Like many hackers, Sri Lankan-born Isira Adithya showed remarkable talent from a young age — by 11, he was already assembling LED bulbs and selling them to his teachers. Yet he has always chosen to use his abilities for constructive purposes rather than harm.
“Hackers,” Adithya explains, “are people who don’t simply accept technology as it appears. They dig deeper, experiment, and take things apart to uncover what’s really going on underneath and how systems behave. That mindset can fuel security research and stronger system design — or, in the wrong hands, it can be exploited for malicious purposes.”
His journey toward fully grasping this concept followed two parallel paths. It began when his parents rewarded him with a laptop for acing a scholarship exam at age ten. “For me, hacking is an overwhelming curiosity about how things function,” he says. “I was fascinated by machines and systems long before I ever touched a computer — I wanted to understand how cars run, how helicopters stay in the air, and how electronic devices work.”
By 11, he had begun experimenting with hacking computer games on his laptop, though his fascination with hardware tinkering never faded. Even before receiving the laptop, he had already broken a DVD player attempting to redirect its audio output to a set of custom speakers. At 12, he constructed a small drone with four motors. “There were plenty of failed attempts along the way, but in the end, it actually lifted off,” he recalls. Before long, however, he shifted his primary focus to computer hacking.
Some hackers are motivated by a straightforward but powerful compulsion to disassemble things and figure out their inner workings. For Adithya, though, it went much further — break something, rebuild it, and make it do something it was never designed to do. “There’s a deep drive to make a system perform in ways its creators never imagined. Pushing a platform beyond its intended limits is incredibly rewarding. When I got my first laptop, I wanted to customize the boot logo. With my phone, I wanted to swap out the stock operating system. That urge to push boundaries has never really gone away.”
He began teaching himself game hacking at 11. “The moment I modified a PC game for the first time, I realized I was a hacker,” he says. “When I hit tough levels, instead of grinding through them the normal way, I wanted to understand the game’s mechanics and figure out how to manipulate them. These were single-player offline games, so nobody else was impacted — but it was a revelation about what hacking truly meant.”
A year later, from ages 12 to 14, he ventured into Wi-Fi hacking. A guest who rented a room in his family’s home happened to be knowledgeable about computers.
“He was older and served as a kind of mentor,” Adithya continues. “Internet access was costly back then, so I asked him to download YouTube tutorials on Wi-Fi hacking for me. I watched them over and over, and one day he dared me to crack his mobile hotspot password. After running a brute force attack for roughly two days, I finally broke through. The rush of adrenaline was unforgettable. I also had some fun messing around with friends during our school computer lab sessions.”
It appears the thrill of the challenge and the euphoria of success were the main drivers behind his early hacking adventures. And like most young hackers, he enjoyed impressing his peers. Having developed these skills and reached that level of expertise, he could have easily turned toward financially motivated attacks — the black hat route — but he chose a different path. The discovery of bug bounty programs turned out to be a pivotal turning point.
“From the start, people around me warned me to stay away from hacking — they said it was illegal and had no future. But I kept going. Around 2018–2019, I came across videos about bug bounty hunting. The idea that you could legally hack real-world applications, earn money, and gain recognition felt almost too good to be true. It still took me two years before I earned my first bounty in April 2021. That moment — legally breaking into systems run by world-class companies and getting paid for it — was surreal. I knew right then that ethical hacking was the path for me.”
During this time, he started learning Python and familiarized himself with Linux. At 15, he competed in Capture the Flag (CTF) challenges on the TryHackMe platform and landed among the top ten hackers in Sri Lanka. The following year, he solved his first cross-site scripting (XSS) challenge on the Intigriti bug bounty platform and began pursuing bounty hunting in earnest.
He earned his first bug bounty in April 2021, at just 16 years old. He channeled his subsequent bounty earnings into funding his education — and also purchased his first car. Wanting a formal qualification in computer security, he enrolled at NSBM Green University in Sri Lanka.
Green University maintains a transnational education partnership with the University of Plymouth in the UK, enabling him to complete a Plymouth degree program while remaining in Sri Lanka. He graduated with first-class honours from Plymouth — and bought his first house at the age of 21. All of this was made possible by a thriving, concurrent career in bug bounty hunting.
Isira Adithya could be considered a second-generation hacker. The first generation typically entered hacking out of economic necessity — seeking a low-cost way to get online and connect with like-minded individuals at a time when internet access was prohibitively expensive. That wasn’t a driving factor for the young Adithya.
His motivation was the same innate curiosity that drives all hackers, paired with a desire to reshape systems — not necessarily to improve them, but to make them yield to his will. He had no early ambition to monetize his skills, but his ability to do so happened to align with his discovery of bug bounties. From that point forward, he was able to earn a comfortable living doing good rather than causing harm through the bounties he collected.
From a business perspective, bug bounty programs help companies strengthen their products by identifying and patching vulnerabilities before malicious actors can exploit them. From a societal standpoint, these programs reward hackers for their expertise in a legitimate, ethical way — fostering the growth and sustainability of the ethical hacking community.
Related: Hacker Conversations: Kunal Agarwal and the DNA of a Hacker
Related: Hacker Conversations: Rob Dyke on Legal Bullying of Good Faith Researchers
Related: Hacker Conversations: HD Moore and the Line Between Black and White
Related: All Hacker Conversations
