From Network Admin to Cybersecurity Consultant: Lessons Learned Since 1993

1993 doesn’t seem that long ago – I remember it happening, and me just out of college, beginning my work as a network admin. At the time, I was fighting with MUX boxes over PSTN (public switched telephone networks) lines, doing voice and data the way trapeze artists keep plates aloft. Fancy cloud stuff or AI-powered black boxes, none of that, just raw networking gear and a load of patience. I reached today, 30 years later, having now started my own Cybersecurity firm, P J Networks Pvt Ltd., assisting professional enterprises (and banks!), shore up defenses in a time when threats have evolved into a new animal altogether.

The Slammer Worm: A Wake-Up Call for Internet Security

And speaking of beasts — the Slammer worm. O.K., that little guy changed everything. When it hit, I remember, it was like somebody hit the panic button for the internet. Systems ground to a halt, packets clobbered networks, people raced to patch what they could. Slammer was a worm that spread like wild fire by taking advantage of a security flaw in Microsoft SQL Server 2000, if you didn’t know. All of this was well before the age of monthly patching by all vendors, in fact more like whenever the hell we feel like it patching. That near miss taught me a valuable lesson: your response time can be the difference between a little scare and totally losing your mind.

The Evolution of Security — Network Jedi to Cyber Jedi

In between those days as a network admin and today, I’ve watched the cybersecurity landscape radically change. Back in the early 2000s, most of our concern was worms and malware traveling through physical media or basic internet exploits. Now? The bad guys are crafty. They camouflage, pivot, sidestep. The attack vectors are many — phishing, ransomware, supply chain attacks. And you name it, they use it.

I run P J Networks and am lucky enough to work with companies to make sure the security policy they implement fits what they actually need – not some sparkly product that only looks good on paper.

Facing the Facts: Why Zero Trust Matters

Therefore, a few weeks ago I have been serving 3 different banks in efforts to strengthen their ZT architectures. Why zero trust? Here’s the thing — trust is not a strategy anymore. Because trusting all your devices and users just because they are inside your network perimeter is like leaving your front door wide open and hoping no one gets curious and comes inside. Spoiler alert: They will.

Zero Trust Means

• Never trust, always verify. Each request to open data or systems is rigorously vetted.
• Strong identity management — no password123. And if you do still have any of that, seriously: don’t.
• Micro-segmentation to contain lateral movement in case of breach.
• Ongoing device and user validation and monitoring.

The banks challenged — on usability, cost, complexity. I get it. Some people would say zero trust is overhyped and complex. I tell them those people have not done this right or have not been breached yet.

Quick Take: What’s The Number One Thing I’m Taking From This Experience?

For the rest of you who are reading paragraphs (I understand you’re busy and may have had only two coffees), here’s a very quick synopsis:

• Old malware legacies never die. Slammer showed us what happens when you don’t respond quickly to fungal infections left to spread.
• Zero Trust isn’t just some buzzword, it’s the real path forward. And it works best when you make it work for your environment.
• Patch early, patch often. It’s dull but saves difficulties in the long run.
• Be very wary of anything marketed as AI-powered. A lot of companies slap all that on to sell products they can’t deliver.

Hardware Hacking Village — DefCon Hype You Have To Share With Friends

Just returned from DefCon—hardware hacking village great. Honestly, some of this stuff almost feels like a television show where hackers demonstrate cool, scary things. But this year, it hit home. Why? Because it made me think of how vulnerable the physical layer of security is. We obsess over firewalls and cloud security and endpoint protection, and forget about hardware vulnerabilities.

Some Quick Highlights

• Old routers and switches are still running with default credentials set — And don’t even feel ashamed, I’ve been cleaning that up on client systems lately…
• Hardware keys are also vulnerable to side-channel attacks. Not just theory.
• You can make a single little USB key that attacks entire computer systems — it’s why you should be paranoid about plugging unknown devices into your computers.

Hardware is the unsexy part of cybersecurity conversations, but it’s fundamental. If your router or firewall is a rusty old jalopy, you don’t magically turn into a Tesla just by slapping on a nice antivirus.

Password Policies: A Rant

Oh, password policies — how you pain me. I get it. We’re all tired of having to remember complicated passwords that resemble car license plates riddled with math equations. But the dirty secret here is that most corporate password policies harbor roots in 1980s practices. Yes, 1980s! You think having people change passwords every 30 days will help? Nope. It only results in more monitors with sticky notes.

Modern advice? Use a password manager. Period. And here’s why:

• It allows you to use a really genuinely random, strong password.
• You don’t have to remember all of them.
• You reduce reuse everywhere.

But beware. Password managers are not a panacea. Two-factor authentication (2FA) is your buddy here. And to those who are promoting biometrics as invulnerable — your fingerprint isn’t a password you can change.

The Nostalgia Factor — Old Tech Meets New Threats

Occasionally, when the day feels endless and my third cup of coffee catches up with me, my soul aches for the simplicity of times long past. No, not the internet of everything, not the smart fridge that ransacks your Netflix password, but good old routers and servers and firewalls that it’d feel good to knee-slap and reboot.

But here’s the rub: Those very devices, unless updated and monitored correctly, can be a liability. I’ve worked for companies that still rely on firewalls that are a decade old, “because they still work”. Yeah, they have — until they haven’t.

To me, using proven hardware in combination with modern security principles is not a contradiction. It’s a necessity.

Conclusion – A Security Consultant’s Dose of Reality

Cybersecurity is hard. It’s complicated. And it happens so quickly you’d think it was a gear change in a Ferrari. But here’s what I can say for certain moving from mux wires in the 90s to zero trust and DefCon in 2024:

• You cannot secure what you do not comprehend. Understand your network, your users, your resources.
• Be quick to respond. As Slammer taught us, speed is king.
• Zero trust is not a trend — it’s a framework that requires attention.
• Use your common sense and that of trusted reviewers (not that of uselessly rabid marketers). If it’s AI-powered and can’t explain itself, be suspicious.
• Often, hardware security becomes the Achilles’ heel — address it.

And last but not least — cliché but true — security is a journey, not a destination. Expect to mess up (I have many times). Learn from them. Keep at it. And perhaps a fourth coffee.

Stay safe out there,

Sanjay Seth
Cybersecurity Consultant
P J Networks Pvt Ltd