Reflections on Cybersecurity Evolution and the Importance of Zero-Trust

I find myself at a desk after the third coffee (the one that has me jetting around the room then settling with twice as many insights), reminiscing on how very differently cybersecurity looked back in 1993 when I started out as an admin on networks. I remember fighting with all my networking and multiplexers for voice and data over PSTN, those noisy clunky machines that feel like ancient technology now but where what everything relied on.

Tech, at the end of the day, has developed incredibly fast and yet some challenges appear to be quite similar to those from 30–40 years ago. And pick a new rope: Last quarter I was with three banks updating their zero-trust architecture — and believe me, the space is mature, highly sophisticated and pretty much mandatory. But first, let’s back up a little.

Accidentally Zero-Trust — From Slammer Worms to a Better Place

Remember the Slammer worm? In 2003, that minor piece of malware raced across networks, crippling banks and government systems by the thousands in less than 20 minutes. It would soon be something I experienced first hand, battling to repair vulnerable systems and assuring the leakage of data. Those were frantic times. I still get chills remembering storytellers like that.

It was finally time for me to realize that last incident which was more than just a headache. One of the first things I was taught, in a lab making routers talk to each other across three rooms and one phone line through a comically flaky Arab-Israeli VoIP provider called QTS (bless its trainees corpulent heart), is that thinking about security purely in terms of perimeter defense — firewalls and antivirus software — was becoming obsolete. The problem was that it began to be penetrable — malicious actors found new openings and good old defenses started showing first signs of wear.

What Experience Taught Me About Building a Security Company

Today, I am moving one step ahead in my life i.e P J Networks Pvt Ltd Cybersecurity hardware solution provider and business making progress on focus of cybersecurity, firewalls, Servers and Routers. Clients come to me because, well, they know I have been there in the trenches—years before AI-powered became a catch selling phrase (I actually still cringe at that).

However, owning your own firm is not all about sales of tech solutions. It is understanding organizations fully and to security for the businesses needs. No cookie-cutter stuff here.

One Recent Project

As a matter of fact, three banks called for some kind of greater zero trust reinforcement. Here’s what I walked into:

• Fragmented trust zones with excessive undergirding grants.
• Legacy systemsIn this scenario you have a legacy system which still talks to the modern apps without proper authenticatio
• Confusion for access policies between who uses, where can they use it and what can they use.

Zero-trust isn’t magic—it’s a discipline. And sure, it hurts to remove bad crap. But it pays off.

Zero-Trust Isn’t Just Another Buzzword

Everybody bandies about zero-trust these days as if it’s the cure-all source: /sci/ It’s not. You never trust anything inside or external to your network (or zero-trust)! Each access request is authenticated, authorized and verified.

Upgrading is intimidating and overwhelming, but the way to tackle it piece by piece can make it very manageable:

1. Identify your Critical Assets and Categorize them

• Segment your network to keep sensitive areas separated
• Enable robust multi-factor authentication (MFA)
• Track access attempts and log them permanently
• Automate responses to anomalous activities

But, here is what I get a little controversial on — PASSWORD POLICIES. Way too many companies allow users to get around requirements of periodically changing very obscure passwords, which is why people write them down or resort to some sort of pattern. That is security theater, not security.

Long story short? Use phrases, not just passwords Make it memorable but tough. And combine that with MFA.

DefCon and the Hardware Hacking Village – Why I am Still Buzzing

Hi all, just returned from DefCon which is not for the faint of heart. My inner tech-geek totally opened up in the hardware hacking village. After watching people extract secrets out of Internet of Things devices and even taken a walk on memory lane by reviewing old routers, I felt — nostalgia mixed with streetwise.

This is often an area of hardware that does not get much coverage in most cybersecurity discussions. But it’s critical. Your router or firewall is like the engine in a car — no matter how nice the dashboard looks, if you have a poorly protected engine you’re not going to go very far.

Sadly, a good deal of enterprises are still improperly sustaining their legacy hardware by not keeping up with patches — they are just asking for it.

Bottom Line for Busy Executives

Alright, I know you do not have hours to search through each of those posts. Here’s the gist:

• Of course, zero-trust is necessary, but you sort of have to build a little bit it + it’s not overnight. Approach it methodically.
• Rethought password policies; Complex is not always better.
• Patch your hardware… vulnerabilities are not only for software.
• AI-powered solutions? These are great tools and if it is known how to leverage them in the right way they can be really useful but don’t get lost in the hype.
• Your security culture is your best security asset — educate, communicate, and enable your users.

The use of networks, firewalls and servers (and… Wait for it — that old-school wisdom)

In 93, my toolset was a lot less sophisticated but the principles are still there. While our networks have gotten denser, our servers more powerful and firewalls smarter, at the end of the day securing your environment means building trust on solid foundations.

I mostly jest but damn today’s security pro ought to learn some of the old school — there is something about having had to truck your ass over to a server room and ungracefully restore all of the cables that reminds you this shit runs on actual stuff.

Another thing which really surprises me is the still not driven standard for network segmentation by most of the companies. The term is not gibberish. It is to describe what are lanes on a highway that avoid unwanted incidents or accidents, segmentation. Because if there is none of it, malware runs rampant.

Some Tech Nuggets off my Desk

• Firewalls will serve as your first line of defense, not the only one. Recommendation: Install next-gen firewalls with the capability of deep packet inspection.
• Server hardening is no longer a nice-to-have (Female and inactive, disable/disable?) Port = door to enter/break into [secured by a password]
• Watch for Routers the Unsung Heroes need more Attention
• ACLs (access control lists) as it needs to be frequently evaluated Ernest also mentions attending type along with ACL problems.
• Logging and SIEM give you information that can lead you to the problem, but a person(s) still need to interpret the data.

Conclusion Before My Fourth Coffee

Cybersecurity is a moving target. What worked yesterday may not work today. My years in the trenches of dealing with issues as banal and deadly as the Slammer worm to upgrading bank architectures have taught me that staying humble and learning are critical.

No mistake — investment in zero-trust, hardware hygiene, and sensible policies appreciates. However, it is a marathon not a sprint.

Whether you hear yet another vendor pitch the AI-powered unicorn that fixes everything? Remember: skepticism is your friend.

Stay curious. Stay vigilant. And always double-check your passwords.

Cheers from my desk,

Sanjay Seth
Cybersecurity Consultant
P J Networks Pvt Ltd