Dr. Eric Cole Headshot
Report a problem with this profile
[email protected]

Dr. Eric Cole      

Technology Visionary, Author, Security Expert, Founder & CEO of Secure Anchor

Dr. Cole is a 30-year cybersecurity industry expert on a mission to simplify complex technology and make the digital world safe for businesses, individuals and families. An advisor and consultant to former President Barack Obama, Bill Gates and other high-profile clients, Dr. Cole has deep and varied expertise that extends to both the public and private sectors, including the federal government and large corporate enterprises. He is routinely called upon to serve as an expert witness in IP litigation, criminal and civil cases, and cybersecurity breaches.

Additionally, Dr. Cole is helping to educate and equip the next generation of information-security leaders as a former adjunct professor and guest lecturer at Georgetown University, New York Institute of Technology, Massachusetts Institute of Technology, Harvard University, University of California at Berkeley, and Purdue University; author of eight textbooks; and creator of a bestselling course on cybersecurity (through which he has trained more than 65,000 people), as well as other training courses and certification programs.

Dr. Cole got his start working with the Central Intelligence Agency as a professional hacker. After eight years with the CIA, where he rose to the position of program manager / technical director for the Internet Program Team with the Office of Technical Services, Dr. Cole moved from offense to defense, leaving government to join the private sector. For the next 15 years, he held top positions—including chief technology officer and chief scientist—at companies such as Lockheed Martin, McAfee and the Syntex Group, Inc.

In 2005, Dr. Cole launched Secure Anchor Consulting, where he serves Fortune 500 companies, financial institutions, international organizations and the federal government. Through his consulting work, Dr. Cole provides a broad range of services, including security assessments, cybersecurity training, executive-awareness training, expert-witness testimony and keynote speaking. Dr. Cole fervently believes that cyberattacks are preventable, but companies are making cyber too complex. He is a proponent of greater regulation, arguing that we’re getting advice from the people who failed us—the technology companies—and have come to an inflection point that requires us to hold these companies accountable.

Highly recognized in his field, Dr. Cole has served on several prestigious committees, including the Commission on Cyber Security for the 44th President, the Purdue University Executive Advisory Board and SME for the Nuclear Regulatory Commission.

Dr. Cole received his doctorate in network security from Pace University. He also holds Bachelor and Master of Science degrees from New York Institute of Technology, where he was recognized as the sole recipient of the Harry Schure Graduate Memorial Award. In 2014, Dr. Cole was admitted into the Infosecurity Hall of Fame.

Speech Topics

You Are a Target

One of the big problems in cybersecurity is individuals and companies do not believe they are a target. The problem is, they will happen and the probability of you or your organization being compromised is almost a guarantee. Often the smaller the company, the less security, and the easier it is to break in. So organizations that don’t think they are big enough for an adversary to come after them, are often the prime target of attack. Today’s attackers are not stealing a million dollars from one person, they’re stealing $1 from a million people. So those that do not think they are a target, let down their guard, and do not implement proper security, are often the ones that very quickly become victims.

Online Danger

Whether we like it or not, we live the majority of our life in cyberspace. Regardless of the amount of time in cyberspace, we need to recognize that our personal, critical information is stored online in computers. If we do not protect our online information, it will cause detrimental damage to us, our families and our businesses. Whether you realize it or not, you are a target. You are going to be compromised. And only by understanding the threat and taking action, can you be safe in cyberspace today.

Security Metrics

You cannot manage what you cannot measure. A common issue with cybersecurity is doing good things, but not the right things that really matter. Missing one key aspect is all it takes for an adversary to break in. In order to stay ahead of the adversary, it is important that companies have critical security metrics to identify what is and is not working. By having proper metrics integrated into a security dashboard, organizations can make the right decisions to protect and secure their critical assets.

The Myth of Cybersecurity

One of the most dangerous mindsets an organization can have is that they will not be attacked or that compromises do not occur. This is because when you do not think you are a target, you are not going to focus energy and effort in the proper areas of security. Yet the probability of an organization getting compromised is almost a guarantee. An adversary is after any organization that is in business and has critical data that needs to be protected. It is important to learn what the real threats are to an organization and actionable steps you can take to protect and secure your organization to stay ahead of an adversary.

Steps of a Cyber Attack

Many organizations focus on cyber defense, yet they do not really understand how an attack actually works and what the real exposures are to an organization. It is important to learn step by step how an attack actually works and how to use this knowledge to properly protect and secure your organization. When you understand the steps of an attack, how the threat works and what the vulnerabilities are, you can start to focus on fixing the right problems, and properly securing and protecting your organization. The only way to be good at the defense is to understand how the offense operates.

Defending a Compromised Network

Every time you add servers, new applications, or add functionality, you are decreasing your security. Based on common threats and the persistent nature of the adversary, the problem of an organization being compromised is very high. The challenge with implementing effective security is containing, controlling, and minimizing the damage to defend an already compromised network. Too many organizations focus on prevention and nothing else, so if prevention fails, there is not much else in place to minimize the damage. The real approach to security is timely detection. The key is to accept the fact that a compromise will likely occur and when it does, have a plan detect and respond in a timely manner to contain and control the damage.

Show more speech topics
Cybersecurity Playbook

Having an effective playbook is necessary if you want to win. Unfortunately many organizations fail to have one for cybersecurity. In most organizations, cybersecurity plans tend to be reactive measures in which organizations are not clear on what to do and when to do it. If you want to win in the game of cybersecurity, you need to have an effective playbook with proper plays that allow you to be able to detect, control, and minimize damage. By understanding the offense, what the adversary is going to do, you can create effective defensive plays to implement in order to win at this game of cybersecurity.

Proactive Security

The current model that most organizations use to protect their organization utilizes preventative measures. The problem is today’s adversary is targeted and data-focused. There is no visible sign of an attack. That is why, on average, most organizations are compromised for 27 months before the attack is detected. The model needs to shift from visible detection to proactive analysis within your organization. Taking a proactive approach, where you are actively looking for the adversary, realizing you are already compromised, is the best way that an organization will win and stay one step ahead of the adversary. Today, it’s not a matter of preventing all attacks, but true security is focused on containing and controlling the damage through timely detection.

Show less speech topics

Related Speakers View all

More like Eric