My Journey from Network Admin to Cybersecurity Expert

I began my journey in tech in 1993 as a network admin. Yeah, back when the internet wasnt the household name it is today and voice and data over PSTN over multiplexers was cutting edge. Today, I run a cybersecurity agency of my own, and yet I have never let go of those early days, primarily because the fundamentals simply never change. Or they do alter, just enough to keep you guessing.

As I did last month, after assisting three of our countrys largest banks on their zero-trust journeys, Im reminded that security is as much about technology, people and stubbornness.

Insights from DefCon and the Hardware Hacking Village

I’ve just returned from DefCon and am still coming down from the hardware hacking village. There’s also something about watching skilled hackers take apart devices with nothing more than screwdrivers and soldering irons that provides context to the latest AI-enabled solutions.

When you cut through the noise, Im deeply suspicious of anything thats called AI-powered in the realm of cybersecurity. Too much snake oil being peddled on that bandwagon and not enough true value being added. But more on that later.

From Netadmin to Security Consultant — Lessons Learned

What I learned in those early stages of my career was just how brittle our infrastructure was. I was at the council during the infamous Slammer worm attack in 2003 — a thin, fast-moving beast that knocked over systems within minutes. It was a rude awakening to the vulnerability of even sprawling enterprises, if they were not properly defended. And frankly, we had to learn fast or get dropped.

Those lessons have stayed with me – because hacking hasn’t stood still; it has simply shifted tactics. The battlefield looks different these days, but it’s just as hostile.

Zero Trust — More Than A Buzzword

I’ve recently worked with three banks — and let the record show that banks, due to their very nature, don’t mess around. Banks want rock-solid security. We repaved over their zero-trust architecture, and, frankly, this level of granular access control with continuous monitoring feels like the right path forward.

Here is a quick summary of what zero trust meant for these financial titans:

• Never trust, always verify — Your internal network is not somehow immune from compromise.
• Micro-segmentation – Restrict attackers’ east-west movement.
• Multi-factor authentication: Forget about trusting passwords alone.
• Continuous monitoring: Static policies can’t keep up.

Banks are ahead of the curve in most sectors here – but it’s not simply a checklist exercise. It’s about figuring out where the real risks are in your network and in your policies, and changing course fast.

The Hardware Hacking Village — A Call to Arms

At DefCon, the hardware hacking village was a throwback to days of old with new challenges too. In a world obsessed with software vulnerabilities, hardware attacks are like that old-school stick shift car that you still secretly love — they’re harder to master, but once you do, the payoff is enormous.

And watching devices physically handled has reminded me about supply chain security and how endpoint integrity goes more than just skin deep. If someone can mess with your device at the hardware level, all your firewalls and servers aren’t going to do any good.

I have received my fair share of in the middle-of-the-night calls where it was a corrupted piece of kit, not just network intrusions.

Firewalls, Servers and Routers — Your First Line of Defense

Here’s where things get interesting. Those traditional tools that you may think of as mundane — firewalls, servers, routers — are the backbone of your cybersecurity posture. And believe me, in a world that’s panting after shiny AI, those are the solid tools you can’t afford to ignore.

Think of it as the engine of your car. You can stick a fancy GPS system and heated seats in there, but if the engine’s junk, you’re not driving anywhere. The same applies here.

Here are the things that most companies I work with are struggling with:

• Old firewall rules — People leave rules up long after they should be torn down.
• Defaults or easily bypassed on insecurely configured routers: They “make it hard and people won’t use it.”
• Servers overloaded and under-patched.

And, yes — I’ve been guilty of missing a patch or two in my youth. We all have. The point is to transform that experience into vigilance.

Password Policies — A Necessary Rant

If there’s one thing that I hate more than anything else, its bad password policies. With a propriety password policy full of random special chars, and changing passwords monthly? It’s counterproductive. Users write down passwords on sticky notes or come up with weaker passwords because they simply can’t recall them.

The better approach:

• Prioritize length over complexity : It’s easier to remember a longer passphrase and thus more secure.
• Use passphrases where possible.
• Use multi-factor authentication, which is really a must.

I mention this not, I assure you, because it’s fashionable, but because I’ve had my own clients locked out or breached because of nonsensical policies.

Quick Takeaways for Business Owners

For readers who run businesses, here’s what you can extrapolate from my pile of caffeinated thoughts today:

• Do not trust your network for the simple reason that it is ‘internal.’ Zero-trust is real and necessary.
• Hardware security is no longer optional — supply chain, tamper detection come to mind.
• Keep your firewall, server, and router configurations clean. Sadly, paradoxically, that means not overlaying rules on rules.
• Passwords are not dead but if you’re going to stick with them, simply revisit your policy and quit making your people miserable.
• AI-based security tools make for flashy headlines, but your mileage may vary.

Why I Am Doubtful About AI-Driven Security

Look, I’m all for innovation. But AI in cybersecurity can often feel like a lunchbox full of candy when you’re looking for protein. Vendors tout AI as a silver bullet, but without appropriate context and strong data hygiene, these systems can spit out more noise than signals.

My experience is that AI is a complement — not a substitute — to seasoned human judgment and rock-solid infrastructure.

Final Thoughts

These days running P J Networks Pvt Ltd is all about juggling the old with the new. I sit at my desk, halfway through my third cup of coffee and think about how much the industry has changed. But some things refuse to budge: Threats remain, human error is inevitable, and yet, with the right mindset and tools? We make progress.

If you ask me — attitude is as important as technology in cybersecurity. You must have curiosity, a hard head and a touch of paranoia. Mix them well.

And while we’re at analogies, your network is a lot like a car. It’s a beautiful thing, and more powerful than ever, but it takes care, attention, and, every now and again, a little elbow grease to make sure it’s running as its best on today’s faster highway of threats.

Stay vigilant. Stay skeptical. And if you feel like venting about password policies, DM me.