The State of Cybersecurity Today: Insights from a Veteran

So, I’m sitting here at my desk, 3rd coffee in hand — still buzzin’ from DefCon’s hardware hacking village — and trying to figure out where cybersecurity is today and where it’s dragging us. I’ve been in this shit since 1993, when I was a network admin, pulling cable and managing muxes for voice and data across PSTN. Yeah, those were the days when a network outage was serenaded in the office by the ear-piercing screech of the dial-up modem, followed by anxious phone calls to the telco.

Skip forward nearly 30 years, and I’m running my own security company, P J Networks Pvt Ltd, and helping banks (three in the last quarter alone) come to grips with zero-trust architecture. And lemme tell ya — zero trust is not just another buzzword.

The Worms That Bit Us

You remember the Slammer worm of 2003? If you didn’t, you overlooked what was one of the more frantic weeks in the early days of cybersecurity. I saw it with my own eyes — our customers’ networks slam-med, machines freezing in the middle of a trade, database applications choking on bad packets. It swept through so quickly, it was as if you had caught a kitchen fire after forgetting to turn off the stove.

The lesson (frustratingly still relevant): patch fast and patch often. No security policy, no firewall setting was going to protect you if your systems were powered with dated code.

And here’s the punchline — many organizations continue to drag their feet on timely updates. Some argue that patching breaks stuff, and it does, on occasion, but it is better, in my opinion, than disinfecting a server from ransomware. But anyway, Slammer there taught me one very early lesson, and that is never underestimate a small piece of malware.

Zero Trust and Why I’m Not 100% Sold Yet

We’ve helped three of the world’s largest banks shift to zero-trust models in recent months. Sounds great, right? But here’s the thing—adopting zero trust isn’t simply flipping a switch or purchasing a shiny new AI-powered appliance. Those AI-marketing pitches in particular, that’s what gives me pause — sure does look like those snake-oil salesmen were automatically selling me smart firewalls without doing anything to qualify for the term.

In practice, zero trust is: never trust, always verify, and compartmentalize your assets. But it’s not bulletproof.

Here’s some real talk about my recent gigs:

• Legacy giants remain the elephant in the room. Banks are running critical apps written more than 15 years ago. It is trying to shove a carburetor into an electric car’s engine. It’s not going to play nice without a lot of alteration.
• User behavior analytics can be a bit helpful — but don’t get so lazy that you forget human factors in the real world. People will be the least secure link.
• Zero trust is no substitute for good security practices. Firewalls, patches, VPNs—they still matter. Here’s a better way to think of zero trust: It’s the seasoning, not the dish.
• Architectures vary wildly—no one-size-fits-all. Whatever is working for a fintech startup may not work with a bank.

Wired Networking Is My First Love and My Last

It’s always been about controlling the traffic for me, from doing muxes over PSTN to setting up firewalls and routers. If you can’t trust your network pipes and devices then everything else is smoke and mirrors.

Here’s the deal:

• Fairwalls aren’t just border guards anymore. They need to be intelligent, aware of their context, capable of adapting to encrypted traffic, and not slow businesses down.
• Routers? After all, many of us think of them as dumb boxes. But a router has an important role to play in security. Segment your network well. Also be sure to control and watch inter-segment traffic.
• Servers hosting critical apps? Don’t forget to keep them hungry, patched and privileged. I find multitenant scenarios spooky — it just feels like mixing oil and water.

DefCon and the Hardware Hacking Village Still Buzzing

DefCon this year was a wakeup call. The hardware hacking village took me back to the old-school days when you’d break apart a device to see how it ticks. Today, watching people uncover bugs in firmware and attack at the hardware layer is both exhilarating and scary. It made me re-examine the degree that we solely concentrate on software security.

The next frontier is hardware security. Your firmware, your radio chips, even your power supplies: there’s fussing to be found everywhere you look.

My takeaway:

• If you’re not already thinking about your hardware defensibility, you’re setting yourself up for the future.
• Supply chain risks are real. Your cheap router may be harboring a backdoor cooked during development.
• Firmware updates are also a pain, but are a necessity. A native update all system would be lovely, but we’re not there.

What I Hate About Password Policies

Oh boy, you should see some of the password policies. I’ve cheered complexity until it’s bruised me. Here are the things I’ve learned from far too many help desk calls:

• Complex passwords end in sticky notes on monitors. That’s a security zero right there.
• Frequent forced changes? Also bad. With only a small set of variants, users can run through the options and passwords become predictable.
• My take: Complexity is worthless if length is not there. CorrectHorseBatteryStaple beats Tr0ub4dor&3 any day.
• MFA (multi-factor authentication) is not optional any more. People still skip it because it’s annoying. Well, so is identity theft.

Quick Take What You Can Do Today

If you’re slammed (and I know you are), here’s the quick and dirty on how to secure your environment NOW:

• Audit your patching schedule. If you can’t answer when your last critical patch was applied, correct that immediately.
• Perform a quarterly review of your firewall and router settings. Believe me, stale rules pile up like junk in a garage.
• Begin to design a pragmatic zero trust model, keeping in mind your legacy constraints.
• Enable MFA for everything you can, especially for privileged accounts.
• Focus on user training. The one breach vector is still social engineering attacks.
• Start doing an inventory of assets such as the hardware firmware versions. Yes, it’s tedious but necessary.

Wrapping Up From My Desk

I’m not going to argue that cybersecurity is easy — hoo boy, do I still wake up thinking Did I miss something? after every engagement. But it is the excitement of puzzle solving that keeps me going (that and coffee — lots of coffee). We’re in a bind where attacks change rapidly but the infrastructure they target moves at a glacial pace.

There is no magic bullet, or AI-driven panacea (don’t even get me started on that hype). Real security depends on layers of defense, continuous vigilance and, it’s worth adding, an honest accounting of one’s own vulnerabilities.

If I could leave you with a thought: Cook up your cybersecurity. You don’t just throw everything in a pot and hope it turns out tasty. What you do need are the right ingredients, timing and patience. Overcook the onions, and the entire dish is ruined — no matter how fancy your spices.

So take a breath, audit your basics and move forward from there. From modems on PSTN to zero trust and hardware fuzzing, I have been privileged to witness the changing, and I’m here to help you surf the next wave.

— Sanjay Seth, from my caffinated desk, P J Networks Pvt Ltd