• United States




Five ways cybersecurity is nothing like the way Hollywood portrays it

Dec 15, 20166 mins

According to pop culture’s portrayal of cybersecurity, the industry is hot property. Hacks and breaches not only dominate the real-world media, but they can be seen everywhere in TV and movies today.

Granted, there have been some early examples of security issues playing a role in pop culture plot lines, such as the 1980s cult-classic Tron. But in recent years, Hollywood seems to have really picked up the mantle when it comes to cybersecurity. If the bright lights of TV and movies are to be believed, hackers are simultaneously the coolest and scariest people on the planet.

Let’s take a look at five of the most common cybersecurity misperceptions as portrayed in TV shows and movies:

1) A day at the office is like an action movie: In pop culture, IT security tends to be portrayed as a fast-paced industry with our cyber heroes forever confronting life-and-death scenarios.

The Hollywood Take

In the movie “Blackhat,” Actor Chris Hemsworth, who plays a hacker, tries to track down the film’s villain and, in the process, ends up engaging in fist-fights, shootouts and general ‘badassery’ that would put the Special Forces to shame.

Even when fists or bullets aren’t being traded, hacking is never a slow affair devoid of adrenaline. For example, in the TV series “Scorpion,” an airplane is rebooted in flight by dropping a cable down and plugging it into the laptop of a fast moving car.


A day for most real cybersecurity pros is admittedly much more mundane. Many hours are dedicated to meetings, conference calls and reporting. Typically, the most action cybersecurity professionals get is a heated exchange on a forum.

2) Hackers are loners: Hollywood tends to rely on a stereotypical hacker persona – loners and “super geeks” working alone in their parents’ basement.

The Hollywood Take

Rami Malek playing the role of Elliot Anderson on “Mr. Robot” is the latest incarnation of hackers being portrayed as loners who are isolated from society. But he’s far from the only hacker who is depicted in this way. In “The Matrix,” Keanu Reeves’ character, Thomas Anderson, is portrayed as having no real friends or family, prior to embarking on his mission. And Sandra Bullock’s character, Angela Bennett, in “The Net” is a lone software engineer who works from home and whose only form of friendship is via online chats.


With security becoming an increasingly popular profession, this archetype is beginning to feel antiquated. Most cybersecurity professionals are well-adjusted and perfectly social members of society.

3) Cyberattacks are mysteries that are easily planned – and solved: Fictional cyberattacks exist as a way to move plots forward, so they are planned and solved a lot faster than they are in the real world.

The Hollywood Take

In the much-loved movie “Office Space,” the protagonists want to make some money. In one short scene, they create a ‘virus’ that can steal a fraction of a cent from every transaction. Planning an effective cyberattack that will net them a tidy sum proves to be no sweat for this crew.

On the flipside, no problem is too big that it can’t easily be solved by our plucky protagonist. In the movie “Firewall,” Harrison Ford’s character is informed of an attack against the bank’s infrastructure. With a few clicks, he changes some rules in a production environment and puts an end to the fiend’s devilish plans.

The only thing limiting a hacker in TV shows and movies is the writers’ imagination. Need to plan a quick escape? There’s sure to be a hacker in the ragtag group of rogues – à la “The Italian Job” – that can hack into a city’s traffic management system to manipulate the traffic lights.


In actuality, planning a sophisticated cyberattack can take malicious criminals a very long time. And conducting an investigation to determine what happened can take even longer – months or even years. Many times, such attacks are never solved. 

4) Everything happens in real-time: Movies and TV shows often depict cyberattacks as events that unfold violently on a computer screen right before the hero’s eyes. 

The Hollywood Take

The perfect example of this? Take a look at this unintentionally hilarious clip from “NCIS.”

In the movie “Swordfish,” Hugh Jackman’s character has 60 seconds to hack into a machine, all while John Travolta is holding a gun to his head.

And who could forget Q’s infamous words from the Bond movie “Skyfall”: “Whenever I try to gain access, it changes. It’s like solving a Rubik’s Cube that’s fighting back.”


Real life intrusions – at least those that are effective – often happen quietly under the radar without the victim’s knowledge. In fact, victims may not find out about a breach until months or years down the road. Similarly, defending corporate infrastructure doesn’t happen in real-time, and it’s definitely not a function of how fast you can type. Most effective defense tactics are deployed in advance. 

5) Hackers are always geniuses and technical masterminds: Convoluted security jargon? Check. Flawless expertise of endless software and systems? Check. Yes, in Hollywood, every hacker is a prodigy.

The Hollywood Take

In “Enemy of the State,” Edward Lyle (Brill) was the genius hacker mastermind, portrayed by Gene Hackman (no pun intended), who could outwit, outsmart and outhack the NSA.

In the TV shows “Arrow” and “The Flash,” Felicity Smoak and Cisco Ramon are respective members of the team that can hack their way out of any problem. Tracking bad guys, borrowing satellite feeds and monitoring every CCTV in the city? No problem. But which one of the two is the best hacker in the world?

One of the most iconic evil computer geniuses ever to grace the screen is probably Eugene Belford in the Angelina Jolie-starring movie “Hackers.” On top of that, anyone with the handle “The Plague” is sure to mean business.


The painful reality is that, today, anyone can easily become a successful cybercriminal. “Cybercrime-as-a-service” providers host cybercrime toolkits in the cloud and offer access on a subscription basis, making it easier than ever for anyone – even individuals with minimal security knowledge – to plan and execute attacks. These providers run their operations just like regular businesses, even going so far as to provide support and training materials to increase attackers’ chances of success.

Director’s Take

Now that we’ve thoroughly discussed how horribly cybersecurity is portrayed in TV shows and movies, let’s take a moment to look at the upside of the situation. Having cybersecurity included in so many Hollywood plot lines – as bad as the depictions may be – still goes a long way toward generating awareness that this is a real issue – and one that isn’t going away anytime soon. The portrayals may not be worthy of an Emmy or Golden Globe, but if these TV shows and films can convince even one consumer or business to pay more attention to security issues and take preventative protection measures, then that’s a win in my book…or should I say movie.


Javvad Malik is an award-winning information security consultant, author, researcher, analyst, advocate, blogger and YouTuber. He currently serves as a security advocate at AlienVault.

An active blogger, event speaker and industry commentator, Javvad is known as one of the industry’s most prolific influencers, with a signature fresh and light-hearted perspective on security.

Prior to joining AlienVault, he was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning. Prior to that, Javvad served as an independent security consultant, with a career spanning 12+ years working for some of the largest companies across the financial and energy sectors.

Javvad is an author and co-author of several books, including The CISSP Companion Handbook: A Collection of Tales, Experiences and Straight Up Fabrications Fitted Into the 10 CISSP Domains of Information Security and The Cloud Security Rules: Technology is Your Friend. And Enemy. A Book About Ruling the Cloud. He’s also the founder of the Security B-Sides London conference and a co-founder of Host Unknown with Thom Langford and Andrew Agnés.

Javvad has earned several professional certifications over the course of his career, including Certified Information Security Systems Professional (CISSP) and GIAC Web Application Penetration Tester (GWAPT). He’s also won numerous awards in recent years for his blogging, including the "2015 Most Entertaining Blog" and the "2015 Best Security Video Blogger" recognitions at the European Security Blogger Awards.

The opinions expressed in this blog are those of Javvad Malik and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.