Surviving Cyberattacks: Real Stories from My Third Cup

By Sanjay Seth, Cybersecurity Consultant, P J Networks Pvt Ltd

Introduction: Reflections on a Cybersecurity Journey

As I sit here on my third cup of coffee, it occurs to me that I can’t make heads or tails about what that experience made of me, other than to acknowledge that the cybersecurity we started back in the days of the ninjas has evolved by leaps and bounds. I have been a network admin since 1993. Yes, those were the days when voice and data over PSTN was all serious business. You had to grapple with multiplexers, to make sure calls got through without being dropped. It was a lot like adjusting an old carburetor; make one thing just a touch off, and the whole system sputtered.

Flash forward almost three decades, and now I own my own security firm, P J Networks Pvt Ltd, assisting organizations (I have actually done 3 big banks recently) in moving to a zero-trust architecture. I will admit, there’s been a bit of a learning curve — I have had my fair share of bad days (don’t we all?) but those experiences are gold.

Lessons from the Trenches: A Worm’s-Eye View of Slammer and Beyond

I remember the Slammer worm — and how entire networks got hijacked within minutes. I, too, saw up close the frustration of watching traffic stop while trying to track an invisible menace worming its way through the system. Back then, security wasn’t the first thing that everyone thought of — it was more of an after thought, something to slap on after you fixed the immediate connectivity woes.

But the experience of those early battles quite literally shaped my philosophy: You can’t simply respond to threats, you’ve got to anticipate them. And anticipate I did.

Sometimes I think the cybersecurity sector leans too heavily on buzzwords. It seems like everyone is talking about AI-powered solutions all of a sudden. Guess what? I’m deeply skeptical. Yes, automation and machine learning can be powerful aids, but throwing AI-powered around as if it were a magic wand without understanding how it actually works breeds complacency. It’s as if you go out and get a shiny new car, but don’t even take the time to learn how to drive.

Zero-Trust Architecture: What I Learned Helping Banks Up Their Game

Recently, I assisted three banks revamp their zero-trust models. For those unfamiliar with the term, zero-trust essentially means: never trust, always verify. It’s not just a fancy turn of phrase, but a revolution in which every device, every user and every connection must authenticate itself every time.

Here’s a little reality check from me:

• Zero-trust isnt plug-and-play. You’re definitely assembling a recipe, and it’s a complex recipe where every spice in the cupboard is thrown in.
• It demands continuous vigilance and flexibility. You tightened up in one place, and the danger shifted somewhere else.
• The biggest challenge? People. Users click on phishing emails, still, when you least expect it. It’s often the weakest link.

Gotta love irony, where after spending thousands on fancy firewalls and intrusion detection they fall for the update your account scam.

Why do I bring this up?

Because technology is not enough. You have to mix it in with education, training, culture. Think of it as a complex dish to which you didn’t pay attention — even if you used good ingredients, the result will be meh.

DefCon Buzz: The Hardware Hacking Village Highlights

Just back from DefCon—thoughts still buzzing (now with twice the caffeine!). The hardware hacking village was flat out amazing, to be honest. Seeing some of the people troubleshoot and exploit the bugs in our everyday devices is a reminder that the realm of cybersecurity is no longer just about software. The physical layer of routers, servers, firewalls still matters. Particularly when you discover most companies consider them black boxes.

For years, I’ve been harping on the importance of securing your edge devices. Hardware, after all, can be compromised; and if you’re not paying attention to that, well, then, your whole network’s open.

Here are a few things I learned that you can put into practice:

• Firmware for routers and firewalls must be kept up to date without fail. No excuses.
• Do not just deploy firewalls — audit their configurations regularly.
• Physical security is not sexy but matters. Never assume someone can’t walk in with a USB key or hijack a poorly secured server room.

The Way I Do Password Policies (Buckle Up Folks)

Can I just have a quick rant—password policies. Everyone wants user-unfriendly passwords that are long and complicated and need to be changed every 30 days. But here’s the thing: if you enforce overly complex rules, users end up doing dumb stuff like taping passwords to their monitors or just using predictable variants.

Here’s a better approach:

• Promote the use of passphrases rather than nonsensical strings. Think: SunsetCoffeeDrive! 2024 rather than Xy7T9$bb. Less also happens to be more memorable, and equally strong.
• Use Multi-Factor Authentication (MFA). I’m not kidding, if you don’t have MFA you are basically leaving your door wide open
• Encourage password managers. I mean, hell, if you’re not planting the flag with some clients on this today…

Password policies are to guide our users not meant to torture them.

Quick Take: What You Can Do Today to Improve Your Cybersecurity

For those of you that tend to skim (and I know that some of you do, you busy people, you), here is what Sanjay Seth from P J Networks Pvt Ltd thinks you should be doing right now:

• Evaluate your existing network equipment: Are your firewalls, servers and routers updated and correctly configured?
• Question AI claims: Don’t fall for the hype about AI-powered security without asking for an explanation.
• Roll out trust-zero concepts progressively: Begin with most important systems and users.
• Train your people: Familiarize your teams with phishing, with the help of cybersecurity awareness programs and time-honored phishing tests.
• Hardware security: It’s not just software attacks anymore.

Security is a Journey, Not a Destination

After almost 30 years in this business, through my own humble network admin days to running my own consultancy, I’ve learned one thing: Cybersecurity isn’t a checkbox you check once. It’s a continuous process.

Why am I still jazzed after all these years? Because the landscape keeps changing. New threats, new weapons, new battles. And if you’re not evolving? You’re falling behind.

Listen, I’m no saint — I’ve been burned, I’ve missed things, I’ve had sleepless nights scrambling in emergencies. But those hard lessons gave my advice the value of being practical, battle-tested and rooted in reality.

And yes, I do still lapse into making nostalgic tech references — but the hard-won lessons, whether from fiddling with old multiplexers or setting up zero-trust frameworks, all share the same eternal truths behind good network hygiene and skepticism.

Final Thoughts: Treat Cybersecurity Like Your Trusted Vehicle

So here’s my parting thought: Cybersecurity is like that trusty old car. It needs regular tune-ups. And yes, occasionally a complete engine rebuild. But if you’re neglecting the fundamentals – checking your oil (firewall configs), changing tires (password hygiene), watching your fuel (user education) – no fancy new gadgets will be able to save you.

Okay, coffee four, don’t let me down. Stay safe out there.

Sanjay Seth
Cyber security consultant, P J Networks Pvt Ltd