Interview: Marc Rogers, VP of Cybersecurity Strategy, Okta; Organizer, DEF CON

Marc Rogers has been a hacker since the 1980s, moving into the cybersecurity space nearly 20 years ago. He advocates for a positive attitude towards security and helped put together the award winning BBC TV series The Real Hustle and is a technical advisor for TV show Mr. Robot. He is the VP of cybersecurity strategy at Okta and also organizes the world’s largest hacking conference DEF CON.

Infosecurity spoke to Rogers to learn more about his fascinating career, TV work and working at DEF CON.

What was your route into the security industry?

I started as a hacker in the 1980s when it wasn’t something you could easily make money from, so it was more of a passion than a career. I went to university to study Biochemistry and Psychology and became a bouncer, spending nearly 10 years working pubs and clubs in Manchester while hacking in my spare time. Working as a bouncer allowed me to put the psychology I studied into practice and taught me a lot about human nature. This helped shape my aspirations, steering me further down the security path.

I remain deeply fascinated by how things work, from technology to people, which I express through my interest in hacking. Hacking is about affecting an existing system, in such a way that it does what you want, without destroying it or harming its original function. It requires a specialized way of thinking, which once you learn is almost impossible to ignore.

How has your career progressed to where you are now?

It’s been a rollercoaster! It wasn’t until the late 1990’s that a possible career in hacking began to look like a reality. I became a ‘hacktivist’ and founded the notorious UK hacking group, Agents of a Hostile Power, before realizing that the ethical hacking or ‘white hat’ path was probably more likely to have a positive outcome.

I moved into telecoms security, working for companies such as Vodafone over the next 10 years. I then started getting interested in hacking and TV, leading to me doing a couple of televised hacks, which helped build up my reputation. Each new vulnerability I found or research I released gave me more of a platform to improve security globally. So, I kept on hacking and kept on pushing for things to change.

You’ve been involved with popular TV shows such as The Real Hustle and Mr. Robot, how did you get involved with those and what has your involvement been?

I started doing hacks for television around the time I joined DEF CON in 1998. In 2005, I met the producers of the BBC’s The Real Hustle. They wanted to create a new kind of show to help educate people about security in an entertaining way and asked if I could do some of my hacks for the show.

For 11 seasons, my role was to architect and carry out the hacks. I would sometimes go on camera to describe the hack and explain how to avoid getting caught out. This work opened the door for Mr. Robot. I was introduced to one of the producers before the show had been fully put together and brainstormed with them about how they could make it as realistic as possible. I then joined the team for season two, designing hacks for them as part of a team of technical experts they had advising the show.

You help organize the DEF CON hacking conference – what is it like being involved in such a huge show and how have you seen the event grow?

The conference has changed dramatically over the 21 years I have been involved. When I started, my primary job was to provide physical security. We spent a lot of our time stopping attendees from destroying the hotel, or themselves. The conference has grown by more than 1000% and as soon as you start dealing in terms of tens of thousands of people, the challenges take on a whole new dimension.

In the same time period, the information security industry came into being, which fundamentally changed the dynamics. Suddenly, there was money involved. Huge parties started being thrown and companies were launched during the conference. My challenges went from physical security to all aspects of security, safety and even social dynamics. I’m now the head of the security operations department.

Most recently, I have been working to ensure that DEF CON and my team properly represent the community that we serve. That means ensuring we have a balanced, diverse team that looks like the community we come from. It’s also led to the creation of things like the Transparency Report, which I release at the end of every conference, as well as the helpline that volunteers from my team run to provide a lifeline for attendees needing help for any reason. Ultimately, I look back and I am incredibly proud of what the team has achieved, but at the same time, I realize that my work is likely never going to be done.

What’s Hot on Infosecurity Magazine?