Technology Visionary, Author, Security Expert, Founder & CEO of Secure Anchor
Dr. Eric Cole is an industry expert with breadth and depth experience across integrated cyber security. He focuses on creating, enhancing and solving complex problems by bridging the gap between a business and technology mindset, with a focus on security and innovation.
Secure Anchor Consulting
Dr. Cole is a founder of Secure Anchor Consulting, a leading provider of cyber security solutions and services. Dr. Cole is an invited speaker and subject matter expert on SCADA and critical infrastructure cyber security. He has been a member of many key organizations including: Commission on Cyber Security for the 44th President (25 industry experts), Purdue University Executive Advisory Board and SME for the Nuclear Regulatory Commission
Cutting Edge Technology
Dr. Cole continually stays abreast of cutting edge technology and industry regulations including NERC- CIP, CFATS and HSPD-7 and creates solutions that meet the business goals of an organization.
Dr. Cole acts as an expert witness for several government and commercial companies in a variety of litigation (i.e. FTC vs. Microsoft and Nomadix vs. Second Rule.
At McAfee, Dr. Cole was a Senior Vice President and Chief Technology Officer of the Americas. As McAfee’s visionary and evangelist, Dr. Cole was responsible for strongly influencing the company’s technical direction in alignment with our CEO, EVP, Product Operations and other key product executives and technologist across the world. Dr. Cole played an integral role in the company’s strategic direction, development, and future growth as the global leader in digital security solutions. Dr. Cole was a key leader in the execution of technology strategy for technology platforms, partnerships, and external relationships. Dr. Cole worked closely with the CEO, EVP of Product Operations and other key stakeholders to establish a product vision and road map to achieve McAfee’s goals and business strategies. Dr. Cole was engaged in identifying and capturing intellectual property and driving new innovation across the company.
Dr. Cole served at Lockheed Martin as IS&GS Chief Scientist and Lockheed Martin Senior Fellow. Lockheed Martin selected Dr. Cole into its prestigious fellowship program, an award it makes to less than of its 130,000 employees. Moreover, Dr. Cole was the first Fellow within Lockheed Martin’s Information Technology Division. As a Lockheed Martin Senior Fellow, he is a frequently invited speaker at a variety of conferences and security events focusing on security for SCADA systems. As Lockheed Martin Chief Scientist, Dr. Cole current role included performing research and development to advance the state-of- the art in information systems security. Dr. Cole specialized in: secure network design, perimeter defense, vulnerability discovery, penetration testing, and intrusion detection systems performing several security assessments for the energy sector. Over his 5+ years at Lockheed Martin, he played a lead technical advisory role in many high profile, security focused projects for Federal clients to include civil, Intel and department of defense, including the FBI Sentinel, DHS Eagle, JPL, Hanford and FBI IATI programs.
Dr. Cole served the SANS Institute as Dean of Faculty and a member of a five person team tasked with creating a degree granting institution and receiving certification from the state of Maryland. Currently, they offer two Master’s degree programs focused on technical people that need managerial skills and managers who need technical skills. Dr. Cole designed and implemented curriculum and provided leadership to faculty to successfully deliver the degrees. Dr. Cole also served as Director of Research- Computer Network Attack, Enterprise Security Architecture and Director of the Cyber Defense Initiative. Dr. Cole was lead instructor and course developer for several security courses. Dr. Cole executed and contributed to the development of several of the GIAC certifications including GIAC Certified Security Essentials (GSEC), GIAC Certified Advanced Incident Handling Analysts (GCIH) and GIAC Certified Firewall Analysts (GCFW).
Dr. Cole has served as Chief Information Officer, Chief Security Officer, V.P. of Enterprise Security and Director of Security for several leading organizations including: Sytex Group, GraceIC, American Institutes for Research, Vista Information Technologies, and Teligent.
Dr. Cole began his career at the Central Intelligence Agency rising to Program Manager / Technical Director for the Internet Program Team with Office of Technical Services. Dr. Cole was a Senior Officer of the agency and implemented the Internet Program Team that specializes in rapid development and in exploiting the latest Internet technologies. Dr. Cole designed and developed several secure communication systems and was responsible for providing technical direction, technical design, security assessment, and programming modules. Dr. Cole secured internal servers, continually performed intrusion detection, and reviewed audit logs. Dr. Cole performed independent security reviews and penetration testing of (World Wide Web) servers for other offices. Identified several weaknesses and ways to fix those problems and secure the system. Dr. Cole received letter of appreciation from the DCI (Director of Central Intelligence) and several Exceptional Performance Awards for this project.
Dr Cole received a Doctorate degree in Network Security from Pace University, a Master of Science Degree in Computer Science from New York Institute of Technology where he was recognized as the sole recipient of the Harry Schure Graduate Memorial Award. Dr Cole received his Bachelor of Science degree from New York Institute of Technology in Computer Science with the following honors: Graduated Magna Cum Laude, Dorothy Schure Memorial Award, Jules Singer Award, Grace Hopper Award from Computer Associates, Presidential Academic Award (4.0 semesters), Presidential Service Award, Dean’s List, Member of Who’s Who Among Students in American Universities, and Member of Nu Epsilon Tau Honor Society.
You Are a Target
One of the big problems in cybersecurity is individuals and companies do not believe they are a target. The problem is, they will happen and the probability of you or your organization being compromised is almost a guarantee. Often the smaller the company, the less security, and the easier it is to break in. So organizations that don’t think they are big enough for an adversary to come after them, are often the prime target of attack. Today’s attackers are not stealing a million dollars from one person, they’re stealing $1 from a million people. So those that do not think they are a target, let down their guard, and do not implement proper security, are often the ones that very quickly become victims.
Whether we like it or not, we live the majority of our life in cyberspace. Regardless of the amount of time in cyberspace, we need to recognize that our personal, critical information is stored online in computers. If we do not protect our online information, it will cause detrimental damage to us, our families and our businesses. Whether you realize it or not, you are a target. You are going to be compromised. And only by understanding the threat and taking action, can you be safe in cyberspace today.
You cannot manage what you cannot measure. A common issue with cybersecurity is doing good things, but not the right things that really matter. Missing one key aspect is all it takes for an adversary to break in. In order to stay ahead of the adversary, it is important that companies have critical security metrics to identify what is and is not working. By having proper metrics integrated into a security dashboard, organizations can make the right decisions to protect and secure their critical assets.
The Myth of Cybersecurity
One of the most dangerous mindsets an organization can have is that they will not be attacked or that compromises do not occur. This is because when you do not think you are a target, you are not going to focus energy and effort in the proper areas of security. Yet the probability of an organization getting compromised is almost a guarantee. An adversary is after any organization that is in business and has critical data that needs to be protected. It is important to learn what the real threats are to an organization and actionable steps you can take to protect and secure your organization to stay ahead of an adversary.
Steps of a Cyber Attack
Many organizations focus on cyber defense, yet they do not really understand how an attack actually works and what the real exposures are to an organization. It is important to learn step by step how an attack actually works and how to use this knowledge to properly protect and secure your organization. When you understand the steps of an attack, how the threat works and what the vulnerabilities are, you can start to focus on fixing the right problems, and properly securing and protecting your organization. The only way to be good at the defense is to understand how the offense operates.
Defending a Compromised Network
Every time you add servers, new applications, or add functionality, you are decreasing your security. Based on common threats and the persistent nature of the adversary, the problem of an organization being compromised is very high. The challenge with implementing effective security is containing, controlling, and minimizing the damage to defend an already compromised network. Too many organizations focus on prevention and nothing else, so if prevention fails, there is not much else in place to minimize the damage. The real approach to security is timely detection. The key is to accept the fact that a compromise will likely occur and when it does, have a plan detect and respond in a timely manner to contain and control the damage.