New Delhi - Sometimes he works for days together, and sometimes doesn't do anything for weeks.
Meet 23-year-old Shivam Vashist from north India, a hacker associated with San Francisco-based HackerOne which is a vulnerability coordination and bug bounty platform and boasts of clients like Starbucks, Instagram, Goldman Sachs, Twitter, Zomato and OnePlus.
Vashist is a full-time hacker who reportedly makes over $125,000 (Dh460,000 approximately) in a year by finding bugs -- that's Dh38,333 a month!
Over the past few years, he has taught his brother the ropes of hacking, helped his father retire with peace and took family on sightseeing tours across the world.
"On average, I am spending about 15 hours a week hacking. However, it varies from time to time, depending on my schedule. Some days, I might be working on something for days continuously, while at other times, I may not be hacking for weeks," said Vashist.
In the Asia-Pacific region, the number of hacker-powered security programmes has grown by 30 per cent year on year.
Hackers in the US earned 19 per cent of all bounties last year, with India at second spot with 10 per cent.
"In fact, HackerOne's 'Hacker-Powered Security Report 2019' shows that $2,336,024 of the bounties awarded in 2018 went to the ethical hacker community in India," said Vashist.
He started learning more about computers and the ethical hacking world when he was 19.
The family was worried in the beginning.
"However, they came to understand what I was doing over time, and know that an ethical hacker is completely legal, and a viable career. Since then, they have been very supportive," he added.
He earned his first bounty at age 20 from InstaCart, and then MasterCard.
"It was an incredible feeling, I couldn't believe I did it! The rush it gave me left me sleepless for days," said Vashist.
In August, HackerOne revealed that hackers earned $21 million in just a year reporting vulnerabilities via various bug bounty opportunities as governments' efforts to fix malware increased a whopping 214 per cent globally.
Food delivery platform Zomato has paid more than $100,000 (over Rs 70 lakh) to 435 hackers till date for finding and fixing bugs on its platform.
OnePlus announced this week that it had set up a Security Response Centre that would offer a bug bounty to security experts, who discover and report on potential threats to the company's systems. Rewards for qualifying bugs reports will be in the $50-$7,000 range.
"Hacking gives me a high when I am able to think of creative ways to tackle the challenges and discover vulnerabilities that no one has yet found," said Vashist.
"A bug bounty programme is one of the best ways to do security. The sheer reach of the talent pool of hackers from all over the world is so powerful. I feel that every company should consider having a bug bounty programme in place," he added.
Apple has opened a bug bounty programme for security researchers wherein it will pay between $100,000 to $1 million for finding bugs.
According to Vashist, India is on the digital path but computer security does not get nearly enough attention and there are probably a lot of vulnerabilities in our systems that are left unchecked.
"More cybersecurity awareness is needed. More education about security solutions and reaching out to the community of ethical hackers might be one of the ways to help," he added.
There are only a few companies in India that have a bug bounty programme right now.
"I do foresee that the adoption rate will increase in the coming years," the young hacker said.