What Cyber Security Really Looks Like Beyond The Hype

Each of us has our own thing we do, and myself — well there is something about sitting at my desk after the 3rd coffee of the morning that gets me in a nostalgic —and frankly some fire- mood to talk honestly about what cyber security actually looks like once you strip away shiny brochures and marketing hype. I’ve been playing this silly game since the early 2000’s but it actually started way back as a Network Admin in ’93 The days of coax cables, PSTN lines and multiplexing voice and data. It’s a reminder that even after years, working on both sides of the fence and running my own outfit, I can still get shivers when I remember some of the crazy things I’ve seen and how quickly so much in this field changes—a point that was driven home again most recently at DefCon’s hardware hacking village It’s hardly surprising then when you meet people who think security is hard to love.

Starting from Multiplexing PSTN to The Slammer Worm

Think about running a network when the biggest concern was keeping your voice and data from trying to use the same twisted pair at once. And then—bang! Dans la cuve, le ver Slammer déversé comme un chef fou lançant du sel à la place du sucre. Slammer wasn’t some distant headline. My network got hit by it first-hand, and boy that was a havoc. For a lot of people like me, it was an eye opener — security is not just about plugging gaps but more about always staying ahead and being ready for whatever might be next.

Before, security was all about keeping up to date with those antiquated servers and avoiding trading in telnet as your front porch onto the corporate network. Today, we call it zero-trust architectures and firewalls on steroids. Additionally, I lent a hand in redesigning the zero-trust frame-works of three banks. Talk about a change. For the unfamiliar, zero-trust equates to never trusting any user or device in or out of the network. Instead,

  • Always verify explicitly.
  • Use least privilege.
  • Continuously monitor and validate.

Classic perimeter defense? Completely, completely dead by comparison.

On AI-Powered Security, and Why It Raises My Eyebrows — and I’m Not Alone

RealTalk: AI Labeling So my ears go up when a company slaps “AI-powered” on their product. Not that I don’t believe in AI’s premise — It’s just that AI-driven cybersecurity is more than a buzzword glued to the firewall or endpoint solution. It is complicated af, resource-intensive and most importantly — human-assisted.

The biggest issue is that in this “market” too many vendors sell “AI” as a magic bullet and simply its just rule-set automation with AI branding. My advice? Always ask these questions:

  • What true threat data is it being trained on
  • Transparency of Decision-making Process
  • Can it learn new threats or is doomed to repeat human learned behavior.

Then no only is what you are buying hyp, but so may be your security.

Posted in Password Policies: Why I Think We are Cooking Without a Recipe

Ok, I will confess it — I am an absolute password policy Nazi. These stupid rules are strictly enforced by most organizations: mix this, add an icon, update every week, don’t share … and then? Passwords are scribbled on sticky notes Or, even worse… use one password for every thing. That would be akin to telling someone to bake a soufflé and not using measuring cups or your oven thermometer.

Here’s my take:

  • Complexity is fine, but length rules. Long passphrases trump complex one-time strings
  • Promote the usage of password managers—but make sure to train your users on how to use them.
  • Multi-factor authentication should not be optional.
  • Allow your users to grasp the why behind this, instead of just the how.

It may seem untrendy but admittedly, usability is often a better guarantee of security than lengthy policies that are ignored anyway.

What Bank Upgrades Can Teach You About Zero-Trust Architecture

We identified some key patterns working with three banks on their zero-trust programs:

  • Change comes from the top- You need buy-in at every level. Zero-trust has left the building, and they have just thrown their password past you accurate to 2₉.
  • For example, legacy systems can be a nightmare. You cannot just attach a zero-trust like the spoiler on an old car. I hate to say it _and_ I feel like this requires the necessary change — Re-architecting.
  • Visibility’s everything. If your implementation of zero-trust does not include full network and user behavior monitoring, it is merely a slogan, not something that actually make you safer.

Techniques that helped:

  • Micro-segmentation to contain lateral movement
  • Continuous authentication and device posture assessment
  • Automated incident response workflows

That final one—a key takeaway. With automation, gaps are closed before the SOC Analysist gets his third cup of coffee.

DefCon Hardware Village: Physical Security Isn’t Dead (Really, It Just Smells Funny)

OpenSesame: Just got back from DefCon, having spent hours in the hardware hacking village. Watching these demonstrations of experts cracking chips, side-channel attacks and firmware exploits made cybersecurity less about bits and bytes. Lack of Physical Security One major attack vector remains physical security.

Software protection against hardware attacks at the bootloader level is now becoming increasingly popular, although many organizations are still too narrowly focused on software. My advice:

  • Firmware updates matter as much as OS patches, never dismiss them.
  • Hardware root-of-trust architectures for sensitive operations.
  • Teach Distortion The Physical Indication of Tampering

It would be like having a great car alarm but leaving all your windows down. In the end, physical access is always the super wildcard.

Quick Read: What You Must Know Today

In a rush? Here’s the bottom line:

  • Slammer — the alarm clock for legacy systems, and never be unawake again.
  • Security first: Zero-trust is obviously your best friend, but it’s no magic wand. Plan and commit.
  • AI-powered security? Ask the tough questions.
  • Password policies with out usability is a reasonable mockery.
  • Hardware security is there to stay and cannot be avoided.

Final Thoughts from The Business End of a Life Lived

Well, to me cyber security has always felt a bit like driving BigFin around today. Sure, all those old-school habits and vintage tech can be charming — but they won’t protect you from 21st-century threats. This is why I am constantly working to combine those lessons from my PSTN days with modern security frameworks.

Yes, I have certainly had more than my share of public failures (remember that one server I forgot to patch right before a huge worm outbreak — it still wakes me up at night). Yet if the past is any lesson, it is apathy – not a hacker —that presents the greater danger.

Keep challenging limits, keep walking away from the street cred, and remember: on the other side of every firewall is another curious mind wondering what’s next.

Best Security, it is not a technology but a mindset! Hope you enjoyed the reading.

— Sanjay Seth, P J Networks Pvt Ltd

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.