Why Mr. Robot finally provides decent PR for IT security

Hollywood is finally getting cyber security right, and that’s a good thing for IT leaders. Right, Mr. Robot?

This is a contributed piece from Wolfgang Kandek, Chief Technical Officer at Qualys

Once limited to the realms of business and IT, cyber security has taken a trip to Hollywood where it is increasingly featured in mainstream TV shows and films. Unfortunately, IT has traditionally gotten a raw deal when it comes to being portrayed accurately on screen.

Part of this is due to the nature of IT work – command line interfaces just aren’t dramatic, no matter how much scary music you put behind them. Another problem is the enormous artistic license that film and TV show makers have taken when depicting technology. Instead of using technology to drive clever plots, it has been employed as an arbitrary hook to build interest or as a crutch for a hobbled tale.

But this has started to change. TV and movie audiences have become more sophisticated in their understanding of technology, and thus less tolerant of inept tech-related plots. As a result, technology issues, characters and stories are being presented with more accuracy and realism on TV and films.

One of the best examples of this new crop of higher quality, tech-related productions is “Mr. Robot,” a TV show developed by Universal Cable and USA Network that has been a tremendous hit with audiences and critics alike. Also available in the UK through Amazon Prime, Mr. Robot has proven that a show that is as realistic as possible about IT security can also be very entertaining.

The series, about a security engineer and idealistic hacker called Elliot Alderson, is known for its use of accurate technology references, including specific application languages, privacy terms and anonymisation tools. This degree of accuracy helps build the perception that this story is faithful to reality.

At RSA 2016 in San Francisco Rami Malek, the actor who plays Alderson, visited our booth and I had an opportunity to interview him in front of an audience of approximately 500 people. He told us that the effort to keep application development and software references as accurate as possible was a huge undertaking for the whole team involved in the show.

During the interview, he mentioned that the usual approach for actors is to have their lines down and to know their marks on the stage or location. However, for him there was much more preparation required.

“We would go through every animation they had worked on for the screen, how I would access it, what it would do,” Malek said. “In that sense, it would be as authentic as possible. Anything that appeared in the monitor we were doing. For the majority of the show, we rarely saw a green screen.”

IT teams can benefit from the attention that series like Mr. Robot draw to security in the real world. The series stresses the importance of protecting people and businesses from hacking and malware by framing the challenge in terms of an “arms race” or “battle”.


This adversarial positioning can be helpful for IT pros, because it portrays them as soldiers on the front lines trying to protect innocent victims. However, many business owners and executives still see cyber security as an expense that can be difficult to understand and justify. As a result, misguided business leaders often focus their technology priorities on the latest whiz-bang apps and devices, and overlook critical, glaring security gaps in their IT infrastructure that have existed for months. They fail to understand the importance of protecting their company’s assets and data.

The steady stream of brazen and devastating hacks against multinational companies in the past year has helped raise awareness of the importance of cyber security. In particular, it has been eye-opening for large businesses that some of the most crippling attacks have exploited known and documented vulnerabilities for which patches exist. This is a warning that companies have to get the basics right before spending money on software and devices that may be nice to have, but not essential.

Mr. Robot plot lines have included instances where hackers have exploited known vulnerabilities to launch Distributed Denial of Service attacks, unleash phishing campaigns and distribute malware. Patching these security holes can help IT teams protect their organisations from data theft and financial ruin.

To make the most of the awareness that these new shows can generate, organisations must establish consistent security practices and policies, and approach security as an ongoing endeavour rather than as a one-off activity. This can help justify more investment in IT security management over time, and ensure budget gets directed to the right places.

This approach requires keeping IT security in mind across the organisation, rather than looking at specific areas like software development or perimeter security. Instead, security has to be baked into the organisation from the ground up. It can’t be viewed as an extra or an area where investment can be made intermittently. This “security by design” approach has to be part of the overall management approach that a company has in place.

From a management perspective, this should include rethinking how IT assets are tracked and audited over time. Cloud-based security software can help because it allows organisations to conduct more regular scanning of IT assets based on the value of the data stored in them.

In closing, shows like Mr. Robot that are realistic about IT can help the public better understand the importance of cyber security, a new awareness that they then bring with them to their workplace. This in turn helps IT pros communicate with employees about security risks and responsibilities, and with top managers, so that technology budgets can be allocated more strategically. Putting this emphasis on protecting the company’s assets can help provide a brighter future for IT security.