When I go to the movies, which is extremely rare, my only expectation is to be entertained. That was my mindset last night when I went with Arian and Anurag up to see the Fortify Documentary, “The New Face of Cybercrime.” I wasn’t expecting to learn anything new or earth shattering, just wanted to enjoy myself and see what they came up with. So when the film opened up with RSnake being interview demo’ing XSS, the crowd roared with laughter, and I was on cloud 9. For much of the audience who is familiar with webappsec and its industry personalities, it was really exciting to see someone we know and love on the big screen in flick made by an academy nominated director.
The film itself was a little fluffy, not much technical detail, and something you’d show your parents or boss who hasn’t been exposed to the infosec industry. They tried to convey how the world is interconnected via networks, completely reliant upon software, and how the bad guys are able to penetrate systems with ease. Again, think of a PBS or History Channel special. That was the feel I got. The film seemed somewhat short on a call to action. They probably did that so it didn’t come cross as a marketing piece, which they pulled very nicely. For myself, the time was well spent and glad I went.
Then in a bold move, Roger Thorton (CTO of Fortify) and director Fredric Golding (with the 3 other panelists), opened things up to the audience to comment and ask questions. Right when they did that I was thinking to myself, OMG, these guys are crazy asking an infosec what they thought! To their credit they were very patient and professional in dealing with the many inane “constructive” criticisms voiced. The stand out of the panelists was Grant Bourzikas, CISO of Scottrade, who was able to answer pointed question masterfully from “business” interest perspective. Clearly he has been around the block once or twice when it comes to web application security in the real world.
During the after party I got to talking with Robert McMillan, Senior Writer, IDG News. He was remarking about how the J.C. Penning CEO, Mike Ullman, who was featured as an application security authority in the film is going to react when they get hacked sometime down the road. And doncha just love the irony, 2 hours later when I got home, Business Week posts a story about “Data lost on 650,000 credit card holders” in J.C. Penney. I guess the bright side is loss was due to a lost tape, in which J.C. Penney was one of 230 retailer impacted, and not some SQL Injection issue. That would have been hard to explain.
All in all I want to thank Fortify for inviting us to a great event and the tasty eats, and also congratulate them on the film.