My Cybersecurity Journey: Lessons from Past to Present

You see I’m sat here at my desk after my third coffee – you know, the one that really lasers your brain in — reflecting on the whirlwind that has been my journey in cybersecurity.

Started as a network admin in 1993. Yep, a time when man many of you thought Wi-Fi was nice, I was elbow deep in multiplexer configs to support voice and data on PSTN lines. They were simpler times, but no less trying. In fact, I can still see the days of the Slammer worm vividly — watching internet backbones sputter and grind to a halt like a car running outta gas on the highway. If you didn’t see it coming you were glued to the scene of the crash.

Skip to today — I have my own security company called P J Networks Pvt Ltd where I secure businesses from the growing digital threats. I had the recent opportunity to roll up my sleeves and assist three banks in the evolution of their Zero-Trust architectures. Believe me — these are not just buzzwords. They are what distinguish a fortress from a sandcastle.

And this past week, I returned from DefCon — still riding high from the hardware hacking village. Watching people tear devices apart to discover their flaws was like listening to master chefs take apart recipes to cook up something better. Which brings me to one of my all-time favorite analogies: Cybersecurity is a bit like cooking a stew. You can’t just toss everything in and call it a day and expect it to taste good. You have to know your ingredients, how they work together and when to put them in.

Why Zero Trust Is the Present and the Future (And Excuse My Rant on Password Policies)

The banks’ Zero-Trust projects were difficult but successful. Here’s the problem: Most individuals are still stuck in the front door lock model of security— but the windows are still wide open. Assume nothing, trust no one or nothing within the network: You Now the basis, the principle of Zero Trust is that you do not assume that anyone or even anything within the network is trustworthy. It’s the trust nobody, verify everybody philosophy, essentially. Seems obvious, right? But to roll this out across legacy systems (those prehistoric dinosaurs hiding in your infrastructure) can be a nightmare.

No two ways about it — passwords remain a pain in the arse. I’ve lived through enough breaches to understand that complicated password policies following by occasional forced password resets achieve the opposite of what most people intend. Users either write them down on sticky notes, or reuse ‘password123’ in some variation. And yeah, MFA (multi-factor authentication) does help – but it’s not a panacea. If your SaaS startup depends on AI-infused password managers or so-called intelligent authentication that purports to learn your behavior and adjust accordingly — well, color me skeptical. AI can aid in flagging stuff, but the hype tends to get ahead of the reality.

So what does work?

• Employ password managers and select reputable ones.
• Use a hardware token to augment passwords for 2FA. No exceptions.
• Audit regularly who has access to what — least privilege isn’t just jargon. It’s a lifesaver.

DefCon’s Hardware Hacking Village: Old Tech, New Tricks

Walking into the hardware hacking village was like entering an alternative universe. A room full of people fuzzing routers, servers, and random gadgets looking for vulnerabilities — takes me back to those days of networking where you’d mess with routers and mux gear.

Here’s the thing: software vulnerabilities hog headlines, but hardware — that hulking layer beneath your servers and firewalls — can be the softest spot. I’ve even seen attacks that were able to inject malicious code using firmware vulnerabilities and bypass all traditional defenses.

If you think you have a security strategy but are not doing regular firmware checks and auditing for physical access, you might as well have been driving your car with bald tires. May look nice — until you skid.

Why Firewalls, Servers and Routers Still Matter

As a consultant, I get asked all the time from clients, Sanjay why do we still need hardware based firewalls? Isn’t everything already in the cloud?

Sure, cloud security is on the rise, but the fact is that local hardware firewalls and routers are the backbone — the chassis — of your network. All the virtualization notwithstanding, actual packets run through these machines. Misconfigure them — or fail to apply firmware updates — and you provide easy attack surface.

When I advise, these are the things I emphasize:

• Consistent firmware and security patch updates for all network gear
• Segment your networks tightly — your guest Wi-Fi should not have a straight route to your internal servers.
• Utilize hardware firewalls with DPI, not all firewalls are the same.

And, yes, balancing cost and security is hard. But pinch a penny here, and you may wind up with a hole in the wall.

A Personal Fumble — Because Nobody’s Perfect

I have a little secret to tell you — back at the beginning my career I missed one simple trick to approach change management.

Adopted a CHANGE request with a new router config to a live banking network during the dead hours of morning. Turns out the config had a very conflicting access rule – brought the entire subnet down for about 2.5 hours.

Lessons learned:

• Change management is sacred.
• ALWAYS TEST IN A SANDBOX BEFORE USING IN PROD.
• Communicate every change intensely. Everybody should know what, when and why.

It was a bruising mistake, but hey — such stumbles are hazards of the journey.

Quick Take: What You Need to Know Right Now

For all you business folk pressed for time — here’s the short of it:

• Zero Trust is now mandatory. Start the journey yesterday.
• Hardware security is no less important than software. Patch those routers and firewalls religiously.
• Password policies? Less is sometimes more. Educate your users to avoid it and use MFA to support that.
• Don’t believe the hype of AI with due diligence — it’s not magic.
• Regular audits and monitoring are not sexy, but they save (digital) lives.

In Conclusion, Between Sips of My Fourth Coffee

It’s getting cyber­security right today is a bit like driving a vintage car down a freeway. You appreciate the engineering, but you’re always on the lookout for the gremlins of mechanic that accompany old tech.

Those things are still true today, and always re-evaluating your defensive posture?

Sometimes, the best defense isn’t the most advanced new tool but good ol’ vigilance and a strong base. And maybe a little caffeine.

— Sanjay Seth, from my desk at P J Networks Pvt Ltd