10 Movies All Security Pros Should Watch
Don't expect to read about any of the classics, like 'War Games' or 'Sneakers,' which have appeared on so many lists before. Rather, we've broadened our horizons with this great mix of documentaries, hacker movies, and flicks based on short stories.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt31492caa4ad34abe/64f0d4843525565d43c7831c/Slide1CoverArt.jpeg?width=700&auto=webp&quality=80&disable=upscale)
Source: metamorworks via Adobe Stock
Some may wonder why the computer press makes such a big fuss about hacker movies. Naysayers describe them as old-hat — a formulaic blend of computing and hacking done by societal misfits peppered in with sex, violence, shady and diabolical villains, and an occasional car chase that ends in a fiery explosion.
That may be true — it is Hollywood, after all — but key people in the industry say hacker movies are important for security people to watch. We agree, which is why we set out to put together such a list.
"These movies are important — and fun to watch — for IT pros who need to keep their networks secure because they mostly get it right and highlight the risks of cybersecurity in a way that communicates to C-level execs," says Stu Sjouwerman, founder and CEO of security awareness company KnowBe4.
The better hacker movies are really quite realistic, adds Chenxi Wang, founder and general partner at Rain Capital.
"As a hacker, some of the movies have a lot of inside information — jokes that you'd find interesting even if it was a bad movie otherwise," she says. "The normal public may miss those insider references, but people like us in the trade find it really interesting. Mr. Robot, for instance, had two real hackers consult for the series, so many things are realistic, including using real IP addresses, using real exploit code — things that only people in the trade would pick up."
And Jeremiah Grossman, CEO at Bit Discovery, says movies such as Snowden can hep security pros can keep up with important current events. While we selected the documentary about Edward Snowden for our list, there's no stopping you if you want to see the 2016 bio-pic directed by Oliver Stone.
"Snowden is a story about the most important and pivotal governmental whistleblower story in modern times — a story that includes computer security, personal privacy, data security, government surveillance, public policy, and national security," Grossman says. "The ethos of the story is not only compelling but valuable to understand as a working professional in the security field.”
In compiling our list, we combined the opinions Sjouwerman, Wang, and Grossman, as well as Dark Reading's staff. All of the writeups have links to the trailers, so if you haven't seen some of these movies, check them out and let us know what you think.
This documentary, by filmmaker Laura Poitras, chronicles in real time how "Citizenfour" (Edward Snowden) leaked classified intelligence documents to journalist Glenn Greenwald and his colleagues at The Guardian and The Washington Post in June 2013. Whether you consider Snowden a hero or a felon who should be extradited to the United States and tried for espionage, security pros will find this movie riveting.
Viewers get to see Snowden, Greenwald, and filmmaker Poitras hatch the plan for how the stories based on the leaks would be published and managed in the media at large – right as it was happening.
Today Snowden remains in Russia, where he has been outspoken against both the Trump administration and the Putin government. His asylum runs until 2020, so it will be interesting to see what happens next. Cynics may claim that nothing has changed and privacy has only become worse in the past five or six years, but the stories that followed the release of the classified NSA materials did launch an important national debate on the role of government surveillance in the Internet era. More importantly, security pros can't overlook that one day their organizations could fall prey to an insider either looking to make a political point, as Snowden was, or worse - bent on malicious intent.
Risk, the follow-up to Citzenfour by filmmaker Laura Poitras, is also worth catching. This time Poitras describes the transition of Julian Assange and WikiLeaks from widely being considered public advocates for releasing important details about US operations in Afghanistan and Iraq, to the controversial hacking of the Democratic National Committee during the presidential election of 2016. Not all security pros have to deal with presidential election security, but all organizations must deal with the reality of insider threats. Risk and Citizenfour are much-watch films for people serious about information security.
Watch the trailer:
Based on the first of Stieg Larsson's Millennium trilogy of crime novels, this movie has everything: sex, violence, interesting hacks, betrayal, and even a great car/motorcycle chase. While it's essentially a crime drama, the hacker and antisocial personality Lisbeth Salander, played by Rooney Mara, offers up some interesting questions about the ethics of hacking. Is hacking OK if we're looking to solve a murder? Do large, greedy corporations deserve what they get if they're hacked? From a hacking perspective, one of the funnier and more ironic moments in the movie is when Mara's character is confronted by journalist Mikael Blomkvist, played by Daniel Craig, who says, "You can't access those files – they're encrypted." Lisbeth smugly responds, "Please."
Watch trailer:
This 2000 movie is based on the nonfiction book Takedown by security expert Tsutomu Shimomura, who wrote it with journalist John Markoff. Both men were involved in the FBI's chase to catch hacker Kevin Mitnick in the 1990s. Watch the movie knowing that it's shrouded in controversy and is refuted by the book The Fugitive Game: Online with Kevin Mitnick, by Jonathan Littman. Draw your own conclusions, but the Mitnick case remains one of the more high-profile and controversial cases in the history of computing, and security pros should inform themselves of both sides. As a sequel, Mitnick has for several years been on the right side of the law, consulting for Fortune 500 companies and now working as chief hacking officer for the security awareness company KnowBe4.
Watch trailer:
This 2010 film stars Leonardo DiCaprio as Dom Cobb, a thief who steals information by hacking into a person's subconscious. While not strictly a computer hacker movie, Inception offers some interesting insights into our experiences with the real world and dream world, how the two mesh, and the role of technology as we head into a world dominated by artificial intelligence, machine learning, and virtual reality.
Watch trailer:
While this movie was criticized in some circles for underplaying cryptographer Alan Turing's homosexuality, the 2014 movie gets it right on Turing's work with British intelligence to crack the Enigma codes sent out daily by the Germans during World War II. The core of the movie revolves around the primitive tools (by today's standards) Turing and his team used to build Christopher, the machine that cracked the Nazi codes. The movie also covers Turing's troubled personal life and suicide in 1954 after being hounded by British authorities for several years. Turing's contributions to cryptography and the war effort are undeniable and should be a part of any security pro's general knowledge.
Watch trailer:
This Michael Mann movie, starring hunky Thor star Chris Hemsworth, may deserve the award for most critiqued movie, both from the hacking and science communities. Rain Capital's Wang points out that the hacker Hemsworth plays says he would need more than a month to crack a 512-bit encryption key. If it was public key encryption he was talking about, a good hacker in 2015 could have cracked that in a few hours, she says. CSO contributor Maria Korolov details what the movie got right and wrong from a hacking perspective, and in Forbes, scientist James Conca takes the movie to task for getting all of the details about nuclear power plants wrong. Still, Blackhat shines a window into our frenetic, modern world where technology has taken over our lives – and poses some important questions about how potentially vulnerable industrial plants are to cyberattacks.
Watch trailer:
The main lesson of German hacker movie Who Am I: No System is Safe has to be the most basic security lesson of all: Human beings are the weak link. A review in INQPOP! compares this movie to Mr. Robot in that it sheds light on the hacker's world and uses masks as props to incite terror and fear and create a palpable sense of the creepy. If you can hack the English subtitles, this one's a coming-of-age movie for the hacker generation.
Watch trailer:
Consider this our tribute to the great cyberpunk literary hero William Gibson, who also wrote the screenplay for Johnny Mnemonic. The movie draws its inspiration from Gibson's eponymous short story. A young Keanu Reeves plays Johnny, a mercenary data courier in the year 2021. Johnny is carrying the cure for nerve attenuation syndrome (NAS), an ailment infecting half the planet caused by an over dependence on technology – and everyone wants to kill him. The movie takes the viewer into Gibson's world of Loteks, the edge of the Sprawl, and the dystopian future we all seem to be headed toward. Gibson gets a lot of it right, but, of course, today Johnny would be carrying terabytes or petabytes in his head. In the 1995 movie, Johnny's overloaded by carrying 320 gigabytes.
Watch trailer:
This movie serves as a warning of what could happen when ambitious scientists and the military industrial complex run amok. Some of the movie's portrayals of the military industrial complex are laughable; in fact, for most of the movie, it feels like a 1950s sci-fi thriller. The plot revolves around Dr. Lawrence Angelo, played by a young Pierce Brosnan, who befriends Jobe Smith, a local handyman with cognitive disabilities played by a young Jeff Fahey who fixes machines and cuts lawns. Through the use of the virtual reality technology he worked on for the military at nearby Virtual Space Industries, Dr. Angelo transforms Jobe into a highly intelligent superman who surpasses Dr. Angelo's brainpower and winds up able to levitate physical objects and set lawnmowers to cut autonomously. Things go horribly wrong, though, and Jobe becomes a monster, insisting his destiny is to become a new form of energy. He slides into the virtual world and, at the end, takes over a mainframe and enters the international telephone network. The movie ends with every telephone across the world ringing simultaneously.
Watch trailer:
This movie serves as a warning of what could happen when ambitious scientists and the military industrial complex run amok. Some of the movie's portrayals of the military industrial complex are laughable; in fact, for most of the movie, it feels like a 1950s sci-fi thriller. The plot revolves around Dr. Lawrence Angelo, played by a young Pierce Brosnan, who befriends Jobe Smith, a local handyman with cognitive disabilities played by a young Jeff Fahey who fixes machines and cuts lawns. Through the use of the virtual reality technology he worked on for the military at nearby Virtual Space Industries, Dr. Angelo transforms Jobe into a highly intelligent superman who surpasses Dr. Angelo's brainpower and winds up able to levitate physical objects and set lawnmowers to cut autonomously. Things go horribly wrong, though, and Jobe becomes a monster, insisting his destiny is to become a new form of energy. He slides into the virtual world and, at the end, takes over a mainframe and enters the international telephone network. The movie ends with every telephone across the world ringing simultaneously.
Watch trailer:
Some may wonder why the computer press makes such a big fuss about hacker movies. Naysayers describe them as old-hat — a formulaic blend of computing and hacking done by societal misfits peppered in with sex, violence, shady and diabolical villains, and an occasional car chase that ends in a fiery explosion.
That may be true — it is Hollywood, after all — but key people in the industry say hacker movies are important for security people to watch. We agree, which is why we set out to put together such a list.
"These movies are important — and fun to watch — for IT pros who need to keep their networks secure because they mostly get it right and highlight the risks of cybersecurity in a way that communicates to C-level execs," says Stu Sjouwerman, founder and CEO of security awareness company KnowBe4.
The better hacker movies are really quite realistic, adds Chenxi Wang, founder and general partner at Rain Capital.
"As a hacker, some of the movies have a lot of inside information — jokes that you'd find interesting even if it was a bad movie otherwise," she says. "The normal public may miss those insider references, but people like us in the trade find it really interesting. Mr. Robot, for instance, had two real hackers consult for the series, so many things are realistic, including using real IP addresses, using real exploit code — things that only people in the trade would pick up."
And Jeremiah Grossman, CEO at Bit Discovery, says movies such as Snowden can hep security pros can keep up with important current events. While we selected the documentary about Edward Snowden for our list, there's no stopping you if you want to see the 2016 bio-pic directed by Oliver Stone.
"Snowden is a story about the most important and pivotal governmental whistleblower story in modern times — a story that includes computer security, personal privacy, data security, government surveillance, public policy, and national security," Grossman says. "The ethos of the story is not only compelling but valuable to understand as a working professional in the security field.”
In compiling our list, we combined the opinions Sjouwerman, Wang, and Grossman, as well as Dark Reading's staff. All of the writeups have links to the trailers, so if you haven't seen some of these movies, check them out and let us know what you think.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024