Fun facts about Rocco Calvi (@TecR0c):
Microsoft MVR: Rocco is a 2023 Microsoft Most Valuable Researcher.
Fitness fanatic: Inspired by old-school body building and countless hours of chopping and carrying wood in the mountains during his youth, Rocco remains a fitness enthusiast, setting himself challenges and pushing his limits.
Old-school cinema enthusiast: Rocco’s favorite movies are the “Rocky” series, especially “Rocky 2,” and he also has a deep appreciation for the mafia film series “The Godfather."
Travel trailblazer: Rocco’s passport boasts stamps from over 25 countries. From the historic streets of Prague to the bustling cities of South Korea, Rocco’s work has taken him around the world.
Rocco’s journey into the world of computers and hacking began during his childhood, in an old-school Italian household in Australia. Embracing the traditions and warmth of family time, Rocco spent a lot of time at home, providing the opportunity to explore the digital realm.
In his early school years, around Grades 3 and 4, Rocco stumbled upon IRC, a popular chat program of the era, which connected him to fellow hackers. By Grades 4 and 5, his nascent skill manifested when he unintentionally exploited his primary school’s system using an old “Cain and Abel” tool and CVE-2000-0884. These flaws saw young Rocco accessing confidential school data, which drew the school’s attention in a memorable assembly.
Rocco eventually finished university and discovered an online offensive security course in 2009, which acted as a catalyst, further reinforcing his passion. But what truly opened his eyes to the potential of this field was a security breach at his family’s business. By his early 20s, Rocco was entrenched in the world of hacking. He became a prominent member of a hacking group Corelan Team, where he specialized in writing Windows and web exploits and integrating them into the Metasploit framework. At the time, Rocco didn’t realize how cutting edge this work was, and assumed everyone else was doing similar work.
Rocco’s experience set the stage for a thriving career in Melbourne, Australia, where he landed a job in a leading consulting firm, working his way up to senior penetration tester for BAE Systems Applied Intelligence after an acquisition of the consulting firm. A brief stint at a boutique company led him to lucrative contracting roles, earning 3x more than his previous salary.
Rocco’s journey into the world of vulnerabilities was marked by a fervent obsession with identifying bugs and crafting exploits. To his surprise, this R&D passion quickly turned profitable, with his first monetary award for a bounty coming from ZDI. The fuzzing gained traction, Rocco harnessed its power, identifying significant vulnerabilities in various high-profile software products. This achievement opened doors to collaborate with Microsoft, particularly performing C++ and C# code reviews. He further expanded his skills by undertaking projects at the Mayo Clinic, focusing on medical equipment testing such as infusion pumps to building access controls.
Rocco’s skills caught the interest of a firm based in the United Arab Emirates. Originally planned as a brief stint, Rocco spent seven years in the UAE. Here, he transitioned into management roles, leading both a groundbreaking test and validation software lab and a research center, immersing himself in their pioneering efforts. However, the global changes brought about by the COVID-19 pandemic saw him returning to Australia. This homecoming was marked by a more hands-on technical approach and the creation of his new company named Tec Security, which focuses on vulnerabilities in widely deployed products. Additionally, he has a robust network of hacker friends, specializing in various cyber domains. Together, they harness their collective technical prowess to advance vulnerability research. This collaborative spirit not only showcases his dedication to the craft but also his belief in the collective power of the cybersecurity community.
Rocco’s home is a testament to his passion, with computers populating his entire basement and a hardware hacking lab for his IoT research. Reflecting on his Australian roots, Rocco mentions how the nation’s geographical remoteness inadvertently sheltered him from global perspectives. It was only when he stepped into the professional domain that he realized the cutting-edge nature of his work. This self-driven learning, he believes, was a cornerstone in shaping his expertise.
Rocco’s acumen for assembly language, even before mastering C, equipped him with a distinctive edge in the field. He advocates for simplification in the face of the current information overload, urging aspiring hackers to understand language pitfalls at a granular level.
While his professional life flourished, Rocco’s personal trajectory was shaped by a keen business acumen inherited from his family’s business. If not for the alluring world of hacking, Rocco might have been deep in the family trade.
Rocco remains a force to be reckoned with in the cybersecurity world. While he employs a range of techniques, coverage guided fuzzing remains one of his go-to strategies, especially with binaries and drivers written in C or C++. He has turned his basement into a technophile’s paradise, filled with computers designed for bug hunting. However, it’s not just about his dynamic and static analysis tooling for Rocco; his meticulous approach to old-school manual code review and reverse engineer across multiple platforms including Android. Additionally, his competitive spirit has led him to participate in numerous hacking competitions, consistently ranking high on various leaderboards, setting him apart from many in the field.
Follow Rocco and his company on social media:
Twitter / X: Rocco Calvi (@TecR0c) / X (twitter.com)
LinkedIn: Rocco Calvi | LinkedIn
Website: TecSecurity.io