Reflections from a Cybersecurity Veteran: Lessons from the Past and the Path Forward

It’s 3rd coffee o’clock, and here I sit at my desk, looking at artifacts of days of yore, when all I was, was a network admin in 1993. That was another world entirely, the world of voice and data commingling over PSTN lines through enormous multiplexers. No fancy cloud talk, no AI-everything. Nothing but raw cables, the flashing lights of routers and the occasional bout of panic when something went wrong in the network. Then, security was something of a side hobby — not yet the multibillion-dollar industry it is today.

And yet, it’s funny the way some cyber threats never quite grow old. A case in point was the Slammer worm of 2003. When Slammer hit, I was knee deep at a client’s site chasing problems when it felt like 24 hours passed and Slammer had touched down overnight and screwed up networks worldwide, mine included. Slammer wasn’t exactly discreet; it wriggled through a hole in SQL Server and merrily infected everything in sight. I recall working through the night patching systems, analyzing packet captures, attempting to understand the madness.

From Network Admin to Security Expert

Fast-forward to today and I am the head of my own security outfit, P J Networks Pvt Ltd. The problem has multiplied exponentially — just like the tools (and headaches). Three different banks recently brought me in to redo their zero-trust architectures. Zero-trust isn’t just a buzzword. It’s the paradigm shift every enterprise requires especially now that the perimeter is long gone and users/devices can no longer be trusted by default. Why all the fuss with zero-trust? Easy — it’s the closest we ever come to actually assuming risk in today’s distributed society.

The Limitations of Traditional Firewalls

The fact is — those old-school firewalls and perimeter defenses only get you so far. I see companies that are still grasping the old way, using complex, rule-laden firewalls as though they were weaving a safety net. But if you ask me, most are hole-riddled swiss cheese that’s only waiting to be exploited.

Quick Takeaways for Those in a Rush

• We learned the hard way why patching is so important, because of the Slammer worm
• Zero-trust is not some future thing; it’s here now
• Hardware is still hard – Legit just got back from DefCon, and the hardware hacking village is serious
• We really need to rethink password policies (yes, I’m going to rant about this)

Why Implement Zero-Trust?

Because trust is expensive, and trusting by default anything inside of your network is a recipe for failure.

When I was using those banks, deploying zero-trust was:

• Inside network segmentation in order to restrict movement laterally on the network.
• Requiring and enforcing full identity validation with every access request (MFA all day)
• Constantly tracking user & device activity to detect unusual behavior
• Automating policy enforcement to eliminate human errors

And yes, it’s all very much not plug-and-play. It takes planning and buy-in from all levels of the organization. You like a straightforward dashboard? That’s in the movies. Real zero-trust work is like tuning a performance car — it involves some amount of tweaking, diagnostics and, occasionally, staring at the engine light blinking at you for hours.

The Importance of Hardware Security

I’m exhausted though still high on DefCon and especially the hardware hacking village. Watching those people reverse-engineer IoT gadgets and embedded systems was a great example of how often we gloss over the hardware security side of things. Software hogs the spotlight — AI this, machine learning that — but what about firmware? If your devices themselves are compromised, it’s not going to cut it to patch software holes.

Think about that old analog car you cherished. You could open the hood, fiddle with the carburetor, and possibly do it with duct tape and elbow grease. But try doing that with modern IoT gizmos and — it’s a black box of crap.

Password Policies That Put Security at Risk

Let me be blunt: your password policies are getting people killed.

Seriously. I consistently work with clients who implement very odd rules: forced special characters, changes every 30 days, length restrictions that make no sense. This leads to:

• Users finalizing passwords written on sticky notes
• Use of passwords across multiple systems
• More helpdesk calls to reset the thing

Here’s a recipe for disaster you couldn’t possibly want. Instead:

• Promote longer passphrases, not arbitrary complexity
• Opt for passphrases that are easier to recall and more difficult to guess
• Use in conjunction with multi-factor authentication for a real security bump

The fixation on complexity over use? It’s like attempting to make a gourmet dinner with stale food — seems great, still tastes nasty.

The Reality of AI Security Solutions

Speaking of which — how about AI security solutions? I’m skeptical. I’ve seen lots of glossy sales and marketing fluff that claims AI will be the solution to all your security problems. But AI is only as strong as the data with which it’s fed, and attackers are becoming smarter, faster.

Plus, trusting AI implicitly can lead to unattended gaps, because context is important. Automated detection goes a long way, but human insight and expertise still can’t be replaced — no matter what the vendors tell you.

Maintaining the Backbone of Cybersecurity

Returning then, to firewalls and servers — they still sit at the heart of any business’s cybersecurity posture. But consider them a car’s chassis and engine. Without the right maintenance, the best design will appear like crap. That entails regular firmware updates, configuration reviews and, frankly, knowing when to call it quits and replace old gear.

I’m a strong believer that security is not simply a technology issue — it’s process oriented, people focused and yes, sometimes messy. I’ve seen companies with the fanciest tech stack fail miserably because they forgot the fundamentals: user education, clear policies, response plans.

Pragmatic Cybersecurity Checklist

Here’s an easy pragmatic checklist I give to my clients, especially those processing sensitive information (banking, health care):

• Periodically review your firewall rules and close up old holes.
• Enforce least-privilege wherever you manage servers or endpoints.
• Use network segmentation to separate the most important assets.
• Progressively adopt zero-trust principles — don’t try to boil the ocean.
• Splice in user training—your first defense line.
• Keep logs open all the time (if you can’t see it, it won’t get fixed).

And let me tell you, cybersecurity is just like having an ancient classic car. It requires dedication, expertise and the occasional expletive. But if you put in the effort, the ride can be smoother, safer and, dare we say, even pleasurable.

The Future of Security

So what’s next for those serious about security? Stop thinking in terms of software patches and antivirus alone. You want holistic solutions that include zero-trust, monitoring at the hardware layer, and yes, user behavior analytics. And let’s not forget the importance of experience — things I’ve had to learn the hard way, things that have taken me decades to learn.

I’m getting close to wrapping this up, but let me leave you with this — if you want to engineer tolerant systems, think like a mechanic who has spent years un-sticking jammed carburetors and deciphering mischievous engine codes at the same time.

Stay curious,

Sanjay Seth
Cybersecurity Consultant
P J Networks Pvt Ltd