Kochi: When Arshad A, a web developer based in Kochi, first tinkered with a computer game as a schoolboy, he didn’t realise it was the start of a journey that would one day land him in India’s cybersecurity ‘Hall of Fame’.

“I still remember the first time I changed the background music and even the face of a computer game character by messing with the code. I didn’t know what I was doing. I just wanted to see if I could,” Arshad said.

That childlike curiosity to see how things work, and how they can break recently earned the 23-year-old software engineer a place in the Indian Computer Emergency Response Team’s (CERT-In) ‘Hall of Fame’ in August.

Arshad was listed for identifying and responsibly reporting critical vulnerabilities in the website of a leading university in Kerala. He identified and resolved loopholes that could have exposed thousands of students’ personal and academic data. His detailed report helped the authorities fix the issue before any damage was done.

ADVERTISEMENT

The honour, given by CERT-In, the national nodal agency under the Ministry of Electronics and Information Technology, recognises ethical hackers and security researchers who help protect India’s digital ecosystem.

“It still feels unreal. I didn’t expect recognition. I just found something that could be dangerous and wanted to make it right,” said Arshad, who hails from Malappuram’s Karuvarakundu.

Arshad A. Photo: Special arrangement
Arshad A. Photo: Special arrangement
ADVERTISEMENT

What makes Arshad’s story remarkable is not the achievement itself, but the path he took to reach it. He didn’t come from a technical background. A graduate in BA Sociology from KSHM Arts & Science College, Edathanattukara, Palakkad, Arshad studied Humanities throughout school and college. “I never thought I would end up in tech. Coding was something I learned out of curiosity, not because I planned a career in it.”

That curiosity started young. As a child, he spent hours exploring his computer, figuring out how games and websites worked. He taught himself by watching YouTube tutorials, and by Class 10, he had built his own website and was freelancing for startups. “I started it as a hobby to earn some pocket money. It was fun to see something I created go live on the internet,” he said.

ADVERTISEMENT

In college, he continued designing websites on the side. But it was only in his final year in 2023 that he decided to take his passion seriously. He joined Brototype, a self-learning platform for aspiring developers, to sharpen his technical skills.

Soon after completing the programme, he landed his first job at ELT Global Pvt Ltd, Bengaluru, as a front-end developer. He got transferred to Kochi recently and now works as a full-stack developer, a role that combines both design and backend logic.

It was during his professional journey that Arshad’s focus began to change. “After joining my first job, I started reading and watching videos about cybersecurity. The idea that one small bug could compromise an entire system fascinated me,” he said.

He began exploring bug bounty programmes — platforms where companies reward ethical hackers for finding and responsibly reporting security vulnerabilities.

One such late-night exploration led him to the website of a leading university in Kerala. What started as a simple curiosity became a breakthrough moment.

“I found a backend flaw that could have given hackers access to the entire student database — names, academic records, everything. It was a small mistake, but the potential impact was huge,” Arshad said.

He reverse-engineered the system, documented the issue, and submitted a detailed report to CERT-In, suggesting how to fix it. The team verified his findings, coordinated with the university, and closed the vulnerability and later added him to the Hall of Fame.

'You need to think like a hacker to defend against one'
For Arshad, cybersecurity is not just about catching bugs but also about understanding how systems fail. “As developers, we create systems. But to build better ones, we need to understand how they can break. You need to think like a hacker to defend against one,” he said.

That philosophy, he says, has reshaped how he approaches coding. “Good code isn’t only about features or design but also about trust and safety. Once you start thinking like a hacker, you automatically become a better developer,” Arshad said.

TAGS

Google News Add as a preferred source on Google
The comments posted here/below/in the given space are not on behalf of Onmanorama. The person posting the comment will be in sole ownership of its responsibility. According to the central government's IT rules, obscene or offensive statement made against a person, religion, community or nation is a punishable offense, and legal action would be taken against people who indulge in such activities.