The Evolution of Cybersecurity From 1993 to Today

It’s 9:37 AM. So I am sat here at my desk — third coffee freshly brewed and beside me — reflective about where cybersecurity has come from what it was like back in 1993 when I first started as a network admin. Back in the day (yes, it seems simpler when all I had to deal with was networking and multiplexers for voice and data) I used PSTN lines. There is nothing wrong in a new fancy cloud, no AI-powered ….. anything(!!). Just plain old wire, routers and every once in a while, if you are lucky one of the worms like Slammer surprises everyone by showing up uninvited.

And I learned a harsh truth in those early days: security is not something you can just buy, it is work. I get it, and I know that might seem like a cliché — but believe me after three years in the game there has not been a system anywhere that I have seen that did not have some weakness.

Cybersecurity Philosophy Real Experiences

Slammer worm? Handled it firsthand. That fast beast infected at will spreading faster than wildfire, with perimeter defenses not enough to stop it.

About five-wheeler years later, and three major banks have been in touch recently to help them totally redo their zero-trust architectures. Hint: None of that checking off the buzzword list nonsense. It is the truth It hurts but it have to Subversive Love — DYLOH Phase 1

✩ DefCon wrap up: hardware hacking village—where the rubber of the physical world meets the road of digital security and some seriously clever (and skeevy) exploits.

And speaking of passwords and 2FA, hey, here’s the thing about zero trust: if you think it has anything to do with them at all, you’re barking up the wrong tree.

Transition from Network Admin to Security Consultant

For me in 1993; it was all about ensuring those routers and multiplexers hummed along not dropping a packet. Voice and data? Over PSTN we knew each handshake, we felt the jitter and every glitch. It was like opening a window on a vintage car — every piece tangible and the outcome predictable to, if not an inch then definitely in degrees of velocity.

Today? Networks are vast mazes of VMs, cloud services, IoT devices and user endpoints spread across the globe. Back then, and working the other side of the street today, your best was and still is to Examine threats — sociotechnical puzzles that evade solid defense.

To be fair, sometimes I miss those simpler days — albeit viruses like Slammer reminded me early-on:

Traditional defenses can’t keep up.

This, of course, brings me to zero-trust — something that I answer to my clients multiple times a day.

In Summary Zero Trust is Mandatory Today

• Don’t trust, verify Reconsider what and who can access your network
• Micro-segmentation – This is where you break your network into smaller pieces — Just like CCTV shuts out an intruder on the next street, micro-segmentation stops attackers moving laterally.
• Ongoing detection You can’t defend what you cannot detect
• Identity AND posture of the machine, not just who’s using it but where that device is health locaiton wise.

Of course that’s just corporate jargon — that’s the new perimeter in a world where your frontier is, well… everywhere.

Insights From Assisting Banks Improve Security

Banks? Those are the juicy targets — full of the shiny knives and special ingredients that the crims (like burglars for your data) want to get their hands on. Now what happens if you are a chef and you mess up targets get injured badly

Here’s what stands out:

Zero trust means hard decisions. What devices get access? How often do you vet users? What type of data is it? Also, password policies…. don’t even get me started. Here’s a rant for free:

Yet, if those passwords are strong values alone, they become dead weight.

Policies like must have an Upper-case, a symbol and yes, please add that hieroglyph frankly just piss end users off and make them sticky note their password for later misuse. Instead:

• Passphrases > Complex passwords
• Password managers are your friends.
• Multi-factor is mandatory

And for these bank projects, adopting a zero-trust model didn’t only refer to technology upgrades; it also meant changing some cultural norms and engaging in quite frankly some heated debates.

DefCon Hardware Hacking Village Reality Check

Got home from DefCon last week, and the hardware hacking village was amazing. You understand that for all your fancy new firewall, server or router technology, an attacker who can gain physical access or exploit hardware vulnerabilities just to walk in and out of the door (USB based malware injection) is a painful punch delivered right through your digital fortress.

Some highlights:

• Old old tech, thus still in use = new attack vectors
• Laughably insecure IoT devices
• Clever side-channel attacks

It was like the old days of PSTN but on steroids except now it is not game — its sheer complexity gone rogué.

Five reasons I still don’t trust AI cyber solutions

For an old-timer like me, those AI-powered security products frighten the heck out of me. Here’s why:

• Opaque algorithms. You do not know what decision is being taken.
• False positives and negatives. Algorithms can respond in an overkill way or ignore a danger trends.
• Over-reliance. Organizations could get complacent, leaving everything to AI.

It is like driving blindfolded with an autonomous mode car. Cool? Sure. Safe? Not yet.

My Personal Analogy Cyber Security is Cooking Your Favourite Dish

You’re prepping a perfect biryani. But you can’t put everything in one pot and expect the best. You:

• Begin with a good hardware and software (resources)
• Layer the tastes thoughtfully (network segmentation, peppy policies)
• Keep it in check (monitoring & alerts) Watch your meal closely
• Regular taste testing and correction (continuous assessment and filling)

You read nothing, skip steps or wing it, and you end up with a disaster. Same with security.

So Here Are My Top 10 Business Cybersecurity Tips Right Now

• Know your assets. What’s critical? What’s exposed?
• Segment your network. Never keep all your eggs/data in one basket.
• Adopt zero-trust principles. There is no default presumed trust to any device or user.
• Physical — Look Out for Your Physical Security Hardware hacking is very real.
• Users are The weakest link is still the human, helps Weiter mit der Kundeninformation.
• Don’t blindly adopt AI. Use as an assistant, not a substitute.

A Few Words On My Lunch Break Rant

If you believe compliance in IT is a checkbox exercise, equality for all and that there are consumer level security tools to provide enterprise-level protection, you are in for one big surprise.

Remember the Slammer worm? It took no prisoners. Networks thought they were safe; they weren’t.

But today you have to be smart, not just complicated with these national wide networks and advanced threats. No one is going to make it so zero-trust makes your life difficult, instead we are starting with kicking and screaming being dragged into a dark room before showing them the light.

Okay, granted I am biased — running a security company and all. And yet, after all this time, the thrill of solving the puzzle, of giving those businesses peace-of-mind and allowing them to sleep better at night still gets me outta bed in the morning with a smile on my face.

And if you might ask me, the most punishable attitude is to think that your stuff is too small or too simple to attract an attack. One more thing, attackers that scan do not care what the system is; they only attack against existing vulnerabilities.

Embrace the complexity, simplify your controls, but remain vigilant!

Alright—time for coffee number four. Stay safe out there.