FirewallFortinet
Sanjay Seth
August 1, 2025
252 0
0
60
2
Shares

Reflections on Cybersecurity: From 1993 to Zero-Trust Today

I’m sitting at my desk in front of a blank page of my blog with my third cup of coffee today, yes, the colors of the world are a little more vibrant, my energy level a bit higher, and the memories of decades spent in cybersecurity are swirling around me like my coffee does in the cup. Began as a network admin in 1993. Those were the days, however, when coaxial cables, packet-switching theory, and juggling voice-and-data multiplexing over telephone-circuit-switched networks were all the rage. That is, until someone, like, keeps it old school — I’m not saying I was there, like, hand to modem, I’m saying I did wave modems good-bye, and holler, Hello, Internet! (shaking hands optional).

Remember watching the notorius Slammer worm spread through networks like wildfire in 2003? That was a wake-up call. Systems fell over in minutes. Honestly, it was a mess. But it did teach us: patching is not just a box to check—it’s life or death for your network.

Fast forward—today I run my own cybersecurity company, P J Networks Pvt Ltd, and recently helped three banks implement zero-trust architectures to reset their security postures. The timing is also impeccable—we all realise that perimeter-based security is so 90s.

Fresh back from DefCon as well—right on the wave of the hardware hacking village! The vibe there was a reminder to me that security is as much about curiosity and hands-on tinkering as it is about policy and tools.

Trust Across the Old and New: Zero-Trust is Essential

Here’s the thing: Zero-trust is not some sizzle word people drop on conference calls. Nope. It’s the natural progression of security, and exactly what you need to safeguard what truly matters in a sea of complexity in today’s IT world. I’ve seen enough organizations still operate on traditional trust models, merrily trading on internal means safe.

Spoiler alert: It’s not.

What is Zero-Trust, Really?

  • Never trust, always verify.
  • Assume breach.
  • Micro-segmentation.
  • Continuous authentication and authorization.

Easy on paper, brutal in practice.

Allow me to relate some tales—why well-known environments were breached and how Kelly-leveld the playing field.

Banks and Zero-Trust: Real Talk

These banks (and three of them, no less) had one thing in common: They all contacted me for doing the same thing—their legacy firewalls and stateful inspection systems were collapsing under the weight of modern threats. The phishing from employees’ personal devices, the lateral movement within their networks and the threats of ransomware—they weren’t stopping.

What did we fix?

  • Adjusted the network zones with very strict segmentation. No more flat networks.
  • Use identity-centric controls—each device, each user, each application had to prove it belonged.
  • Automated policy enforcement with next-gen firewalls and micro-segmentation.

And yes, they now feel safer. Their surface of risk is visibly diminished, and what do you know? Response times to the incidents fell by almost 40%.

It’s not magic. It’s discipline.

In hindsight: what Slammer can teach us

Remember Slammer? That worm embarrassed me—and taught me a lesson. Those 376-byte packets moving at super-high speed brought databases vulnerable to SQL servers to their knees around the world.

The lesson?

  • Patch immediately. No excuses.
  • Legacy systems without support? Time to retire them.
  • Trusting assumptions leads to catastrophe.

There is something desperate but also weirdly romantic in watching a network collapse and then try to knit itself back together—only better, smarter.

Hardware Hacking Village: Hands-On Still Matters

DefCon was fun as hell this year. The hardware hacking village was crowded with people hacking everyday devices into attack platforms (and defenses).

Here’s what stuck with me:

  • You can’t just be about software.
  • Hardware layer security is sometimes considered to be unimportant, but it’s not.
  • Threats come at you from every angle—even from direct physical access.

I’m telling you, nothing beats watching a hardware token get bypassed live and in person—that’s education you just can’t get from a slide deck.

Password Policies—My Pet Peeve

I’m about to rant. Ready?

The password policies that allow for 30-day forced rotation? Useless and dangerous.

Why?

  • Predictable patterns—the users develop them: Password1!, Password2!
  • Encourages bad behavior such as using sticky notes or the same password for everything.
  • Concentrate on length, complexity and—please—make passphrases acceptable.

And yes, you absolutely should be using MFA (Multi-Factor Authentication). By only using passwords, you are essentially locking your front door but leaving the back door wide open.

The AI-Powered Trap

All around you, you stand surrounded by people selling AI-powered this, AI-powered that. But here’s the rub: AI is just a tool—it doesn’t resolve bad fundamentals.

I’m suspicious of solutions claiming to work magic through AI. Remember: Garbage in, garbage out—which is also to say that if the data that fed the AI models are flawed or biased, the results will be, too.

Quick Take: My Top Tips to Protect Your Business Now

  • Embrace Zero-Trust. Don’t wait. Start with micro-segmentation.
  • Patch religiously. The Slammer worm didn’t wait—and neither do hackers.
  • Focus on Identity. Devices and users require ongoing validation.
  • Hardware matters. Physical security can trump digital.
  • Forget forced password expiry. Rather, invest in passphrases and MFA.

When Crown Jewels Are Protected by Firewalls, Servers and Routers

From a brick wall to an intelligent gatekeeper, here is a list of things that have changed. But they’re only as good as the rules that you have and you maintain.

Servers are the heart of your infrastructure, routers are the blood vessels, as the saying goes. If either of them becomes clogged or contaminated, the entire body is affected.

So invest in:

  • Firewalls of the next generation: Application-aware firewalls.
  • Hardened servers—keeping software to a minimum, updating often.
  • Routers with partitioning between important traffic streams.

Seems obvious? But there are so many who simply do not understand the basics.

The Bottom Line — From My Desk to Yours

Security is a long distance race, not a sprint. It’s what I learned on the road from being an overgrown network janitor stuffing packets at the PSTN, to a consultant designing bank defenses—nothing is a silver bullet. It’s about layered, evolving protection.

That’s the kind of probing irreverence that cries out to be answered, because free-play defenders know: Anything you can do, I can get in the way of. (And if I can’t…cookie.)#YeahWhateverOh man,Also, still buzzin’ from DefCon bruh.At DefCon, a giant hairless space-worm turned itself inside-out.I mean, Jesus. / Wax-moulded alien pods near Kinkos that turn out to be corn.New International Hacker’s AccomplishmentThanks DefCon, for reminding me that… we kinda need our sense, of hacker’s curiosity tempered down to common.

Before I refill my coffee cup for the fourth time—think about your security architecture. Is it time to stop assuming your network’s inside is secure? Because, honestly, it never was.

Stay sharp, folks.

Sanjay Seth
Founder, P J Networks Pvt Ltd

Cybersecurity Consultant since 1993

Sanjay Seth

Sanjay Seth

What's your reaction?

Related Posts

1 of 269
© 2026 Fortinet Firewall CyberSecurity Networksecurity PJNetworks NAC Solution Blog - Fortinet Firewall CyberSecurity Networksecurity PJNetworks NAC Solution Blog by Sanjay Seth.
© 2026 Fortinet Firewall CyberSecurity Networksecurity PJNetworks NAC Solution Blog - Fortinet Firewall CyberSecurity Networksecurity PJNetworks NAC Solution Blog by Sanjay Seth.