Reflections from a 30-Year Cybersecurity Career

So here I am — third coffee kicking in, keyboard clacking, reflecting over a 30-year career that, for some inexplicable reason, kicked off when I was a wide-eyed network admin in 1993. At the time, I was up to my you-know-what in the maze of networking gear-muxes, routers and all that voodoo that transported our invaluable voice and data across PSTN lines. No highfalutin cloud or AI-powered buzzwords … just wires, protocols, and a stubborn determination to keep things running.

Fast forward to today, now running a security outfit of my own and helping banks transition to these zero-trust architectures and just coming back from DefCon’s hardware hacking village, still buzzing from the jaw-dropping creativity but staring at this reminder that there’s always a way in.

Cybersecurity Is More Than Gadgets

Here’s the thing: Cybersecurity is not a shiny prize to win by purchasing the newest gadget. It’s drenched in real-world grit and slog — things that you see only if you’re really in the trenches. So I thought I would share a few no-BS insights from my experiences that could potentially help save you those dreaded 3 a.m. phone calls.

From Network Admin to Zero-Trust Advocate

In the old days, network admins such as me were the guardians of the corporate data fortress — mostly static walls surrounding defined pathways. But oh, how things have changed. I still remember the Slammer worm — one of the early big cyber epidemics I ever worked.

  • Slammer, which slinked through a door left open by a vulnerable version of SQL Server and downed networks around the world within minutes.
  • It was like a terrible flu — fast and aggressive, and it caught everyone by surprise.

But there’s what that did for me personally: It taught me that prevention was more important than response. Firewalls, IDS, patching — it all came to the front.

Today, I am neck-deep helping three banks transition their full infrastructures to zero trust. No more trusting anything. Not the device, the user, the network segment—nothing, by default.

Sounds great, right? But:

Zero-trust is a way of thinking, not a box to check.

  • You must have expert knowledge of your assets, flows, and threats to realise.
  • It is not an overnight magic cure. It’s a continuous effort.

A Brief Rant About Passwords and Policies

I swear, if I have to hear ‘complex password must change every 30 days’ again, I might lose it. Here’s why:

  • You won’t change passwords if forced too often making for weaker passwords or ‘password1’, ‘password2’ etc. rotations.
  • Users wind up writing down passwords or using easily guessed patterns.
  • And longer passphrases at reasonable complexity levels are better and don’t pound on your users’ brains.

Seriously, if you actually care about security, make it usable. It’s not that bad policies involving passwords are the enemy, passwords themselves are the enemy!

Hardware Hacking — Why I’m Still Passionate

(Just got back from DefCon’s hardware hacking village. Man, that place is like a frat house multiplex of the wonderfully curious and the seriously skilled. Gazing on people turning ordinary appliances into ports of entry reminded me of the old multiplexers and routers I used to administer.

  • Hardware bugs are easy to ignore but also chip away at you.
  • Security teams obsess over software patches but ignore physical access or firmware backdoors.

It’s the moral equivalent of leaving the doors of your car unlocked because you are too busy on the engine.

And whoever may vendors claim their devices are ‘immune to threats and AI-powered’; that, I doubt. AI is a tool, not a panacea. Leaning too hard on AI hype to keep you safe is a little like trusting your toaster to put out kitchen fires. It’s definitely helpful, but you still need smoke detectors and a fire extinguisher.

Takeaways from Real Security Deployments

Assisting three banks the other day was like a major, big deal. Financial institutions are always in the crosshairs of the attackers – so here’s what I observed first-hand Educate the customer: We often refer to the customer here in the context of “users” at an organization.

  • Legacy systems obscure critical vulnerabilities. All you’re doing is you’re rolling out the welcome mat if you’re outside of the known good 15-year-old server hardware, if you’re running equipment that is 15 years old and you’re running old firmware.
  • Putting zero trust in place didn’t require tearing everything down. It was separating controls and micro-segmentation and visibility in a careful way.
  • Employee training still matters. Sure, you can have the shiniest firewall on the block, but if your staff are going around clicking on phishing links, you might as well wear an “Under New Management” sign.

Down to Earth Advice from a Long Time Dominant

  • Avoid magic-bullet mentalities. Firewalls, network segmentation, endpoint protection — all must dance together.
  • Test your incident response plan often. Rehearse violations, dry runs — no surprise parties.
  • Embrace visibility. You can’t defend what you can’t see happening.
  • Suspect everything about AI-powered—research, test, substantiate.
  • Old tech isn’t all bad, but understand the risks — you may want to update or quarantine legacy gear.

Quick Take

  • Slammer worm was wake-up call: patching and prevention beat the reactive mode of response.
  • Zero-trust isn’t plug-and-play. It’s a matter of discipline and of continued exertion.
  • You read hall-of-shame password policies if you don’t manage them carefully.
  • The hacking of hardware is a real thing. Do not overlook the physical or firmware attack surface.
  • AI is a tool, not a cure-all.

Why Your Cybersecurity Should Feel a Bit Like Making Dinner

Stay with me — security is like making a good stew. Yes, you’ve got to have good ingredients (firewalls, servers, routers). But if you simply throw them all in, without seasoning, timing or attention — you get a bland mess).

  • Seasoning = Re-tuning your settings.
  • Timing = patches and updates in a timely manner.
  • Keeping it simmering = keeping an eye on it and fine tuning.

And, as with cooking for guests, your security regimen must adjust to who’s sitting at the table — and what type of diet they need (users, devices, applications).

Clearing the Desk From This Cybersecurity Veteran

i’m constantly asked — What is the key to staying ahead? Really, there’s not one magic panacea. It is persistence, skepticism and a desire to keep learning. I still make mistakes — leaving a patch out, or underestimating what users do, perhaps. But every failure is grist for stronger next time.

The landscape shifts. New tech emerges. Yes, perhaps AI will one day revolutionize some aspect of our field — but don’t be distracted by the jazz hands. Know your network, know your threats, and protect the weakest link (hint: it’s often people).

If you’re up to your elbows in a business dependent on servers, routers, firewalls — use your time and means wisely. Don’t be dazzled by buzzwords. Question, demand transparency, and — most importantly — foster a culture in which security matters as much as the bottom line.

O.K., the coffee is cooling and the day is calling. But carry these lessons in your pocket, and you’ll beat this game by a mile.

– Sanjay Seth
P J Networks Pvt Ltd

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.