Sanjay Seth Start a Conversation
Cybersecurity & Network Consultant Available for engagements

I make enterprise networks
secure by design— not secured after the breach.

I'm Sanjay Seth. For three decades I've designed, hardened and operated the networks that businesses run on — from a first router config in 1993 to zero-trust architectures protecting 1,000+ organizations today. I work hands-on with your engineers, not from a slide deck.

View consulting services → Book a working session
on console Sanjay Seth, cybersecurity and network consultant
SS
Sanjay Seth
Cybersecurity & Network Consultant
  • Fortinet MSSP · NSE Certified
  • Cisco Partner · CCNA / CCNP
  • Check Point Certified Instructor
  • On the wire since 1993
  • Delhi, India · serving enterprises
policy-engine ~ inspecting flow tcp/443 · zone untrust → trust
01
Identify
user · device
02
Inspect
IPS · SSL · AV
03
Enforce
zero-trust policy
04
Log
SIEM · ATT&CK
verdict: ALLOW · finance-app DENY · lateral-move latency1.4ms loggedfortianalyzer + syslog
Since 1993
On the wire
1,000+
Organizations secured
5,732+
Firewalls deployed
MSSP.
Fortinet partner-grade
Certified across the platforms I deploy
Fortinet
MSSP Level Partner · NSE
Security Fabric, FortiGate, FortiAnalyzer, FortiAP.
Cisco
Certified Partner · CCNA / CCNP
Routing, switching and enterprise campus design.
Dell
Authorized Partner · PowerEdge
Compute and infrastructure for on-prem SecOps.
HPE Aruba
Partner · Aruba Certified
Secure wired and wireless edge networking.
Check Point
Certified Instructor · CCSI
I've trained engineers on firewall & threat prevention.
How I Work

A four-phase engagement, built for production reality

I don't hand over a report and leave. I work alongside your team through the full arc — from understanding what you actually run, to operating it safely.

01 / Assess

Assess

Discovery of your current network, firewall policy base and exposure. A risk baseline grounded in what's really deployed — not assumptions.

02 / Architect

Architect

A target design and phased roadmap with a clear business case. Topology, segmentation, HA and the order to get there without downtime.

03 / Deploy

Deploy

Hands-on implementation with change windows, rollback plans and production safety. I configure, validate and document as we go.

04 / Operate

Operate

Tuning, monitoring and knowledge transfer. Either I hand a running system to your team, or PJ Networks runs it as a managed service.

Consulting Services

What I'm brought in to fix, design and defend

Eight focused practices. Each engagement is scoped to your environment — below is the depth you can expect across scope, deliverables and the stack I work in.

SVC-01

Network Architecture & Design

Design the network so security is structural, not bolted on.

Scope

  • Campus, datacentre and multi-site WAN topology design
  • Routing & switching architecture, VLAN and segmentation strategy
  • High availability: active-active firewall clusters, VRRP, redundant uplinks
  • Capacity and growth modelling for AI / high-density workloads

What you get

  • Reference architecture, topology diagrams and IP/VLAN plan
  • HA failover design, bill of materials and phased migration runbook
Stack: FortiGate · Cisco Catalyst/Nexus · FortiSwitch · SD-WAN · BGP/OSPF · VRRP
SVC-02

Zero-Trust Architecture

Verify every user, device and flow — no implicit trust inside the perimeter.

Scope

  • Identity-driven access policy and device posture (NAC)
  • Micro-segmentation and application-layer enforcement
  • VPN-less remote access (ZTNA) for hybrid workforces
  • Rollout sequencing that won't break production traffic

What you get

  • Zero-trust policy model and identity/posture integration design
  • Segmentation map and a staged, reversible cutover plan
Stack: FortiAuthenticator · FortiClient ZTNA · FortiNAC · Security Fabric · SAML/RADIUS
SVC-03

Firewall Engineering & Optimization

Get more security and throughput from the firewalls you already own.

Scope

  • Policy rationalisation, rule cleanup and shadow-rule removal
  • IPS / SSL-inspection / UTM profile tuning for real workloads
  • FortiAnalyzer & syslog log-pipeline alignment and gap closure
  • Firmware lifecycle planning and full rule-base audit

What you get

  • Audited, deduplicated policy base and inspection baselines
  • Logging pipeline that captures what matters, plus a performance report
Stack: FortiOS 6.2–7.4+ · FortiManager · FortiAnalyzer · IPS/AV/WF · Syslog/NetFlow
SVC-04

NOC / SOC Design & Managed Detection

Stand up the eyes-on-glass that catches problems before users do.

Scope

  • NOC/SOC tooling, process and on-call model design
  • SIEM / SOAR pipeline and detection engineering (ATT&CK-aligned)
  • Alert triage, correlation and escalation runbooks
  • 24/7 monitoring model and SLA framework

What you get

  • Detection content mapped to MITRE ATT&CK and SOAR playbooks
  • Escalation model, operational dashboards and SLA reporting
Stack: SIEM/SOAR · Elasticsearch · MITRE ATT&CK · EDR/XDR · Threat-intel feeds
SVC-05

Assessment, Audit & Compliance

Know where you stand — and what Indian regulators expect of you.

Scope

  • Architecture and configuration review against best practice
  • Vulnerability assessment and prioritised remediation
  • Gap analysis against Indian regulatory frameworks
  • Audit-readiness and evidence preparation

What you get

  • Findings ranked by business risk, mapped to controls and owners
  • Remediation roadmap with effort estimates and a compliance evidence pack
Frameworks: CERT-In · DPDP Act 2023 · RBI IT Framework · SEBI CSCRF · ISO 27001-aligned
SVC-06

Incident Response & Threat Hunting

When something's already inside, contain it — and learn from it.

Scope

  • IR readiness, playbooks and contact-tree design
  • Live containment, eradication and recovery support
  • Forensic log analysis and root-cause reconstruction
  • Proactive hunting for fileless, C2 and lateral-movement activity

What you get

  • IR plan, containment actions and a root-cause timeline
  • Hardening recommendations and an executive debrief
Stack: EDR/XDR · YARA · JA3 / C2 beacon detection · Packet capture/DPI · Log forensics
SVC-07

Secure Wireless, Edge & SD-WAN

Reliable connectivity at every site, with security built into the edge.

Scope

  • Wi-Fi 6E design, RF planning and AP placement
  • Secure guest and BYOD onboarding with segmentation
  • Multi-site SD-WAN with application steering and HA
  • Branch failover across multiple ISPs / circuits

What you get

  • RF / AP plan, SSID and segmentation design
  • SD-WAN underlay/overlay policy design and branch runbook
Stack: FortiAP · Wi-Fi 6E · FortiGate SD-WAN · multi-ISP failover · QoS
SVC-08

Cloud & Email Security

Protect the inboxes and SaaS tenants where the real attacks land.

Scope

  • Microsoft 365 / Google Workspace hardening
  • Conditional access and identity protection
  • Email threat protection and phishing defence
  • Cloud log collection feeding your SOC

What you get

  • Hardened tenant baseline and conditional-access policy
  • Cloud detection rules integrated into your monitoring
Stack: Microsoft 365 · Conditional Access · O365 ATT&CK detections · Cloud log collection
The Design I Build Toward

Segmented, inspected, logged — every zone

No flat networks. Untrusted edges terminate at the firewall, every inter-zone flow is inspected and enforced against identity, and everything is logged to a SIEM. This is the reference shape behind most of my engagements — adapted to what you already run.

edge → inspect → segment → log · no implicit trust

WWW untrust FW IPS·SSL inspect core finance allow users posture guest/IoT isolate SIEM · FortiAnalyzer · MITRE ATT&CK every flow logged & correlated
reference zero-trust segmentation · illustrative
Where I've Worked

Sectors with real stakes and real regulators

Three decades across Indian enterprise means I've seen how security actually breaks in the field — manufacturing floors, bank branches, restaurant chains and campuses, not just lab diagrams.

BFSI & Fintech Manufacturing & Auto Hospitality & QSR Education & Campus Government & PSU Healthcare Retail & Distribution
Compliance Fluency

Designed for India's rulebook

CERT-InIncident reporting timelines, log retention and directions readiness.
DPDP Act 2023Data protection controls, consent and breach-handling posture.
RBI IT FrameworkControls for banks and regulated financial entities.
SEBI CSCRFCyber resilience for market intermediaries and REs.
Selected Engagements

What the work looks like in the field

Representative engagements showing the challenge, the approach and the outcome. Real environments, anonymised — named case studies available on request.

Education · Campus

Zero-trust across a 15-building campus

Challenge

A sprawling campus running flat VLANs and VPN-based access — no way to tell who or what was on the network.

Approach

Identity-driven segmentation on FortiGate + FortiAuthenticator + FortiAP, with posture checks and VPN-less ZTNA, rolled out building by building.

15buildings segmented · no VPN required
Manufacturing · Multi-site

High-availability SD-WAN for distributed sites

Challenge

Branch plants losing connectivity on single-ISP failures, taking production systems offline with them.

Approach

Dual-ISP FortiGate SD-WAN with application-aware steering and automatic failover, plus a repeatable branch deployment runbook.

99.99%uptime target across sites
BFSI · Firewall estate

Firewall policy & logging clean-up

Challenge

Years of accumulated rules, shadowed policies and a log pipeline missing the traffic types auditors asked for.

Approach

Full rule-base audit and rationalisation, tuned inspection profiles, and aligned FortiAnalyzer + syslog filters so nothing important goes unlogged.

Audit-readypolicy base + complete logging

→ Want the named version with full metrics? Ask for the engagement deck under NDA.

Track Record

From the Slammer worm to zero-trust

The threats changed completely over thirty years. The job didn't: understand the network deeply, then make it defensible. I founded PJ Networks in 2002 and built it into a Fortinet partner-grade MSSP — and that field experience is what shaped the PrahiX Ora SecOps platform now built by PrahiX Tech.

Connect on LinkedIn →
1993

First network, first lesson

Hands-on with routers, switches and the early internet. The foundation everything else is built on.

2002

Founded PJ Networks

Started with firewalls, grew into full NOC/SOC operations serving enterprises across India.

2003

SQL Slammer — the wake-up call

Watched a worm bring networks to their knees in minutes. Security stopped being optional.

2016

Fortinet MSSP partnership

Among India's early Fortinet MSSP-level partners — deep Security Fabric expertise.

2024+

The AI-driven security era

Integrating AI-driven detection and automation into real deployments, and informing the PrahiX Ora platform.

Speaking & Recognition

On stage, on air, and in the classroom

Three decades in the field also means sharing it — at industry events, on podcasts, and training the engineers who run these systems.

Check Point Certified Instructor · CCSI

I don't just deploy security — I teach it. As a Check Point Certified Instructor, I've trained network and security engineers on firewall administration and threat prevention, the same hands-on rigour I bring to every consulting engagement.

Zero-Trust Architecture in Indian Enterprises

Cybersecurity Summit, Delhi
2025 · Keynote

AI in NOC/SOC: Real-World Deployment

Fortinet Security Conference
2025 · Session

From Slammer to Zero-Trust

Cyber Stories Podcast
2024 · Guest

Building a Managed Security Practice in India

MSSP Leadership Forum
2024 · Panel
Field Notes

Real cybersecurity, written from the trenches

Deep dives and lessons from actual deployments — no theory, no vendor fluff.

Zero-Trust

Zero-Trust Campus: FortiGate + FortiAuthenticator + FortiAP

A complete zero-trust architecture across a 15-building campus on Security Fabric — no VPN required.

Deep dive · 254 views SD-WAN

Building High-Availability SD-WAN Architectures

Design patterns for resilient multi-site SD-WAN on FortiGate and Cisco with 99.99% uptime targets.

Architecture · 97 views Career

From Network Admin to Cybersecurity CEO: Lessons Since 1993

The honest story — failures, pivots and breakthroughs across three decades in tech.

Story · 1,024 views
Read all insights →
Working Together

Questions I get before an engagement

Straight answers on how I actually work with your team.

Do you replace my team, or work with them?
I work alongside your engineers and transfer knowledge as I go. The goal is to leave your team more capable, with documented designs and runbooks they own — not a dependency on me. If you'd rather hand off operations entirely, PJ Networks can run it as a managed service.
Remote, on-site, or both?
Both. Design, audit and detection-engineering work is largely remote. Cutover windows, datacentre work and incident response are done on-site where it matters. I'm based in Delhi and work with enterprises across India.
Are you tied to one vendor?
My deepest expertise is Fortinet's Security Fabric, but I design for what you run — Cisco, Dell, HPE Aruba and multi-vendor estates included. The architecture comes first; product choices follow the requirement, not the other way around.
Can you help us get audit-ready?
Yes. I run gap analyses against the frameworks Indian enterprises answer to — CERT-In, DPDP Act 2023, RBI's IT framework and SEBI CSCRF — and deliver a prioritised remediation roadmap plus the evidence pack auditors expect.
How does an engagement usually start?
With a short working session, not a sales pitch. We look at what you run and what's worrying you, I scope the work into clear phases (Assess → Architect → Deploy → Operate), and you get a proposal you can act on. No obligation to continue.
Let's Talk

Have a network worth defending?

Whether you need a fresh architecture, a firewall base cleaned up, a SOC stood up, or a second opinion before an audit — let's start with a working session, not a sales pitch.

Book a working session → Connect on LinkedIn
Prefer email? Reach out here · Based in Delhi, serving enterprises across India