Reflections on a Cybersecurity Career: Lessons from the Past and Present

I’m sitting over here with my third cup of coffee, staring at my keyboard, reflecting on the wild ride that has been my career in cybersecurity. I started in 1993 as a Network Admin when multiplexers for voice and data across PSTN were cool and actually a little bit of a nightmare at times. Fast forward to today, I now lead my own security consultancy, P J Networks Pvt Ltd. Just the other day, I helped three banks improve their zero-trust architectures. And we just returned from DefCon’s hardware hacking village — still abuzz on those nutty, brilliant gizmos and what they say about where security is going. The tech has changed a lot. But some lessons? They’re eternal. Let me tell you a few true stories that could make you think differently about your own company’s cybersecurity posture.

Blinded by the Future? Not Always. A Bit of Nostalgia Helps.

It can be so tempting to always be chasing the new hotness. When I began, the big thing was getting voice and data to live together over PSTN lines. Those multiplexers were brittle beasts, inevitably misbehaving and ground zero for exploit attempts no one ever considered. And then there was the Slammer worm, back in 2003 — a mean little intruder that taught me something about how quickly stuff can snowball.

You see, Slammer didn’t need your fancy firewalls or next-gen IDS. It was bruteforce, it was an endless stream against SQL services that highlighted a harsh truth: sometimes, the most basic attack vectors are the most effective. And it helped me learn a lesson that remains true — patching your systems always matters, but so does understanding the very backbone of your network.

Quick Take: Slammer Worm Takeaways

• You cannot ignore patch management or cross your fingers and demand that end users install software updates.
• The 1st step in defense is seeing your network.
• Simple attacks don’t need super sophisticated tools.

Zero Trust? Been There. Done That.

Recent work with banks on attacking their zero-trust installation has me thinking — zero trust is not just a buzzword. It’s becoming increasingly essential in a world in which perimeter defenses are about as effective as a screen door on a submarine. But there is a catch: zero trust is not a product you purchase off the shelf.

It’s an attitude, an ongoing project. You have to know who is asking for access, why and on what terms. And you want to monitor this in real time. Yes, automation is a big help, but there’s no silver bullet. If anything, I’m a tad suspicious of anything AI that purports to solve zero trust overnight — a great security stew requires more than just one magical ingredient.

In my experience, this is where many organizations trip up:

• Approaching zero trust as a onetime IT project, as opposed to a long-term security philosophy.
• Relying too heavily on identity verification instead of the health of the device or context of the network.
• Forgetting that zero trust involves aligning business processes, which is frequently the most difficult part.

One customer, an older bank with legacy systems, lost heart halfway through because they thought it would all be a plug-and-play update. But when we broke it down incrementally, linked legacy systems with modern micro-segmentation methods and won the business units over, it began to click.

Hardware Hacking Village Revelations

Freshly returned from the DefCon, and wow, it’s on the hardware side of things where the fun is at. That village is a cross between a hands-on nostalgia fest for me and a peek into the future. Remember those early PSTN days? Talk about physical security! You could physically see the attack vectors: loose wiring, insecure doors, actual points of physical entry.

Today while software vulnerabilities have taken over data breaches headlines, physical layer attacks is a threat that many have forgotten about.

The village demos showed:

• How IoT devices can be hacked simply by cheating a little at a board game
• The absurd availability of sensitive information via side-channel attacks
• Why your enterprise hardware inventory management has got to be more than assets — it must include risk profiling

If you think you’re safe with your firewall, server and router configurations — think again and complete the picture. Remember – a pwned device is more than a hunk of broken hardware, it is a beachhead into your network.

Password Policies: My Pet Peeve

Here’s a rant on the way out: password policies range from insane stringency to laughable laxity. I’ve seen companies require 25-character, complicated symbols and numerals passwords that end up scribbled on sticky notes on monitors. Security theater at its worst.

Passwords should be more than complicated rules, they should be about utility and context:

• Push the use of pass phrases over random gibberish.
• Enable multi-factor authentication on anything you can.
• Tell users why reusing is a no-no.
• Use password vaults in the enterprise.

And for the love of all that is good in world, please do not make password complexity your fortress’ one and only defense. It’s as if you installed a fancy lock on the front door and then left the back door wide open.

What the Early Days of Networking Can Teach Us: Anything that applies then and now

Having run networks in the ’90s, I have great respect for layered security. When you were manually debugging those muxes (and that black art PSTN signaling) yourself, you learned about security, in all its dimensions.

Things that still apply today:

• Always segment your network! Avoid the flat network trap.
• Keep an eye on traffic patterns when your volume is low — you might be amazed by the small quirks they reveal.
• Plan for what happens when devices fail and the direct, nasty interdependencies between devices.

My early mistakes were plentiful. Missed a firmware upgrade and took down the entire voice network for the morning on a Monday. Found out the hard way that you miss even the smallest patch, it turns into a world of shit when something snowballs on top of you.

Why Firewalls, Servers and Routers Aren’t Going Anywhere

In this cloud madness and talk of AI-powered magic, I sometimes wonder if people still remember the basics. Firewalls are still the gatekeepers. Routers still determine what goes where. Servers—those tireless workhorses—still need protection.

Don’t get me wrong. Game changers are THE CLOUD and AUTOMATION. But an unsecured firewall or misconfigured router can undo months of good work quicker than you can say data breach.

Here’s the message I preach to my clients all of the time:

• Regular firewall audits, and review of the rules
• Tighten up your router firmware and turn off unused services
• Patch servers before attackers figure out exploits

And, if your security team doesn’t have a hand to the back of your network, get a new team. Because complexity without clarity is an open door.

Last Bits of Advice While I Drink My Fourth Cup of Coffee

Cybersecurity isn’t just about tech. It’s about people, processes and in some cases, just plain common sense. Over the years — from the days of driving network mux up to seeing banks adopt zero trust one thing has kept true: security is never done. It’s a journey.

If you were to ask me what’s most critical right now:

• Invest in people who get your world — and not just the buzzwords
• Deploy security philosophies like zero trust thoughtfully, not in a hurry
• Don’t forget about physical security and hardware risks.
• Think of passwords more as practical tools, less like perplexing riddles

And for the love of god, don’t automatically trust any AI silver bullet. It’s a tool, not a miracle.

There’s a kind of magic in combining old-school wisdom with newfangled tech.

That’s the formula I rely on — and what I deliver to each and every client at P J Networks.

Until next time, stay safe, stay curious — and maybe cut back on the third coffee if you’re hoping to catch some z’s.

Sanjay Seth