From Network Admin to Cybersecurity Founder Insights

I’m sitting here at my desk with my third coffee of the day, still a bit high on my energy from last week’s trip to DefCon—particularly about the hardware hacking village (seriously, that place is a candy store of awesomeness for anyone who loves them some embedded systems). Looking back on that ascent from network admin in 1993 responsible for multiplexers for voice and data over PSTN, to founder of my own cybersecurity company today, there is a heck of a lot of wisdom contained in these nearly 30 years of practical experience. And that’s what I am here to share — no fluff but the real stuff and the real lessons from the frontlines.

Network Admin and the Slammer Worm Early Days

My career in security actually began a good deal earlier than 2016.

In the ’90s, when people in America were just beginning to use the term the internet, I was up to my neck in the plumbing of communication networks. I imagine managing mux for voice and data across the Good Old PSTN (Public Switched Telephone Network) wasn’t sexy—but, man, was it necessary. We didn’t have fancy cloud firewalls or zero-trust policies; hell, basic perimeter security was more or less unknown.

Then came Slammer.

If you recall the Slammer worm outbreak of 2003, you know that it was a cold bucket of water. It spread so quickly that bank A.T.M.s went haywire and airlines canceled flights.

I saw it take networks to their knees. And learned:

  • Why patch management is important — some links in the chain will f— you up if you skip them.
  • The network-ripping potential of a single vulnerability in SQL Server.
  • That perimeter networks are no longer enough.

Slammer was the guileful recall that villains evolve, and so must we.

Looking ahead Running My Own Cybersecurity Company

Today, I’m running P J Networks Pvt Ltd, which provides businesses that want hardened defenses with cybersecurity, firewalls, servers, and routers. It’s hard work but I started my own business.

In the last year, I’ve assisted three banks as they upgraded their zero-trust architectures. Zero trust has been a buzzword for years now — but here’s the reality:

  • It’s not just a firewall or VPN replacement.
  • Zero-trust is about always validating every user, device, and connection —every time.
  • Half the battle is getting buy-in across the departments.

Those banks weren’t just in search of a checkbox solution. They wanted airtight policies that take into account real-world risks. I had to assist them in corralling legacy apps, tightening identity management and segmenting networks so a bad actor at least couldn’t just wander around.

Here’s the thing—zero-trust isn’t perfect. It is complicated, and it is expensive (especially when you have a ton of legacy gear). But ignoring it? That would be a free pass to a breach.

Thoughts on AI Security A Healthy Doubt

I am somewhat of a pessimist when it comes to marketing claims as, after all, it is my day job to debunk such claims.

These days, everything wants to lay claim to being artificial intelligence—even our security products. But put your guard up.

  • AI isn’t magic. It is only as good as its data.
  • There are a lot of AI tools that are nothing but fancy repacked heuristics.
  • AI can produce truckloads of alerts, with false positives to swamp the amount of human analysts.

Not saying AI doesn’t have a place — very much the opposite. But to put such blind faith in A.I. to make high-stakes judgments is tantamount to leaving your hands off the steering wheel of your shiny new car because you have the latest in auto-pilot technology. You’ll crash. So never forget to include AI alongside strong human expertise.

Password Policies—A Rant (Because I Can’t Resist)

If there’s one thing I remain salty about, it’s how many institutions require ridiculous password requirements:

  • Tangles of complicated rules that users can hardly keep in mind.
  • Forcible, persistent resets, doing nothing but pissing off The Users.

Well, here’s a little secret from my own experience:

A longer password always triumphs over a complex one.

Look at it this way with cooking (and for the record I am terrible at this analogy, or any cooking): Sometimes a simple, quality recipe (long passphrase) is better than a complex recipe of obscure ingredients (random chars).

Better yet, advocate for multi-factor authentication — the strongest available — because no matter how strong your password is, if you rely on one factor, you’re at risk.

What I Learned at DefCon (Hardware Hacking, etc)

Oh, DefCon this year — the childhood delight of being in a room with a bunch of curious minds, picking over everything from IoT fridges to automotive CAN bus protocol. Hardware hacking is where grinds are made.

Some key takeaways:

  • Devices always have overlooked vulnerabilities.
  • If someone wants to break into a building, physical access usually supersedes digital defenses.
  • Security through obscurity is a thing of the past.

Do you recall my early Network mux days? Physical security, back then, was generally considered a somewhat different animal than cyber. But these past few years have made it abundantly clear that physical and cyber security must converge.

Hackers are now thinking end-to-end, from silicon to cloud.

Quick Take For Those On The Go Readers

  • Patch early, patch often. Your old network holes will eat you alive.
  • You don’t have a zero-trust program so much as you live one: Zero-trust is a mindset, not just a tech stack.
  • Be skeptical of ‘AI-powered’ security tools.
  • Password length >>> complexity. And always use MFA.
  • Physical security is cybersecurity.

Wrapping Up

Cybersecurity is not just a game of fancy buzzwords or the latest tech. It’s experience — of what attacks look like, of how systems fail — and of building defenses that hold up in the face of adversaries.

I’ve made plenty of mistakes (who hasn’t?), but each failure is a lesson that hones the blade.

If you’re an operator of a business, my counsel to you is simple:

  • Don’t chase shiny toys.
  • Buy good foundational stuff — patching, network segmentation, identity controls.

And, oh, remember this — security is a journey, not a destination.

We will stop here tonight, thanks for indulging me in that long ramble. Now back to that last sip of my cold coffee — and maybe some firewall configs.

Stay secure, folks.

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.