MandE: Good evening. Today we have with us NagareshwarTalekar who runs the community website called SecurityXploded.
Nagareshwar, could you please begin the interview with a brief introduction about yourself and then explain what SecurityXploded is about?
Nagareshwar: Thanks, I am a Computer Science Graduate from KREC – Surathkal of the 2004 batch. I joined Novell before moving on to Citrix where I worked on virtualization technology.
Since my college days, I used to do a lot research and publish articles in sites like Codeguru, Codeproject etc. Most of the tools I built during that time were all free. I grew more passionate about this, I felt I would need to have a portal of my own where I could share the work I did – so I finally launched my own website – the primary objective being to share the research work which revolved around reverse engineering and security tools. The site was named - SecurityXploded.
The first tool I wrote was – “FirePassword” which was incidentally the first password recovery tool for Firefox, I then wrote another tool, FireMaster to recover the master password of Firefox. I would constantly add tools to this website based on the reverse engineering – so the website continued to grow.
I was more involved in Reverse Engineering stuff figuring out hidden things under Windows, undocumented stuff and write tools around these discoveries to make the system better.For example: One of the tools I developed was the ProcHeapViewer – whichcan enumerate process heap memory on Windows much faster than the documented API functions – reducing the time from 20-30 minutes to just 10 seconds!
This quality work began getting attention from a lot of people. The users were steadily rising.
Around the same time, the work at Citrix was draining a lot of my energy and I couldn’t focus my energies on my passion of reverse engineering and tool development – This was around 2010. Around the same time – the movie “3 Idiots” inspired me to make the choice of taking this passion fulltime.
I guess the timing was also right – I had completed 7 years of corporate career; I decided to go full time to work on SecurityXploded and also had intention to run a Startup later on if things go well. That is when I decided to quit my work at Citrix.
I made this my first priority to complete the tools in my long to-do list and began working full time on it. These helped the website rating increase too –We grew from “Alexa Rating” of top 500,000 websites to coming in the top 100,000 websites.
Today we also promote a lot of local and international security conferences bringing more focus and success to these events.We also have local monthly meets along with other security communities such as null, g4h, owasp etc. Since this January we have also started a free training on ‘Reverse Engineering & Malware Analysis’ delivered by experts from corporate firms and some of our core team members. This is extremely beneficial for anyone either students or professionals working in this field.
MandE: Tell us more about building community and how challenging it wasto start with?
Nagareshwar: Looking at the work I was doing, my friends approached – then some more people to put their stuff on the website. But that time it was more of personal knowledge sharing site. Then it stuck me that I can make it like Community Website where other passionate folk’s mainly young security geeks can showcase their work. It can not only help them to utilize the popularity of the website but also take their work to wider audience in shortest span of time.
So I transformed it to a Platform for contributors to freely publish their work.To make it easy for the contributors, I adopted detached model (rather than volunteer-ship) where they neither have to work for SecurityXploded nor have any commitment from their side.
The intension was never to increase the contributors, but to help youngsters get early recognition and grow at the international level. Today we have instances where people have got very good jobs having put up their work on the website. We cannot take the complete credit for this but it has definitely helped them to grow from no-one to some-one. That makes the difference!
So we are not like any community that runs on numbers and volunteers – this model mostly works as a medium to inspire youngsters to aspire for more – become role models for others. This is where I derive my satisfaction and motivation to live for another extra day J
This website has taken a lot of my effort into it – it is not easy. For Example: When someone submits and article, I proofread it, fine tuneit, add graphics etc–giving it that professional touch. This makes the article look far more professional than the original one. This takes a dedicated 4-5 hours of effort from the draft to final article. At the end of the day it is worth it.
Some of the contributors are now part of our core management team and they work on Training, leading local meets etc. All these efforts have immensely helped us to cut across the Indian boundaries and to grow at international level with strong community support.
MandE: Your site operates on a completely free basis – so the consumes of your website have given extremely good testimonies to signify the work you are doing. Could you explain a bit about that?
Nagareshwar: Currently, the portal contains tool written by me as well as other contributors. I specialize in writingtools; I can write tools faster than writing an article. Of course excluding the research work which takes significant amount of time.As of today we have over 80 security tools, nearly 70 of them developed by me alone. Some of these are also comparable to professional software from Elcom Soft. A major portion of these are password recovery tools, and most of the users are from the US, Europe and India. Over the last year, the downloads have also increase in line with the growth of the site ranking.
Our tools are recognized & published by leading downloading sites like Softpedia, Brothersoftetc and given 5 star rating, editor pick awards etc. Around 5 of the tools have crossed over 100,000 download mark. Our best tool, Facebook password tool has crossed over 800,000 downloads in just 14 months! Imagine if we had charged $1 for each download and assume 10% conversion – we would have been far wealthierJ.
Our users are either home users or professionals spanned across the world, but last year we had one special person – who works in Forensic investigation at Police Dept of Delaware County, USA. He wrote to us thanking for our Password Recovery tools and how they have helped in his forensic investigation. That was one of the special moments and he later sent us testimonial also which is featured on our site. Another memorable testimony was from the president of CompUSA – for our SpyDLLRemover tool. We have also received nice words from couple of security community founders citing our good work.
These testimonies inspire and keep us on our tows all the time.
MandE: Your website operates on a completely free model, and you haven’t worked for the last one and half year. How do you manage your finance?
Nagareshwar: Yeah, frankly it has been difficult period. It is not easy to convince people at home – saying you are on our own, running a community etc. especially in the Indian context. More than the money part, convincing at home was most difficult task and people are still not convincedJ.
I had planned that; this activity would take substantial amount of time and so had been saving for a while. I am not married Jand have noother financial liabilities too. The internal urge was getting stronger, and I knew I had to jump in full time at some point. I expected it to be difficult and had planned my finances for a year or so.
At the SecurityXploded end - the major cost for us was the hosting – it doesn’t come free. Initially I paid it from my pocket, but later on it become difficult when last year we moved from shared hosting to dedicated-hosting. Now the advertisements and promotions help us to cover the hosting cost.
It is the satisfaction at the moment that I derive. And finally what goes around comes back around.
MandE: You have been doing this for the past 4-5 years, it takes a passion to do something like this.What drives the energy for you?
Nagareshwar: Yes it has been nearly 5 years. Initially, it was a difficult especially when you try to manage your full time job along with it.
The sort of reverse engineering I do, generally goes for days often weeks together –you constantly concentrate on the binary numbers on your screen.Once the research work is completed, it will lead to new tool or article. This takes a lot of work and energy. It is primarily the passion that has kept me kicking all these years. Inherently I am blessed with lot of energy and passion that drives me to do things – I guess it’s a God’s gift to me which helps me keep running.
MandE: What is your message for aspiring entrepreneurs?
Nagareshwar: The most important is – pursue your passion.
An entrepreneur needs to look beyond the monetary gains. An enterprise cannot be built with only money as the motive. You would have to be passionate and believe in your ability to pull off things that you dream of. Only this can help you sail in the tough times and surge ahead!
MandE: Thanks Nagareshwar, thank you once again.