Real Experiences to Refer: A cybersecurity diary by Sanjay Seth

Three coffees down and the desk lamp is throwing more light than my screen, but I remember exactly why it is I’m doing what I am. I’ve seen attackers change from scrappy detractors taking advantage of misconfigurations to well funded teams turning supply chains into weapons. I am a little tired, yes, but the excitement of defending a business keeps jolting me awake in the dead of night to scribble notes and argue with vendors offering AI-infused miracles. And here’s the thing: real security is not a product. It is a discipline, a habit and in many shops, a culture.

I’m a network admin from the old days, back in 1993, with routers and multiplexers and the ugly data voice dance over PSTN. Old School I cut my teeth on debut Typed it out, now you should because The human element is as deadly as a bug. I watched the Slammer worm land in the mid aughts — right-here-firsthand, on-the-ground with clients who were doing math by minutes not hours — and I experienced what velocity, containment and transparent communication look like under strain.

Now I operate PJ Networks Pvt Ltd, a sales company that provides cybersecurity, firewalls, servers and routers as real defense system for business. We build, deploy and iterate zero trust architectures, incident response playbooks, and secure network fabrics. When I start a board with, We don’t need just one silver bullet, hairs raise. Then, I point to the math: multilayer control, swift detection, least privilege and persistent risk assessment.

A little personal note: I just returned from DefCon, all abuzz about the hardware hacking village — the place where gadgets meet curiosity. And that energy is contagious — the same intensity you’re seeking in your security team, focused down into action items and checklists.

Real Experiences to Reference

• Began in 1993 as a Network Admin, fighting over the networks and mux for voice and data via PSTN, realized that uptime is not optional it’s habit.
• Slammer worm firsthand: I sat watching protected segments disappear within minutes, learned containment, documenting, communication to the C suite and testing all of our assumptions against reality.
• Now own my own security company: the long days and the short wins, the client who was able to finally sleep after an intense breach engagement, or that team that out-learns how quickly the threat moved.
• Worked to help three banks update their zero trust architecture (identity, device posture and micro-segmentation) with cautious change control and testing.
• Just home from DefCon and can’t stop buzzing about the hardware hacking village: chips, boards, an unending flow of clever hacks, and a reminder that you can never tag a fence high enough to curtail curiosity.

Personal Background to Weave In

I began as a network admin in 1993, seeking solace and speed within the madness of dial tone, troffers and handwritten router configs. I learned at a young age that PSTN was not a black box, but scared shitless living infrastructure with every nook and cranny a gateway for misconfigged or misdiald call. The Slammer worm — yes, the bad one — was a wake-up call, said Dr. McKeown. It really taught me how one has to have plans in place for fast containment, and how a single unmanaged host can push an entire organization into crisis mode. For years after that I had a rather naive notion: people believe what can be seen and controls must be visible, testable, and enforceable.

I am now trying to make the planet more secure with my current venture PJ Networks Pvt Ltd, by providing practical defense for midmarket and enterprise companies. We support clients who build security that scales with business need: smart firewall rules provide protection without being a bottleneck, secure servers that stay operational under load, enterprise routers that can support dynamic segmentation. More recently we’ve assisted three banks refresh their zero trust architectures and that included re-evaluating both identities, device posture, access reviews as well as continuous monitoring. It was hardly glamorous, but it was steady income — just the thing that risk managers long for.

Fresh off DefCon, I’m still excited about the hardware village—the gadgets, the demos and the hands-on business that muddies the line between research and actual danger. The currency there isn’t theater; it’s the acknowledgement that an attacker’s toolkit is always changing, and ours should too.

Quick Take

• You don’t buy security. You build it, you rehearse it, and you tend to it as though it were a garden. Quick wins are great, but they’re also brittle unless you pair them with steady process.
• Zero trust is not a project, it’s a journey. Identity, device posture, network segmentation, and persistent risk scoring need to form a living program; something with people – not slides.
• AI security is a buzzword, not an insurance. I doubt anything will be accurately enough labeled AI powered without clear metrics, explainable decisions and human oversight. The thing is: Automation does help, but there are still humans that need to configure the policy and catch things like this.
• Password policies are a political game at many organizations. I go off about it because sloppy password hygiene costs good, hard-earned money. Embrace password managers, multi factor and regular phishing drills — relatively small investment, outsized return.
• For businesses considering which vendors to use, demand architecture rather than slogans. A firewall is a tool, not a panacea. A data center is a framework, not a fix. You need to manage, monitor and tune routers every day.
• And yes, I do love analogies: cyber defense is like auto maintenance. Your firewall is the radiator cap; your IDS is the oil light; your IRP is the service schedule. If you don’t keep everything moving, you stall.
• Nostalgia matters. I still think about early packet sniffers, SNMP traps and antiquated protocols that taught me how to listen for a pattern before the alarm went off. Those lessons still apply when you are chasing the next zero day, though, because basic principles don’t change.
• And if you’re curious what my feelings are on AI, here is the short of it: I don’t believe in anything labeled as powered by AI unless there is proof. AI is a tool, not a savior. It should supplement good engineering, not supplant it.
• And then a piece of advice: bake security into the procurement cycle. When you purchase a new firewall or server cluster, demand security test plans, known vulnerability baselines and a rollback plan. It’s not sexy, but it saves millions in both downtime and incident response.

Final Thoughts

Security is a business issue in tech togs. It demands risky conversations with C-suite executives, straightforward SLAs for vendors and an internal culture that values foresight and truth-telling over heroism. I’ve made my mistakes and you have probably too — that’s just part of this field — but I’ve learned to listen more, test more and document earlier. The genuine strength in a growing organization is not the buzzword-infested gadget of the month, but rather disciplined and thoughtful data access and resilience. So bite off risk this quarter, align leadership with security goals, and let your people deliver the defense you prove works.