The Evolution of Cybersecurity: From PSTN to Zero Trust and Beyond

As I sit here at my desk, on coffee number three, I keep returning to 1993, when I became a network admin for the first time. We were too busy juggling voice and data traffic atop PSTN lines (anyone remember circuit-switched networks?) and fixing routers that used ancient protocols that nobody even remembers today. Ah, the good old days, or at least we used to think so.

Fast forward to today, I have my own cybersecurity company now, called P J Networks Pvt Ltd, and I still get those jitters of adrenaline—like I did when I saw the Slammer worm ransacking computer networks back in 2003. Back in the day, when the hardest lessons were learned first-hand. Recently I’ve been fortunate enough to assist three banks in their zero-trust architecture migration (which very simply is the seismic shift in enterprise security paradigm). I am still buzzing from DefCon’s hardware hacking village (more on that later), and I thought… why not just give some real talk, experiences and yes, rants that aren’t always had as polite conversation in boardrooms.

From PSTN to Slammer: The Early Days

Beginning with PSTN involved working on muxes, circuit switches, and managing the idiosyncrasies of reliability of voice/data overlays. Think of it as a tune-up for an old car. It required frequent tweaking — and you learned every one squeaks.

Then came Slammer — one of the first big worms that made it painfully clear that legacy systems were not old; they were dangerous. It’s estimated that Slammer was capable of bringing down a network in minutes.

Years later, I’m still furious about how little most companies seem to really get what it takes to lock down the old stuff. Too often, they simply bolt on a firewall and declare that we’re protected. Nope. That would be about as useful as strapping a helmet on your car’s antenna and checking the crash test rating.

Zero Trust—Not Just a Buzzword

Assisting in the zero trust model adoption at banks was tough but very eye opening. You can’t just say, trust no one, and watch the overnight fix — it’s about changing the mindset of everyone: from the C-suite to the janitor.

Imagine this: the traditional castle-and-moat security model is a heavy gate that secures the kingdom. But let somebody in, and they have the run of the place. Zero trust is like — no exceptions, everyone inside the castle has to prove who they are every time they go in a room.

Key Lessons in Zero Trust Implementation

• Continuous authentication. No, a single login just doesn’t do it any more.
• Segments make lateral movement more difficult—just think of each as the locked glovebox in a car.
• Micro-perimeters count—Even endpoints on the inside of the network are considered to be hostile.

And yet, I see some people treating zero trust kind of like a wand. It’s not. It requires thoughtful design, persistent monitoring and, yes, sometimes annoying users. But have a conversation with any security pro and they’ll tell you: better annoying your users than losing millions.

Hardware Hacking and DefCon—It Is Not All About Software

Just made it back from DefCon and did that hardware hacking village ever blow-me-away! That’s a refreshing change from the typical software only focus.

But if there’s backdoors in your hardware buried under your hood, only your software defences are going to get you so far. I love analogies, so yes, it’s kind of like cooking:

• You have the finest spices (software controls),
• Although if your oven (hardware) is busted or rigged, your dish will be so, too.

Watching experts disassemble routers and servers and embedded chips and find physical vulnerabilities is humbling. Hardware is the often-forgotten layer in cybersecurity.

Most of the industry swooshes past that, concentrating only on firewalls and patches and endlessly updated software. But you keep this up and use no industry standard switches or network gear that can be hardened — your ass is cooked.

My Point of View on Password Policies

I’ve made my fair share of mistakes—like believing a client’s password policy that was, quite frankly, a joke (don’t even ask). Here’s what bugged me:

• Making complex passwords every 30 days?
• Users note them or select the easiest cheat code.

Better Solutions for Strong Passwords

• Length beats complexity. I’ll take a 20 character password over some password with symbols any day.
• Two-factor authentication isn’t nice to have; it’s got to have.
• Teach users how to spot phishing — not just throw tech at the problem.

Does that mean I’m anti-password rules? But we must consider usability as well. The office is not a bank vault, with workers involved in lock-step routines; it’s more like a busy kitchen, where co-workers are moving with a sense of urgency to get the meal on the table, and security can’t get in the way with a crawl.

Business Cybersecurity: Servers, Routers, and Firewalls

Here’s a tidbit you don’t hear often: no security device works if it’s misconfigured or poorly maintained.

• Firewalls are not set-it-and-forget-it. Review those rules periodically. Companies expand, new services are introduced. My rule? Monthly — even quarterly, at least.
• Routers and switches Those trusty old workhorses are often churning along on out-of-date firmware. Patch those like your life depends on it — which it does.
• Servers need layered defense. Antivirus is just the start. However, monitor your logs, segment your high-value servers and limit user privileges.

Sadly, too many firms are over-investing in shiny new gizmos while ignoring the basics. Trust me, that’s the equivalent of buying a fast car and never getting an oil change.

Quick Cybersecurity Takeaways

• Legacy systems are time bombs if proper risk assessment is not done.
• Zero trust is critical but no silver bullet—cultural shift needed.
• Hardware weaknesses are the most neglected—test your gear!
• Password policies should focus on length and usability more than imposing complexity.
• Firewalls, routers, and servers require ongoing maintenance, not just installation.

Conclusion: Tales From a Grizzled Consultant

Listen, cybersecurity is a moving target. The threats change, and the defenders must, too. I was in the trenches with dial-up modems, saw when worms took down networks, and witnessed the industry evolve into something completely foreign to the 90s.

My advice? Don’t just chase the sound of new buzzwords without anchoring them in real-world usefulness. AI-powered security? I remain skeptical. No amount of virtual know-how replaces well-architected, hands-on tested systems and experienced people who know the terrain.

And sometimes it is, yes, a matter of old-school ideas:

• Know your assets.
• Enforce access wisely.
• Patch the basics.
• Train your users — not just the IT guys.

If you want a secure network that lasts, whether it is a banking system or small business routers, this is it.

So go ahead, grab another coffee (that’s your fourth, right?), and get ready to question everything you believe to be true about security. For out here in the real world, it is the only method one can employ to take care of yourself and flourish.

Sanjay Seth
Cybersecurity Consultant
P J Networks Pvt Ltd