By Sanjay Seth
7 months ago
58
0

Reflections on Cybersecurity: From Network Admin to Consultant

Third coffee feels and my fingers flash with a KeyKey lighting-bolt quickening to let some thoughts slip… space for little of that in this madness: but my frenzied attachment is calcified by salt-mist crystallising on the walls of cybersecurity decades since cyber became an article worth mulling over (early 2000’s). I was once a humble network admin, way back in 1993 managing things like muxes to carry voice and data over the public-switched telephone network. These were the days where we were more scared of circuit-switched networks than cloud servers. And honestly? Man, sometimes I wish for those simpler headaches compared to the threat landscape this gives you today.

My early scars but, in order to tell how, I shaped.………Every thing about my company P J Networks Pvt Ltd securities | firewall setups || servers ⛈️routers and which not (Network defense ) but. The most recent experience I have facilitated was assisting security leaders of three banks upgrade their zero-trust architecture. I also literally just returned from DefCon, and a patient buzzing back in my brain where the hardware hacking village was as if someone had bottled up what it feels like to be at Home Depot.

The Slammer Worm: A Lesson in Network Fragility

One example that always comes to mind is the Slammer worm explosion in 2003. If you weren’t on the front lines then, picture a respiratory infection that sweeps through an entire office tower in moments, rendering every box breathless. Slammer blasted through UDP port 1434, exploiting SQL Server bugs — but as I maintained voice-data mux setups, I experienced the fallout as phone-call quality plummeted and links wiggled.

But— and here I hope you are sitting very comfortably because this part may come as a terrible shock to many people —it taught me that cybersecurity is not solely the domain of fancy, next-great-thing software or those sweet AI promises. Sometimes — no, your infrastructure is the weakest link A vulnerability that vast can even include a old router with outdated firmware. The unsung heroes were the network admins who kept systems patched and monitored.

Oh, and by the way since we are talking about patching let me vent for a SECOND… 30 day password policies — WHY??? Terrible idea. All you do is drive the lazy and complacent to choose weaker passwords or write them down somewhere. A good password policy is like the seasoning in a curry – just enough to make it tasty, but not so much that burns the tongue.

Zero Trust — The Not So New Buzzword But Battle Ground

Fast forward to today, and I spent months rolling out zero trust models for three different banks. And no, zero-trust is not only something cool to add to your perimeter defense slide in your pitch deck. Wanna hear a secret? Sounds easier than it is.

Visualize zero-trust as an armored car delivering cash in a pickpocket city — except they could be not only outside the vehicle but inside too maybe even one of your own guys. Therefore, all requests, every action is verified and recorded for future review. This means that user identities, device health checks and network segments must coexist in a canine-like fashion.

Key Strategies That Helped Banks Implement Zero Trust

Rolling out multi-factor authentication for all user entries. This is basic security but it still gets skipped frequently.
Micro-segmentation between internal networks so that if an adversary is able to bypass the perimeter, it cannot simply navigate your internal network.
Real-time analytics to intercept bizarre patterns before they become alarming.

But then – here is a hot take – they will still yield as AI-powered tools are forced down their throats. I’m skeptical. There are no magic AI that could protect you from bad fundamentals, lazy admins or phished credentials.

Hardware Hacking Village at DefCon: Why Physical Security is Still a Game Changer

Back from the DefCon, I’m still processing the hacking village. That place where enthusiasts hack key fobs, IoT devices, even random ATMs – it’s a humbling reminder that your cyber defenses mean zilch if someone can just walk in or mess with your stuff.

Remember the days I used to configure routers that looked like a brick-sized lunch-box? All those Codecademy hours of memorizing old Cisco ASCII command lines. It drilled a kind of respect into me, a hardware one that software-only folks sometimes overlook. Physical tampering can bypass encryption, rootkits get embedded at firmware levels, and many service desk cases usually start with simple USB drops or a rogue device plugged in by a clueless user.

Physical Security Lessons from DefCon Exhibitors

Security has to be layered
Physical access controls are non-negotiable
Employee training to spot a funky device is just as important as high-tech defenses

Reflections – From Network Admin to Cybersecurity Consultant

I can’t help but chuckle at some of my early mistakes. Like the time a simple router misconfiguration cost an entire branch’s data to leak out of our network “accidentally”. Yeah, even in the years of experience stuff can mess up. But every error was a lesson – that’s the pain muscle-building nature of security. Technology has evolved, but some old truths remain the same.

Complexity is often vulnerability, and simplicity is robust. Keep it simple when you can.
People are the weakest link, but they’re also the most potent vector if you train and empower them.
Automation is a tool – but trusting a checkbox to do your work is a bad idea.

Quick Take: What Every Business Needs to Keep in Mind Now

Layer your security. Firewalls, intrusion detection, multi-factor authentication, endpoint protection…it all matters.
Zero trust is not optional. Assume breach and verify everything.
Don’t forget your hardware. The most common area where everyone fails is physical security.
Your users are your first line of defense. Phishing yields 90% of breaches.
Password policies? Not updating regularly, instead focusing on length and originality.

Final Thoughts

As the CEO of PJ Networks Pvt Ltd, I have experienced first-hand what happens when companies forget the basics chasing shiny buzzwords. And yeah—you juggle with the demands of clients and a constant stream of threats, another headache that requires you to reset your password.

And yet this is my fundamental core belief: cyber security is a marathon and not one that we can sprint. And how it is about resilience, curiosity enlightened and never being too proud of your time to resist. Combine this with a bit of old-school sense (I am serious, the PSTN days were amazing for refining principles) and you’re probably more ready than you realise.

Therefore, if you are interested in safeguarding your business especially for critical infrastructure such as banks, servers, firewalls; here it is the waste of your time avoiding those buzz.OSeeking this that clearly will already have the experience, flexible architectures and yes—a good consultant who can still remember how to make coffee and type after three cups.

Until next time… Stay vigilant, keep patching, and avoid the AI snake oil.

Sanjay Seth
Love to share my experience — Cybersecurity Consultant | P J Networks Pvt Ltd