FirewallFortinet
Sanjay Seth
July 23, 2025
253 0
0
67
2
Shares

Lessons from 1993 to Today: The Evolution of Cybersecurity and Zero Trust

You know, sometimes I go back to 1993–my early days as a network admin. Just try to imagine: dealing with voice and data on PSTN multiplexers (extremely painful for some of you youngsters, but it was what it was). We didn’t have fancy cloud dashboards or AI analytics tools at the time. Raw TCP/IP and some coax cables, and a lot of prayer that your configs didn’t toast or blow up the line. Those were the days.

And then there was the Slammer worm — that was a doozy — in 2003. I can still hear the confusion that engulfed the area like wildfire in a drought-stricken forest. Systems down everywhere. It woke up a lot of people, including me.

Fast forward to now—and I am the founder of my own security consultancy, P J Networks Pvt Ltd, where we are enabling businesses to thrive in the face of an ocean of cyber threats. I recently helped three banks elevate their zero-trust architectures. Let me tell you, zero trust is not just a sexy term that bankers throw out there — it’s the foundation of business security these days.

And I just returned from DefCon. Still vibrating from the hardware hacking village. It’s insane to consider that the basics really aren’t that different — the canvas just gets more sophisticated.

Why I Still Love Old Tech and the Zero Trust Love Affair

Here’s the thing—security today sort of reminds me of fixing up old cars. You can’t just slap on a new engine and say it’s fixed. You check every nut, every bolt. Zero trust is sort of like that: never trust, always verify and be prepared to strip things down to the chassis if you need to.

The banks I worked with also had a few legacy systems dancing and prancing under their cool new facades — old birds spiffed up with fresh paint, in other words. Zero trust meant:

  • Segment network down to micro-perimeters.
  • Implementing rigorous identity and access governance policies.
  • Ongoing surveillance (because risks don’t stay the same).

But here’s a hot take that some may find controversial—I believe the hype surrounding AI-enabled security is too much. AI is powerful, don’t get me wrong. But just blindly trusting it to detect every threat? Nope. It’s as if you bolted a GPS unit to a ’75 Mustang and expected it to smoothly guide you through city traffic — it might aid you, but the driver has to pay attention.

Quick Take: What Zero Trust ACTUALLY Means for Your Business

  • Trust no default settings — really, change every password and turn off every unused service.
  • Micro-segmentation is no longer a luxury — assume each segment of your system is its own city armed with its own police force.
  • You are only as safe as your weakest authentication — multi-factor authentication should be in 100% of the places.
  • Consistent visibility is critical – logs, alerts, audit. Don’t just collect; analyze.

Early Lessons from the Network to Now

I have been around long enough to witness a few mistakes — mine too. There was the time, early in my career, that I missed a basic misconfiguration on a router, which ended up equating to hours of downtime. Felt terrible. But those moments are gold. They ground you.

Take the Slammer worm saga. It took advantage of a buffer overflow in Microsoft’s SQL Server, something that, at the time, wasn’t on the front burner for anyone except the geeks. The worm also taught me a lesson in the kind of no-excuses reality of unpatched systems.

I’m still surprised at how many companies today, decades later, can’t patch. It is like making a great biryani without masala. The base is crumbling, and so is your security.

Firewalls, Servers, and Routers: Your Front And Last Line of Defense

Here’s a no-nonsense reality check. Firewalls are not fireproof — they need your attention. Most firewalls are the equivalent of security guards who check only ID cards and don’t worry about bags. You gotta:

  • Regularly update firewall firmware.
  • Have a closer look at ACLs. Your firewall should know precisely what is permitted and what is not.
  • Segment servers correctly — don’t put all your eggs in one basket.

Routers? They don’t get much respect, but they’re the traffic cops of your network. Make sure you shut off all unused ports, but also use secure routing protocols, and watch for abnormal patterns. Your first line of defense is the router.

Lessons that I Learned in the Hardware Hacking Village (DefCon Content)

There was a treasure trove at the DefCon hardware hacking village this year. To watch security professionals take apart hardware — even down to the chips on motherboards — was like watching surgeons.

It confirmed what I have long suspected: hardware counts. If someone’s got physical access, or a really advanced supply chain breach, software defenses won’t work.

Here’s a morsel from one of the demos:

  • Even minor firmware alterations can make the backdoor accessible.
  • Hardware-level trojans are a thing and they are scary.

So sure, let’s pay attention to software patches and work to implement zero trust — but let’s not forget this caveman threat. Often the weakest link.

Rant Moment: Password Policies

OK, so I have to put this in—stop with the arbitrary password requirements! Seriously. It is not more secure to require special characters, upper/lowercase, alphanumeric, constant changing without context. It simply encourages users to write the password on a Post-It note.

I like passphrases — long and easy to remember but complex enough without being a nuisance. Example: RedCarrotsDriveFast2024! Easier to remember, harder for someone to crack.

Businesses must get smarter — smart use of multi-factor authentication, password managers, and user education — and not merely stand barking their standard policy requirements.

Conclusion—What Has Changed in Cybersecurity and What Has Not Changed

Evolution is apparent in security.

Here’s the thing: Cybersecurity is not a trust potion. It’s messy, full of nuance, and unpredictable. From those first days on the networks to now running a firm and advising banks, here’s what I learned:

  • Trust is not given, it is earned (so are zero trust architectures).
  • Legacy systems deserve love — don’t just tack on fixes.
  • You cannot ignore hardware security: Hardware defenses are just as crucial as software security.
  • Technical controls alone are not enough; human factors must be part of the security equation.

And if you take away anything from this rambling, coffee-fueled post, it’s this:

Security is not a goal, security is a process. And there’s nothing to lose in here anyway, and money to lose if you’re not in here every day. And if you’re not excited to learn every day, then you shouldn’t be in this business.

Alright, enough for today. Time for me to go take a next-gen firewall config digging. If you think your network is still cruising without seat belts, maybe it’s time to have that talk.

Sanjay Seth
Cybersecurity Consultant at P J Networks Pvt Ltd.

Sanjay Seth

Sanjay Seth

What's your reaction?

Related Posts

1 of 269
© 2026 Fortinet Firewall CyberSecurity Networksecurity PJNetworks NAC Solution Blog - Fortinet Firewall CyberSecurity Networksecurity PJNetworks NAC Solution Blog by Sanjay Seth.
© 2026 Fortinet Firewall CyberSecurity Networksecurity PJNetworks NAC Solution Blog - Fortinet Firewall CyberSecurity Networksecurity PJNetworks NAC Solution Blog by Sanjay Seth.