Dr. Eric Cole - Accidental CIA Hacker To Fortune 500 Security Advisory To Entrepreneur
Play • 49 min

Dr. Eric Cole is an accomplished cybersecurity hacker and executive advisor. His career has been a mix of sixth-sense chance encounters and wisdom/foresight of the future. His uncanny ability to see the opportunity in cybersecurity combined with the wisdom to listen to those smarter than him is why he is where he is today. His interview is chock full of poignant advice and tips.

Dr. Eric Cole also has a creative side to him: he's a musician. He was a French horn player before and now, he's a drummer. He's known as the Tommy Lee of Cybersecurity.

Eric Cole's Quick List of Advice

  • Always be respectful, Don't be an A**Hole to other people… but don't give a crap what other people say or think because we're unique and different. If you're an entrepreneur in cybersecurity, they're not gonna get ya.
  • Listen to people that are smarter than you and have made the mistakes before you make them.
  • Life will force you to repeat lessons until you learn them.
  • The biggest gap is in the monitoring, detection, and analyst side.


  • "It's all about looking at calculated risk, understanding [the] pros and cons, and taking chances."
  • "You've done the same thing six times in a row, and it doesn't work. What makes you think if you do it a seventh time [that] it's actually going to work?"
  • "Try different things."
  • "Have advisory board members for your life."
  • "If the best professionals in the world have coaches, why shouldn't we?"
  • "If people are not listening to your advice, 99% of the time, it's because you didn't answer the right question."
  • "Smart people know the right answer. Brilliant people ask the right question."
  • "Good cybersecurity people solve problems. Great cybersecurity people solve the right problems."
  • "Don't overlook the obvious."
  • "It's never a lack of resources, but a lack of resourcefulness."

Getting Into Infosec

Other episodes, transcripts, a career guide to Getting Into Infosec:

See omnystudio.com/listener for privacy information.

7 Minute Security
7 Minute Security
Brian Johnson
7MS #456: Certified Red Team Professional - Part 4
Hello friends! Today, Joe (Gh0sthax) and I complete our series on CRTP - Certified Red Team Professional - a really awesome pentesting training and exam based squarely on Microsoft tools and tradecraft. Specifically, Joe and I talk about: * We don't think the training/exam is for beginners, despite how its advertised * Both the lab PDF and PowerPoint have their own quirks - which may ultimately be teaching us not to be copy-and-paste jockeys, and instead build our own study guides and cheat sheets * Don't let the training give you the idea that most pentests have a super fast escalation path to DA (ok yes sometimes they do, but usually we spend a LOT of hours working on escalation!) * Watch the walkthrough videos. We repeat: WATCH THE WALKTHROUGH VIDEOS! * Although not required, we highly recommend capturing all the flags laid out for you in the lab environment * Know how to privesc - using multiple tools/methods * It would be to your advantage to understand how to view/manipulate Active directory information in multiple ways * You start the exam with no tools. So how will you be ready to upload/download tools into the exam environment so you make the most of your exam time? * Tool X might give you wrong results - or none at all - in the lab. Do you have a backup tool Y and Z that can serve the same purpose? * You want to be very good at Kerberos ticket crafting! * Know all the mimikatz commands and switches and when to apply them
57 min
Brakeing Down Security Podcast
Brakeing Down Security Podcast
Bryan Brake, Amanda Berlin, Brian Boettcher
2021-007-News-Google asking for OSS to embrace standards, insider threat at Yandex, Vectr Discussion
Links to discussed items: Yandex Employee Caught Selling Access to Users' Email Inboxes (thehackernews.com) Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple | Threatpost Google pitches security standards for 'critical' open-source projects | SC Media (scmagazine.com) Google’s approach to secure software development and supply chain risk management | Google Cloud Blog https://vectr.io/ https://www.kitploit.com/2021/02/damn-vulnerable-graphql-application.html https://www.blumira.com/careers/?gh_jid=4000142004 sec evangelist @blumira Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #AmazonMusic: https://brakesec.com/amazonmusic #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://brakesec.com/pandora #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
57 min
Defense in Depth
Defense in Depth
David Spark
Should Finance or Legal Mentor Cyber?
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-should-finance-or-legal-mentor-cyber Cybersecurity leaders are constantly looking for ways to improve how they think about risk, and how they communicate risk. But they're not the only ones. Others have been managing risk long before CISOs existed. So, who could be the best mentor to help a CISO gain better insight into business risk and how to communicate about it: the chief financial officer, or the legal department's general counsel? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest, David Schellhase (@davidschellhase), general counsel, Slack. Thanks to our podcast sponsor, TrustMAPP TrustMAPP delivers Security Performance Management, giving CISOs a real-time view of the effectiveness of their security program. TrustMAPP tells you where you are, where you’re going, and what it will take to get there. TrustMAPP gives organizations the ability to manage security as a business, quantifying and prioritizing remediation actions and costs. To learn about the MAPP methodology, download the white paper at https://trustmapp.com/mapp-paper/ In this episode * Which executive could a CISO learn more about risk? * Determining ROI of finance, legal and other execs * Analyzing why its so important to establish the ideal mentorship relationship
25 min
David Bombal
David Bombal
David Bombal
#254: David Bombal: Best Hacking Laptop and OS
Parrot OS vs Kali Linux? Which is the best hacking OS? Which laptop should you buy for hacking? Should you use a VM or bare metal install? Lots of questions answered in this video! Menu: Which is the best hacking OS. What does parrot say? 0:00​ Neal's choice and why: 0:31​ Which laptop does Neal use for hacking: 3:27​ What about Windows and WSL2: 5:06​ What about bare metal installations: 5:47​ VM vs baremetal Performance: 7:34​ Which laptop would you buy if starting out: 8:12​ Moving from a Mac to Windows: 11:33​ Ultimate laptop for hacking: 12:00​ Career perspective: 13:45​ How much of my time is hacking vs other tasks: 14:55​ You are a *$%^& hacker if you cannot do this: 16:13​ How much of my time will be spent on hacking: 20:13​ How do I learn to write reports: 22:10​ Breach reports: 26:30​ Summary: 28:15​ ============================== Examples of reports mentioned: ============================== FireEye: www.fireeye.com/blog/threat-r... ​Securelist: securelist.com/sunburst-backd... ​Krebs: krebsonsecurity.com/ ​ ======================= Direct links mentioned: ======================= Mandiant: www.fireeye.com/mandiant.html ​Kaspersky Securelist: securelist.com/ ​Krebs: krebsonsecurity.com/ ​ ================ Connect with Neal: ================ LinkedIn: www.linkedin.com/in/nealbridges/ ​Twitter: twitter.com/ITJunkie ​Twitch: www.twitch.tv/cyber_insecurity ​ ================ Connect with me: ================ Discord: discord.com/invite/usKSyzb ​Twitter: www.twitter.com/davidbombal ​Instagram: www.instagram.com/davidbombal ​LinkedIn: www.linkedin.com/in/davidbombal ​Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal ​YouTube: www.youtube.com/davidbombal​
13 min
CISO-Security Vendor Relationship Podcast
CISO-Security Vendor Relationship Podcast
Mike Johnson and David Spark
Would You Look at that Unrealistic Licensing Deal?
All links and images for this episode can be found on CISO Series https://cisoseries.com/would-you-look-at-that-unrealistic-licensing-deal/ CISOs know that salespeople want to make the best licensing deal they can possibly get. But unpredictability in the world of cybersecurity makes one-year licensing deals tough, and three-year licensing deals impossible. This episode is hosted by David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest this week is Mark Eggleston, (@meggleston) CISO, Health Partners Plans. This recording was recorded live in front of a virtual audience at the "SecTalks - Leading with grit in security" virtual conference brought to you by our sponsor, Cobalt. Thanks to our podcast sponsor, Cobalt Cobalt offers a faster more effective pentesting solution through its Pentest as a Service (PtaaS) platform. With it, you can schedule a pentest in as little as 24 hours for all kinds of assets. The platform also connects you with a global pool of pentesters called the Cobalt Core, whose skills can match what you need. And instead of sending you a huge PDF that raises more questions you can’t answer, they engage with your team throughout the pentest. Findings can land straight into Jira and GitHub, helping you fix vulnerabilities as soon as they’re discovered. Cobalt makes pentesting easy, quick to deploy, scalable, and simple to remediate. On this week's episode Why is everybody talking about this now? A redditor is struggling and overwhelmed! The person is in school studying, working, and loving cybersecurity, but has completely and utterly failed the foundations course and is on academic probation. The person told their story to the cybersecurity subreddit community, and the support came out in droves. We've seen this before. People hit a major wall professionally and they just reach out to the anonymous masses for support. The story hits a nerve and the community is eager to show encouragement. In fact, just this past week, the New York Times had an article about the unemployment subreddit offering advice and information to those struggling. We'll take a look at this tactic of reaching out for support and guidance through discussion boards. What do you think of this vendor marketing tactic? "Pro tip to vendors: don’t claim that you can’t do a one-year licensing deal. You might end up with a zero-year license deal", said Ian Amit, CSO, Cimpress on LinkedIn. We'll look at the art of negotiating a contract with a vendor: What is it ultimately you want? What are you willing to concede on and what must you have? And what are the situations that cause this to change? It's time to play, "What's Worse?!" Jason Dance of Greenwich Associates suggests two scenarios that others believe is security, but actually isn't. If you haven’t made this mistake, you’re not in security On Twitter, the CISO of Twitter, Rinki Sethi, said, "A career mistake I made, I rolled out a phishing testing program before the company was ready for it. The HR team said it was against the company culture and if I tried a trick like that again, I would be fired. Lesson - communication is important in #cybersecurity." Rinki asked for others' stories of failure. Let's explore a few. What Is It and Why Do I Care? For this week's game, the topic is vulnerability management. We look at four pitches from four different vendors. Contestants must first answer what "vulnerability management" is in 25 words or less, and secondly must explain what's unique about their vulnerability management solution. These are based on actual pitches - company names and individual identities are hidden. The winners will be revealed at the end.
38 min
More episodes
Clear search
Close search
Google apps
Main menu