It’s not often that bank CIOs and CISOs get invited to walk the red carpet at a film premiere, but it was a full house at the Tribeca Grand Hotel’s screening room at the end of January when Fortify Software held the New York premiere of its documentary “The New Face of Cybercrime.”
While it would be a stretch to say that Sundance had nothing on this premiere, it did draw a crowd. There were minor celebrities—counting prolific software security author Gary McGraw, and Ted Schlein, the venture capitalist at Kleiner Perkins Caufield & Byers who cut his info security teeth bringing McAfee to market. There was an all-but-unknown director onstage thanking his editors and crew. There was popcorn. There were even swag bags. About the only thing missing were models in gowns, but, c’mon, there aren’t a lot of sequins and heels in the IT department.
The movie had all of what you’d expect: lines of code scrolling up a screen; interviews with a real-life hacker talking about how easy it is to get your Social Security number; Howard Schmidt warning that this isn’t just script kiddies anymore; and the requisite references to a digital 9/11, state-sponsored espionage from China, and TJ Maxx spending $150 million to recover from its breach.
Basically, for this audience, the film covers no new ground. But that’s exactly the point, says Roger Thornton, CEO of Fortify, who acted as key grip, executive producer, and chief bottle washer on the film. “I talk to information security chiefs and CIOs all the time, and I talk to the business executives,” Thornton says. “And I know that what this group of security experts knows is not permeating to the other groups.”
So while the film premieres in California, New York and London are a bit of a hokey PR display, Thornton’s plan for the movie he funded is not. First it will be offered for viewing to clients and potential clients, and eventually to anyone who requests a copy.
Many bankers present said they couldn’t wait to screen it in house. Paula Campbell, a vp at Citi, said she’d definitely show it to her developers and info security folks. Jim Routh, CISO at the Depository Trust & Clearing Corporation—who was interviewed in the film—says he’ll play it for every new executive hired at the firm. Ben Rothke, a security consultant for BT INS, says it would do most CEOs well to watch the movie. “It was driven, compelling, and I think anyone who sees it and doesn’t take action is derelict of their duties.”
Fortify’s goal is for the movie to become part of companies’ info security (for civilians) training program. Thornton says, “Instead of an hour-long PowerPoint lecture on information security, they can show this 22 minute film, have a thirty minute discussion, and let everyone go 10 minutes early.”
