Success Story with Scott D. Clary — Dr. Eric Cole: Former McAfee CTO | "No One Is Safe Anymore"

Release Date: February 4, 2026
Guest: Dr. Eric Cole (former McAfee CTO, cybersecurity expert)
Host: Scott D. Clary

Episode Overview

In this riveting conversation, Scott D. Clary sits down with Dr. Eric Cole—esteemed cybersecurity expert, ex-CTO at McAfee, and a former CIA operative—to examine the stark realities of our digital world where everyone is a target. Dr. Cole draws from decades of experience protecting national infrastructure, advising presidents and billionaires, and shaping cyber law to illuminate just how exposed everyday people and businesses truly are. Together, they explore evolving cyber threats, the failures of current security practices, the future of AI-driven risks, and practical strategies for personal and organizational protection.

Main Discussion Themes

• The Death of Passwords and the Rise of Individual Attacks
• Why Cybersecurity Is a Human Problem
• Business, Insurance & the Inadequacy of Corporate Defenses
• Practical Steps for Protection — Devices, Apps, Habits
• Global Threats: China, Russia, Iran, and North Korea
• AI, Deep Fakes, and the Next Wave of Cyber Attacks
• Systemic Failures: Lack of Laws and International Cooperation
• Insights from the CIA, Billionaires, and Tech Giants

Key Topics, Insights & Timestamps

1. Passwords Are Dead — And You’re Probably Already Compromised

[00:00 - 04:32]

• Dr. Cole’s #1 Frustration: “The number one thing that probably gets me the most frustrated, most upset is people are still using passwords… If you're using a Password today, the probability that your system is already compromised is close to 95%.” (Dr. Eric Cole, 02:15)
• Why Passwords Fail: Modern attacks are stealthier, focused on silent, long-term “drip” theft rather than huge overnight losses.
  • Attackers steal small amounts ($7–$10/month) over years—undetected by most consumers.
  • Multi-factor authentication (MFA/2FA) is essential: “Pick your annoyance… a small annoyance, or a big annoyance.” (Dr. Cole, 04:07)

2. Shift in Attack Vectors: From Governments to Individuals

[04:32 - 06:58]

• Five years ago, attacks targeted governments & large companies. Now, individuals are easier, more lucrative targets.
• Industry stories: Crypto hacks, social account breaches, identity theft.

3. The Business Cyber Crisis & The Insurance Catch-22

[06:58 - 13:48]

• Damage Numbers: “Last year…cybercrime caused to Americans was $20 billion… halfway through 2025… already estimated to be 31 billion.” (Dr. Cole, 06:58)
• Insurance companies are now refusing payouts due to contractual loopholes—unpatched servers, unmet protocols.
  • “We're seeing a lot of ransom payments where the insurance company's coming in going, nop, you failed to meet the policy.” (Dr. Cole, 08:18)
• For SMBs, true solution isn’t insurance—it’s training and human awareness.
  • “All cybersecurity issues are really just human issues.” (Scott Clary, 11:34)
  • Dr. Cole: “Hacking individuals, not really the servers.” (11:36)

4. Human Weaknesses and Day-to-Day Security Hygiene

[13:48 - 17:40]

• Turning Off Embedded Links: Biggest attack vector is embedded links in email/IM.
  • “At our company, any email that comes in, all the embedded links are turned off. We do straight text messages.” (Dr. Cole, 12:41)
• The “Double Whammy” Attack: Click a malicious link → get malware & social engineered for sensitive info.
• Breach Example: Recent largest-ever breach (40B passwords), not company-based but harvested from individuals’ devices.
• Phone Hygiene:
  • Reimage your smartphone yearly to purge malware.
  • Delete any app unused for 30+ days; aim to use 10 apps or fewer.
  • “If you delete the app, the malware goes away. It's tied to the app, not the phone.” (Dr. Cole, 17:13)

5. iPhones: Secure Until Users Mess Up

[19:29 - 21:07]

• “When you get a brand new iPhone…it is very close to unhackable…But if I…do something stupid…you can still get injured.” (Dr. Cole, 19:29)
• Most risk is due to user behavior—not platform flaws.
• “Free is not free. You're the product.” (Dr. Cole, 20:01)
• Apps harvesting your location: “Go under location tracking…you probably are gonna start saying four letter words…” (Dr. Cole, 20:45)

6. Real-World Threats: From Drip Theft to Espionage to Child Abduction

[21:07 - 26:10]

• Small Thefts: Widespread; less noticed but extremely lucrative for criminals.
• Corporate Espionage: Increasing occurrences where competitors monitor executives’ emails for market/competitive advantage.
• Most Horrific: U.S. leads the world in tech-enabled child abduction—attackers groom through social media & deep fakes.
  • “As a parent…watch your kids devices, lock them down, follow them on social media…” (Dr. Cole, 24:37)

7. History & Policy: How We Fell Behind

[26:10 - 29:32]

• U.S. led in the Internet’s development—but fell behind in establishing security norms.
  • “Functionality always leads and security follows.” (Dr. Cole, 27:28)
  • Early advocates (like Dr. Cole) were ignored, security was bolted on much later.

8. Digital Paranoia — Practical Security Without Losing Sanity

[32:51 - 37:36]

• “A little dose of paranoia is not a bad thing.” (Dr. Cole, 33:11)
• Uber et al.: Instead of avoiding, add simple security—only ride with highly-rated, longstanding drivers; check plates/photos.
• iPads over Laptops: Safer thanks to simpler OS.
• Typosquatting dangers: “Attackers register all those similar domain names.” (Dr. Cole, 36:38)

9. International Threats, Laws, and the Roadblocks

[37:36 - 46:56]

• Why malicious sites persist: Many domains are registered in Russia, Iran, etc., where foreign hacking isn’t illegal.
• Global Cyber Laws: Dr. Cole advocates for a global legal framework on cybercrime.
• U.S. Lags on National Laws: Unlike GDPR in Europe or CCPA in California, there’s no federal U.S. standard for data privacy.
  • “We are the only country that doesn't have unified federal laws on data privacy and cybersecurity.” (Dr. Cole, 46:14)

10. Spam, Cold Emails & Data Privacy

[47:14 - 50:32]

• American consumers are swamped with spam calls and emails—no significant federal restrictions.
• Dr. Cole proposes legal differentiation between notification/sales outreach and truly malicious spam.

11. Security at the Top — CIA, Governments, Billionaires

[53:37 - 57:57]

• Role at the CIA: Offense discovers defense; Dr. Cole helped secure US nuclear infrastructure by hacking it and documenting vulnerabilities.
• “Our job at the CIA is…gathering, supporting to secure America.” (Dr. Cole, 56:52)
• Business secret: Billionaires (e.g., Gates) often have better cyber defenses than governments—smaller targets, better practices, less bureaucracy.

12. National Security: Pipelines, Grid, & the Limits of Resilience

[57:57 - 63:23]

• Colonial Pipeline Attack: Caused days-long fuel shortages; companies often pay ransom because the cost of downtime is higher.
  • “Our security is so behind that it's actually better to reward the attacker…” (Dr. Cole, 60:57)
• Power grids, infrastructure at risk as functionality is prioritized over the security "air-gap."

13. The Looming Threat of Deep Fakes & Cyber-Driven Disinformation

[61:48 - 67:52]

• Deep fakes are poised to become a devastating weapon for destabilization—“People trust a video on the Internet. People trust false information.” (Dr. Cole, 63:02)
• Laws lag far behind: “If I go in and create a deep fake against the President…it’s not illegal.” (64:13)
• Change will be painfully slow unless driven by public outrage.

14. Asymmetric Warfare: International Cyber Capabilities and Weaknesses

[70:59 - 77:22]

• US lacks Internet border controls; Russia/Iran can disconnect to thwart attacks.
  • “If we disconnected from the Internet, the Internet goes down.” (Dr. Cole, 71:46)
  • “Iran disconnected from the Internet…that's the precursor for war.” (Dr. Cole, 73:46)
• “We should not be the backbone of the Internet…US should be separate.” (Dr. Cole, 74:28)
• Stuxnet Backfire: The U.S. attack on Iran's reactors provided adversaries with the blueprint for similar attacks on American systems.

15. The Quantum Overhang: Banking, Encryption & the Future of Data Theft

[78:08 - 83:28]

• Adversaries are already stealing encrypted data for future decryption with quantum computing.
  • “What they're doing is they're harvesting all these encrypted databases because…quantum computing will be so advanced that it will actually be able to unbreak RSA and AES in minutes.” (Dr. Cole, 78:09)
  • Individuals should rotate account numbers every few years, businesses must plan for a world where today’s encryption is obsolete.

16. Practical Individual Protection Strategies

[84:04 - 91:36]

• Use virtual cards for online payments, cancel after use.
• “Burner” phone numbers and emails for sign-ups/online activity.
• Use multiple devices for separation (financial, personal, public browsing).
• Always use VPN on public wifi; endpoint detection/security on every device.
• Prefer open-source VPNs (OpenVPN/OpenSSL) over closed, private solutions for safer, more scrutinized code.

17. Human Factors, Decision Making, and Success Principles

[111:36 – 114:21]

• Listen more than you talk; ask clarifying questions.
  • “Smart people know the right answer. Brilliant people ask the right question.” (Dr. Cole, 111:36)
• Let data—not emotion—drive your decisions.
  • “The more decisions you make, the bad decisions almost become irrelevant.” (Dr. Cole, 114:16)

18. Insights from Elite Leaders

[114:46 - 118:48]

• From Obama: Get up three hours before your first meeting for reflection and planning.
• From Bill Gates: “Know your strengths and weaknesses... hire people that play to your weakness.”
• From John McAfee: Embrace both brilliance and madness—creativity lives on the edge.

Notable Quotes (with Timestamps and Attribution)

• “If you're using a password today, the probability that your system is already compromised is close to 95%.”
  – Dr. Eric Cole, 02:15

• “Pick your annoyance, right? You either have a small annoyance or a big annoyance.”
  – Dr. Eric Cole, 04:07

• “All cybersecurity issues are really just human issues.”
  – Scott Clary, 11:34

• “Free is not free. You're the product.”
  – Dr. Eric Cole, 20:01

• “If you delete the app, the malware goes away. It's tied to the app, not the phone.”
  – Dr. Eric Cole, 17:13

• “Functionality always leads and security follows.”
  – Dr. Eric Cole, 27:28

• “We're the only country that doesn't have unified federal laws on data privacy and cybersecurity.”
  – Dr. Eric Cole, 46:14

• “Our security is so behind that it's actually better to reward the attacker than it is to suffer the consequences.”
  – Dr. Eric Cole, 60:57

• “People trust a video on the Internet. People trust false information.”
  – Dr. Eric Cole, 63:02

• “If I go in and create a deep fake against the President…it’s not illegal.”
  – Dr. Eric Cole, 64:13

• “Smart people know the right answer. Brilliant people ask the right question.”
  – Dr. Eric Cole, 111:36

Actionable Security Tips from Dr. Eric Cole

• Enable Two-Factor Authentication (2FA) everywhere.
• Annually wipe/reimage your smartphone.
• Delete every app unused in 30 days.
• Limit the number of apps to fewer than 10 on your phone.
• Never click embedded links in emails/texts; use apps directly.
• Always use VPNs on public wifi (preferably open source).
• Rotate financial account numbers periodically.
• Use burner phones/emails for online registrations.
• Separate your digital life—use different devices or at least different accounts for critical functions.
• Regularly educate yourself and your family on cyber hygiene.

Closing Reflections

Dr. Cole urges listeners to act now—both individually and collectively—to secure their digital lives. While the road ahead is fraught with technological, legal, and geopolitical challenges, practical vigilance and sound decision-making empower every person to reduce risk. Security, ultimately, is everyone’s responsibility—and the future will be shaped by what we demand from ourselves, our businesses, and our leaders.

Connect with Dr. Eric Cole:

• Personal: drericcole.org
• Company: secure-anchor.com
• Social: @DrEricCole on major platforms
• Books: Cyber Crisis, Online Danger
• Podcasts: "Bulletproof," "Life of CISO"

End of Summary