Dan Meacham (VP, Cyber and Content Security at Legendary Entertainment) grew up teaching himself computer science from the lines of BASIC code printed in magazines. He’s since built a career that spans hands-on hacking, industry leadership, and now securing some of the most valuable film and streaming IP in the world.
In our conversation ahead of Black Hat MEA 2025, Meacham reflected on his journey into entertainment security; took a deep dive into the risks unique to film production; and how he fosters a strong security culture among large teams of creatives.
“I grew up where the computer games were lines of code in the back of a magazine that you typed into a computer. It was a fast way for us to learn all about commands, variables, process flows, and managing the inevitable compiler failures and disappointments.
“Joking aside, starting out with the BASICs (pun) really helped me understand the capabilities and limits of what we could manipulate. I remember intentionally overstocking a buffer that enabled me to take a CGA monitor on an 8086 processor and extend the classic 3 colour palette to over 256 color variations.
“What I think is the better part of my journey is the balance of lateral critical thinking skills, communication, and initiative. The drive to learn and understand how things work, how they break, how they connect. Building partnerships with vendors, industry associates, coworkers. Participation in curriculum development, cyber competitions, and defining industry standards and frameworks. Through these connections, I have been able to share my skills outside the workplace and into the community.
“In 2014, I was named Cyber Security Leader of the Year by the Los Angeles Business Journal. Later that year, Sony experienced a cyber incident. Legendary at the time was building out their cloud-first architecture; and recognised that cybersecurity was more than a faculty of business.
“Leaning in, I was given the opportunity of a lifetime – build out a first-class program focusing on cloud-first with a major presence in China and near unlimited resources. I think I implemented more cybersecurity technology in the first three months than I did in my last three roles. We were not afraid to be ahead of the curve and take on new and innovative ideas.”
“There are many layers to defining the types of cyber risks to film and streaming productions. It’s easy to visualise the creative content and protect artefacts, from scripts and concept art to the infrastructure that processes and delivers the assets. The industry is like every other industry where you are protecting the users, the data, and the devices. Some of the unique outliers involve the production of the content.
“As an example, a movie or television series is called a production. In simple terms, the production is a product that we produce and then deliver to a customer that in turn distributes to the consumer. The distribution can range from a theatrical release, SVOD (Streaming Video on Demand), or physical media such as DVD.
“However, in building the product, this is where the challenges really divert from traditional cybersecurity threat models. To begin with, the workforce is diverse and not consistent. A production usually is made up of crew who are not employees. Each show is its own company. And at any given time, the size of the team can range from as small as 12 members (such as pitching the idea and writing a script), to several thousand during principal photography (filming), and then back down to a few hundred or smaller during postproduction (editing, sound, music).
“Look at the credits crawl at the end of a movie, there are literally thousands of names and many different companies in the list. Every one of those names touched the production in some fashion. And each name on that list is a potential cyber threat.
“Each production also has its own tech stack. A director may prefer a specific type and brand of camera – digital or film. The production office may need to leverage various payroll systems and vendor management platforms to address local data privacy and regulatory requirements of where the production is filming.
“And then the supply chain also has a very wide threatscape. Localisation, for example, is the process of adding subtitles and voice overs on the film for specific markets. For the localisation partner to add the subtitles and voiceovers, they need a copy of the movie and the script. There are several cases where leaks have occurred in the postproduction supply chains and workflows.
“Following that, consumer products provide the licensing and merchandise related to the production to the consumer. There are examples of character leaks and spoilers just from a toy showing up early to a retail store or fast-food restaurant. And there are many unlicensed merchandisers online that cut into revenue.”
“I do chuckle every now and then when I see an IP address with a number over 255. We must be careful to not be too accurate in the details as some folks will try to replicate the activity. Think about folks calling phone numbers they see in a movie. And if it is too technical, the audience can be lost.
“Shows like ‘Mr. Robot’ help bring awareness of threats – and do help IT professionals make arguments for more budget and better tools. What I do appreciate are the practical applications to solving problems…I’m happy we have stories to tell that inspire audiences to be inquisitive as well as to educate themselves about privacy, safety, and responsibility.”
“Building trust. A strong security culture is about solving challenges to enable opportunities. Understanding where the creative is and what they are trying to accomplish involves listening and realizing the vision. Then, we can have a conversation to talk about the potential risks and challenges that may hinder achieving a desired outcome.
“By understanding the business, financial, operations, technical, and security risks; we can work on defining the boundaries to operate and the expectations for engagement. Not every challenge has a technology solution; and in many cases, we can minimise risks with simple process changes, contract language, and manual controls.
“Another approach is knowing what are the non-work-related important things. Hosting a lunch for the office staff on how to protect your family online, for example, can lead to good cybersecurity practices that make their way into the work practices. The key is, be the trusted partner that the creatives can come to when they have a question.”
“The lateral and critical thinking skills are critical. Look at each challenge as a system, and not as a problem to solve. The obscure becomes obvious when chasing down whatever it is you are chasing.
“Certifications are very important for learning and career advancement. I can’t recall anyone ever asking me what my grade was on a particular calculus exam or class, or how many times I had to take a certification exam – but I do recall folks asking what my CISSP certification number is (it is 24542 and I got it on the first try). Often, I became the ‘expert’ because I took the initiative to learn, read a book, could spell EDI, or passed a certification.
“In today’s job market, it can get really frustrating with the lack of opportunities. Don’t give up. Know what you like and what you want to do. If the opportunity doesn’t come to you, make the opportunity. Contribute to your community by helping others learn about cybersecurity. Host evening classes at your local library on what you find interesting; and you may find others who share your passion. Learn to code and write scripts. Leverage AI – but verify. And be a good human; compassion with a smile goes a long way.”
Thanks to Dan Meacham at Legendary Entertainment. Get your pass to attend Black Hat MEA 2025 and learn directly from the leading minds in cybersecurity.
Join the newsletter to receive the latest updates in your inbox.
A new benchmark from IANS and Artico Search reveals how CISOs are allocating security software budgets: 30% of total spend on average, consolidation rising, and MSSPs supporting most programmes.
Read More
New data shows how digital friction is no longer just an HR issue, but a live cybersecurity risk.
Read More
Jerich Beason (CISO at WM) shares lessons in trust, transparency and leadership in cybersecurity – and why saying sorry helps build stronger teams.
Read More