Why Predator is the ultimate CISO movie
There’s often a lot of debate as to what the best security or hacking movie is. Many people talk about hackers, or sneakers, or try and slip Mr Robot into the mix.
But they are all way way waaaaay off the mark.
I was reminded of this by Phil Cracknell who posted on linkedin that in his opinion the Kevin Costner, Whitney Houston classic, Bodyguard was the best infosec movie.
And that is a very good comment, but I’m here to tell you that the best movie ever made infosec (and arguably one of the best movies ever made) is Predator, starring Arnold Schwarzenegger.
Don’t believe me? Well read on.
The movie starts on the outskirts of a jungle and the CISO (Arnie) with his team land in their helicopters. This is a perfect metaphor for how a CISO operates in day to day situations. They’re alone, in a jungle – so it’s important to have a solid team surrounding you. Do remember this movie was made in the 80’s and so the whole team were testosterone-laden men. But let’s suspend disbelief for the rest of the duration.
We then have the iconic scene inside the tent where Arnie recognises his old colleague Dillon (played by Carl Weathers / Apollo Creed). This is the sign of a good leader. Even when they move on from roles, they remember all the people they worked with and engage in some friendly banter.
The mid-air arm wrestle is the key part to pay attention to. We see Arnie is still sharp and strong, his biceps bulging, whereas Dillon has let himself go. “What’s the matter, agency got you pushing too many pencils?” is what Arnie quips. This is exactly what happens to anyone that leaves a technical role to go become a consultant. They quickly lose their skills and can’t compete against the best. This is a reminder to all security pros that they need to continually keep their skills up to date or risk becoming a dinosaur.
There’s a mission for Arnie and his team of merry men that are bursting at the seams with testosterone. It’s behind enemy lines, to get the people who went in to get the people. Yes, it’s all very macho military – but it’s no different than running an incident recovery. You make a plan, go in, save the data, get out. The kind of stuff the SAS excel at.
But hold on, Dillon is tagging along. Arnie resists the idea, saying, “My team work alone.” But some superiors have signed it off meaning they have to take him along.
This was a stroke of genius. It represents a struggle many CISO’s around the world face. They have a plan, and they have the right team to execute it. But one of the execs plays golf with someone on the weekend, and their son has a startup and their software would be perfect for the security team. Or maybe the CEO’s nephew needs work placement. The point is that the movie illustrated that it doesn’t matter if you have biceps as big as watermelons, and you have a hardened team of stone-cold killers. If someone high up says you need to take along Dillon.exe, you have to do it.
Once dropped in the jungle, the team make their way to the rebel camp. Critics say the attack on the camp is the worst part of the movie, how it was shot by a secondary camera crew and didn’t have the same pacing or drama as the rest of the movie. But any security pro worth their salt who has been on a SANS Sec542 course will recognise all the steps of a pen test being played out.
Recon -> Mapping -> Discovery -> Exploitation / Explosions!!!!
It’s these kind of little details that make this a masterpiece.
It’s a this point of the movie that the real technical nature starts to show. Up until this point the movie had demonstrated leadership skills, office politics, stakeholder management, and a pen test. But from here on out you had the unknown. A Predator stalking them from the jungle, camouflaged by some cloaking device and having a full arsenal of weapons.
This is clearly meant to be the manifestation of an APT. In fact, studios debated that the movie should have been called APT, but eventually it was decided that name was too ahead of its time.
Back in the jungle, the team are making their way back to the rendezvous point and have a feeling that something isn’t quite right. It’s like the time when Billy stops and stares into apparent nothingness. When Arnie asks what’s got Billy spooked, he simply says, “There’s something in those trees.”
This all out nerd line clear for anyone who ever used a log manager or a SIEM. Logs are made from trees. So what Billy is really saying is, “check the logs.” He had the gut feeling that something was wrong, but he didn’t know what. This is why it’s so important to have accurate logs and be able to query them effectively for not just known threats, but also unknown threats. If the predator represented a new strain of ransomware developed by China / Russia / Iran / other nation-state, then they would have been forking over a few bitcoins by the end of the movie.
The first time the Predator makes itself known to the team are when the rescued captive / hostage girl tries to escape and the nerdy one chases after her only to end up getting killed by the Predator. This is why we need a plan before trying to respond. When in haste we often make mistakes, fall for scams, or execute commands in production without checking them.
We then have the rest of the team appear and shoot 10 million bullets into the jungle, at nothing in particular.
Some people thought the scene was overkill, but in reality we’ve seen it happen all too many times. An organisation won’t care about a particular risk, they’ll keep accepting it. But when something does happen, everyone trips over themselves wanting to show that they care.
How many times has a multi-million dollar security initiative been kicked off in the aftermath of an incident? That’s exactly the point here. It uses up way too many resources, and doesn’t even achieve the desired effect.
A small detail to note here is the Predator is hit by a bullet or two and leaves some green blood behind. The girl notices it – indicating how even if you mess up, forensics is really important.
The blood also serves as an IoC. We understand that the attacker isn’t invisible and can make mistakes. When you have an IoC, you can track them – which is what Arnie means when he uttered the lines, “If it bleeds, we can kill it.”
We have the part then where each member of the team gets picked apart. They try to set up traps (a honeypot) but the APT has some slick evasion techniques.
Arnie makes a run for it – he knows he can’t survive in a battle so has to escape. He falls down a cliff and a waterfall and starts crawling out of a shallow stream onto the muddy bank, where, completely drained he waits for the inevitable.
Yes, you got it. The shallow stream was maybe an inch deep, but it looked a mile wide. This was the manifestation of the CISSP. It was shallow but it was enough that when Arnie reached the bank, the mud stuck to his whole body like a second skin – masking him from the Predators vision.
It’s to say that certifications themselves won’t necessarily help you – but they can give the right base upon which you can build. It was such classically subtle product placement that Arnie doesn’t ever have to pay AMF’s for the rest of his life.
We then reach the climax of the movie – the point at which Arnie realises what any good CISO realises at some point in their career. You don’t need flashy tools and the latest in AI technology to defeat a superior enemy. Maybe you don’t have your team because of budget constraints, or politics, or maybe because an alien killed them all. But what you will have are your basic skills which you acquired, working your way up the ranks.
So despite not have access to the latest technology, Arnie crafts weapons out of the jungle. This is the ultimate CISO who remembers how command lines on the mainframe. Some careful planning and an all-nighter is all he needed to defeat the enemy.
But that wasn’t all. There was one parting message. The Predator set its self-destruct sequence and Arnie had to run to get out of the blast radius. This was a homage to ransomware – the criminals will be more than happy to destroy all your data if you don’t meet their demands. It’s why it’s important to have backups.
The last scenes show a battered and bruised, but very much alive Arnie being air lifted to safety. Contrast that to how he was at the beginning of the movie. This shows how quickly a CISO can get burnt out on the job. The stress and strain really takes its toll even on the strongest.
And that is why Predator is the ultimate CISO movie ever made.
*** This is a Security Bloggers Network syndicated blog from Javvad Malik authored by j4vv4d. Read the original post at: http://feedproxy.google.com/~r/J4vv4d/~3/z6cvG0GGSRI/
