My Journey Into Cybersecurity: Lessons From 27 Years in the Field

So I sit here, on my third cup of coffee, reflecting on where my foray into cybersecurity all began back in 1993 as a network admin. In my day, networking was fooing around with PSTN lines, multiplexers, and trying to balance voice and data traffic without the nifty tools we have now. Those were the days when a network outage could grind an office to a halt and you were basically the unsung savior that kept the phones from going silent. Fast forward 27 years and I run my own security outfit P J Networks Pvt Ltd, and I’m still learning—and sometimes tripping up — in this wild, ever-changing universe.

Slammer Worm: My First Memorable Taste of Chaos

I remember the reaction when Slammer came through in 2003. Man, it was like a hurricane in digital form tearing through all of it. One moment systems were humming, and the next they were sputtering to a stop. For those too young to remember, Slammer was a buffer overflow exploit that spread more quickly than wildfire, and within minutes turned networks into unusable garbage. It took hospitals, the banks — you name it. I spent the better part of the next 36 hours trying to contain the damage in one of our client’s networks that had it and the resulting blizzard of phone calls and meetings all to convince the execs that rebooting the entire infrastructure was the lesser of several evils. Lessons learned? Don’t ever trust a SQL server out there with no patches and don’t ever think your threat horizons will not change rapidly.

Zero Trust: Not Just Another Buzzword Any More

I recently had the honor of assisting three banks in updating their zero-trust architecture. So here’s the rub — zero trust is not merely a buzzword for well-suited IT salespeople to throw around (and those who claim it is a silver bullet for security are largely leading you astray). It’s a frame of mind, a design ethos and sometimes a headache.

Here’s what I discovered when challenging zero trust in the wild:

  • Legacy systems resist. You need to put zero trust around a 20-year-old core banking system? Good luck. Sometimes you gotta build a protective bubble, rather than rip it all up.
  • User behavior is the wild card. Even the finest tech flops when the users are unwilling to play ball.
  • Visibility and observability are table stakes. You can’t defend what you can’t see.
  • And yes, MFA (multi-factor authentication) is crucial — but if you think simply slapping on MFA makes everything OK, you’re kidding yourself. Security’s holistic.

Here’s a punch list of what banks and businesses should do when rolling out zero trust:

  • Pare Down Your Connections As you would carve up a gourmet lasagna, segment your network. Layers matter.
  • Conditional-access — based on who, posture of device, location.
  • Always verify, never trust.
  • Logging and proactive alerting is necessary.

DefCon and The Hardware Hacking Village: Still Alive and Buzzing

Just back from DefCon, the infamous hacker conference that still gives me the same rush of adrenaline it did when I first went all those years ago. The hardware hacking village—wow. There’s just something about seeing tech laid bare, vulnerabilities demonstrated in real time, that raw hackers ready to unleash their creativity. It was a reminder of how easy it is to forget about physical security, relying only on software defenses.

One small anecdote: I once watched a talented hacker recover sensitive data out of the debug port of a router using no more than a soldering iron and a $20 multimeter. The whole thing was a jarring reminder: Your firewall isn’t doing you much good if someone can just pop the box.

That brings me to one of my pet peeves with the industry:

If you don’t have a security strategy for the hardware level, you’re betting the stack on the integrity of your entire infrastructure.

Password Policies — Why Are We Doing It Wrong

Alright, confession time. In the olden days, I was one of those that demanded a 12-letter combination with special symbols and numbers and the works! It seemed like common sense. But it gets better — users resorted to having sticky notes with passwords, or even worse, password1 across the board. So today I’m a bit of a controversial egg when I say that password policies need to be about usability coupled with MFA, not random complexity requirements.

Password have to be strong, don’t get me wrong on that! But shoving complexity over habitability is like handing a chef a recipe with 50 spices and expecting him not to burn the meal.

A realistic password policy:

  • Promote passphrases — as in ‘correct horse battery staple,’ not ‘P@$$w0rd123’
  • Pair with MFA (to protect the weakest link)
  • Install and use password managers (no, seriously — none of that “it’s too hard” arguing).

Security still reigns supreme

Firewalls and servers and routers (Oh, my!) — the foundation of any secure infrastructure — as I should know having seen first-hand that this is where modern cybersecurity begins with. In the old days, routers were dumb pipes; now they are security gatekeepers. Firewalls do more than filter packets: They’re context-aware warriors.

I assisted clients deploy next-gen firewalls that is able to do more than just blocking traffic but understand application behavior and user context. Without them, your network is the equivalent of a car with no brakes on a downhill slope — and believe me, there’s no such thing as street racing in cyber security.

Some practical advice from me:

  • Keep your network devices up to date with the latest updates and patches. Old firmware = free ride for the attackers.
  • Segment to restrict lateral movement. When an attacker gets in, make the attacker’s life miserable.
  • Monitor traffic continuously. Silence isn’t always golden — in this case it can mean that your network is too quiet.

AI-Powered Security? Caveat Emptor.

Before I get carried away here — I’m not an AI hater. But I’m very, very wary of a security product claiming to be AI-powered with no visibility whatsoever what that even means.

Here’s why:

  • Tons of vendors do that slapping of AI on their platforms without showing us any real machine learning that works or even any behavioral analytics.
  • If a team over-relies on automated systems, they can become complacent.
  • AI may create false positives or overlook new threats, if not well-trained.

My advice? Leverage AI as a tool, not a crutch. Human expertise — your own instincts and experience — must be at the core of everything.

Quick Take

  • Slammer worm showed me: patch yourself soon, patch yourself often.
  • Zero trust is a journey, not a product.
  • Physical/hardware security? Dont ignore it.
  • Password requirements should require empathy, not rigidity.
  • Network interfaces are your first line of defense – treat em right!
  • AI-powered solutions? Buyer beware.

Final thoughts

Reflecting on more than 25 years in cybersecurity — from when we were network admins wrangling PSTN lines in 1993, with worm storms like Slammer hitting, to advising banks on zero trust needs, one thing is abundantly clear: there is no silver bullet. Each day is one of vigilance and adaptation and a little bit of humility. At other times it’s about hugging what you know: simple, old-school principles in the face of flashy new tech and overheated buzzwords.

Sometimes I feel like cybersecurity has more in common with cooking than coding. It takes the proper ingredients, good timing and just a little of that sixth sense — it’s not just following the recipe.

That, ladies and gentlemen, is why I love my job — even after decades and countless cups of coffee. Stay safe out there.

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2026 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.