Meet Shuvonsec: The Independent Ethical Hacker Safeguarding the World’s Biggest Systems, One Bug at a Time
At just 17 years old, Md Shariar Shanaz Shuvon—better known by his handle shuvonsec—is already gaining international recognition in the world of ethical hacking. Originally from Sherpur, Jhenaigati in Bangladesh, Shuvon is currently pursuing a Diploma in Information Technology (DIT) at the University of Cyberjaya’s Faculty of Business and Technology. He has emerged as a cybersecurity talent to watch, having responsibly disclosed vulnerabilities to some of the world’s biggest tech organisations, including NASA, Meta, Amazon, Sony, Google, and Allstate.
Shuvon’s interest in cybersecurity didn’t begin in a classroom but out of sheer curiosity. “I’m just a regular guy who got curious,” he says. “I broke stuff to see how it worked, then learned how to fix it. That’s how it all started.” Bored with gaming, he found himself exploring systems instead. “I discovered I could bypass things, and that thrill pulled me in.”
This hands-on approach has become his learning philosophy. His motto, “I don’t learn to hack, I hack to learn,” is more than just a catchy phrase—it’s a way of life. “I don’t sit and wait to understand things. I mess with systems, learn from mistakes, and grow through real action. Books help, but hacking teaches.”
Despite his age, Shuvon’s accomplishments speak volumes. He’s reported vulnerabilities in high-profile systems and received official recognition from NASA—a highlight he’s especially proud of. “It wasn’t some next-level bug,” he says, “but knowing I helped secure something that huge meant a lot.”
When asked how he found a flaw in something as robust as NASA’s system, his answer is simple yet insightful: “Patience. Read documentation, test endpoints, think like an attacker. They’re big, but every system has cracks.”
Shuvon moved to Malaysia at just 16 years old to pursue his studies at the University of Cyberjaya. “I chose Malaysia because it’s safe, affordable, and full of opportunities in tech,” he explains. “And I picked the University of Cyberjaya because it’s at the heart of the country’s tech ecosystem.”
His academic journey is closely linked to his hacking success. “Honestly, some of the classes really helped me build strong fundamentals. The networking course in the diploma programme gave me a solid base. Also, subjects like Fundamentals of System Analysis and Principles of IT helped me understand how systems are built and how to think logically about breaking them.” He adds that support from certain lecturers who encouraged rather than stifled his passion made a real difference.
Balancing academics with bug bounty hunting is no small feat, but Shuvon is disciplined. “I just cut out distractions. Study when needed, hunt bugs when free. No Netflix, no wasting time.”
He commonly uses tools like Burp Suite, Nuclei, Google Dorks, and platforms such as HackerOne and Bugcrowd. However, he quickly notes that the most important tool is his brain.
Shuvon is also committed to making cybersecurity knowledge accessible. He freely shares resources—including roadmaps, payload libraries, and checklists—through his personal website and GitHub repositories. “Knowledge should be shared,” he says. “If more people understand security, the internet becomes safer for all.” His advice for students curious about ethical hacking but unsure where to start is refreshingly straightforward: “Start small. Watch YouTube, read blogs, join HackerOne or TryHackMe. Then just start hacking (legally). You’ll learn by doing.”
Looking ahead, Shuvon plans to dive deeper into penetration testing, red teaming, and mobile app security. “I also want to build some tools that others can use,” he says. After completing his diploma, he intends to pursue further studies in cybersecurity with a specific focus on penetration testing. “That’s where my passion is, and I want to go deep—real deep.” Shuvon’s story is more than just a list of achievements—it’s a testament to the power of curiosity, discipline, and self-driven learning. His rise from a small town in Bangladesh to securing systems for tech giants proves that age and geography are no barriers when talent and determination are in play
