I’m Dhruv Kumar a 24-year-old civil engineer.I always had a passion for building , dissecting , and creating—whether it was bridges in the real world , finding bugs in the digital one , or simply seeing how many pull up I can do in 10 minutes. When people hear that I have a degree in civil engineering , they often raise an eyebrow when they spot my bug bounty profile. It’s funny , because think about it : when you hear “engineer,” what comes to mind ? Chances are, it’s a civil engineer. The classic hard hat , someone literally shaping the world with concrete and steel . Furthermore, Admittedly , it's an unusual transition moving from blueprints,bridges,and foundations to the unpredictable landscape of cybersecurity . Consequently, But if there’s one thing my path has proven , it’s that real passion doesn’t always stick to the script.  

A Passion for Building // Digital or Concrete

From the very beginning , civil engineering fascinated me . There ’ s something special about shaping the physical world , understanding how structures stand tall against both time and elements . Moreover, And even as my head was filled with calculations , soil types , and design codes , I never lost my excitement for engineering . Civil subjects are full of challenge and creativity—attributes I soon realized were just as important in cybersecurity . Moreover, And you know what ? I ’ m proud of that—after all , you can go from civil to cyber , but you rarely hear about someone jumping the other way around ! It ’ s a one-way ticket I'm glad I took.

Of Iron, Increments, and Improvement

The other thing I love ? Hence, Lifting weights . There ’ s something incredibly satisfying ( and slightly addictive ) about the clean simplicity of it—just you , the bar , and gravity . Hence, No shortcuts , no hacks—just consistent effort , progressive overload , tiny improvements stacked over time until one day you find you’re moving something you never thought you could . That mindset ? I carry it everywhere . Whether I’m on the weighted pull ups station or reverse engineering a native library, I know that showing up , pushing through , and tracking little wins is how everything gets better , stronger , sharper . The discipline and persistence you build translates directly to every other part of life especially security , where it’s the daily grind , the chase for incremental gains , that eventually lead to the big achievements 

Tinkering: The Creative Engine

My earliest adventures with technology involved tinkering , exploring , and , more often than not , breaking things just to see how they worked . As a kid , I was the one who ’ d find ways to modify games for an edge . I still remember the thrill of using Cheat Engine—a memory scanner and debugger to experiment with resource values in games . That very first trainer I made for Far Cry 3 was a simple script to keep my ammo and health from running out . Finding the right memory addresses , setting up conditional auto-updates—those seemingly small hacks were portals into a deeper world of reverse engineering.

Rooted in Curiosity: The Android Effect

Where many chose iOS , my heart always belonged to Android . The open-source spirit and active developer community were a magnet for my curiosity . My very first rooting experience was thanks to Chainfire ’ s SuperSU Furthermore, ( now discontinued , replaced by alternatives like Magisk , KernelSU , and APatch ) . Each new method brought along more knowledge : from bootloaders , kernels , patches , system apps , customizing your System UI using Substratum and eventulatty making a substratum mod yourself, initial runtime hooking with the OG Xposed by Rovo89 and making your own custom xposed hooks so you can modify the app code dynamically and exploits . Nonetheless , If civil engineering made me appreciate how structures work , Android taught me how digital ecosystems breathe , break , and evolve. 

The Automation Advantage: Hacking Real Life with Code

I ’ ve always been fascinated with automation and the power of APIs . It ’ s amazing how much can be achieved with a bit of creative scripting . One real-world example : my gym uses a first-come , first-serve class booking system , and the most popular classes are often taken in seconds . Miss the time , miss your workout . Additionally, Rather than settling for disappointment , I intercepted the booking API call , dissected its logic , and wrote a Python script that would automatically book my spot each day . Consequently, By running this automation on GitHub Actions—for free—my script now launches at 11:00 PM IST on the dot every night , securing my slot without fail . Small automations like these don’t just give you technical skills they give you a literal edge in day-to-day life.

My Achievements—Impact Across Sectors

Over the time, I have responsibly disclosed numerous vulnerabilities, many of them critical P1s, across various sectors. My reports have contributed to increased security in public transit systems, fintech companies, telecommunication network, the automobile industry, healthcare, and digital media platforms. Seeing the real-world impact of these disclosures—knowing that my work might protect thousands of users—is genuinely rewarding.

The thrill of my first report being accepted , traiged and and getting a 250$ payout is something I'll never forget.

My academic journey , which includes qualifying GATE in both Civil Engineering and Data Science & Artificial Intelligence , gave me a unique creative lens and discipline that set me apart in security research. 

Bug Bounties: Chasing Curiosity (and the Bag)

Every new bug bounty feels like a puzzle. I’m motivated just as much by the chase as by the catch. Whether it’s digging into an app’s permissions or finding a subtle logic flaw on a website to chaining multiple low bugs to eventually get a High Impact, the thrill of discovery never gets old.  Moreover, Not every day brings a payout or recognition , and there have been more than enough ignored reports or duplicates to test my patience . But each hurdle is another lesson—about persistence , adapting strategy , and never underestimating creative thinking .

Fuel for the Journey

What keeps me passionate about this field ? The answer shifts as I learn and grow . Sometimes it’s the sheer fun of breaking things ( ethically , of course ) . Other times it’s knowing that each vulnerability I report makes platforms a little safer for everyone . And always , it’s about learning—there’s never an end to new methods , tools , or communities to explore.

A Note of Thanks

Finally I’d like to thank Com Olho for creating a platform in India where responsible security disclosure actually gets paid and appreciated. This was something truly missing from the regional landscape—a place where researchers like myself can be both recognized and rewarded for making the digital world safer.

It's been just over a month since I've joined the platform and many of reports I sent are paid out directly to my UPI ID, thanks!

Looking Ahead

I hope my journey can reassure anyone hesitating at the crossroads of “ unrelated ” disciplines and cybersecurity : real impact and innovation often come from the most unexpected combinations . Consequently, Whether automating bookings , breaking down barriers , building bridges , or just chasing the next personal best—on the platform rankings or under the bar at the gym—I ’ m excited to keep learning and contributing to a safer , smarter digital future . 

And honestly, I’m just getting started—I truly believe the best is yet to come.