Reflections on Cybersecurity: A Journey from PSTN to Zero Trust

I’m here at my desk, third cup of joe just starting to take effect, and I’m still buzzing — from the hardware hacking village at DefCon and from reflecting on a long day of how far we’ve come with cybersecurity (and how very far we still have to go). When I say that I’ve been in the trenches since the early aughts, that? s an understatement—began all the way back in ’93 as a network admin, mind you, tinkering with the ancient multiplexers that sent voice and data over PSTN lines. And there I am decades later, heading my own security consultancy, P J Networks Pvt Ltd, advising three big banks as they upgrade to zero-trust architectures. Quite the journey.

The Complex Nature of Cybersecurity

Here is the thing: Cybersecurity isn’t some sleek, tidy profession. It’s a messy war, with many fronts — technical, organizational, even cultural. And my lessons are not those textbook case studies, but real, and often gut-wrenching moments that taught me more than any whitepaper ever could.

Early Days in the ’90s: Learning From the PSTN Age

Networks were very different beasts back in the early ’90s. I was there – those days of analog muxes that had voice and data on them, and the oh no when the office was down. ML: PSTN was the backbone – and if you think the internet is dangerous today, try locking down an entire company when modems and serial connections were standard hardware.

For good reason it sounds nostalgic — in some ways I miss those simpler setups. At that time, security was more about managing physical access and dumb passwords. But here’s the rub: even then, the seeds of today’s cyber threats were sowing.

The Slammer Worm: An Eye-opener

Now, fast forward to 2003, and all of a sudden, out of nowhere, comes the Slammer worm to wash across networks just like that tsunami. I was right in the thick of it, and I saw servers being crushed under the load and systems going down. Slammer was a tiny piece of code — all of 376 bytes — and it propagated itself faster than any worm that had previously existed, infesting the world’s networked computers within minutes.

Why do I bring this up? I realized that Slammer had taught me a fundamental truth — no matter how good your defenses are, speed and readiness are everything. And it also revealed how even big companies are not immune from something as straightforward as buffer overflow bugs.

And I don’t want to lie to you: Initially I didn’t take it as seriously when I first started hearing about it. Assumed it was simply a hassle — until the entire system shrieked otherwise. Lesson here: Never assume your bastions can hold.

Running P J Networks: The Wave of Zero Trust

Now, as I lead P J Networks, there’s a lot of higher-echelon things that I see echoing the earlier days, but way, way more complicated. Just recently we finished governance-style work on zero-trust architecture upgrades for three banks — big-time operations with the legacy fields co-mingling with cloud workloads. And let me tell you — zero trust is not just another buzzword. It’s a paradigm shift.

The tricky thing is that zero trust transforms how people understand trust itself — radically. Your network edge is no longer sacred (if it was) and inside is no longer safe. It’s a bit like moving from a large lock on the front door to multiple checkpoints throughout the house. The old castle-and-moat mentality has to die.

Key Principles of Zero Trust

  • Dissect your network hard. Know every device, user, app.
  • Strong authentication everywhere. I’m talking multi-factor, I’m talking biometrics, I’m talking the works.
  • Micro-segmentation. Bite the network into small enough pieces that breaches don’t go nuclear.
  • Continuous monitoring and analytics. It’s not set and forget. Keep eyes on everything.

I’ll acknowledge, to some execs, it’s a tough sell — because the menu looks complicated, and the bill looks hefty. But in today’s threat landscape? You’re either adapting or failing.

DefCon and the Hardware Hacking Village – Physical Security Still Matters

I just returned from DefCon, hack con hardware, amazing stuff. It is people poking and prodding into each and every chip, every circuit to expose vulnerabilities that software-only security tools simply miss.

Hardware attacks do not receive enough attention from the general security community. But they are actual threats — things such as discovering a backdoor in your car’s remote keyless entry system or cracking the ignition with a clever device. Reminds me of how many organizations completely ignore the physical attack surface.

It’s a harsh wake-up call: your cybersecurity strategy can’t be all bits and bytes. It’s also screws, and chips, and physical controls.

And a Little Rant on Password Policies

Here’s a controversial one—password expiration policies. I am old school, and yes, I have been shown some doozies with terrible passwords. But requiring users to switch their passwords every 30 or 60 days? Honestly, it’s often counterproductive.

They can lead to predictable patterns or sticky notes taped everywhere (don’t even get me started). Better approach:

  • Emphasize MFA
  • Encourage passphrases over passwords
  • Teach users instead of scolding them

It will make your security stronger — and your users less cranky.

Nostalgia for Technology and Its Application to Contemporary Security

Ruminating on older tech can put things in perspective for me at times. The way the dumbness of those PSTN multiplexers required you to understand every bit and byte that went through them — no magic cloud abstractions in those days. And some of those old protocols taught me resilience, and fallback strategies that are still relevant.

But nostalgia is a dangerous thing: It can blind us. We can’t just graft old ideas onto new tech and hope it sticks. Cybersecurity evolves for a reason.

Skepticism About AI-Powered Security Solutions

Look, I’ll just come out and say it, because I’ve witnessed enough extravagant hype cycles: I don’t trust anything that’s had AI-powered hastily stickered onto the bottle.

Here’s why:

  • AI is only as good as the data it learns from (which we often don’t know what that data is)
  • Adversaries also use A.I. It’s a never-ending cat-and-mouse.
  • Willful ignorance of AI can have its own dangers – especially in highly specialized markets where managers who don’t understand or follow AI innovations put their organizations at a competitive disadvantage
  • Blind trust of AI can lead teams to check out.

Machine learning has its place, don’t get me wrong. But when it comes to solutions that work, I want those mixed with solid human expertise, not the other way around.

Quick Take: What’s Next?

If you’re busy and don’t have time to read everything, here’s the bottom line: What I would do is try to take away today?

  • Zero trust isn’t a fad. Start thinking beyond perimeter defense
  • Don’t discount physical security—hardware can be an attack surface too
  • Password policies as we know it require a major rethink—MFA and user-education to the rescue
  • Beware shiny AI labels — insist on transparency and human control
  • And for the love of all that is secure — practice, practice, practice your defenses and learn from actual incidents (such as Slammer)

Looking Forward — And Why Experience Still Matters

Understanding cybersecurity often feels like running after a ghost. Threats change shape overnight; users continue to click on dangerous links; and technology is evolving at a pace that outstrips the ability to security teams to keep up. But here is a hard truth I’ve learned since those PSTN mux days and Slammer nights:

It’s not just about knowing which tools to use. This is more about understanding the battlefield, the people and the state of mind needed to defend.

That is why, P J Networks does not just sell firewalls nor does it configure routers and servers. We fight alongside you with the decades of our battle-tested experience added to your security posture. Because tech on its own doesn’t keep your business safe – people, processes, and yes, a little healthy scepticism, do.

So, if you want to stop being in catch-up mode, and start winning this game we call cybersecurity, then give me a shout. Until then—stay vigilant, folks. And don’t forget your coffee.

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2026 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.