March 15, 2023 | 18 minutes
Did you think the Oscar ceremony was over? Not quite. In this episode of Reimagining Cyber Extra! Stan and Rob hand out the awards to the best cybersecurity movies ever made.
About the Guests
Rob Aragao is chief security strategist at CyberRes, a Micro Focus line of business. He has more than 20 years of information security experience, with an emphasis on cyber risk best practices, threat intelligence, security monitoring and regulatory compliance initiatives. He has worked in multiple fields, from financial services to telecommunications. Prior to joining CyberRes, he was vice president of security strategy & innovation for ReliaQuest and served as the chief security strategist for HPE.
Connect with Rob Aragao on LinkedIn
Stan Wisseman leads the Security Strategist team for Micro Focus’ CyberRes in North America. He has more than 30 years of information security experience and has built security into products, systems, software, and enterprises. Prior to joining Micro Focus in 2014, Wisseman served as chief information security officer for Fannie Mae, with responsibilities for information security and business resiliency across the organization.
Reimagining Cyber Extra! | And the Oscar for Best Cybersecurity Movie Goes To… | Rob Aragao and Stan Wisseman
[00:00:00] Rob Aragao: Welcome everyone for a Reimagining Cyber Extra episode. It's Rob Aragao and Stan Wisseman here, and we're going a little bit off the rails on this one Stan and talking about cybersecurity movies. You may ask why. Well, our genius producer Ben, came up with this idea. He said, “guys, with the Oscars happening, wouldn't it be great for you guys to come back and share what you think are the top cybersecurity movies?”
[00:00:30] Rob Aragao: and we said, Ben, that's genius. It's brilliant. Let's do that. So given that the Oscars just happened this past weekend, that's exactly what we're gonna do. And so why don't we do it this way, Stan, we'll go back and forth. You will start, you throw out your first movie. Maybe let's do five each or so. You throw out your first movie.
[00:00:49] Rob Aragao: talk a little bit about why, and then I'll take the next one. We just go back and forth.
[00:00:53] Stan Wisseman: Sounds good. Well, I have to start with War Games. I mean, it was released in 1983, right? And the next year I joined the National Computer Security Center, NSA, and here is this movie about a high school kid who's hacking into his school to be able to change his grades.
Rob Aragao: This is about you. Here's what you're telling me.
[00:01:14] Stan Wisseman: You know, wannabee Stan. then he gets a little over his skis, you know, and he finds this military site. He thinks it's a game site, you know, global thermo nuclear war sounds like a game that he could play. And he gets it going, it turns out, oh no, he has actually started the supercomputer called Whopper
[00:01:35] Stan Wisseman: on really running the game. It was kind of neat cuz Matthew Broderick does a very convincing role of playing this guy who is adept at not only doing hacking, but a little phone freaking. You know, when he had to make that emergency phone call back to his girlfriend, Ally Sheedy and, gets into hacking the, the security system to get out of the little room that he's, you know, locked up into.
[00:02:03] Stan Wisseman: So he's just got this way about him of, of being able to figure out and problem solve. And so he wasn't necessarily a bad guy, , he was. just using his skills in ways of, having fun, but also, getting himself outta trouble. So, it was the first movie that I recall that was really a focused on cybersecurity, hacking.
[00:02:26] Stan Wisseman: and also I was getting into that with my career. So I can't tell you how many times I've seen that movie.
[00:02:35] Rob Aragao: That’s definitely a good one to start with. And you know what? Mine will be continuing a theme of Matthew Broderick , and I'm gonna go bit comedy on you, and I'm gonna go with Ferris Bueller's Day Off.
[00:02:47] Stan Wisseman: I would not have thought of that one.
[00:02:51] Rob Aragao: Well, how did Ferris Bueller get his day off? He hacked into the school computer system. Changes his grades, his attendance records. He's figured out the little loophole on how he can actually have a day for himself, and he had a great day with his couple of friends, right?
[00:03:10] Rob Aragao: That's the way he got in and got it done was by hacking in again to the computer systems.
[00:03:16] Stan Wisseman: Makes you wonder where the theme with Matthew Broderick, whether or not he’s actually graduated from high school,
[00:03:23] Rob Aragao: But it's like, Hey Matthew. We like what you did over there with War Games. Come over here. We're gonna put a little bit of humor behind that now.
Stan Wisseman: My next one is Sneakers. So I don't know if you remember this one, but this was Robert Redford. Sidney Poitier, Dan Akroyd, who is playing a hacker. So the cast was pretty outstanding and the bad guy was, a fantastic actor, Ben Kingsley, he plays the friend gone bad to Robert Redford's Martin, and these guys are, contracted to
[00:03:58] Stan Wisseman: do a job. They have a white hat kind of business to test out the security of different systems and the like. But they, they sort of come upon this capability of decrypting anything and flash forward obviously. to our era or maybe 10 years from now when we're potentially able to use Quantum Computing to be able to crack any of the existing crypto algorithms.
[00:04:22] Stan Wisseman: Maybe it's not that far fetched in the future, but this little black box that they, steal turns out to be a hot potato. But it was again, a fun movie as far as just the way we would go about it and the acting and even though at the time it was probably not realistic that something would be able to
[00:04:38] Stan Wisseman: decrypt anythingit was an interesting storyline,
[00:04:42] Rob Aragao: So I had to throw in a Bond movie. And I'm gonna ask who your favorite James Bond has been. Which actor has played James Bond and is your favorite? So the James Bond choice I made was Goldeneye.
[00:05:00] Rob Aragao: So James Bond is actually trying to stop this Russian Crime syndicate, basically that becomes cyber at the end of it all, because they're going after and you know, trying to get access into actually cyberspace through satellites. Okay. And what, what are they gonna do?
[00:05:17] Rob Aragao: Well, they're gonna take over the world, of course. Right? And they always do. They always do. It's always the case. I mean, and he saves the world again, right? Of course, in typical James Bond fashion, he comes across his co-partner. And in this case, Natalia saves the day. Why? Because Natalia's the one that actually is able to hack into the satellite system and take back control and self-destruct the satellite system.
[00:05:41] Stan Wisseman: I'll have to watch that one again cause I do not remember that.
[00:05:45] Rob Aragao: Oh yeah. It was, it a Piers Brosnan one. So I'm gonna say not my favorite Bond. I will tell you mine, but who is yours?
[00:05:52] Stan Wisseman: I'm Daniel Craig, without a doubt.
Rob Aragao: Wow. There you go. See, mutual.
Stan Wisseman Absolutely. Yes. Without a doubt. Yep. Now he's retired. He's off to doing mysteries with Knives Out you know?
[00:06:05] Rob Aragao: Yep. Saw that recently. Yep. Still like him much better as Bond, but yeah. Yep. And the OG, right? The original godfather. Sean Connery. Right. But I am also Daniel Craig, for sure.
[00:06:16] Stan Wisseman: Yeah. So my next one, I'm a big Die Hard fan, and outside of the first Die Hard, my, my favorite one is Live Free or Die Hard.
[00:06:28] Stan Wisseman: And John McClean is still just John McClean, right? Yeah. He's not trying to be a hacker, but the is asked to actually apprehend and bring in an ethical hacker, Matt Ferrell, who's Justin Long. And I think an aspect of this is, the fact that you have this
[00:06:51] Stan Wisseman: super bad guy this guy named Thomas Gabriel, and he's launching attack against a critical infrastructure, but he has leveraged a bunch of other hackers to help build different components of his design. Right. And they don't know really what the big picture is
[00:07:16] Stan Wisseman: and so it is a characterized in the movie as a fire sale, there's a sequence of knocking down different parts of the critical infrastructures in in the US, and the Feds are being run around having no clue as to how to stop or fix this.
[00:07:38] Stan Wisseman: They're always behind the curve. Which could be realistic unfortunately. Yeah. But ithas a lot of obviously great action like any Die Hard movie does. But it puts it in that context of how a mastermind that's trying to do very bad things by using cyber and the vulnerabilities he knows exist
[00:08:00] Stan Wisseman: could take advantage of that.
[00:08:02] Rob Aragao: but think about that, that’s, interesting. The bits to put it all together, they're being outsourced, right? Yeah. And they don't know what the actual kind of grand master plan is, is gonna be.
[00:08:13] Rob Aragao: That's the reality of the world from a cybercrime perspective, right? They go and buy these service capabilities and they're doing their own thing.
[00:08:20] Stan Wisseman: And the people selling those services now, they don't care what the overall designs of the nation state or whoever the cyber syndicate that's actually using them.
[00:08:29] Rob Aragao: Before I say the next one, I'm gonna throw the clue out at you, which I'm sure you probably get, but I'm gonna throw it out there and the clue is “I'm not going to need those TPS reports today”
[00:08:39] Stan Wisseman: Office Space? Really?
[00:08:42] Rob Aragao: Yep. So you can see how I'm going here. Right? So like Ferris Bueller, where did that come from?
[00:08:46] Rob Aragao: Right. For Office Space. So it was a high-tech company these guys we're working at, they become disgruntled employees. Three of 'em become disgruntled employees and they actually hack into the accounting system and they basically have a virus that's going out there and it's siphoning out money. Right.
[00:09:03] Rob Aragao: They're embezzling the money back out of the system. So they're, they're kind of like, “Hey, we're gonna slide under the radar. We're gonna take a little bit of a little bit of the cash, pull it across and then we're out. We're actually gonna quit.
[00:09:17] Rob Aragao: We're outta here, we're frustrated with everything. But the worm goes out and spreads further. That so much money it goes back in now we got a bigger issue to deal with. So yes, I threw out there Office Space.
[00:09:29] Stan Wisseman: I, again, would not have considered that . Well for my next one I actually like the books better than the movie series.
[00:09:39] Stan Wisseman: The movie series was okay, but the books were great. But if you remember The Girl in the Dragon Tattoo trilogy? Elisabeth Salander is the hacker, and she's helping out a journalist. In the movie The Girl in the Spider’s Web, she's recruited to steal a powerful program called The Firewall.
[00:09:59] Stan Wisseman: With that, you can get the access codes for all the nuclear weapons the world has. That would be a terrible thing to be able to get access to. Right. But the NSA gets involved and there's all these thugs that steal a laptop, et cetera, et cetera. She comes across as somebody who's very resourceful, whether it be
[00:10:17] Stan Wisseman: on a computer or physically and again lots of great action. You can tell I like action movies. My wife's not as much as an action movie fan, so I have to watch these late at night. You gotta do what you gotta do.
[00:10:32] Rob Aragao: Just stay focused that way. Get the popcorn and you're all set.
[00:10:36] Rob Aragao: So the next one for me is I'm gonna give you a hint. So it's John Travolta with an interesting looking hair and it's not Pulp Fiction.
So it's Swordfish.
[00:10:47] Stan Wisseman: Swordfish, that's a really good one. That's an oldie, well, it's not as old as war games, but it's a good one, over 20 years now.
[00:10:55] Rob Aragao: John Travolta is the bad guy, the mastermind behind the plot. Right. And he is in a friendly relationship with Halle Berry who has a contact. Happens to be Hugh Jackman and Hugh Jackman had just gone away for a couple years for hacking into the FBI systems.
[00:11:15] Stan Wisseman: And this is a very young Hugh Jackman
[00:11:17] Rob Aragao: . Oh, this is early Hugh Jackman. Travolta's plan, right? (His name was Gabriel in it) is to trick Hugh Jackman's character into actually hacking into the Department of Defense this time around. And, you know, he comes up with the kind of excuses and kind of here’s the storyline.
[00:11:34] Rob Aragao: This is how we're gonna do it and so Hugh Jackman comes up with this worm that gets out there, it gets into the environment and basically it's purporting that there are different government agents out there and so they have different access credentials to get into these systems and whatnot.
[00:11:51] Rob Aragao: So I just thought that was an interesting one because it was kind of this interesting plot of the characters that they pulled together and the concept of just the hacking into the different government systems and using that and leveraging it to get back in.
[00:12:04] Stan Wisseman: There was a scene where Travolta is basically, you know, threatening his life
[00:12:10] Stan Wisseman: unless he hacked into a system in a certain period of time. And, it was one of those things that's like, just pulling up all these things, it just wasn't really realistic. It's like it's coming down to seconds before you can get in, you know?
[00:12:28] Stan Wisseman: It's like, okay, well I think watch me work. Come on.
[00:12:33] Rob Aragao: Right. Hey one other thing, cause I can't leave this one off. This was my last one. As I've been going through the movies, you get a sense of what I like. Right, so the Fast and the Furious series.
[00:12:47] Stan Wisseman: Hmm? Yeah. Which one?
Rob Aragao Seven.
Stan Wisseman: You have to remind me. There's so many, they’re sort of a blur. You know, there’s Vin Diesel in every one of them.
[00:12:59] Rob Aragao:, it's like this stuff happens every day.. You remember God's Eye?
[00:13:06] Rob Aragao: So I have this hacking device that has access to any camera in the world, and I can control these cameras. Remember that scene? It's traffic signals, right? Where basically everything's coming in autonomous vehicles kinda plugged in everything. It's like one ridiculous idea at the time of what was happening.
[00:13:24] Rob Aragao: But I thought that was an interesting one. Hacking into the system in God's Eye and taking that thing down, I had to throw out one of the Fast and Furious movies.
Stan Wisseman: Well, I'm glad you got it in.
Rob Aragao: I got it off. I feel, feel much better now. Well, Stna, you, you listed off some great movie. If you had to just pick one, what's top of the list?
[00:13:41] Stan Wisseman: It's a little dated now, but War Games, just again, the first one that was associated with computer security and I was just getting started in the career of computer security at the same time. So I'd go with that one.
[00:13:58] Rob Aragao: I would actually go off of your list because it's different than my list by far.
[00:14:04] Rob Aragao: And I would go with Sneakers because when you said it, I remember right. And I remember, you know, great actors within that movie as well in the storyline. So that might be happening this Friday night. That's a good choice.
[00:14:13] Stan Wisseman: Good choice. So what kind of movie would you like to see created as far as one themed around cybersecurity or hacking in general?
[00:14:23] Rob Aragao: That's a good question. I didn't really kind of think about that. Maybe it's something to do with AI but AI from the cybersecurity perspective and impact as a bad actor
00:14:35] Stan Wisseman: AI basically with the AI becomes a bad actor. Right.
[00:14:39] Rob Aragao: And, and you're seeing kind of the, the ramifications of them doing something like that probably. How about yourself?
[00:14:45] Stan Wisseman: We're experiencing our first cyber war, right? Between Russia and Ukraine and affiliates on both sides. And while we've had things like James Bond and those kind of things as far as a crime syndicate or some kind of bad guy
[00:15:01] Stan Wisseman: or John Travolta with his master plan, something trying to represent, a cyber war, which is what we're going through, how would you do that in a movie that makes it something you can actually wrap your head around? That's what I think, unfortunately, the future might be, is that this is now in the forefront of every nation’s states
[00:15:21] Stan Wisseman: arsenal, they're honing their swords, as it were in cyberspace.
[00:15:26] Rob Aragao: That's true. I think. Hollywood may be calling you after the hearing this episode with you so you never know. That's a good concept.
[00:15:32] Stan Wisseman: . I'd be curious for our listeners to identify their favorite movie that has a theme around hacking or cybersecurity
[00:15:41] Stan Wisseman: and include that in the comments. So if you have one that we haven't mentioned, please go ahead and, and identify it for us.
[00:15:48] Rob Aragao: Definitely, we'll look forward to reviewing those and Stan now the two of us can get out of these tuxedos. Let's go have a drink. Take care.
[00:15:55] Stan Wisseman: The tie's really tight around the neck too, eh?
[00:15:58] Stan Wisseman: Loosen it up. All right. Take care man. Take care
[00:16:00] Producer Ben:. Hello there. I'm Ben, producer of the show, and before you leave our little Reimagining Cyber Oscar's after party, I'd just like to let you know that there are plenty of other episodes for you to enjoy. In fact, there are more than the Fast and Furious and Police Academy franchises combined with Stan and Rob playing the lead roles every time.
[00:16:23] Producer Ben: For example, you heard the guys talking about the Sneakers movie earlier on and how it relates to Quantum Computing. Well, episode 43 of Reimagining Cyber is called Inside the Fight to Protect Data from Quantum Computers and features Terence Spies, CTO of Cyber Res Voltage.
[00:16:44] Terence Spies: The silver lining to this cloud is that the folks at NIST National Institute for Standard and Technology have spent the last six years working with cryptographers, basically around the planet on sort of bringing the Justice League together, superheroes assemble kinda kind of job to say, ‘Hey, how do we find our algo rhythms that are not vulnerable to these kinds of attacks
[00:17:09] Producer Ben: And there are plenty more bloc busting episodes where that came from.
[00:17:12] Producer Ben: Also, if your podcast listening app lets you rate or review the show, then do let us know what you think. You could even share with us your favorite cyber or hacking film. Mine is Superman 3. Controversially. It didn't win an Oscar, but then neither did Alfred Hitchcock. Go figure.
The guest this week is Dr. Ron Ross, Fellow at the National Institute of Standards and Technology (NIST). He currently leads the NIST System Security Engineering Project (SSE).
Woe betide the corporate board who doesn't take cyber security threats seriously. The 2022 Security and Exchange Commission's cyber security proposals are expected to kick in the next few weeks. Are the boardrooms ready?
Rob and Stan talk to Dr. Victor Piotrowski, the lead program director at NSF, about the ins and outs of the program, its growing success, and the hurdles the program has overcome and still faces.