches. I spent 27 years in IT, first as a network admin (yes, in 1993, when the internet was just slowly starting to stumble over its own feet, as we were wiring up voice and data mux over PSTN lines and configuring what felt like tanks intead of routers, not to mention light cursing over dial-up speed, enough to make your average two-year-old tear their hair out). What I learned in those first days was never to forget that security never sleeps and that threats never stop.

Remember the Slammer worm? I do—like it was yesterday. It struck the networks I was responsible for; inside of minutes, it spread and ravaged banks, businesses and service providers. The experience of feeling that you are trying to put a genie back in the bottle while systems were crashing affected how I view the concept of threat and response to it to this day. Fast-forward, and now I own a cybersecurity company specializing in firewalls, servers, routers — the backbone of any serious defense you can imagine. Recently, I’ve worked with three large banks to transform their zero-trust architectures. And I just returned from DEF CON, and the hardware hacking village has me buzzing at just how far—and how exposed—our tech can be.

Why My Journey Matters

Therein lies the problem: when it comes to security the words we choose mean very little in comparing marketing slickness with actual, working security. If you believe AI solutions will magically protect you from getting breached, I’m likely doubtful to say the least. Been there, tried that. AI Nation Assistance AI can lend a hand, but if your fundamentals aren’t strong, your AI clothing is just so much smoke and mirrors. My advice? First build the base: strong network segmentation, fortified endpoint controls, and yes — firewalls that work.

Slammer Worm Flashback: What I’ve Learned

The Slammer worm was lightning quick, taking advantage of a buffer overflow in Microsoft SQL Server. We watched as traffic spiked, systems became overwhelmed and connectivity ground to a halt. What could we do? We patched, fast—but it was also a wake-up call about how rapidly worms could proliferate across flat, unsegmented networks.

Lessons from those chaotic hours:

  • Segment your network. Don’t let a worm hop freely from the server room to your finance systems.
  • Keep your patches up-to-date. Seems like a no-brainer, but you’d be surprised how many big orgs lag behind.
  • Watch for anomalous traffic patterns — the sooner you catch it the better!

Wishing you’d had the tools we have now — or maybe network admins in 1993 would have had more sleep.

The Zero-Trust Revolution I’ve Lived With

Zero-trust architectures are the hot cake topics on the menu recently. No surprise there. But here’s my take after assisting three of three banks we worked with to implement zero-trust: it’s more than a buzzword. It’s a mindset.

No more assuming ‘’inside” networks are secure. Every user, every device, every connection must be continuously authenticated.

Here’s how I explain it to my clients:

  • IAM (Identity and Access Management) at heart. No longer shared passwords or wide permissions.
  • Microsegmentation — cutting networks up into small zones to lessen the fallout from breaches.
  • Monitoring and analytics on the fly.

But — and this is a huge but — orgs that attempt to ‘slap zero-trust’ onto weak architecture would fail. Don’t overlook the basics: robust firewalls, secure servers, regular and stringent patch management.

The talk of DEF CON & The Hardware Hacking Village

Greetings from DEF CON — too much to do this weekend outside of leave you some links (I am playing video games right now but I can’t tell you what ones, ooooooooo~): Hardware hacking is back, baby, and it’s bad.

I personally witnessed how attackers use holes in IoT devices, routers and even some of the seemingly secure network gear. Hardware isn’t merely the physical things you plug in, it’s the gateway to your whole digital kingdom.

This means:

  • Don’t forget physical security. Lock down your infrastructure.
  • Be very strict with your evaluation of vendor’s hardware. Supply chain attacks are real.
  • Test your devices for threats with simulations (don’t just take the vendor’s word for it).

Password Policies — My Eternal Rant

Okay, this one is personal. Many password policies are either too weak or so stringent that they lead to worse security problems. So here’s a friendly shoutout: Complexity is not the same as security.

Your password policy should:

  • Promote passphrases — longer, simpler-at-heart, harder-to-crack.
  • Prohibit reusing passwords on company systems.
  • Use MFA — multi-factor authentication is no longer an option.

Businesses lose when they only depend on dated policies dictating how often their users must change their login password–hello, constant helpdesk phone calls and sleepy users with passwords scrawled on sticky notes on their monitors.

Quick Take

If you can’t read the whole article

  • Security is far more than tech: It’s mindset, processes, people.
  • Zero-trust is trust and verify all the time.
  • Hardware security is neglected and underrated.
  • Password Policy isn’t about complexity, it’s about practicality + MFA.
  • Use history (like Slammer) as a teacher to future proof your defenses.

Advice for Practice, From What I’ve Seen

Here are a few no-nonsense tips I’ve picked up as I’ve stared at threats for close to 30 years:

  1. Always segment your network. Flat networks are your enemy.
  2. Update and patch ruthlessly. Automate patch management Your best friend is automated patch management.
  3. Monitor with intent. Employ IDS/IPS but don’t depend exclusively on alerts — context is important.
  4. Take MFA seriously, particularly for admin accounts.
  5. Vet hardware vendors hard. Do not believe their A.I.-powered buzzwords blindly.
  6. Get your teams, and not only your technical teams but also your users, trained. Social engineering is still the most basic hack.
  7. Source-firewalls review and permanently tighten up their rules on a regular basis.

Wrapping Up

I’ll spare you the pretense of having all of the answers — but history has taught me that cybersecurity is an endless hustle. Whether it was the legacy lines of the PSTN days or battling today’s ransomware, the basics never went away: know your network, control access and expect attackers to try everything.

And hey—if you’re still rolling your eyes at zero-trust or mumbling about how we’ve never been breached—well, remember: The Slammer worm didn’t care how sure we were. It just hit fast and hard.

Let your business not be the next cautionary example. You have built your defenses right—rock-solid firewalls, secure routers, reliable servers—and you keep learning, adapting. The threats will change, and so must your defense.

Okay, I’m going to go make my fourth coffee. Until next time — stay safe and keep those packets secure.

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.