Scott Clary (3:15)

You'd never notice.

Dr. Eric Cole (3:16)

Most people don't check the exact amounts at the end of the day if there was an additional $7 charge on your credit card. Most people don't notice that because today, with all of our online apps, we're always doing small purchases, and that's what the attacker is doing. They're compromising your password. And it's so easy. You have to go to MFA multi factor, or what we call two factor authentication. And yes, what I always get back is, but Eric, that's annoying, right? Every time I go to log in, I gotta go to my phone and type in the code. And it's so annoying. My response back is, you know what's annoying? Having your entire bank account slowly drained over the last next 10 years. Having your identity stolen, having your child targeted or bullied or not accepted to college because somebody posts fake videos under their account. That's really annoying.

Scott Clary (4:06)

That's very annoying.

Dr. Eric Cole (4:07)

I always say, pick your annoyance, right? You either have a small annoyance or a big annoyance. But as you said, most people think cyber attacks are going after government and big companies. That was true five years ago. The current attack vector we saw over the last 18 months is that's too hard. Trying to break into the government is difficult. Trying to break into commercial is difficult. Breaking into individuals, simple and easy.

Scott Clary (4:32)

I know that you are the author of the Wall Street Journal number one bestseller, Cyber Crisis. Now, this book speaks about protecting businesses for sure, but one of the main cyber crisis that you see is the average person just getting slowly drained over the next 10 years, 15 years. And this is sort of like the current model for cybercrime. And this is how it, this is how it becomes profitable. I'm assuming this turns into a whole criminal enterprise. Because if I'm just doing the math very quickly, if there's how many people in the U.S. whatever, what is it, 330, 340 million, something like that. And I can only imagine what percentage of those people do not have two fa. I mean, I don't think that two FA is across the board, common. I mean, I have two FA on everything.

Dr. Eric Cole (5:20)

Awesome.

Scott Clary (5:21)

Everything.

Dr. Eric Cole (5:22)

I'm so happy.

Scott Clary (5:23)

I'm so nervous and I don't even like to FA on my cell phone because I'm so stressed about somebody doing like a sim swap or stealing mine. So I have two FA on an authenticator on my actual device. There's maybe even better ways we can talk about how to protect yourself. But I come from tech, I'm neurotic about my security and I don't want any of my stuff hacked. I don't want any because I. Especially when you put yourself out there, at least in my head, I feel like I'm a target because I feel like people are always trying to get into my social accounts and trying to get into my email.

Dr. Eric Cole (5:57)

Yeah, you're even a bigger target because of your audience. Bigger target.

Scott Clary (6:00)

Exactly.

Dr. Eric Cole (6:00)

Because of what you do. Yeah.

Scott Clary (6:01)

And I, you know, listen, I'm not as, I'm not incredibly rich, but I see some of these crypto guys because I've had some of them on my show and I've had like the, the CEO of Ledger, the Wallet, I've had him on my show. I've had some. I had one of the co founders of Ethereum. I know there's like nine of them, but I had one of them. But they all tell me these horror stories of like multi, multi million dollar hacks and whatnot. And I think that that stressed me out so much that that's what made me want to do 2fa on everything. Because I don't want my identity stolen, I don't my money stolen. But I don't think is that stressed about it? I don't think, especially if they're taking 10 bucks from, you know, my mom or my grandma, like they're not going to notice it. But then do the math. Right, so 10 bucks a month times 10 million, 20 million, 30 million, 50 million people. I don't know what the numbers are, but that adds up to like a lot of money over a period of time. So this is the cyber crisis that we're all dealing with right now.

Dr. Eric Cole (6:58)

Exactly. And just to give you some perspective, last year in 2024, the amount of damage cybercrime caused to Americans was 20 billion. Now to show you how bad it is, we're only halfway through 2025 and the numbers already estimated to be 31 billion. And here's the scary part about those numbers. That's what's reported so imagine how much is not reported on there that could cause damage. And you're right, the cyber crisis was written for business. Important thing is for listeners is three years earlier I wrote a book, Online Danger, which was really meant for audiences. We talk about not clicking on links, multi factor, all those things. And what I found is businesses were coming to me going, Eric, it's great that you wrote a book for individuals, but we need something that's more executive focused because executives typically are not gonna read those self help books. So that's Cyber Crisis was sort of a revamp of Online danger for businesses and executives to sort of wake them up and realize they're a target. Just look at how many ransomware attacks are against businesses. And the average business is typically have to pay anywhere between 500 to 5 million in a ransom payment. And I go back to the company going, if you would have spent 200k, you could have avoided that $5 million payment. And the other mystery that people are realizing is insurance companies are waking up and going bankrupt because they're paying these ridiculous ransoms and they can't afford it. So two or three years ago, companies like I have insurance, if I get hacked, I pay the ransom, the insurance company covers it, we're good. In the last two years, insurance companies are like, wait a second, we can't afford to be paying out 80, 90 million dollars a year because 10 or 12 of our clients have ransom. So now they're getting so much more particular. And we're seeing a lot of ransom payments where the insurance companies coming in going, nop, you failed to meet the policy. And therefore because your systems weren't up to date, we're not paying. It's the example I give with life insurance. Most people go in on their life insurance policy and they check the box. I don't smoke. Yeah, well, you realize if God forbid, something happens and you pass away and they go in and subpoena your credit cards and see that you go to a cigar bar even four times a year, they're going to go in and say you smoke. We're negating the policy. And we're seeing that same thing with corporate policies where they're going in and saying, every system must be patched, every system must be up to date. And then the insurance company goes in after a major breach and says, well, you have three servers that weren't patched. Now they have nothing to do with the breach. They want an isolated network, but because you failed to adhere to the contract, they're not paying. And now the Company has to eat that $5 million.

Scott Clary (9:57)

Listen, I have. I have an issue with security with insurance companies.

Dr. Eric Cole (10:01)

That's probably a whole. We could probably spend the whole show on that.

Scott Clary (10:04)

But if an insurance company is that particular about enforcing a policy, which I know they are, I feel like it's very easy for an insurance company to screw a business over because. And the insurance company will never call it screwing a business over, but for the average small business owner, say, sub 10 million, okay, maybe they have somebody who is responsible for it, maybe not. Maybe they have. Maybe they have. It's outsourced. It's very hard to keep track of absolutely every single thing that is required in an insurance policy. So, I mean, I don't know what the solution for that is outside of just being very diligent. But I guess the real solution is business. Cyber security is really just educating humans on best practices because, you know, an executive that gets compromised or responds to a phishing email or clicks a link in a text for whatever reason, even though they shouldn't be clicking it, or they do something that, you know, it doesn't, they should pay a little bit more attention. But it's not. It doesn't seem like it's a big deal when they get that email. It doesn't seem like it's a big problem when they ask for this person's phone number or this person's contact information. It does. It kind of seems normal. And then they're not trained and they just do it, and then that leads to the breach, and then you have to deal with insurance. So it's much easier, I think, to educate your team and your staff on, like, best practices and really that all cybersecurity issues are really just human issues.

Dr. Eric Cole (11:34)

Bingo.

Scott Clary (11:34)

At the end of the day, they're.

Dr. Eric Cole (11:36)

Hacking individuals, not really the servers. And my general advice, once again, this is what I do, and I'm not actually giving advice. No one ever come after me. But I don't actually have cyber insurance, even though I'm a cybersecurity company. But I have a, you know, an errors and omissions umbrella policy, which if something really bad happens, because I don't want to lose the business. If something really bad happens, it's covered if I make an error or mistake, but I don't have anything specific because for me, an E and O policy is about 5,000 a year. That's for a $10 million cover, which is good. But if I tried getting cyber insurance, very particular, it would be about 45,000. So to me, I'm just you get the general coverage to protect losing the entire business, but you focus in on then implementing and like I said, the other biggest thing, and I know it's foreign to a lot of folks, but passwords are the one problem. The next one is embedded links. So at our company, any email that comes in, all the embedded links are turned off. We do straight text messages. Because the number one vector of attack, as you said, is you get social engineered. Right. You get the message. The Florida one. Yeah, there's a toll that you need to pay. Right. And the idea is that the toll is, oh, it's $9.75. So people are like, oh, not a big deal, but they want to get your credit card and personal data so they can do more damage. What if you turn those links off? What if now when you get an email from Amazon or your bank, the link cannot be clicked. So now what you have to do is say, okay, Amazon, sending me a message, I need to go into the app. Apps are really secure. Links are not. So I go into my app and I check and see, oh, is there a problem with my order? Or if I get a message from the bank, a link can't be clicked, it's turned off. You can automatically do this in your email client, super simple.

Scott Clary (13:31)

Gmail or anything like that.

Dr. Eric Cole (13:32)

Gmail or anything else, you just turn off embedded links for everybody. And then you go in and say, okay, let me open up the app for my bank and check it. You go in and do that. Will you turn off embedded links across your company? Once again, huge vector of compromise completely removed and taken away.

Scott Clary (13:48)

So this is, this is, I'm assuming, what most people fall victim to. Yes. And when they click that, when they get a text saying that they owe a $9 toll or they get an email from what looks like to be a very, you know, it looks like Amazon or it looks like Google and they click that link, are they already compromised? What happens next?

Dr. Eric Cole (14:12)

So, so it's what I sort of call the double whammy.

Scott Clary (14:14)

Yeah.

Dr. Eric Cole (14:15)

So the first thing they do is as soon as you click on that link, it does what we call a drive by download. It's dropping malware on your device. Then. So even if you then go in and you get to the login screen where like ask you to enter in your name and a credit card and all that, even if you say, oh, no, no, this is bad, you're already compromised, then what they try to do is get you to enter in credit card, bank info or other data. So then they can steal your credit card and then do charges. So it's sort of a double. When we were. They want to monitor your device and also do that. And a perfect example of this, and it's a shame it got buried, but a few weeks ago on a Friday evening, we had the largest password breach in the history of the Internet. It was close to 40 billion passwords. But here's the thing that makes it so interesting. Every other password breach prior to that was a company getting breached. If you remember the Marriott breach, that's where they went in and took all the passwords from Marriott. But in this case, they didn't compromise Microsoft or Amazon or Facebook. What they did is they compromised over 30 million devices with exactly what you're talking about, and they stole the passwords from individual devices. So this is sort of the first breach that says what I was saying is true, where they're compromising individual devices. Now, mean if 30 million devices all had their passwords stolen, that means most devices are already compromised and already have malware on it. And unfortunately, the story got buried because what happened within 24 hours was the attack on Iran. And of course, for some reason, that gets more news coverage. Now, let's just be honest, attacking another country with bombs and all that stuff doesn't impact you and me on a regular basis, but having our devices compromise with passwords does. Yet the media just is more focused on the global than on the individual. So two things you need to do. There is one, and I know a little bit of an inconvenience, but once a year, I actually reimage my smartphone, because this way, if there's malware on, it's not going to be there. Most phones are compromised for years and people have no clue. So if you just do a reimaging, that's going to help. And that's super simple. And then the second thing is delete apps you haven't used in 30 days. I don't know if you're like you, but most of my friends, you look at their phone and it's like, yeah, boom.

Scott Clary (16:59)

Of course.

Dr. Eric Cole (16:59)

I mean, it's like hundreds. And I ask them, I'm like, when was the last time you used this app? I have no idea. Well, here's the thing. If an app's on your phone, even if you're not using it, it can still have malware. It can still infect your system.

Scott Clary (17:12)

The app could be compromised.

Dr. Eric Cole (17:13)

The app can be compromised. But here's the good news. If the app is compromised and not the device, if you delete the app, the malware goes away. It's tied to the app, not the phone. So one of the things I always do is any apps you haven't used in 30 days, delete. And I'll give you a challenge. It sounds crazy, but I'm doing it. Run your life on less than 10 apps. On my phone, I only have 10 apps.

Scott Clary (17:40)

I love it.

Dr. Eric Cole (17:42)

And now the probability, because I check my phone and I run advanced malware and stuff on there, malware analysis tools. And it's not compromised because here's the reality. Your mainstream apps, like your Uber, your Amazon and all those, I mean they are so tight, they have so much security, they're so locked down, those are not going to have malware in them. But it's all those free apps that you get from who knows where. And, and a great example is one of the number one downloaded apps over the last 10 years is this flashlight app where you can actually go in and make it like a flashlight or a strobe light or neon lights, which people really love for concerts and parties and stuff. It's super cool. If you actually go in and look at it, it's actually made in China and we've shown that there is some backdoor monitoring in that. But people download apps, they don't look at where it's from, they don't look at any of those features. And here's the reality. You could live your life without that. You don't really need a strobe flashlight.

Scott Clary (18:47)

We're talking about, we're talking about an iPhone, which is pretty secure in terms of like, it's pretty safe in terms of cybersecurity compared to like a lot of like Windows devices and whatnot. Like, iPhone is pretty secure and safe. Like on my Mac, I'm sure I have Chrome extensions right now that have malware built into them. And on top of that, all of my credit cards and all of my information is like saved in my browser as well. So I mean, you're just. Yeah, I'm saying it. And I'm like, shit. Like. And I think that I'm pretty smart about technology and I'm still doing dumb stuff. So I can only imagine what the average person who didn't spend their life in tech downloads uses, doesn't pay attention to.

Dr. Eric Cole (19:29)

And you nailed it. When you get a brand new iPhone and I take it out of the box and I turn it on. I'm careful with saying this, but it's very close to unhackable. I mean, it is really. I mean, Apple does An amazing job. I mean, they really lock it down. But I compare it to buying one of the safest vehicles, which is Volvo. I think Volvo is still considered one of the safest vehicles. When you get that brand new Volvo, it is a safe car. It is very, very safe and secure. But if I go in and do something stupid where I go in and have substances I shouldn't have, and I drive it 100 miles an hour and I run a red light, you can still get injured, you can still get damaged. It's the driver that makes the vehicle unsafe, not the vehicle. And the same thing with an iPhone is if you just take that iPhone and you install five or six apps from trusted sources, you're doing great. But it's when you start putting all the free, free, free. And you've probably heard this, free is not free. You're the product. So when, when you go in and say, I'm doing free, it's tracking. And here's a fun thing. Go into your iPhone, go under settings, go under location tracking, and look at all the apps on your phone that are currently tracking your location. I will guarantee that you probably are gonna start saying four letter words like what? Because most people have no clue. I do this at events and I'll just randomly grab somebody's iPhone and I'll look at their location, and there's 30 apps and they're sitting there going, I had no clue. This, this, and this. But we are being spied on and tracked because of all these free apps.

Scott Clary (21:07)

So is the worst possible outcome with all this malware, the drive by malware, the accidentally putting your credit card number in or using an app that's free, or downloading a Chrome extension, or all this, all these sort of, like, bad practices that people do. Is the worst outcome somebody taking 10, 20 bucks out of your bank account every month? Or is there real threats about, for example, someone going through your emails and publishing your life online, going into your, I don't even know, your bank account and draining out 10, 20, $50,000? Like, how real are those significant threats versus. And I'm not saying that 20 bucks a month is good, but I think that when people think about cybersecurity, they're always stressed about, okay, what happens if somebody takes a hundred grand out of my bank account or somebody posts, you know, all these naked photos of me online and then my life's over. What is real, what's a real threat and what's not?

Dr. Eric Cole (22:06)

So they're all real. What it comes down to is sort of what I call sort of the funnel. So if you, if you started or maybe a pyramid is better, so you start at the bottom. And the number of people that have five or ten dollars being stolen, tracking location, doing basic things like that is very high. Yeah, very high percent. But what happens is over time, if they're stealing $10 from you and you don't notice for a year or two, at some point it will escalate and now that becomes a smaller number. But it can still happen where you can have your bank account wiped out. We see corporate espionage all the time where they'll break into the email of a COO or CEO and they use that to do competitive analysis. The steel trade secrets. I think I told you, I do expert witness work. It used to be one case every few years. This year I actually have four cases in which that happened where a competitor broke into the email and stole trade secrets. And then when they went in and investigated. Because the good news is if you're looking, they can't cover up their tracks very well. So you can tell it happened, but they find out after the fact or in one case I'm working, this company has been noticing that every time they go to release a new product and they have pricing and they have this campaign, one of their competitors releases almost a similar campaign, I mean similar advertising, similar messages a month before them and captures the market share before them and then they lose significant money. And after four or five times they said it's not a coincidence. And they brought us in and we went through the logs and the intrusion detection, everything, and we're like, yep, sure enough they've been breaking in and monitoring that and they just had no clue that could happen. The other thing that is less likely, but it's still happening. And to me it's probably the most horrific thing is your children being abducted and targeted. And it's terrifying. Do you know the United States, I mean we're one of the biggest country's superpowers. We have the highest rate of child targeting and ab and being abducted than any other country in the world because we're so reliant on tech. And the way they do this is, and this is why as a parent, I'll go on my soapbox for a second. As a parent, you need to watch your kids devices, lock them down, follow them on social media because what these attackers do is they go in and they'll find pictures or now with AI, they'll do deep fake, they'll generate an 18 year old that doesn't exist and they'll start targeting your child, following them on Snapchat or TikTok or others. Yeah, fake person. And they build a relationship with them, oh, hey, how you doing? Blah, blah. And they do this for a year or two. And then they go, hey, my parents and I are coming to Virginia on a trip. We've been following each other for two years. We're really good friends. I feel like I know you. Hey, do you want to meet up for coffee or do you want to meet up and just say hi and meet each other in person? And not all, but a high probability of kids are like, sure, it's trustworthy if they drive, they don't always tell their parents. And then they go and get targeted and get abducted. And then the unfortunate part is, once it happens because they're so good, it's very hard to get the child back afterwards. But if you can prevent it and monitor and tell your kids, hey, don't ever meet up with somebody. Track carefully who you're monitoring, and parents get more involved, we can actually stop that from happening now. Yes, it's not everyone, but it's a big enough percent that we're not at the top of the pyramid, that this is happening all the time. And it's about monthly where I'll actually get a call from a parent where that type of activity happened. And they're like, what can we do? And I'm like, unfortunately, it's an area where prevention is ideal, but once it happens, it's very hard after the fact. So we're talking from $10 to some very serious things for you and your family.

Scott Clary (26:10)

So we were first, and I've listened to a couple of your interviews, and you started in the CIA in 1990. Yes, yes. Okay. So when you started in the CIA, there were. There was no Internet, there was no World Wide Web. The way that we understand it today, Google was what, 96? 97.

Dr. Eric Cole (26:29)

Google was 97. Amazon was 98. Smartphones, Apple, iPhone. The smartphone didn't come out until 2007. So. So, yeah, you're really taught. Like, I was there before.

Scott Clary (26:40)

You were there before all of it. So you saw, you saw the Internet sort of come. Come into fruition. You saw smartphones, you saw this technology being built, and we are leading the way and we're creating, you know, this incredible infrastructure before the rest of the world. But then you're saying that we got lazy and that we didn't do a good job of understanding what we were really creating and sort of giving to our population. And we're not giving them a rule book on how to use it. And this is what the. And I'm surprised that, I mean I'm surprised that the people that led the way, I don't know how else to say it, in terms of technology and innovation, why don't we lead the way with security and protection and not just building first, but building best.

Dr. Eric Cole (27:28)

It's one of those. It's the unfortunate reality. Functionality always leads and security follows. Great example is if you look at automobiles. Automobiles came out in the 50s and 60s. Seat belts weren't actually a thing until the 70s. And I remember growing up, I don't know if you follow Ralph Nader, but he was sort of unsafe at any speed. He was the one that really pushed that. And it's crazy because I was born 1970 and I remember when I was six and seven years old that people were so infuriated against seatbelts. People were cutting seatbelts out of their car. I mean people were not wearing seatbelts because they were like, this is crazy. But they didn't realize it saves lives. Now today seat belts are normal, airbags are normal. But it wasn't when they first came out. And unfortunately that's how a lot of people think functionality leads. And I remember in 92 when the web came out, I was one of the biggest critics of it and I got a lot of negative criticism. I mean I got like death threats and stuff. Cause I was like, listen, we can't release this without the security embedded. Now eventually down the line, your ssl, secure socket layer, transport layer security, all those came out. But I'm like, we should delay releasing the web until those features are there because most of the early websites were trivial. Like before 2000, I mean you could deface or break. I mean it was like the example I give is it was like people where they have their doors unlocked and their windows open and you know, they go to work from 9 to 5 in the office. So I mean it would be trivial if you wanted to walk around a neighborhood. Nobody had alarms, nobody had that. I mean that's to do whatever you want. That's how it was with the web. And unfortunately, because we got so much money and so much value and benefit today there's still a lot of people that essentially have their doors unlocked and their windows open on the Internet.

Scott Clary (29:32)

Clay is a success story partner. Now are you spinning your wheels on low value tasks? Do you spend more time putting out fires and planning your long term goals? As your business grew, you brought on more people and booked more meetings, but focus became even harder to find. Here's the truth. Business leaders shouldn't lose hours to emails, scheduling, project tracking, and avoidable interruptions. Just because it all has to get done doesn't mean it needs to be done by you. That's where our friends at Belay can help. Belay's US based Remote Executive Assistants don't just take work off your plate and they learn how you operate, what slows you down and where things tend to go sideways. Then they get ahead of it. So if you're looking for a practical tool to help you start leading with clearer purpose, download Belay CEO Tricia Shortino's free resource the 40 Hour CEO Work Week Planning Guide. Just text the word Scott to 55123 for your free copy today. That is S C O T T to 55123 to start accomplishing more while juggling less with Belay Framer is a Success Story partner Now you could be a solopreneur. You could be an entrepreneur. You could be somebody just sitting at home who's trying to start a business out of their house. But you know the drill. You need good design to create a website to get your business off the ground. But good design is expensive and you can't afford to hire a designer for every single landing page social posts. But you also can't afford to look amateur. And I've been there. You need to move fast, you need to look professional, but you also need to not blow your budget on five different tools. Framer already built the fastest way to publish beautiful production ready websites and it's now redefining how we design for the web. With the recent launch of design pages, a free canvas based design tool, Framer is more than a site builder. It's a true all in one design platform. From social assets to campaign visuals to vectors and icons, all the way to a live site. Framer is where ideas go live start to finish. And the best part is it's actually free. Not a trial free. I'm talking unlimited projects, real vector tools, 3D transformations. Everything you need without the nickel and diming. So if you're ready to design, iterate and publish all in one tool, start creating for free@framer.com design and make sure you use code success story for a free month of framer pro. That's framer.com design and use promo code success story framer.com design promo code success story rules and restrictions may apply. LinkedIn ads is a success story partner. Now I get served the worst ads like, I'm a 35 year old guy running a podcast and a business and I'm seeing ads for retirement communities and cat food and I don't have a cat. Someone paid for that impression and it was completely wasted on me. So when you want to reach the right professionals, use LinkedIn ads. Over a billion professionals, 130 million decision makers you can target by job title, seniority, industry, company size, you're actually reaching the people who can say yes. LinkedIn ads delivers the highest B2B return on ad spend of any major ad network. Not just some of them, all of them. So here's the deal. Spend $250 on your first campaign and get a $250 credit on your next campaign. Just go to LinkedIn.com success. That's LinkedIn.com success. Terms and conditions apply.

Dr. Eric Cole (32:51)

Just don't realize how bad it is.

Scott Clary (32:54)

So you've given some really good tips. The average person's listening to this, is now stressed out and they're wondering how to go through life now with all these people trying to abduct their kids, God forbid, steal their money, all these other horrific things. What are some other things that they can do? Like, how do you navigate life without being paranoid all the time?

Dr. Eric Cole (33:11)

So I always joke, not to my level, but a little dose of paranoia is not a bad thing, right? It's good to have that. And remember, in the real world, we tell our kids, don't take candy from strangers. Don't go in car with strangers. Look both ways. I mean, there's a little paranoia. And my favorite example, nothing against these companies because I use them, but when I was growing up, my parents would always say, and they teach you in school, don't get in a car with a stranger. Don't get in a car with a stranger. Don't talk with a stranger. Today we not only get in a car with a stranger, but we pay them. Coming over to your interview, I got in a car with a stranger. I have no idea who this person was. They could have been targeting me or abducting me. We have no idea. But our standard has gotten crazy. Where we went from not getting a car with strangers to now putting 10 year olds in cars with convenience as a convenience.

Scott Clary (34:07)

And, and we're so obsessed with convenience in real life with Uber or Lyft or whatever, or in cyber life with the latest app that lets us strobe our flash. We're so obsessed with convenience that we forget about safety and security because we're like, oh, that can't happen to Me, that happens to other people. It's not going to happen to me. Right. There's, there's stories about people that have gotten to Ubers and are abducted and killed.

Dr. Eric Cole (34:29)

Yeah.

Scott Clary (34:29)

But millions of people get into Ubers every single day.

Dr. Eric Cole (34:32)

Now here's where I'm sort of a practical security guy is I'm not going to sit there and say don't use Uber. I use Uber. But, but here, here's two things you can do. You can go into Uber and you can check the settings to only get Ubers that have five star ratings and have been on Uber for two years. Because here's the reality. The ones that are getting abducted are ones that are brand new. It's these Uber drivers that do it a month. They're targeting somebody they're trying to hijack or take over. So you just go in. It takes 10 seconds to go into Uber and just up the settings. And then the other thing that very few people do that's so important, check the license plate. Like I watch an airport and I see so many, I'm an observer in awareness. I see so many people. The car pulls up and they're like, oh, it's supposed to be a gray Tesla. And they just get in and they never check with me. I always walk around to the back and check the license plate and then I check the picture of the driver. You always do some verification. So it's one of those where it's not avoiding it, it's just adding in a little healthiness. The other thing, and I don't promote it, I probably should get stock in the company. But one of the things is I basically live my life on an iPad. Now here's the reason. An iPad is a simpler operating system. Most of the malware that you see that does the drive by downloads are impacting Windows or MacBooks because those are much more complex operating systems and it's much easier to exploit. Very few of those exploits will actually run on an iPad. So now even if I'm sloppy for some reason and I go in and click on it like I'm not supposed to, the malware will drop, but it won't run because an iPad is simpler. So it's a little bit of an inconvenience because it doesn't have the full functionality. But for the last year, I don't use Windows anymore or MacBooks because I even make mistakes, I'm tired and I would get infected. Like the one that I would always get hit on is mistyping. So an example of it is about A year and a half ago, it was like 10 o' clock at night. I'm a morning person, so I'm usually in bed by nine, but I'm working with a client and they're like, eric, we need to have a meeting the next morning. So I go in to my home computer because I didn't have all the apps and I go to type in. Go to meeting. Yeah, but I go in and I mistype and I would go t meeting. I left out an O because I'm tired and typing a little quick. Attackers register all those similar domain names. So that went to a malicious site, infected my computer and then, and then I had to spend the next 24 hours. Don't do this. But if you go to goo like G O o o gle, it's malware. If you go into sort of go gle, it's malware. They register all these similar domains.

Scott Clary (37:36)

How can a domain registrar not just do a scan of all the domains and then start like sending a list to the FBI just to like shut them down or just shut them down themselves? Is it a money thing?

Dr. Eric Cole (37:49)

So here's the problem. We know who they are.

Scott Clary (37:52)

Yeah, it sounds like we know who they are.

Dr. Eric Cole (37:54)

Here's the problem. They're in Russia, they're in Iran, they're in North Korea, and there's China. Now there's something interesting about those four countries. One, it's not illegal to hack outside the country. So if you're in Russia and you're hacking outside the country, not illegal. Second, they don't have extradition treaties with the U.S. so we know who they are. We can go in. And here's the crazy thing, we go in and block them. So we find out and we block them. But then what do they do? They pop up again. So they'll go in and they'll do Google with three O's. We block them.

Scott Clary (38:29)

So they're all registered outside the US.

Dr. Eric Cole (38:31)

And they just keep doing it. This is why we were talking before the show. You asked what I'm working on one of my big projects and this is probably a 10 year plan. I believe in having 10 and 15 year targets is to have global laws on cybersecurity. Because we have to remember in the real world there's physical boundaries. When I go to Russia or Canada, I have to go through custom control, I have to go through Passport, they check and verify, and then I have to follow those rules. If I'm in Russia and I break the law, I go to jail. But the reality is if I'm in the US And I go to Russia over the Internet, where there's no boundaries, there's no jail, there's no law, there's nothing there. So we have to recognize we live most of our lives in cyberspace and there's no countries. We're one world. And when you're surfing the web, do you realize you could be going to data centers in the Philippines and you have no clue. So to me, unless we have global laws on cyber, where countries cooperate, participate, and there's arrests and extradition, this problem's not going away anytime soon.

Scott Clary (39:39)

Having global laws on cyber would be great, but that's assuming that Russia and China are going to adopt those laws. I think you could get, like, NATO to adopt global laws on cyber. I don't think that would be a stretch. But Russia, China, that's going to be a stretch. North Korea, Iran, they're just never going to do it, ever.

Dr. Eric Cole (39:57)

I mean, unless. I'll tell you right now, if we went in, and I'm trying to push this with the White House, but, but cyber, secondary, no guarantees. But I'm pretty sure if we went to Russia right now, sorry, if we went to China right now and said, listen, we'll zero out your tariffs if you agree to a global war on cyber, I'm pretty sure that's a good negotiating stick. So if we just went to them with no monetary value or benefit to the country, but these tariffs that we're talking about now, I mean, huge impact to China. And if we negotiated lower tariffs for signing a cyber, I'm pretty sure they would listen.

Scott Clary (40:43)

It's interesting because I've had a few people on here that also one of the. The co founders of CrowdStrike, Dimitri.

Dr. Eric Cole (40:53)

Oh, yeah, I'm good friends with George and Dimitri. They're my buddies. They're good guys.

Scott Clary (40:57)

And he writes a lot about China and he speaks about China.

Dr. Eric Cole (41:00)

Oh, yeah, he's. He's really big attack, very big on China.

Scott Clary (41:03)

And basically his thesis is anything that isolates China is actually not good, because the best way to sort of quote, unquote, deal with China is to work with them more and get them more ingrained into the US Basically, as opposed to isolate. That was his thesis, at least. I don't know if that. I'm not a geopolitical expert by any means, but it's sort of. It's sort of dovetailing off your point where you're saying if we can negotiate tariffs and sort of like come to some sort of agreement, then we can get them to play ball with cybersecurity, which could be an interesting point. And it's really just finding ways to get a little bit closer to them so that we can, we can get them to do what we want them to do, as opposed to saying these are tariffs, which really isolate them to a degree, which in his argument is not a smart way to deal with China, because then they're kind of like, removed from the U.S. they're left to their own devices. They find ways to do business and to exist without us, even more so than they already do. And that could be more dangerous than keep your enemies closer. I don't know if that's the right thing, but that's the way that that's, that's an interesting perspective, but I don't think it's the worst perspective. Because if they have no cyber laws, I'm sure that you have some sort of idea of, okay, tariffs are good for, you know, maybe some sort of financial benefit to the US but what does it cost us if we don't figure out the cyber problem with China and Russia and all these other countries. Do you have an idea of what the actual monetary impact of Chinese hackers, Russian hackers? Because you can make the argument that if a Chinese hacker and a Russian hacker, and I didn't realize this, it's not illegal for a Chinese or Russian hacker to hack the US So they're not breaking laws. They're not breaking laws. What is the dollar value associated with that activity compared to what the tariffs are, quote, unquote, gaining us? Right.

Dr. Eric Cole (43:06)

I mean, it would probably be pretty close. The problem is we don't track it that closely, but we still know. I mean, we're talking hundreds of millions of damage from China on corporate. I mean, they're. You got to remember the countries sort of have basis. So China is known that they don't really do direct monetary. They do intellectual property theft. They want to steal our tech so they can produce it quicker and better. Russia is all about monetary driven, so they're all the monetary driven ones. And then your Iran and North Korea are more disruptive. They're the ones sort of denial of service and those types of things. But no, I, I'm very aligned with sort of Demetrius and we've had this conversation, and I was one of the ones that was sort of in the minority of banning TikTok. Like, I thought this whole thing of banning TikTok, not allowing people to do TikTok is about one of the stupidest things on the planet. Because do you Know how many Americans make their livelihood and living and run businesses on TikTok. So you are impacting Americans so bad by doing that. I mean, it was estimated that just that 24 hours, if you remember where it was down, that that cost people at least $10 million because they couldn't run their businesses or couldn't do anything. My whole thing was don't ban, don't isolate China and say you're evil and we're gonna ban you cuz it hurts America. What I said was negotiate, go with China. Listen, if you wanna keep running TikTok, okay, but you have to adhere to these privacy laws. You have to go in and start putting your servers in the U.S. not in China. And they would have been open to all that. But instead we take this harsh, I mean, enemy thing where we want to fight with everybody and just ban them. I'm like, that's the silliest thing. Let Tick Tock operate, but make them adhere to our rules and privacy so it can actually be a net positive, not a net negative.

Scott Clary (45:05)

There's, there was the argument around TikTok saying that it's trying to influence like a younger generation with suggesting certain content. I understand why that's concerning.

Dr. Eric Cole (45:14)

So is Mark Zuckerberg. I mean, Mark's a brilliant guy, but do we trust Mark more than we trust China? I mean, come on.

Scott Clary (45:22)

No, he's. Instagram is very toxic for like you know, the, the, the young person's mental health, but it's not great at all. But I was, I was going to make the argument that, listen, if China, you know, everyone's stressed out about having TikTok and it's a Chinese app. And from what you're talking about, if it's not illegal to as a Chinese national to hack the U.S. they don't need TikTok. They're not, they're not using TikTok.

Dr. Eric Cole (45:50)

It's going to hurt us more than it hurts staff every day.

Scott Clary (45:52)

Get rid of TikTok tomorrow and just as many people's phones are going to be compromised with malware.

Dr. Eric Cole (45:57)

Bingo. You, you can you run for political office because we need people like you in Congress and stuff. Because, because this comments nothing against them, but a lot of the folks in Congress and others are in their 60s.

Scott Clary (46:13)

It's alarmist.

Dr. Eric Cole (46:14)

They just don't understand attacking. It's like, guys, we got to wake up. And one other just alarming statistic that people don't realize is we are the only country that doesn't have unified federal laws on data privacy and cybersecurity Most of our laws right now are California is the most aggressive with New York secondary. And because most companies have people or customers from California, they have to file the California laws.

Scott Clary (46:50)

This is ccpa.

Dr. Eric Cole (46:51)

Exactly. But California is really driving it. The federal government doesn't have it.

Scott Clary (46:56)

I mean, Europe, gdpr.

Dr. Eric Cole (46:58)

Gdpr, Yeah. I mean you're educated, you know this stuff. We don't. Why don't we adapt gdpr? Why don't we have federal laws? We don't have federal laws that protect our citizens, which is insane.

Scott Clary (47:08)

Canada, we have can spam.

Dr. Eric Cole (47:09)

Exactly. Every other country has federal laws on data privacy.

Scott Clary (47:14)

You know why that, you know, it's so funny because coming from like a, an entrepreneur business background, it was always frustrating these laws because it meant that I couldn't solicit people, I couldn't send them cold emails. Right? So I'm like, well, I can't send a cold email to somebody in Canada unless you have a previous business relationship. Because you know, then it could be marked as spam and there's like significant fines. Same with Europe, same with California. But it was so wild to me as a Canadian, I could send spam emails to almost anybody in the US non stop. And as long as I give them the option to unsubscribe and as long as I'm not lying to them, it's all good. And that was like, that was wild to me. That was so wild. And it's. And I think that, you know, it's gotten so bad that, and it's not just spam emails, like when I'm trying to, you know, sell a product, okay, maybe being a little bit selfish, I'd like to send a cold email to somebody, but on the receiving end of it, like, I can't use my phone anymore. It's just on do not disturb nonstop because my number's been farmed out so many times, I can't use it. I can't use my phone to receive an incoming call. I have to like, I have to leave it on do not disturb. At the end of the day I'll look through all my voicemails and my calls. Maybe two voicemails from people that I actually care about, maybe 40 calls from spam and this and spam that. And I know there's apps that kind of fix it, but it's not perfect. And even my email, I, I probably get a hundred spam emails a day now. And it's almost to the point where I'm like, should I just start a new email and then like give that email out to people going forward. Like, it's ridiculous how much spam. And now text has started too. I get spam texts all the time as well. So I mean, yes, some regulation would be good. And I'm talking from like a, a business perspective. I think some regulation would be good. Forget the personal privacy data security perspective, which is a whole other level of why regulation should be good. I didn't realize that we didn't have anything at all. I was aware that it's easy to reach out to somebody without having a prior business connection. I didn't realize that there's no safeguards for data and privacy because I guess they all kind of fall under the same thing.

Dr. Eric Cole (49:20)

Exactly.

Scott Clary (49:21)

Yeah.

Dr. Eric Cole (49:21)

And to me, I mean, there's, there's a balance.

Scott Clary (49:24)

Yes.

Dr. Eric Cole (49:24)

Like one of the, I mean, I, I, I constantly am sending emails to Congress and they probably think I'm spam, so, so they, they might delete it where I'm right. Laws for them. And here's one of the simple laws is if you're sending a message, text or email that is soliciting information with links like credit card or false information or false data, that's illegal. But if I'm going in and informing you about a product or solution that might be of interest to you, I think that should be okay.

Scott Clary (49:56)

But I think there has to be a limit too.

Dr. Eric Cole (49:58)

Yeah, there has to be a limit of how. Yeah. Of how many you do. But I think there could be a balance where you don't have to say, because to me, there's a difference between a cold email and spam.

Scott Clary (50:07)

I agree with that completely.

Dr. Eric Cole (50:09)

And unfortunately we're trying to bundle them together, which I think would hurt businesses because I don't know about you, not all of them, but there's times where I receive a cold email and I'm like, cool, I didn't know that existed. And you do it. So I think there has to be this balance here where we try to do these extremes of all or nothing, but I think middle, I mean, balance is one of my favorite words. Middle of the road is where we need to get to with security.

Scott Clary (50:32)

Quick question. What's your go to when you got 10 minutes before a meeting or a workout? For me, it just used to be whatever I could grab, which usually meant skipping meals entirely or just grabbing something that left me crashing an hour later because it was just full of garbage. Fridge. That's why I'm partnering with Huel. This black edition ready to drink is a complete meal. So it has 35 grams of protein, 6 grams of fiber, 35 essential vitamins and minerals. It is no sugar added, gluten free under five bucks. I always keep a few of these in my fridge and honestly it solved the whole back to back meetings. Go go go non stop no time to eat problem. Super well and this one's new for me. It's Huels Daily Greens. I had the blueberry this morning. Honestly first impression it was way better than I expected. It's developed by registered nutritionists and D dietitians. There are 42 vitamins, minerals and superfoods. Only 25 calories, 4 grams of fiber and just 1 gram of sugar. I throw one back first thing before my morning calls. Every single morning. Look, if you're running a business, time is the most valuable asset. Fuel makes healthy eating simple. And they also just launched into Target stores nationwide so you can get it everywhere. Try both products today with 15 off your purchase for new customers with my exclusive code scott@huell.com SL Scott try both products today with 15 off your purchase for new customers with my exclusive code Scott S C O t t@huell.com Scott use my code fill out the post checkout survey to help Support the show that is hu.com Scott they really make healthy living taste amazing even if you're on the go. Healthy eating, healthy lifestyle doesn't have to taste bad. It doesn't have to suck. NetSuite is a success story Partner now every business is asking the same question. How do we make AI work? For us, the possibilities are truly endless and testing is just a little bit too risky. But sitting on the sidelines is also not an option. Because one thing is almost certain. Your competitors are already making their move, so you can't wait anymore. And with NetSuite by Oracle, you can put AI to work today in the right way. NetSuite is the number one AI Cloud ERP trusted by over 43,000 businesses. It brings your financials, inventory, commerce, HR and CRM into one single source of truth. That connected data makes your AI smarter so it doesn't guess it knows. And whether your company earns millions or even hundreds of millions, NetSuite helps you stay ahead of the pack. If I needed a tool like this, I'd use NetSuite now. Right now get the free business guide demystifying AI at netsuite.com Scott Clary the guide is free to you at netsuite.com Scott clary that's netsuite.com/Scott Clary Talk to me about your time in the CIA I think that's so fascinating. Obviously a lot has changed since then, but I think that the CIA is just this ominous. Nobody really understands what you can do, what you can't do. I know that you have interesting stories about like you are an incredible hacker. So I mentioned something at the beginning about hacking a nuclear reactor. Why is somebody in the CA hacking a nuclear reactor? And what was it, 37 seconds?

Dr. Eric Cole (53:37)

So what I always joke is because I believe people need a little bit of humbleness, I go in and I say, I am not an extraordinary hacker. It just most people have extraordinary bad security. So it's like one of those. Back to my example of if everyone's leaving their doors open and their windows unlocked, I'm not a great criminal. It's just easy to exploit and break into. But to, to answer your question, I'm always glad you go there because when I go in and say I'm a professional hacker or I was a professional hacker for the CIA, it wasn't for malicious, it was to protect and secure our own infrastructure. So a lot of people don't realize the 90s, we're in the midst of a cold war and we're concerned about nuclear attack from Russia and other countries. Well, most people don't realize a nuclear reactor can be turned in to a nuclear bomb. You've gone in and we've saw some meltdowns like five mile. I mean that was as devastating as if a bomb went off. I mean in terms of the wipeout and stuff. So we were really concerned. And I could talk about it now I couldn't talk about back then in the 90s of somebody hacking in to our reactors and basically detonating it and causing devastation. And here's the problem. None of our satellites, none of our Air Force or anything would have caught that. So my specialty is nuclear reactors. I worked with the nrc, the Nuclear Regulatory Commission. Most people don't even know they exist, but they regulate non weapon nuclear reactors in the United States. And I helped write the security policy to help protect and secure them. So my whole goal at the CIA was hey, one of our big, we call them soft targets because they're typically focused on functionality. Nuclear reactors are all about uptime availability. So believe it or not, in the 90s they were running on old systems that weren't patched, that were connected to the Internet for monitoring and tracking. And we didn't realize how just easy and simple it would be for somebody to break in. So I went in and figured out how to break in, find vulnerabilities and then wrote regulation that said this is what you need to do to protect and secure those reactors. So it was all done from an offense guiding defense. The only way to be good at defense is to think and know how the offense works. Because most people don't realize there's no way to prove a system is secure. I can't go in and run an algorithm that says, okay, this is secure. The only way you can do it is by getting smart people trying to break in and find vulnerabilities and weaknesses. So it was sort of that whole philosophy and is like you said, the CIA is so misunderstood. Our job at the CIA is, first of all, we can't do any operations on US soil. And two, our job is not sort of breaking and causing harm. It's gathering, supporting to secure America. So we sort of have, I mean, Tom Clancy, I love him, but he sort of gives us this bad picture. It's really a very good, solid organization. It's just misunderstood. So yeah, my job there wasn't.

Scott Clary (56:51)

Well, because it's very secretive.

Dr. Eric Cole (56:52)

Exactly. It wasn't there to go in attack nuclear reactors in other countries. It was really to understand weaknesses in our systems so we could better protect and secure them.

Scott Clary (57:01)

I kind of had a, a slightly like first row seat to, to a similar style organization because my dad worked for csis.

Dr. Eric Cole (57:09)

Okay. Yeah.

Scott Clary (57:10)

And I mean, yes, some parts of his job were exciting, but the majority of it was actually very, very boring. Yeah, it was very, very boring. But it was a lot of. It was a lot of threat detection. It was a lot of figuring out like, like what are the attack vectors enemies could use and then stress testing those attack vectors, People, systems, infrastructure and otherwise. With fast forward to, you know, today 2025, are these types of attacks, are these still concerns? Like, is there ever a chance that. Because obviously that's never happened where an enemy is hacked into a nuclear power facility. But these kinds of sort of strange attack vectors, are these still a focus or are there other types of attack vectors that people like the, you know, the North Koreas of the world would go after.

Dr. Eric Cole (57:57)

Yeah. So it's one of those where we, we forget the past and we get sloppy.

Scott Clary (58:03)

Yeah.

Dr. Eric Cole (58:03)

So the way you protect nuclear reactors, critical infrastructure is what we call air gaps, where basically the critical systems that running the nuclear reactor are not connected to the Internet. So if you break into servers on the Internet, there's no way that you can go in and be able to get in. But then what happened over the last five years is for functionality. Oh, we Want to be able to monitor and bill and everything else. They started going in and connecting to the Internet. And great example of that is the Colonial Pipeline, if you remember, two years ago. Now, what's interesting is it only impacted the east Coast. So like, I talk to people in Texas and California and they're like, what was that? That, like, it didn't really impact them. I will tell you, in Virginia, we had four days where every gas station was closed. We actually ran out of gas because of the Colonial pipeline hack. And I mean, it was there. We're like, no kidding. We're going and buying bicycle. Like we're getting concerned of how long. And when it first happened that Monday, we went and gassed up all our cars. 15 minute wait at the gas station. Like there were lines like back in the, in the 80s. And then we were really cautious. We're driving. But yeah, by Thursday we're like, this could get really ugly really quick. And that whole attack was caused because they used to have air gap and they connected those systems to the Internet for monitoring. And then they went in and eventually broke into it. And then the other interesting thing is, which is the unfortunate reality is it's cheaper, quicker and faster when these companies do get breached to pay the ransom than it is to try to fix it. So with Colonial Pipeline, if they didn't pay the ransom, it would have taken about three weeks and they would have lost about $90 million in revenue. But if they paid the ransom 5mil, they were up and running in a week. So it's the unfortunate one where it's cheaper and better. And I got a lot of, of press on that because the attack occurred on Saturday and Sunday. They're coming out Colonial and everyone's like, we're not paying the ransom. We're not negotiating. We shouldn't negotiate. I went on every news station and said, they'll pay the ransom because they have to. There's no way they can incur the devastating impact of not paying it. So I got a lot of criticism. It's funny, then Monday, Tuesday, I was sort of blackballed from the media because I was like, oh, you're raising, you know me, blah, blah, blah. And then you're mongering. Yeah. And then Thursday, when they paid the ransom, every news station wanted to interview me because I predicted it correctly. And that's the unfortunate reality is our security is so behind that it's actually better to reward the attacker than it is to suffer the consequences.

Scott Clary (60:56)

It encourages it.

Dr. Eric Cole (60:57)

It encourages it because now they're going to keep doing it.

Scott Clary (61:00)

Where else are you concerned about like cyber attacks from? Not, not financially motivated because. Financially motivated, sure. Somebody wants to make 5 million bucks, they can go after any business in the world that they just have to do a cost benefit analysis. Is it going to cost a business more than $5 million to be out of business for a week and if they go after that, business will pay up. Easy calculation for the hacker. But in terms of like national security, so shutting down the power grid, I don't know what other national security potential attack vectors there are. I'm sure there's a lot of. But what are some of the things that you're most concerned about? What are some of the things that. I don't know. China, Russia, Iran, North Korea. Other bad actors around the world actually want to hit us with that. You've seen at least.

Dr. Eric Cole (61:48)

So one of the big ones is deep fakes with AI.

Scott Clary (61:52)

Yeah, that's, that's sort of new, but that's going to be huge.

Dr. Eric Cole (61:55)

I mean I, I just, I don't watch a ton of movies, but I like watching ones that are cyber related. Is. I just saw it on the airplane. G20.

Scott Clary (62:04)

Yeah.

Dr. Eric Cole (62:05)

And essentially, I mean it's an interesting movie, but the whole thing is they basically got the 20 world leaders, including the US President, kidnapped him and they had him read 30 words and then they started creating deep fakes of these presidents out there. And it was like crashing world markets, it was crashing impact. Because imagine if a video came out from FBI director to a senator to even the President of the United States that basically said, yes, we have this major thing and it's a total deep fake, but people don't realize it and they would respond and react to it. So this whole disinformation where you can basically create almost identical videos and voice of key individuals, I mean, that terrifies me because people trust a video on the Internet. People trust false information. So yeah, those deep fakes are really, really terrifying to me of the economic impact that could have.

Scott Clary (63:02)

How do you protect against that though? That's not even a hacking thing. That's not a cybersecurity thing. That's not putting an air gap. So that key infrastructure isn't connected to the Internet. That is finding a way to educate the world that what you see online is not true. I don't know how to protect against something like that. That's incredibly horrifying.

Dr. Eric Cole (63:23)

So the way you protect against it is once again a federal law. You can, there's algorithms that you can run pretty quickly to see Something's a deep fake. What if there was a law that said every social media platform had to go in and run the deep fake algorithm against any video that's being posted? That wouldn't be hard. I mean, you're talking. The computing power is not that intense, but you need to go in and start putting out there. Here's the other crazy thing. I mean, this boggles my mind. If I go in and create a deep fake against the President and put it out there, it's currently on our laws, it's not illegal. What law are you breaking? There's no law that says you can't go in and create. Now I'm not claiming. Now, if I went in and said, I mean this is the President, but if I went in and said, here's an interesting video. Yeah, why can't I create an interesting video that simulates, I mean, look at all the memes out there. I mean memes are basically a funny deep fake, but they're not illegal. So I mean, it's crazy. How can we live in a country where somebody can create fake media against key individuals and there's no penalty that anyone could do? Why isn't there a law on that?

Scott Clary (64:44)

How long do you think it's going to take for a law to be passed on that? Because, I mean, you mentioned before the people that make these laws. I've watched like the, the Senate hearings. There's people that are just so, so, so ancient. People that are just. Old.

Dr. Eric Cole (65:00)

That's a good word. I love, I was thinking of a nice word because old is not politically correct. So ancient is better.

Scott Clary (65:06)

Listen, they've been on this earth for a long time and they're trying to make decisions and pass laws about things they do not 100 understand. Like I've seen it with all the social media hearings, the data privacy hearings, crypto hearings, like all it. And they're just asking the dumbest questions because they don't understand what's going on. And you're just thinking, oh my God, like these are the people that are going to be creating the laws and they still haven't created proper laws. Unless there's some huge, you know, Cambridge Analytica level media pressure requirement for somebody to change. Nobody does anything. Like, I think that, listen, there's still ambiguity about crypto and how long has, how long has that been going on? There's still ambiguity about. And, and I mean, like, yeah, it's gotten a little bit better and, and like this administration is trying to be a little bit more proactive with Setting up rules and regulations about crypto and what, you know, what you're allowed to do and what you're not allowed to do and what, what if it's considered a security or not and whatever. And then there's like the whole like XRP case that was like ongoing for forever and that was supposed to be like, you know, defining the whole category that's slowly winding down and that's but five, six, seven years. I don't even know how long it's been going on. It's just going on for forever. So the point is that new tech and laws that affect new tech don't. The laws don't happen quickly.

Dr. Eric Cole (66:23)

I mean, it's probably, I mean, the deep fake in AI stuff.

Scott Clary (66:26)

Yeah, I know.

Dr. Eric Cole (66:26)

That's why it's going to be at least five years now.

Scott Clary (66:29)

Imagine what it's going to be like.

Dr. Eric Cole (66:30)

In five years now. The irony is it should be done this year. Like you go in and definitely good. As you probably saw, I think it was like 45, 50 days. The new administration came in. Melania Trump had the law about, I mean, if you put false images or false information about younger people, that, that has to sort of be illegal and stuff, which I think was great. But why so narrow? Why isn't it more expansive? So, I mean, what we need to do is get key people. Like, if we get Melania and she's awesome and really big on cyber and some of these to spearhead it, we could probably get them through a lot quicker. But unfortunately, what it comes down to, it's up to you, me and every listener to just sort of be local enforcers where we just tell people, listen, you can't trust these videos. We don't trust these videos and just spread the message. Because if we can go in and spread the message of listening, deepfake is on the rise. Most videos you see out there is total BS and just don't trust videos. Without verification and validation, we can start to tackle it, but it's almost like we as citizens have to lead the way because Congress is way too behind.

Scott Clary (67:45)

Yeah, I agree. Do you think that's what a cyber war looks like? Do you think that it's somebody in North Korea getting really good at creating deep fakes?

Dr. Eric Cole (67:52)

Absolutely. And I think it's one of those where you're talking asymmetric warfare. You go in and what if you start going in, doing deep fakes? You then start targeting and compromising devices which were already there, and you start withdrawing money from those accounts, you start going in and Attacking cryptocurrency. And you could crash. I mean you do those three things strategically, you could crash U.S. markets. I mean, it would not be hard to imagine if we start doing deep fakes against stock.

Scott Clary (68:24)

Yeah.

Dr. Eric Cole (68:25)

And certain stocks where we have the CEO of a large company. I don't want to pick on anyone because they do have good security. But deepfakes you can't protect, let's say CEO of Cisco or Microsoft or Amazon or, or even some of the new AI companies, right? Nvidia. And they go in. What if the CEO of Nvidia, I mean, did a deep fake? And I mean, you got to hand it to the CEO, I mean the black leather jacket, I mean he is looking good. I mean, I love his look and stuff. I mean he's definitely got. But what if you did a deep fake video going, hey, because of all the new tariffs and because of everything, Nvidia productivity is going to be down 70% for the next six months. I mean that would crash the stock.

Scott Clary (69:09)

And by the way, today I can, I can't do a video as a consumer, I can't do a video deep fake of somebody that looks exactly like them. It's not perfect, but I can, I can emulate their voice immediately. Today I can emulate anybody's voice. And it sounds with the inflection, the tonality. With about 10 seconds of audio from them speaking, I can just copy their voice. And deepfakes, listen, I think that they're, I think that, I mean, I'm sure that if there's somebody who had really good tech, they could make a pretty good deep fake already. But I don't think that the average consumer can just do it yet. But it's still like maybe six months away.

Dr. Eric Cole (69:48)

It's six months away. And here's the trick is to get a deep fake believable. You want to have as far out as zoom out as possible. So if like for example, you tried to go in and do a deep fake of me in this frame, it would be a little choppy and like you could tell it's a little robotic. But, but you go in and zoom out and put me on a stage where it's a smaller Eric and it's, it's not as clear and the voice is perfect and the voice is perfect and, and the video might be a little blurry, but I mean that's okay because you're on the stage. I mean that's, that I think is three to four months away.

Scott Clary (70:27)

I think so too.

Dr. Eric Cole (70:27)

And then the close up I think is going to be about a year. But, but we're, I mean, we're on the. It's not like this is impossible, like landing on Mars. Right. But we're talking very soon. And it just, I mean, it gets scary. And that's what most people think, like cyber war is. I mean, breaking into the government or breaking into huge companies. It's not, it's disinformation targeted in the. Like you go in and crash a few stocks with a few bank things. I mean, it's just targeted attacks that could just cause devastating impact.

Scott Clary (70:59)

What is the. I mean, if we look at sort of the. Iran, Russia, China, North Korea, I guess these would be considered like cyber enemies or like, I don't know how else to describe them because there's. They're not all classified in the same bucket, obviously. I wouldn't put Russia and China, same bucket as like North Korea, for example. But if you look at sort of the capabilities of our cyber enemies or people that we're not exactly aligned with, what are some of the scarier things that you've seen outside of potential deep fakes? Like, what else can they do? Because. And also I'm curious, you probably had front row seats to see how they protect and how they prepare. And I know that you've spoken about a few different things that even Russia does where they disconnect from the Internet. I'm very curious about what, why they would do that. Because we definitely don't disconnect from the Internet.

Dr. Eric Cole (71:46)

We don't even know how we could. We are the Internet. So that's the craziest part. I've been asking for 15 years, government officials, and asking myself, do we have a list of all the connectivity points to the Internet? Do we know how we're connected to the Internet? And the answer is no. Because if we disconnected from the Internet, the Internet goes down. So how do you protect yourself if you can't filter the borders? Imagine running our country where anybody can go in and out without border. Like, if we didn't have border patrol and we didn't have all those control gates, I mean, this country would be overrun so quickly. So we have physical border control. We're controlling who can come in and out of our borders. But on the Internet, we have no border control. We're one of the few countries, Russia, as you said, has border control. The reason why they go in and disconnect from the Internet once a year for 24 hours is to basically show that if a cyber war broke out, they could actually be out of it and still run their country. They could run their country without Internet connectivity because they have an internal intranet to do that. US can't do that, which means if we're under attack, we can't stop it. Most people don't realize when the conflict broke out between Israel and Iran a few weeks ago, and this is very, very telling of what Iran is thinking. Iran disconnected from the Internet. Iran is currently not connected to the Internet, which means we can't launch a cyber attack against Iran. Which, why do you do that? That's the precursor for war. If I'm consulting for a country and we want to launch a cyber war, the first thing I'm going to say is lock down the hatches, disconnect from the Internet. And now when I say disconnect, it's one way. Packets can't come in, but they can still fire out. So now from a warfare standpoint, if Iran starts launching a cyber war against the US we can't do anything because we can't attack them back.

Scott Clary (73:46)

And we can't do that.

Dr. Eric Cole (73:47)

Right? We can't do that because the way the Internet was designed, we never did. So to be one of my big things is okay, and I'm not criticizing administrations because both of them did it, but the last president and the current president, they're spent trillions of dollars rebuilding our roads. They're spending trillions of dollars rebuilding, I mean, businesses. Why aren't we spending trillion dollars of building a separate Internet, at least for the government or commercial, so we can control their ingress egress points? We should not be the backbone of the Internet and the US should be separate. It shouldn't be the same. But why aren't we spending money on doing that? That would be the best. If you're looking at our future, that would be the best investment is building that out. Because here's the reality. We're so focused on physical warfare. If you go in and build out a list of the top five nuclear powers, US, Russia, I will tell you, Iran and North Korea, which are probably two of the biggest threats to the United States, are not on that list. We don't allow them to have nuclear weapons. And that was part of the attack. But you go in and you look at cyber capabilities and cyber nuclear weapons. China, North Korea, Iran, Russia, and then the United States.

Scott Clary (75:10)

So they're all up there.

Dr. Eric Cole (75:11)

They're all up there because they, they realized, like North Korea realized they're not going to have a nuclear weapon. Now they would shoot some of the rockets as a diversion. Tactic. But they were spending the last five years on building out cyber hacking and cyber warfare capability. A lot of people don't realize more than half of the economy of North Korea is run because of cyber attacks against the U.S. that's how they're making a majority of their money. And Iran once again, has major cyber capabilities. And once again, we gave them the weapon. What I mean by that is, do you remember Stuxnet?

Scott Clary (75:52)

No, what's that?

Dr. Eric Cole (75:52)

So Stuxnet was an attack eight years ago, was a joint effort with the US and some other countries. We actually broke in to a nuclear reactor in Iran and melted it down. We basically did an attack against their nuclear reactor. Melted. Well, here's the issue. When you put malicious code on a server and you break in, they have that malicious code. So now they have the code for breaking into nuclear reactor. And the PLCs, the programmable logic controllers that run the nuclear reactors in Iran, same brand and model that we run in the United States. So we basically have given them a cyber weapon that they now can perfect, enhance, and now they could potentially use it against us.

Scott Clary (76:38)

Why haven't they yet?

Dr. Eric Cole (76:41)

Because I believe two things. One, I believe they have. They just haven't activated it. The way a cyber attack is going to work is it's not like a traditional bomb. You launch it, it explodes. The way you do a cyber attack is you break in and you put the code and then you wait for a certain time and you activate it. So I believe they have access to our critical infrastructure, critical service and devices. They just haven't activ it yet because they know the retaliation factor. So they're just waiting for the right moment. Because when they do that, I mean, you're talking Devast. I mean, you're talking World War iii.

Scott Clary (77:22)

Yeah.

Dr. Eric Cole (77:22)

I mean, if they did that. So I think they're carefully planning it and exploiting it, but they're waiting to do that. Another great example is most of our financial data, government information, and others is encrypted. And it's encrypted with RSA and AES, which today is considered unbreakable. But what we're seeing is they're breaking in and doing what we call harvesting. We're seeing them steal encrypted data from banks and encrypted data from businesses. But here's the crazy part. Our disclosure laws say unless they can actually read the information, we don't have to disclose it. So if somebody steals encrypted data and they don't have the keys, they don't have to tell anybody.

Scott Clary (78:08)

Wow.

Dr. Eric Cole (78:09)

And now what they're doing is they're harvesting all these encrypted databases because it's estimated if you look at quantum computing, that at least in 10 years, some people say five, some say seven. I'm always sort of conservative. So at least 10 years, quantum computing will be so advanced that it will actually be able to unbreak RSA and AES in minutes. So now what they're doing is they know, they're building out quantum capabilities in these countries. They're stealing all our encrypted data. So then in five, seven, or ten years, they can decrypt it and use it against us. Imagine if in five, seven years, all of our financial data, all of our passwords, all of our information are now public for those countries. I mean, talk about. Put cyber warfare at a whole new level.

Scott Clary (78:59)

So what do we do to protect against this? Like, this is. So I asked you, like, what were the scariest capabilities of these countries? I mean, these are some of them for sure. So the next 10 years is going to be a rough 10 years. But I guess the question is, you mentioned, like, Iran's not activating because it would mean World War iii. Yeah, this is more of a geopolitical, I guess, talking point in question. But do you. I mean, from your time in the CIA, do you believe that China, Russia, Iran are actively trying to, like, really end the US or is it just like a safety precaution on the off chance that there is a conflict? Like, do you think that. And I, I know that there's three very separate countries. I think North Korea, I think most, you can argue, are not fans of the U.S. but do you. Do you believe that like, like, Iran wants to see, like, true death to America? Like, do they want to see, you know, like, the west just collapse? I don't know if I believe that China really wants to see that. I don't think so. I don't think Russia really wants to see that either.

Dr. Eric Cole (80:05)

Yeah, no, you nailed it. It is safety measures. It's safety and it's. It's all monetarily driven. Because here's the reality. If the US Went under, if our economy completely collapsed, the world would. China relies on us. Iran, Russia, they're making so much money on either business or cyber attacks from us, they don't want us to. So to me, it's. You said, why haven't they done it yet? It's more precautionary. But it's also monetarily driven because now if I go in, let's say in five or 10 years. And I have all the banking information from major banks. What I'm going to do is I'm going to go back to that bank and say, okay, you're going to pay us $1 million a month or a year as safety protection. Go back to the Mafia in New York City. And that's what we're getting to is like the mafia didn't want the stores to go under. They didn't want, because then they would lose money. They just wanted to scare them enough so they would give them whatever it was, $100 money and, and they would do this for years. They actually wanted the businesses like they would promote the, they wanted the business to do successful because the more successful the business, the more money they made. And that's where I think we're really heading is this extortion. Ransomware is unfortunately going to be a business model and market where I think most Fortune 500 companies in five to 10 years are going to have line items for ransom payments. So when you go in and you do your profit and loss statements, you have your revenue, you have your expenses, right. Your building expense, your insurance expense, you're this, you're going to just have a random ransomware expense where maybe 1 or 2% of revenue, you're just going to have to pay for ransoms because we're behind the curve and we're not staying up to base. Now you sort of said the next 10 years could are going to be bad. I would sort of just change the word could be if. The point is if we act now, like if Congress started passing laws and we started locking down our systems and doing two FA and rebuilding and putting more security.

Scott Clary (82:19)

To your point, they have, they have this information. That's my point. Say okay yes, I'll let you continue.

Dr. Eric Cole (82:26)

No jumping.

Scott Clary (82:27)

Yeah, they have, they have the information that they've stolen from financial institutions already. They can unlock that with Quantum. You're saying that just going forward we have to be a little bit more strict so that they don't keep getting more information so that, that at some point that information holds no value and they can't use it to exploit companies and individuals.

Dr. Eric Cole (82:45)

Right. So, so for example, it's, it's not the easiest, but it's not impossible. What if the banks had a three year plan to change everyone's account?

Scott Clary (82:57)

I understand.

Dr. Eric Cole (82:58)

So, so now by the time they decrypt it, the accounts are all no longer valid.

Scott Clary (83:03)

Yeah. And they have no leverage.

Dr. Eric Cole (83:04)

And they have no leverage or what I do. And citizens can do this is every three years. I actually do go into my bank and I go listen, I work in cybersecurity, I'm a little concerned and could I change all my bank accounts? And now I don't have that many. But I go in and I change all my bank accounts periodically.

Scott Clary (83:25)

Just change the account number.

Dr. Eric Cole (83:26)

Just change the account number.

Scott Clary (83:28)

Yeah.

Dr. Eric Cole (83:28)

And then what you do is there's typically you do a 45 day. So any checks from the old account will still allow and then after that they won't allow and they won't allow any efts from the old account number. And yet it takes a few hours. But it's much better than somebody breaking in and wiping out my entire account. So there's things individuals can do where we just like reimage our systems or change our accounts every and just do things to reduce the exposure factor. And to me that's where we're at, where individuals have to take action because the big companies in government are too slow.

Scott Clary (84:04)

You gotta, you gotta listen, you gotta protect yourself at the end of the day. I mean something as simple as it's not to the extent of changing your account numbers, but I love using virtual cards. Like I'll spin up a virtual card for a payment and when I'm done with it, I just cancel it. It's so simple and it's like I have a dashboard and get rid of the card. Okay. Two things happen. First of all, if the card's compromised and no one else can ever use it, but also sometimes I forget what I'm paying for. So then if I have like a subscription that I don't want to pay for anymore and then I cancel the card, then I don't have to pay for the subscription. So I love the virtual card. But this is like on a much, much easier simple. Just like you can do this with any bank. I think now you can spend a virtual cards, use it, cancel it and whatever.

Dr. Eric Cole (84:44)

Yeah. And then take that to the next level.

Scott Clary (84:46)

Yeah.

Dr. Eric Cole (84:47)

So not only do I do virtual cards, but I also have a burn phone.

Scott Clary (84:52)

Do you?

Dr. Eric Cole (84:53)

So, so I have a burn phone that basically has a number and whenever I go to websites or because you know some of these to get stuff like, because there's a lot of free content, you have to put in your, your phone number. So I, I put in the phone number that burn phone and then when it gets too much, typically nine or 12 months now it's gotten so crazy, it's about every six months I go in and the few legitimate like, like there's maybe one or two legitimate people that have that number. I just text them and say, hey, I'm changing my cell phone number. Here's the new one. And then I give them the trusted one that I've had for 15 years. And then I just go. And here's the cool thing. You just go in and call up the provider and you just say you want a new number. They do it over the phone. It takes. You don't even have to get a new phone. So the idea of like a.

Scott Clary (85:45)

On my iPhone, I have two. I have two numbers on it.

Dr. Eric Cole (85:48)

Or do that. Yeah.

Scott Clary (85:49)

So I have two numbers on it. So I have a second one that I pay like 15 bucks a month for that I. Yeah, a burn number.

Dr. Eric Cole (85:56)

Yeah.

Scott Clary (85:57)

And it's. And it's. It's like, not like you don't even have to use an app for it because most phones can support two sims now, and you can do virtual sims, so it's very simple to do.

Dr. Eric Cole (86:07)

Yeah. So you don't even need a second phone. Yeah. I didn't even think about putting a second number on your iPhone.

Scott Clary (86:11)

That's a great idea. On your iPhone. And you can actually choose when you're texting somebody, do you want to choose from primary number or secondary number? And you can just have two numbers. And I think it's meant actually for, like, when you're traveling abroad. But it works for whatever you want it to do. Yeah. So, yeah, Very, very smart. Very, very smart. And I actually should do that more often because I've just been using that number to sign up for things, especially when I don't want them people to, like, know my.

Dr. Eric Cole (86:34)

Like, you know, your real number.

Scott Clary (86:35)

So I guess I'm kind of using it the same way.

Dr. Eric Cole (86:37)

You already got it.

Scott Clary (86:38)

Yeah, but it's just like, little things like that. And then I also. I also have like a. A burner email address that I use when I sign up for stuff, but it, like, links back to my main email address, so I get, like, all. All my two FA codes on it if I want to use it. So anyways. But it's just about. Listen, it's just about being smart, protecting yourself. 2fa, not doing dumb stuff. The last thing that I think is interesting. We sort of spoke about your work with the CIA. Obviously your work with, like, past administrations also was focused on, I'm assuming, just protecting from foreign actors and whatnot. But you also worked with the Gates foundation, and I'm curious what billionaires do differently than the average person. And I'm Also more curious, is a billionaire's cybersecurity infrastructure more robust than the government's or is the government's more robust than a billionaires?

Dr. Eric Cole (87:30)

So as I would definitely say, a billionaire's infrastructure is more secure, I have no doubt than the government. And for a couple of reasons. There's less individuals. And just to be clear, I did a little with the foundation, but it was mainly with the personal.

Scott Clary (87:51)

Oh, with Bill Gates.

Dr. Eric Cole (87:52)

Yeah. So when he basically split away from Microsoft, all of his security and it was done by Microsoft staff and he wanted that to be separate and isolated. So I was one of the folks that originally helped set that up. And a lot of it was just the things that we talk about is so one of the simple ones. And like I said, I can talk about it now because it's, it's there for. It is for G1. Well that we gave him nicknames. So. So that was. But for G1 was G2. Melinda, potentially. I always want to be careful, right. Hypothetically. It could be. Hypothetically.

Scott Clary (88:30)

Okay, fine.

Dr. Eric Cole (88:31)

But like one of the simple things what we did for him is he had three computers. He had one computer he used for internal communication with his staff and financial. He had a second computer he used for web surfing and public. And he had a third computer that he used for dealing with Microsoft. Just simple isolation, right? Simple devices and accounts. And once again, I mean we have so many devices. What if. And I actually do this, I have multiple iPads. Like I. They're super thin. You carry. I mean it doesn't take much to carry them. They're like three pounds. And I have one that I only deal with my finances and others. One for my high end business clients and then one for public surfing. So and once again, iPads are like 700. So that's what 7 foot 21, 2,100. Most people will spend $3,000 on a high end laptop. So it's like so just simple things like just having isolation of those services that are there. They had two factor out of the gate. So just two factor. And then once again just heavy filtering of like even back then we didn't allow attachments, we didn't allow embedded links. We really limited and restricted the functionality. And once again that's about it. I mean it wasn't like we had super high end lasers. I mean it was zap or anything. It was pretty basic fundamental components and security in place. And then the other big one that we did early on and now we recommend for all folks is on any device that's connected to public WI fi. So if you're connected to WI fi, hotels, airports, you have to run a VPN Always, always. It's super simple. It doesn't take up a lot of resources. It encrypts everything and once again just goes a long way of locking it down. And then the last thing is Endpoint secured on every device most people think of. It used to be called antivirus, now it's called edr. Endpoint Detection Response. People would only run it on their laptops. I run it on iPad, phone, everything. Once again, not a guarantee. But you encrypt all your traffic with a VPN and you run EDR with a high setting that if in doubt it'll block or allow it. So you miss a little bit of legitimate, but you don't get any malicious and I mean those basic foundational things and you're going to be in really good shape.

Scott Clary (90:56)

Are there any particular VPNs that you would stay away from or that you recommend?

Dr. Eric Cole (91:00)

I mean I, I usually recommend the ones in the U.S. like yeah, like OpenVPN or Open SSL. I mean, I like the ones that are based on standards that are public because when you have a lot of smart people looking at it, you're going to find it and make it a lot more secure. So I'm very big into Open source for VPNs because it gets a lot more visibility than because a lot of small nothing gets. Small private companies. But a small private company releasing a VPN is not going to have the same code scrutiny as an open source. I really, for those prefer open source.

Scott Clary (91:36)

Indeed is a success story partner. Now, if you're hiring, Indeed is all you need. Let me give you an example. If I needed to hire a new editor for this show, I'd go to Indeed and be super specific. Not just can you edit audio. I'd say I need someone who's edited a conversational podcast for at least three years, gets our style and knows our software. Someone who's done this before. And here's the thing, with Indeed Sponsored Jobs, I'd get people who fit that description. I'm not digging through resumes from people who've edited one YouTube video. I'm getting actual podcast editors who know what they're doing. People who've worked on shows like ours and can prove it. That's what makes a difference. You get people who actually are what you're looking for. According to Indeed data, sponsored jobs posted directly on indeed are 90% more likely to report a higher than non sponsored Jobs and people are finding quality hires right now. In the minute that I've been speaking to you, companies like yours have made 27 hires on Indeed according to INDEED Data Worldwide. Spend more time interviewing candidates who check all the boxes. Less stress, less time and more results now with Indeed sponsor jobs and listeners of this show will get a 75 sponsored job credit to help you get your job the premium status it deserves@ Indeed.com Clary just go to Indeed.com Clary right now and support our show by saying you heard about Indeed on this podcast. Indeed.com Clary terms and conditions apply. Hiring do it the right way with Indeed. HubSpot is a success story, partner. And if you're into this show, you're probably someone who likes learning from people who've actually done the thing. That's why I want to put Create like the Greats on your radar. It's a great show. It's hosted by Ross Simmons, part of the HubSpot Podcast Network. Ross breaks down some of the greatest creations and creators of all time. What they built, how they thought, the actual process behind it. And he's not just talking theory. He's been doing this stuff for over a decade. What I appreciate is that he makes it practical. Like how do you actually systematize creativity? So you're productive, but you're not burning out. So if you like learning from history, understanding how great work gets made, and you want something that's easy to listen to, check it out, listen to Create like the Greats wherever you get your podcasts. Do you believe that, you know, you've worked with past administrations, billionaires, CIA. Do you believe that the US is going to win the war on cyber the way we are right now? Or does there have to be some radical change not just on, on an administrative level, but with private companies, what else has to happen so that we can guarantee that we can win this war going into the future?

Dr. Eric Cole (93:53)

Yeah. So the path we're on right now is not a good one. We're behind because as we said, we are too focused on functionality. So to me, one of the simplest rules is when I come into businesses or I consult with these high end individuals, their perception of cyber is you're the negative guy. You're the guy that's going to say no, you're the guy that's going to say don't use it. I love tech, I use tech. But, but essentially what we have to start doing is when we're evaluating any new business decision, any new technology, we have to step back and instead of one Question which is asked today, what is the value and benefit? So like you look at AI, what is the value and benefit? We can create content, we can get more visibility, we can do all this stuff. But what companies and organizations need to do is ask a second question, what is the risk and exposure? And then ask yourself, is the value worth the risk? Because to me, right now, today, the way we're using AI, if you look at the risk of data leakage, information leakage and targeting, it ain't worth the risk to me. I use AI very limited. I do have a digital twin. I joke, I love it. Every morning at 4:30, I basically argue and debate with myself with the digital twin. And one time it was funny, get so heated that I'm at a hotel and there's a knock on the door and it's security because I guess the neighbor was complaining because I was too loud. And they're like, are you having a party? I'm like, no, I'm just fighting with myself, like I'm just debating. So I think there's limited use, but I don't actually use AI publicly where I put any of my information or business decision publicly because that's then available to anyone or anyone else. So I think we got to look at the new tech AI and everything else as a tool. I get so frustrated when I hear these executives go in and say, AI is going to replace your job, you're going to become obsolete. I'm like, yeah, if we dehumanize ourselves, right? But if we continue to be human, AI can never have emotion, it can never have feeling. And if we let AI take people's jobs, we're basically downgrading our intelligence to that of AI. We're turning ourselves into computers. And if we do that, if companies actually fire employees and replace them with AI, we're on a path where 30, 40 years, humans could be obsolete or extinct because we don't need humans anymore.

Scott Clary (96:17)

That's the worry. But if somebody's already doing that.

Dr. Eric Cole (96:19)

Exactly. But if we go in and step back going, this is insanity at every level and AI is a tool. We should actually be telling people, AI is going to enhance your job and make you more valuable. It's not going to replace you. We should be training people on how to use AI as a tool to make themselves more valuable as humans and not the other way. So to me, we're sort of missing the boat where we're only looking at functionality and not security risk. And we just need to change how we look at things that all Functionality needs security. And whenever you're releasing new functionality, security should be embedded. And new tech like AI is a tool, it's not a replacement.

Scott Clary (96:59)

Couple thoughts on that. So, first of all, fully agree. I don't think that a lot of companies are looking at AI like that. They're looking at AI in terms of how do we just get rid of as many salaries as possible so we can use AI. I do believe that people should be using AI to sort of 10x their output or to upskill themselves for sure. That's important. Any and it's, it's a mixture of both. Like yes, AI can speed things up, automate processes, it can help somebody do 10x to work they were before. But the person also has to be willing to like learn how to use it properly. But they can't be overly dependent on it because there was just a new study that showed the people that are using AI for all of their tasks, for their thinking, their searching, their writing, it's showing a decline in their cognitive abilities. So you still have to be as an individual, somebody uses AI, but somebody who still doesn't use it for everything. And you still have to like learn and improve yourself. You still have to read yourself to write. You have to yourself to do all the things that like help you perform at the best level. So you can't just outsource 100% of your thinking to AI, but you can use it as a tool and there's some again, happy medium as to how you use it without overusing it, without ignoring it completely. I also think that, I don't think that too many people love Sam Altman. I don't think that too many people look at him and are like he's acting in the best interest of humanity. I feel like there's a significant amount of negative sentiment as to how he's built, how he's built OpenAI even like from switching it to a nonprofit to a for profit. I think a lot of mixed emotions about that and like what incentives are actually driving the company forward? Is it actually AGI? Is it actually betterment of humanity? Is it just making more money? And, and I think that people have different, you know, perspectives on that. But I do believe that. But I do believe that more companies, and I don't know how, I don't know how this is going to manifest because this is not how companies operate, but more companies that are responsible for bringing AI to the world do have to understand the power that it's going to have and build it responsibly. And not just give sort of lip service to the ethics around AI. And I think, think I personally feel there's a lot of lip service and people saying we care about AI ethics and we care about AI security and we care about how it's going to impact jobs and humanity. But I don't believe, if I look at the actions, the actions aren't aligned with what people are sort of, sort of preaching about AI security. Even if we look at. Listen, I don't have an issue with Elon Musk, but Grok just went off the rails and started becoming super anti Semitic in like the past 48 hours. So if you really cared about security, that would have never happened because there would have been some sort of safeguard in place. It doesn't turn the AI that you've built into this thing that starts calling itself Hitler, which is in the past, it was calling itself Mecca Hitler. And like the past week. Right. I don't know if you saw this in the news, but it was absolutely crazy. So. So all these founders and CEOs can say that they care about security and safety, but it doesn't seem like they actually care about it with the actions that they're taking because they're moving so damn fast. The reason why they're moving fast is because when they move fast, they can make more money and they can stay ahead of everyone else. So I think it has to be more of. I don't know if it's government regulation, I don't know. I don't think it's going to come from a business perspective, a private business perspective, because I think that private business founders, entrepreneurs, CEOs, they are motivated by profit and creating shareholder value and safety and security and slowing things down, that runs counter to creating massive shareholder value. I don't know what the answer is.

Dr. Eric Cole (100:58)

I think it's a hybrid. But to me, one of the new areas is AI hacking, where you actually go in and hacking groups hack the AI model. I mean, that's what happened with Grok is you had a group of people that basically wanted to either target Elon or target Grok and they fed a ton of new information and GROK learned.

Scott Clary (101:22)

That'S how it worked.

Dr. Eric Cole (101:22)

Yeah, that's how it works. So it wasn't that Elon or anybody running Grok did that. It was. Any AI tool works on the data set. And with a public AI tool, you can influence the data set. So if I go in to any AI, whether it's ChatGPT or Grog, and I have a bunch of computers And I feed it a ton of information aggressively. I can retrain it and turn it into anything I want. So that, that was actually a hack against grok. It wasn't anything Elon or the Grok folks did?

Scott Clary (101:54)

No, and I, I didn't think it was Elon and, and the Grok and the, whatever the Groq team or the X team or whatever. I was just saying that they launched it and there was not enough safeguards.

Dr. Eric Cole (102:06)

There was no protect against it. I mean and some of these have it, but it's AI ethics built in where it won't allow large amounts of messages, it won't allow other things. Now I actually think the GROK could be a good lesson learned because it probably is, is going to get either lose a lot of market share or something like this. I mean it could be, could potentially go under. I mean it's something devastating enough. I know a lot of my friends are like I'm just going to switch to yeah, to chat GPT. So I mean this could sort of be a good wake up call for it. But the other thing too is like look at what we did with cloud. When cloud came out, one of the ways we secured it is you had public cloud and private cloud. So I could run my own service in the cloud that nobody had access to versus public. And I think what companies need to do and it's what I do is if you're going to use AI, you need to have a private AI internally that never goes out to the Internet and then public. And I think if we as individuals and companies started setting up private and not using the public, that's one way we can quickly secure and still get the value without having the leakage. But, but you're right, unless vendors get enough reputational hit which the grog one and there's regulation and there's consumer pushback, it's sort all those things have to happen. But my question is by the time it happens, will it be so bad that we can't basically put the genie back in the bottle?

Scott Clary (103:33)

I actually, you know, as you're saying this, I actually now believe that maybe GROK was actually a blessing in disguise because it was almost like a canary in the coal mine situation where it showed the potential implications of having AI without the safeguards in place. And it was bad, but it wasn't.

Dr. Eric Cole (103:56)

Like really bad, but enough to wake people up.

Scott Clary (103:58)

It was enough to wake people up saying oh this isn't great. Yeah, this isn't visiting. So it's better that it happens with some Stupid. You know, probably it's just some hackers trying to be versus somebody who's impacting AI to actually have, have a significant impact on a country or whatnot. So yes, it wasn't good. But yeah, maybe you're right, maybe it was. You know, it's this nice little wake up call that we understand the power of AI and that the average. Because it's all. Listen it, I love what you said. It's not just the vendor or the private company because we can't trust the private company to always make the best decision for the rest of the world. Obviously. It's just the fact that incentives are different for a private company. Government moves slow. So what moves the government quicker and what makes the private company act in the best interest of people outside of the shareholders? It's public sentiment. So when something really bad happens or even moderately bad, the public will make both of those groups move quicker.

Dr. Eric Cole (105:03)

We have a lot more power as together than we do separate.

Scott Clary (105:06)

Yeah, very much so. And maybe this is the wake up call that people needed so that the public will say, hey listen, Elon Grock, Claude Anthropic OpenAI like all these companies, okay, we love what you're building, but like let's slow down a little bit or at least just focus on safeguards that this can't be manipulated. Because on the other end of the spectrum, if you're talking about slowing things down in terms of AI development, the concern is, well, all these other sort of nation states that are not the US are not slowing down. So China and Russia and North Korea are building AI as quick as possible. And we don't want to, we don't want to let them outpace our own AI development. So there is it, this is balance, right? You want to have, you want to be able to increase your AI capabilities as quick as all these other countries so that you can defend against them. But also you don't want to build something that's, it's a scary spot to be in. You don't want something go crazy and go off the rails either.

Dr. Eric Cole (106:04)

But it's one of those where we got to go back to older software models we can build without releasing.

Scott Clary (106:10)

Correct.

Dr. Eric Cole (106:10)

I mean if you look at Microsoft, Microsoft used to take two to three years to build an operating system before they released it. Now what we're doing with all these AI, we're building and releasing it immediately. There's no internal beta testing. Basically the community and the world is beta testing. So I think what we need to do is, I mean these AI Companies should still aggressively be building. But what if we just did a slower rollout? What if we actually did alpha and beta testing and we didn't release it for a year or two now we're not behind, but we're just not putting the consumers at risk.

Scott Clary (106:44)

Yeah, exactly. And the only reason why we release as quick as we do is because of money.

Dr. Eric Cole (106:48)

Yeah, exactly.

Scott Clary (106:49)

That's really it. Where can people connect with you? I want you to tell them what you're working on now, what to look forward to in the future. Also like where to connect you on social media. I mean your book is cyber crisis, protecting your business from real threats in the virtual world. I know you have other books. You can probably get this book on Amazon or wherever you.

Dr. Eric Cole (107:09)

Exactly. Amazon bookstores.

Scott Clary (107:11)

Yeah. So what are you, what are you excited about in the future? And then also where can people connect with you online?

Dr. Eric Cole (107:16)

So the big things I'm really excited about for the future is one and I'll be a little careful but but one is I'm actually looking at exiting one of my companies. So I think you mentioned we didn't get into a lot of it, but I'm a big fan of building companies over three to five years, getting them to about 8 to 10 mil and then doing a valuation of 5 to 6. So then selling them for 30 to 40. I find doing that as opposed to trying to build $100 million company over 20 years is a much better model. So I'm in that cycle and then I start up a new one behind it. I'm also working on a new book, so look for that at the end of the year.

Scott Clary (107:54)

What are you going to. What is the premise of the book?

Dr. Eric Cole (107:57)

Basically what we just talked about. So I mean all those. So, so about sort of AI and security and basically the fact that we're at war and what can individuals do to protect and secure. So definitely look for that. Also trying to get a federal law passed on cybersecurity and then the longer term plan is that migrates into a global law on cyber. So those are sort of my, my big projects. Then I go in and you can find me Dr. Eric Cole. Dr. Eric C O L E. I love giving away information, I love giving away data. So I do a lot of posts. It's all cybersecurity and then I have two podcasts that are cyber focused on sort of bulletproof of how to implement security into your life to be better protected. And then for techie people, I have life of CISO chief Information Security officer. So really Giving back. I also do my blogging. Dr. D R E R I C.

Scott Clary (108:52)

O L E Lennar is a success story partner. Now, if you've ever been interested in real estate investment, listen up. Whether or not you're just researching or you're buying your first rental property or your 15th, you know the pain. Sourcing deals, pulling comps from five different sites, building your own underwriting spreadsheets and hoping the numbers are right. It is a grind. Lennar Investor Marketplace simplifies the whole thing. They've got new construction homes, rental ready, pre inspected across over 90 markets. And every listing comes with a full underwriting dashboard built in. That means rental comps, neighborhood data, school scores, projected expenses, estimated noi expected returns. It's all there. So if you're new, you're not flying blind. But if you're experienced, it's also saving you hours. And Lennar is one of the biggest home builders in the country. Over 1.5 million homes built through the marketplace. You get intros to vetted property managers at below market rates, warranty coverage, title and closing services. The whole back end is handled. New investors get the guidance, experienced investors get the speed. Either way, you're not duct taping 10 different tools together. So if you are investing in real estate, check out Lennar Investor Marketplace and see what's available in your market. WIX is a success story partner. Now, when I started Success Story, I was doing everything myself. I was building the website, I was editing episodes, I was figuring out tech that I had really no business fig figuring out. But if I was starting today, I'd use wix. Here's the thing. WIX is not some basic drag and drop situation. You can build legit professional grade websites in minutes. Their AI website builder asks you a few questions and it generates a custom site ready to go. Or if you're more hands on, They've got over 2,000 templates and an editor that lets you customize literally any detail. What I really like is the AI tools built specifically for entrepreneurs. Unlimited image generation, automated email marketing, SEO help. The stuff that used to eat up your entire week. And it's all backed by enterprise grade security with 99.99% uptime. So your site doesn't go down when it matters most. 280 million businesses run on Wix. If you've been putting off building your site, this is your sign. Sign up for free@wix.com that's wix.com org.

Dr. Eric Cole (111:04)

So drerichcole.org and then also my company site. If I can Help you in any way. Is secure-anchor.com Perfect.

Scott Clary (111:11)

Amazing. You've given a lot. I guess the last question that I like to ask because again, you've had a very interesting life, but if you could summarize, sort of all the wisdom and all the experience, and it could be just business, life, cyber, doesn't matter how. You want to sort of take the angle on this. And you could just pass on one really great lesson to your kids. One of the things that's been the most important to you, what would that lesson be and why?

Dr. Eric Cole (111:36)

So there are two principles that guide everything that I do, and I believe they're critical to success and interacting with other humans. The first one is smart people know the right answer. Brilliant people ask the right question. I think in so much communication, if you look over my life, most of my problems, most of my arguments, most of my issues in relationships in business was because I thought I was the smartest person and I tried to give answers and I didn't listen. So I think if you listen more. And one of the things I always remind myself and remind my kids of is we have two ears and one mouth, maybe the universe was trying to tell us we should listen more than we hear. So, like, my rule is when I'm in communication with anyone or I brief to a board, I always ask three questions before I give an answer. I always want clarifying information. Don't assume we know everything. Ask more questions and listen as opposed to giving answers. And then the second big one that's probably the most keen to my success in business is let data drive decisions, not emotions to me. I used to make so many decisions on emotions and make a lot of really bad decisions. Then I got paranoid because I was making so many bad decisions on emotions. I would then delay on the decisions I made, which would then lose out on opportunities. Now what I do is when I have to make a decision, I ask myself, do I have enough data to make a good, not a perfect decision, but a good decision? If the answer is yes, I make a decision, I don't wait. Then if the answer is no, I say, what do I need to do to get enough data so I can be confident in that decision? And then I make it as quick as possible. So now if you look at my life on a weekly basis, I'm probably making 100 decisions. Now people go, but, Eric, aren't you going to make a couple of bad ones? Yeah, but here's the trick. If I only make because I'm afraid, if I only make Three decisions a week and one is bad, that's one third. That's a pretty big impact, of course. But if I'm making 100 decisions a week and one is bad, that's 1%, who cares? So I've actually learned that if you do the data driven and you're trying to make the decisions as quick as possible on having enough data, and if not getting the data, the more decisions you make, the bad decisions almost become irrelevant. And that's how you change the world and, and grow a big business. Because if you're afraid of making decisions and you're slow, you're going to lose out to the competition every day.

Scott Clary (114:16)

It's also, I mean, this is not just how you build a good business, it's how you build a good life.

Dr. Eric Cole (114:20)

A good life, exactly. Yep.

Scott Clary (114:21)

You've worked with some very interesting people. You've worked with McAfee, you've worked with which administration? It was the Obama administration. You've worked with Gates. I think it would be fun if you could pick one lesson from each one of those people. What was that one lesson? You can pick one from the Obama administration, one from McAfee, one from Gates. And what were those lessons and how did they impact your life?

Dr. Eric Cole (114:46)

So Obama, sort of biggest lesson I learned from him was you get up three hours before your first meeting and you spend that on yourself. You spend that on sort of self evaluation, meditation, journaling, and then planning out your day and saying, what are the big things that I need to accomplish today? That was one of the things that, once again, politics aside, he was a super smart president. I mean, and he accomplished a lot. I mean, in there. And that was his rule. He goes, eric, if I had an 8 o' clock meeting, I got up at 5. If I had a 7 o' clock call with somebody overseas, I would get up at 4. He goes, but what I found is if you get up and you rush right to meetings, you're never grounded for the day and you end up rushing, making bad decisions and your mind is racing. But if you get up three hours and you basically look at your agenda, you get very clear, you get grounded, you solve any internal problems and you get very clear on what you want to accomplish in each of your meetings, your productivity goes through the roof. So that was sort of the big one with him. With Bill, it's know your strengths and weaknesses. And most people go, oh, play to your weakness. What Bill always said is hire people that to play to your weakness. And you focus on what you're really good at most people don't realize this. Bill was never CEO of Microsoft. He knew that's not a strength. He knew that his strength is on problem solving, innovation. So he would spend his time, chief research officer on always looking at, evaluating, questioning what was doing, and always optimizing and improving. He played to his strength. The stuff he wasn't good at, he hired other people to do. He knew he wasn't good at a CEO, so he hired Steve Ballmer, one of the best in the business. So always play to your strength and not your weaknesses. And then John McAfee, I saved him for last because he's my favorite. Is crazy. Is good that they always say there's a fine line between brilliance and insanity or their next door neighbors. And his whole philosophy that he taught me is you should have both houses built.

Scott Clary (117:06)

Built.

Dr. Eric Cole (117:06)

You should have a brilliant house. And right next door, you should have a crazy house. And you should spend 50% time in each house because that's how you truly innovate. And the one thing with John that a lot of people don't realize, he bought and sold McAfee four times. He basically sold McAfee for a lot of money. Then the company that bought it, it basically took what they wanted and McAfee sort of became this little thing. He bought it back for pennies on the dollar, rebuilt it again, sold it for top dollar, let them drain it, get it small, buy it back for pennies on the. And I mean, that was his thing. Yeah, his cycle for repeating it. And sort of my favorite John story really quick is when I would go down to Belize to meet with him because, you know, he got it. He couldn't get back in the US and stuff. And, and, and we, we would always go to dinner and he would be like, eric, you pick where you want to go to dinner. I would always pick sushi. And after about four or five times, he's like, eric, do you eat anything other than sushi? And at this point, I had a really good relationship with him. So I'm like, john, could I be honest with you? And he said, yeah. I'm like, the reason why I pick sushi is I know you're brilliant, but you're also crazy. And I know if I say the wrong thing at dinner, you might get very aggressive. And if we're at a steakhouse and you have a knife, that might not end well for me, but you can't do a lot of damage with a chopstick. And then it was funny after I said that, there's this awkward Porous. And I'm like, okay, is he gonna stab me with a chopstick? And he goes, you're very smart. He goes, you're right, because I might do that. He goes, so you're a really smart man. I'm like, so that's sort of my John story as we wrap up.

Scott Clary (118:48)

You sort of said for the entire interview, cybersecurity is really everyone's responsibility. If you look at your life now, what would be your responsibility? What is sort of your mission on this earth, and what do you think your purpose will be going forward?

Dr. Eric Cole (119:06)

So my mission now is all about contribution. It's all about giving back. It's one of those where I'm sort of at a point in my life, I don't need to work. I could be fine for the rest of my life. I don't believe in retirement. I believe if I retired, I would hurt myself or hurt others because I would just be bored out of my mind. So I'm never gonna retire. So now I'm at the point now where it's not about you. I mean, the making the money anymore or the legacy. It's about contribution and giving back. So that's why I give so much free. I write books. I give away with online danger. I actually bought 3,000 copies, so it cost me about 40,000. And I gave them to schools and teachers and churches and stuff. I mean, people that normally couldn't afford that to give back. So I'm all about contribution, giving back. I go to a lot of seminars, like motivational, which people like, what is a cyber guy? And it's really like you did, to help educate and give back. So, yeah, I appreciate you let me be on the podcast with, sharing my message with the world. And then here's the craziest thing. Craziest thing is for the last five years, I focus 100% on contribution. Like, I'm like, okay, this is a terrible business idea, right? It could lose money, but it's going to help people be safer and help protect them. And I do it. And the more I focus on contribution, the more money I make. It's the craziest thing. You hear people say that, but it's so true. When you focus on money, it ends up being a struggle. When you focus on your purpose, your mission, and contributing back, you end up not only being happier and have more fun, but you end up making more money, too.

Scott Clary (120:44)

It.