My Journey and Insights in Cybersecurity from 1993 to Today

I have been working with IT since 1993 when I started my career as a network admin. Yes, that’s almost thirty years ago. I was building networks when dial-up was still king and something called PSTN was how you connected voice and data across a city. And I was not just filling network cables; I was addressing multiplexers, slow routers, and the kind of hardware that would probably give today’s engineers a heart attack.

Those were long back the days when network security was doing your best to prevent someone from grounding the wires and hoping that nobody tapped them. Fast-forward to early 2003 im quitting. Slammer worm. Never forget the chaos. Slammer hit the networks like a meteor, exploiting one of the simplest yet most powerful vulnerabilities in SQL server implementations.

No matter how this worm is simplistic compared to modern AI-driven exploitation tools, it was ruthless, and it spread so quickly your hearth skipped a bit as you checked your firewall logs exploding. Yeah, that situation. And I was there, manually patching, rebooting servers, and praying that the crisis would be over soon.

And now? I run my cybersecurity firm, P J Networks Pvt ltd, and things have got infinitely more complicated over the years. And, recently, I helped three separate banks upgrade their zero-trust architectures. In case you are still catching up, zero-trust systems would mean trust no one, always verify. It is a now black circle in cybersecurity land, where every access request is verified, regardless of where it’s coming from.

That’s relatively easy to imagine, but the execution is not trivial. In some cases, these firms are fighting compliance bills, legacy infrastructure, and user obstination. The point is, zero-trust demands:

Honestly, not every org is prepared for it—but the banks I consulted with? They’re serious. But easy though it is to say, roll out zero-trust, doing that isn’t just a tech swap. It’s a mindset shift. Hard to sell occasionally since, let’s face it: People hate steps. Even if they make you more secure.

And on the subject of mindsets… I just came back DefCon – home to hackers, security geeks and hardwareheads everywhere. It’s the hardware hacking village that gets me every time. Protecting a network in a quiet, controlled server room is one thing. But watching flesh-and-blood humans rip apart IoT devices, crack the security of cars and hack hardware tokens in person, it’s a reality check.

My takeaway? The hardware vulnerabilities are the sleeping elephants. You patch software, but hardware? That’s a whole different beast. Oh, and AI-powered security tools? Meh. I’m skeptical. AI can make automation and sleuthing a little easier, but trusting it blindly to secure your environment is similar to letting a self-driving car learn how by tying into YouTube videos only. You want the human in the loop. Always.

Quick Read for Busy People

• Cyber attacks from the 2000s such as Slammer helped establish modern threats — and they have not changed much.
• Zero-trust is essential but requires cultural and technical transitions.
• Hardware hacking is an area that we’re not seeing enough of.
• Don’t place all your eggs in the AI-powered security basket.

Why I’m Still Excited and a Little Frustrated About Cybersecurity

Listen, I have certainly made many mistakes. At first, I didn’t appreciate the human side of security. Firewalls and antiviruses, I figured that was the silver bullet. Spoiler: they’re not. I recall the time I hand-waved away a staff member’s unusual email as harmless eccentricity — and bam, we’re desperately spinning up our response to an end-run phishing attack that circumvented every technical safeguard in place.

I am persuaded, in that password policies are often worse than no such policy at all. You’ve seen it, right? The bottomless complexity requirements (that lead us to write passwords on sticky notes taped to monitors or crustaceanize them like Password1! and Password2!. Never fear — here’s my hot take: balance complexity and usability. Have users use multifactor authentication and educate them so you don’t just pile on rule after frustrating rule.

Passwords, I like to think of as car keys. You don’t want to make so onerous its use is impossible, but you definitely do not want it a rusty nail either. The key must be safe and convenient.

Firewalls, Servers and Routers Throughout My Career

Funny thing about tech: the gear changes, but for the most part, so do not the goals. Once upon a time, firewalls were nothing more than simple packet filters—stripped down but effective for the age. Today? These are these hyper-intelligent beasts that do stateful inspection, intrusion prevention, application-layer filtering and even encrypted traffic scanning.

But I’ve watched companies purchase the shiny new gear without knowing why — or how to set them up with any intention. That’s as if you bought a powder blue Lamborghini, yet never actually learned how to drive stick.

One piece of advice: Always have your firewall rules decent, minimal and nicely documented. Rules tend to accumulate over time like old receipts — clutter that can obscure weaknesses.

Servers and routers have their tales, too. I still remember the router configuration a small child and with no touchscreen back then. Today? They’re smart, frequently cloud-managed appliances that can shift security policies at will. But along with power comes complexity — and sometimes that’s where the damage is done.

Real Talk on Protecting Banks and Financial Institutions

Banks are Fort Knox, only with a user interface — and vulnerabilities at every step.

When I was hired to assist with the upgrade of zero-trust for three banks, the degree of complexity was mindboggling:

• Older applications that cannot support modern authentication standards.
• Users who want things quick but security that wants slow, careful checks.
• Regulatory walls higher than the Great Wall of China.

Security vs. convenience and compliance – it is an art! No joke.

I helped these banks deploy:

• Micro-segmentation to separate core systems
• Respond to real-time risk scores with dynamic access controls
• Automated threat hunting endpoint detection and response technologies

The results? Less attack surface area, better audit trails and most important of all: A security culture that’s starting to take hold. But it required patience, conversation and yes — bribing some execs with homemade samosas (I’m telling you, food is a magical thing).

Final Thoughts From My Caffeine-Stained Desk

I’m passionate about cybersecurity, not because it’s sexy but because it is real. Every bug I fixed, every breach that I contained — that’s real impact. I have seen trends come and go, but this field always requires vigilance.

If you’re a business operator and thought cybersecurity for your company is just an IT issue — think again. It’s your frontline defense. And yes, you shouldn’t be limited to just shiny tools. You need strategy, culture and honest-to-goodness human expertise.

Here’s what I recommend:

• Invest in good cybersecurity consulting
• They know that they need to be more than just an Internet plumber who swats down threats after the fact
• Don’t patch, understand your threat landscape
• Watch that hardware security as closely as your software
• Be wary of buzzwords in particular AI-powered claims with no evidence to back them up
• Make sure your password policies are user-friendly and add multifactor authentication
• Reduce the number of rules you cannot use any part of a previous three passwords but enforce good length: Use at least eight characters even when complex

And remember: in cybersecurity, you can never let down your guard. But with the right approach? It’s worth every night of losing sleep for the peace of mind.

Until next time, from me at my desk and third coffee — better safe than sorry.