“I wrote my first line of computer code, in QBASIC programming language, when I was 11. That same year, I failed in my school computer class,” recalls Yogesh Ojha. Now 24, Ojha is a prolific programmer and security researcher whose feats are being globally recognized. Currently in Bangalore, India and working as a Research Engineer for TRG Research and Development—a Cyprus-based technology company—Ojha’s primary focus is on building intelligent cyber solutions that help secure people’s lives in the virtual world. “My dad, a school teacher, did not take the failing well and I was punished. This became a motivating factor for me to pursue computer science,” Ojha narrates.
Growing up, Ojha was fascinated by how computers worked, mainly how behind-the-scenes codes created programs that everyone could run. He remembers playing GTA Vice City in 6th grade when he opened the Gta.exe file with a notepad and saw some cryptic letters, a bunch of numbers, and lots of special characters. He was mesmerized. He then began exploring the secret world of computer codes and also tinkering around with hardware.
Having worked as a security analyst for Tata Consultancy Services—one of the largest IT companies in the world—Ojha has also presented his knowledge and skills in global technology events like Hack the Box, Abu Dhabi; GreHack, France; KazHackStan, Kazakhstan; Open-Source Summit China and North America, to name a few. Ojha has also been selected to present at the Black Hat USA 2021, a prestigious global event for the cybersecurity community. “I am also presenting at DEF CON 29, which is one of the largest and most reputed hacker conventions in the world,” adds Ojha. “As per my knowledge, no Nepali has ever presented at both these events before.”
Born and brought up at Dhangadhi, Ojha’s journey from Dhangadhi to Kathmandu and then to Bangalore for further studies coincides with his interests turning from programming to cybersecurity. “I believe curiosity is what drives us, humans, towards innovation, plus the desire to achieve something different. I guess that happened to me as well,” says Ojha. The computer science graduate started exploring the realms of hacking and cybersecurity while in college, also managing to hack the Mi Fitness Tracker and presenting the findings at an international conference in Singapore.
Ojha’s biggest achievement for far, as he describes himself, is his automated reconnaissance framework called reNgine that he released after months of hard work in July 2019. In layman’s terms, reNgine is a framework that helps read and identify security issues with any web application, doing reconnaissance work to identify possible threats on websites.
“The idea came to me when I was working as a security analyst and had to perform penetration testing on web applications all day,” says Ojha. “The process was repetitive and tedious. So I decided to automate it.” This automation saves hours and hours of work for cyber-security workers, saving energy and resources as well, Ojha claims. reNgine—abbreviated for reconnaissance engine—has the ability to customize scan engines and do end-to-end reconnaissance and vulnerability scan.
The best part of reEngine, however, is that it is created as an open-source tool and can be downloaded/customized absolutely free. “It has been downloaded by thousands of developers around the world and featured on the trending list in Github, a website for software downloads,” explains Ojha. “I could have sold it for several hundred thousand dollars, at the least, but releasing this as an open source has also become a reason I like to get up in the morning. So, I am happy with it.”
Nepal, one of the weakest countries in the world in terms of cybersecurity, has a lot to do to secure its internet, says Ojha. There have been quite a few attacks on both private and government websites in recent years where hackers took over websites and asked for ransoms or leaked the users’ private data.
This is happening primarily because Nepali companies and government allocate very little resources on security and threat management. Also, with its low income potential, professionals do not prefer cybersecurity as a career in Nepal. “But in the past couple of years, we have seen an increase in the number of people getting into bug bounty hunting. This is great news because this way, more Nepalis can join cyber security.”