IIT Kanpur hires 19-year-old hacker who exposed CBSE's security flaws
What's the story
Nisarga Adhikary, a 19-year-old ethical hacker, has been hired by the Indian Institute of Technology (IIT) Kanpur. He was hired by the institute's cybersecurity hub, C3iHub, as an Open-Source Intelligence (OSINT) and Threat Intelligence Engineer. The move came after Adhikary published a blog post detailing security vulnerabilities in the Central Board of Secondary Education's (CBSE) on-screen marking (OSM) system.
Unconventional approach
Adhikary among youngest engineers hired by IIT Kanpur
Adhikary's blog post, published in May, served as an unconventional job application that caught the attention of IIT Kanpur director Manindra Agrawal. He confirmed the appointment and called Adhikary one of the youngest engineers ever hired by the institute. "Nisarga has been appointed as an engineer in our cybersecurity team," Agrawal said. "I am not sure whether he is the youngest recruit at IIT Kanpur, but he is certainly among the youngest engineers to have been hired by the institute."
Career move
First job dedicated to cybersecurity
Adhikary said this is his first job dedicated to cybersecurity. "I am excited about this opportunity because it is the first time I will be working in a security-focused role," he said. The young hacker, who cleared Class 12 this year, started coding at six or seven years old and got into cybersecurity seriously in Class 6.
Security concerns
Adhikary exposed CBSE's security vulnerabilities
Adhikary raised concerns about security loopholes in the digital evaluation system of CBSE. He claimed to have found multiple critical vulnerabilities in the system. In his blog post, he said he had reported these issues to India's cybersecurity watchdog CERT-In back in February. However, only one of the reported vulnerabilities was fixed initially while others remained unfixed until the portal was eventually taken down.
Job responsibilities
His role at IIT Kanpur
At IIT Kanpur, Adhikary will analyze publicly available information to find vulnerabilities in websites and apps. He will also help organizations identify and fix security issues. Although the details of his pay remain undisclosed, the young cybersecurity researcher said it was a bit lower than what he expected after working with US-based companies. "The salary is decent, but I was expecting a bit more," he added.