founder & CEO, Secure Anchor Consulting
Eric Cole, PhD is an industry-recognized security expert with over 20 years of hands-on experience in consulting, training, and public speaking.
Eric Cole, PhD is an industry-recognized security expert with over 20 years of hands-on experience in consulting, training, and public speaking. As the founder and CEO of Secure Anchor Consulting, Dr. Cole focuses on helping customers prevent security breaches, detect network intrusions, and respond to advanced threats. In addition, he is a sought-after expert witness, a 2014 inductee to the InfoSecurity Hall of Fame, and provides security services for Bill Gates and his family and is the author of Online Danger: How to Protect Yourself and Your Loved Ones From the Evil Side of the Internet.
That’s an interesting story, and it was more of a coincidence than a well-thought out plan. At college, I was originally going to major in architecture, but friends of the family recommended looking at computer science, because it was really growing. So, I took a year of computer science, and back then (in the 1980s) it was still engineering, and it didn’t really interest me.
I thought about switching to accounting because I really liked the math side of things, but before I made the switch, I asked the guidance counselor whether I could get an internship in computer science to see what it was all about. And they said, “Yes, but you’ll need to do us a favor. Next week the CIA is recruiting on campus, and we promised them 20 candidates. We’re a few short. It won’t be a real opportunity for you, but just show up to fill a seat and then we’ll find you an internship.”
So I showed up to help them out, and evidently, the interview went well because I came out with a package of information. I filled out the forms, which were extensive, sent it in and heard nothing for a year. Then, all of a sudden, I got a call that the CIA wanted me to fly down to Washington for interviews, a polygraph test, and everything else.
What I didn’t realize is, once you are accepted in the Co Op program, all the departments want to interview you. I had all these interviews within the agency — the IT department, programming, artificial intelligence, and, can you guess? Cybersecurity. I ended up doing a nine-month tour in the office of security, and I got to do amazing stuff, like working on virus investigations, recovering data from damaged disks, and more. So, I decided to stick with computer science with a focus on cybersecurity, and 30 years later, “the rest is history.” Who could have known that trip to the Co Op office would be the beginning of a great career for me?
The biggest development is that everyone recognizes the term “cybersecurity” and knows what it is. Twenty-five years ago, if I was asked, “What do you do?” and I said, “Cybersecurity,” I’d get weird looks. But, today, I hear “Wow, that’s the coolest job on the planet!”
The other big trend is that cyber crime is big business, estimated to exceed $7 billion in one year. It’s no longer individuals who are trying to break in to secure systems; it is organized companies that employ 2,000 – 3,000 people. The employees’ sole job is to steal information and personal data.
This is the third trend – now, cybersecurity is an individual responsibility. In the 1980s, people thought cybersecurity was something only the government did. In the 1990s, it was something that big companies did. Then in 2000, it was something that small companies did. Now, individuals have to be aware of cybersecurity concerns in their daily lives.
Cybersecurity is going to have an impact on your life. It will either be positive if you engage, or negative if you ignore it, but it’s not going to be neutral. Everyone today is a target and we all need to be careful and protect ourselves. That’s one reason I wrote Online Danger. Prior to this, all of my books were focused on helping technical engineers to protect and secure their enterprises. But, what I realized is that even companies that are spending money on security and have well-trained security engineers are still getting compromised.
Why? Because the weakest link is the human. In any organization, any individual is one click away from a compromise. Today, cybersecurity is the individual’s responsibility, and the reason I wrote the Online Danger is to give people a tool and a reference they can use every day.
Yes, everybody needs cybersecurity! Organizations are struggling. They’re spending a lot of money on cybersecurity, they have teams of hundreds of people, and they’re still making blatant mistakes. It’s hard to believe that there are billion dollar companies with servers containing critical unencrypted data that are visible from the internet, with a username/password combination of admin/admin, and missing critical patches for six months.
Companies have so much to do that they are overlooking the obvious. And not only does this create opportunities for the cybercriminals, but it creates a lot of challenges for us to help them. For a cybercriminal to break into an organization, they only have to find one vulnerability. For a company to protect itself, it has to find all the vulnerabilities. The biggest challenge is that we have to stay ahead of the cybercriminals when they really do have the upper hand.
There are many consulting firms doing security work without really helping clients with actionable steps. They’re doing test and reports, checking for compliance, but they don’t seem to care about what really matters – keeping the client safe. My real inspiration for the business was to give companies security solutions that actually work. That’s what we do every day.
My vision for the company is to make cyberspace a safe place to live, work, and raise a family. That’s my passion. Every time a company gets broken into, every time an individual’s identity gets stolen, every time a predator uses a cell phone to track and abduct a child, that’s one too many. I believe we can have a world in which cyberspace is a safe place to operate and it’s a safe place for people to work and live.
We’re poised for growth. Even though I love doing the client delivery work, a lot of companies need help, so it needs to be more than me. I’ll be hiring and growing the company so I can teach people what I know and then we can help a lot more organizations. I’ll focus on vision and leadership, building repeatable processes, and hiring so we can help more people be safe.
I believe in hiring the right people, and treating them very well. I need to take care of my employees so they will take care of my customers. My top priority is to make sure my employees are enabled to be successful.
Then, we need to build awareness. Cybersecurity can be an emotional decision, often made during the heat of a crisis. When organizations are in a difficult situation, like a security compromise, they need someone they know and trust. I want them to know about Secure Anchor and trust us because of our knowledge, experience, and thought leadership.
I had a difficult situation where a customer was actually very unhappy with my work, which had never happened to me before and hopefully, will never happen again. I don’t like to let my customers down, so that was really a big soul-searching moment to figure out what went wrong, how I could fix it, and avoid it happening again.
The ideal experience is that they finish the engagement feeling like they got so much value that they underpaid for the service! They should also feel more secure because actionable things were done. We want to give clients cost-effective, customized solutions that fit within their business and that they can implement to protect their critical information.
I am very passionate. And, what we’re doing is saving the world! In our line of work, when there’s a data breach, companies can go out of business. People can go bankrupt and lose their life savings from identity theft. So, this is not just a job; it’s a mission. The people who work for me understand what is really at stake and are motivated not just by me, but by what they do to help people and organizations.
I tell people, “If you’re looking for an amazing career, go with cybersecurity.” But you have to be ready for non-stop learning. I read one to two books a week. I’m always researching. I always have an hour that I schedule each day where I focus on new ideas.
This industry changes so quickly. If you stop learning, you’re done in about four months. Because that’s how fast the industry is moving. So you need to constantly learn, constantly stay ahead of the trends, find out what customers really need, and meet and exceed their expectations.