The man is only known publicly as Malware Tech, but his public messages on social network Twitter provide a revealing insight into his background.
Half-Scottish, one of his parents is a nurse and he was born in June 1994.
He now lives in a Victorian house in south-west England, where he has constructed an impressive array of computer screens and servers he uses to play the latest games as well as for work.
"I'm not a graduate. I had planned to go to university but ended up getting offered a job in security a year prior, so I took it," he said. "I'm completely self-taught so in hindsight university would probably not have been worth the time or money."
He started working for a "private intel threat firm" based in Los Angeles a year ago, investigating the latest malicious computer software released by criminals and hackers.
But he still lives and works in England, partly because he likes being close to the sea.
"I love to surf in my free time so that vastly limits where I'd like to live," he told a friend online last year.
On another occasion, he posted a photo of the coastline and wrote: "I could move to a city, but where in a city would I get this view?"
Last summer, he travelled to the US for the first time to attend a "hacker convention" called Defcon in Las Vegas.
"Supposedly it's going to be 43C on the day I land in Vegas, but the melting point of British people is 30C," he joked online.
Malware Tech said he had been "super worried that I'm too nerdy for Vegas" but ended up having "so much fun".
His friends posted Twitter photos of them drinking together at hotel room parties and sightseeing in a Ferrari and Lamborghini.
Then last week, he found himself at the forefront of attempts to stop the ransomware attack that crippled the British National Health Service.
Friday was "supposed to be part of my week off", he wrote online, but after lunch with a friend he looked up a British cyber threat-sharing platform and saw it had been flooded with posts about NHS systems across the country being hit by ransomware; software that allows criminals to freeze a computer remotely then demand money to restore its data.
As security agencies, hospital IT managers and major companies around the world struggled to deal with the effects of the cyber attack known as WannaCrypt, Malware Tech calmly examined the computer code behind it.
He discovered that it included an unusual reference to a website address that nobody owned, so he purchased the address for £8.30 ($12.77) and pointed it at a "sinkhole" server in Los Angeles.
Online, he explained this is part of his "standard model" to track the spread of a computer ''infection''.
But, unexpectedly, his registration of the website "in fact prevented the spread of the ransomware and prevented it ransoming any new computer".
It is possible criminals behind the malicious software included the website reference for testing, but forgot to remove it, leaving a fatal flaw that Malware Tech alone was able to exploit.
He added, however, that cyber criminals can easily correct the program and try it again.
"Our sinkholing [redirecting traffic to a different website] only stops this sample and there is nothing stopping them removing the domain check and trying again, so it's incredibly important that any unpatched systems are patched as quickly as possible."
