In this episode…
Our guest, Dr. Eric Cole, is a cybersecurity expert witness with over 30 years’ experience. He started out as a CIA professional hacker, was part of the Commission on Cyber Security for President Obama and consults with Fortune 500 companies. You might know him from his own podcast, Life of a CISO: Become a World Class Chief Information Security Officer.
On this episode, Michelle Loux interviews Dr. Cole, discussing his career path in cybersecurity and what he wishes he knew back in the early days as an expert witness. His perspective on trial prep and assembling expert reports illuminates several tips that only come with deep experience. Litigators and experts alike will walk away from this discussion with a better understanding of how a successful cybersecurity expert works towards his law firm client’s success and navigates challenges in the profession.
Note: Transcript has been lightly edited for clarity.
Host: Michelle Loux, Assistant Project Manager, Round Table Group
Guest: Dr. Eric Cole, Founder & Director of Secure Anchor, Cybersecurity Expert
Announcer: This episode is brought to you by Round Table Group, the Experts on Experts®. We have been connecting attorneys with experts for over 25 years. Find out more at roundtablegroup.com.
Michelle Loux: Hello and welcome to Discussions at the Round Table. I am your host, Michelle Loux. My guest today is Dr. Eric Cole, a cybersecurity expert witness with over 30 years’ experience. He started out as a CIA professional hacker, was part of the Commission on Cyber Security for President Obama and consults with Fortune 500 companies. He has his own podcast, Life of a CISO: Become a World Class Chief Information Security Officer. Be sure to check that out for some great tips and information. Thank you, Eric, for joining me today.
Dr. Eric Cole: My pleasure. Thank you for having me.
Michelle Loux: You interviewed with the CIA out of college, and you just happened upon cybersecurity. It was in its infancy. You didn’t really know if it was going to lead to something because it was new. Little did everyone know that cybersecurity would be so huge. But you took a risk going down that path and then that led to you to become a professional hacker. Is this where you were introduced to being an expert witness? Or did that come later?
Dr. Eric Cole: Becoming an expert witness came later. Probably about 20 years into my career. So, as you said, I became a professional hacker for the CIA. Then, I left the CIA and realized I also liked building and growing companies. I built and increased many technology companies, networking cybersecurity, and other areas. Then, about 20 years into my career, I got a call from an attorney saying we need somebody with industry experience. And I thought, “Wow, aren’t there a lot of experts out there that have that?” The reality is most experts are college professors, and college professors are great. They have the foundational knowledge and credentials. They know how to speak, but in some cases, they don’t have the industry experience where you must talk about what happened in 2005 or what happened in 2010. In this case, they needed somebody with expertise in cybersecurity and firewalls from 2001. I have been doing this since 1991, so that played it to my advantage. I worked on the case and enjoyed it. I thought it was fun because I am a natural-born teacher and what I love about being an expert is you must take complex topics and explain them in a way that a non-technical judge and jury can understand. That is just a challenge that I enjoy and love doing. How can you still get the facts across without losing details? How can it be done at a higher level so they can understand and make an appropriate decision?
Michelle Loux: What was your first matter?
Dr. Eric Cole: The first case was a patent infringement case. Typically, for this type of case, you would utilize college professors. In this scenario, the expert needed to talk about what was happening in the industry during that period. In this specific scenario, they needed help proving and showing the validity. They needed help showing that it was novel, unique, and related to technology like firewalls and intrusion detection systems. The issue is those terms have been around for a long time. So, if you did a prior arc search, you would see firewalls from 1990, which created problems for them. They needed somebody with industry experience to say, “No, these patents did not invent firewalls. They did not invent intrusion detection systems, but they did invent a unique way of combining them to detect specialized attack types.” I was good at getting it to a narrow area, differentiating it from the prior arc, and showing that it was novel. That made the patent valid, and then we could move to the infringement side.
Michelle Loux: What do you wish that you knew back then, that you know now, to make it a little bit easier for you to be an expert witness?
Dr. Eric Cole: The biggest thing I wish I knew was what the attorneys are dealing with from their perspective. It is easy when you come in with an expert you assume has a plan. They know everything, and you are the only expert they are using. When I realized how much work the attorneys have to do, like constantly filing complaints, they are doing so many other things that they need an expert that can coordinate with them and run with the baton. In the beginning, I would keep waiting for the attorneys. Then, I would get the phone call asking, “Eric, how is the report going?” And I would say, “What report?” They’d say, “The report is due in 48 hours.” I said, “I did not know there was a report due in 48 hours.” We went back and forth and realized that they forgot to notify me. But I failed to reach out and inform them. So, the approach I use today is, what can I do to make their life as easy as possible.
[Now] when I start a case, I try to get the entire schedule of when fact discovery ends and when the report is due. I know how busy the attorneys are. This way, I have a team that can stay on top of it. Recently, we had a report we thought was due January 15th. So, we reached out, and the lead attorney asked, “No one contacted you?” We said, “No.” They said, “We thought somebody was working on the report with you.” [Because we reached out early] we could get in front of what could have been a fire drill because of the holiday season. So, the big thing is to do as much as possible for them. It would helpful if you were the program manager who runs alongside the attorneys with their schedules. I find that makes a world-class expert witness. You need to manage and run the program. That is not my skill set, so I have a team focused on ensuring we are on track.
I also learned not to be afraid and to suggest alternative approaches. When an expert comes in, you are late regarding the attorney’s strategy. They know where they are going and how they want to approach it. So, I would say, “Okay, if that is the road you want me to go down. I will go.” Today, I realize it is helpful to say, “Okay, I am fine with going down this road, but did you think of this road or that road?” You end up getting some other options. The suggestion of alternate options happened in a case that went to trial, where I brought up a few additional infringement scenarios. It worked out because legal issues eliminated the original plan. If we did not have those backup scenarios, we would have been dead in the water. Those backup scenarios got us a favorable verdict for our clients, so it is always good to be creative and suggest other ideas.
Michelle Loux: Did you have a mentor to help you navigate being an expert witness?
Dr. Eric Cole: I wish I did, but unfortunately, no. Everyone I talked to thought I was crazy to do expert witness work. They said, “Eric. It is hourly work. You always sell products and services that have fixed prices. Your expertise allows you to deliver those products at a fixed price and get higher margins. You need to stay away from hourly work,” So, if anything, my mentors told me not to do it, but I always love to try new things. I said, “I enjoy the challenge.” To me, it is the ultimate chess match, and being able to explain topics from a business standpoint does not make sense. But presenting it to them from an enjoyment standpoint and living my purpose made sense. I do it because I like it. That is why I go down the route; however, in doing the work, you start meeting similar experts. Sometimes you are on the same side, and sometimes you are not. Over the years, I have built up what I call more colleagues that do expert witness work that I knew previously or introduced through litigations. We have become friends and now help each other. We never reveal anything sensitive, but sometimes it is nice using different strategies. Which way do you think we should go?
For example, we recently had a case where I did not only infringement but also validity and apportionment. The other side was saying that because I technically did the role of three people, they wanted three days of depots because you get seven hours in a federal court, so they wanted three days in a row. The attorneys I was working with basically negotiated that instead of three days of seven hours, we could do one day of 11 hours. And I’m thinking, “OK, that’s sort of like, where do you want be shot, right? I really don’t want you to shoot me!” Neither one sounded appealing to me, so I reached out to some of my colleagues and asked them their opinion. They reminded me, “Eric, you’ve done multiple day depots, we’ve done it. It’s very, very exhausting. Once you get into it, you get going. The energy flows.” They convinced me to do the one day for 11 hours instead of the three days. It ended up after you got to about hour eight, the last couple of hours just went by quickly. I stayed in the zone. That’s an example where, if I didn’t have those colleagues [to confer with], I probably would have picked a three day, which would have been more grueling at the end. It’s always good to have folks who have done those things to bounce the ideas off of.
Michelle Loux: Your attorneys definitely knew to put a positive spin on one 11-hour day versus three seven-hour days.
Dr. Eric Cole: Right, the attorneys wanted a one-day deposition. They said, “Eric, we understand that is a big ask, but, if you do three seven-hour days, you are giving the other side time to listen to you. Then the other side has 12 or 15 hours to come up with a whole new set of questions and go at you again and again.” My colleagues and I did not like that, if we are doing eleven hours, it should be one marathon questioning session between their attorney and me. The judge allowed them to switch attorneys because there were different topics. I thought, “Wait, this is like a tag teaming cage match here, and I am the only one on my side.” Once again, it worked out well. But yes, you are right. The attorneys were pushing in the one day of questioning, so they played a significant role. Trust the attorneys on your case because they have the case’s best interests, which is what you want.
Michelle Loux: You also touched on how you have learned to be more proactive in approaching attorneys with different ideas. Have you found that most attorneys will provide pre-trial prep, where you sit down for a mock deposition and go back and forth to prepare for the other side’s questioning? Do you usually get that, or do you have to ask for it?
Dr. Eric Cole: It is interesting because most of the time, I do have to ask for it. Going into a trial, attorneys will always prepare you for your direct, but I often have to ask and be very persistent in preparing for the cross-examination. We know when you are going to trial, the direct is very straightforward if you have done trials before, and I have done many of these. It is easy. You want to ensure you know what you are not thinking about and the angles. Of course, I always read my deposition transcripts, and there is prep work I can do, but I will always push back and say, “Can we please have another attorney do a mock cross to make sure I am ready and consistent?” To me, the most significant thing I found, which is easy to say, but hard to do when you are in the courtroom, is you want to control the tone, voice, and pace you are using during your direct to be the same as it is for the cross. It is easy to say but hard because you often react with the jury. It is not what you say but how you react. When they ask you a question on costs, and you [hesitate] but give a great answer, they immediately think [about it]. The mock cross is much more about me being able to keep the same tone and practicing keeping the same expressions and the same answers, and the same body language as opposed to what they ask in the mock. That is why I like the mock. Essentially, I joke. I want somebody to be aggressive and yell at me, and I want to stay calm, cool, and collected. To me, that is more the practice of the delivery than what you have to say.
Michelle Loux: How do you prepare your expert witness reports? Do you memorize them in preparation for deposition or testimony?
Dr. Eric Cole: In writing reports, the big thing I always like to do is understand the case and then make sure that I have multiple pieces of evidence. I think it was my second or third case, it was an excellent report, but I relied on only a couple of pieces of evidence. One part was incorrect. So, the other side said, “This is not accurate.” Which is a whole other issue for the lawyers to handle. I was in a difficult position because you can only testify to what is in your report. If the other side is questioning your document, that puts me in a tricky spot. So now I have the philosophy that you do not want to overdo it, but I like to have some public documents, some private documents depositions from the other side, and depending on the case if source code is available. In my reports, I am ready for any argument. If I am working on a trade secret or an infringement, I have multiple sources that all say the same thing. If there is a problem, later on, I could say, “OK, the document gets thrown out.” I have a deposition. I have another document or source code that I can use, which is another thing I do when writing my report. I also go in and come up with questions I would ask my counsel to ask the other side during depositions because sometimes you are in situations where depositions are taking place as you are working on the report. If I can get to where you are deposing one of the lead engineers in two weeks, and my report is due in five weeks, it would be great. I have some documents, but they are not as strong as I would like. If you can ask those questions and get accurate sound bites or admissions for me, that would help supplement the report. The other thing that I look at is just trying to get as much supporting evidence and organizing it in a way that makes it very easy to reference during a deposition. Most reports I do are relatively technical, and the average size is 500 pages. I was deposed yesterday, so I am a little out of it because I just came out of a nine-hour deposition. Because it was an ITC, the attorney had seven, but then the government attorney got whatever time they needed. It was a 7-hour plus deposition. In that case, there was a 1,700-page report. There is no way you are going to be able to memorize that.
I am big on organizing a table of contents and ensuring that the correct information is in the right sections. An essential thing in a deposition is ensuring you are looking at the report and clock management is necessary. On the other hand, you want to ensure that you are not abusing or overdoing it so they could go back into court and say, “Today, Eric took 20 minutes to answer a question, and he did not know what was in there.” Then you asked about memorizing for a deposition. Absolutely, not because we know it is too much information, but with seven hours, there is no way you can remember all that information, especially during the last two hours when you are tired. If you try to go from memory, we should play from Top Gun, “Fly into the danger zone!” That is when I tend to take more breaks.
Preparing for a deposition is more about knowing where everything is than memorizing it. A trial is different, because you know your report is scoped down a lot when you go into trial. You will drop some of the claims or patents because most trials these days, especially coming out of COVID, judges are limiting. I had a case three months ago where they said, “Eric, you have a lot to say, but our entire case is 12 hours, so you have to get your entire case from a 3-hour direct into an hour.” [Before COVID] I would work on cases for 40 hours, and take 4 hours on direct. You have to condense it down; in those cases, you need to know your report and memorize it. If they ask you some weird question, the information is there, but if you look up every question, there is no issue. If you are in front of a jury or even a bench trial, you have to look up something in the report that has a negative connotation. It is all about using the report and testimony, knowing the core arguments so you can get through the whole testimony, even the cross, without having to look anything up.
Michelle Loux: It is daunting and exhausting, but at the same time, it is thrilling, right?
Dr. Eric Cole: Yes, exactly.
Michelle Loux: Let’s talk about the types of cases you handle. Are they mainly on the patent and corporation side, the defense side, or the plaintiff side? Which one do you get?
Dr. Eric Cole: If we go back ten years, much of my work was in patent cases and cybersecurity. For the first several years, I did around 60/40. Sixty percent was plaintiff work, mainly infringement. Sometimes validity and apportionment. The other forty percent is on defense work. Now, it is more than 75/25 on patents. I am good on the infringement side and proving the infringement instead of discrediting somebody else. Most works are that, but we have gotten more trade secret cases in the last couple of years. Six months ago, in Appian vs. Pegasystems case, we had the largest verdict in the history of Virginia. It was a $2.1 billion trade secret verdict, and I was the sole testifying expert for the plaintiff. That is one where industry experience is critical. If you are a college professor, there is no way you can opine on proper protection measures in 2009.
After that case, I started receiving more on trade secrets because I have that experience and expertise. Breach cases require industry experience. We are getting many more breach cases than patent cases. While we are still doing infringement and validity cases, we find that one of the big problems in many of these cases is you have infringement. You have your economists with damages, but you need an apportionment expert to bridge the gap. You need an apportionment expert to say, “Yes, they infringe it is not 100% of the product. It is 70%. The infringing technology is 20% of the overall product.” You have to say, “It is broken down into these pieces, these pieces, and these pieces.” Then you can give that to the economist so they can run their numbers. The economist does not have the experience to do that, and most infringement experts that are college professors do not have industry experience, so we are getting more work in that area. Four months ago, I was their apportionment expert in Columbia versus Symantec, and that was an over $200 million verdict. So, we are seeing more and more work on the apportionment side because that is where I am an expert witness with industry experience. I am a bit of a Unicorn, whereas most people do not have those two advantages.
Michelle Loux: Do you work mainly in United States courts or go overseas? Do you have cases in China and Europe? Are you asked to be an expert over there?
Dr. Eric Cole: Our cases are mainly in the United States. We have had a couple of cases in Canada. We are doing a few cases because, if you know cybersecurity, many startups and a lot of the technology come from Israeli-based companies. So, we are going in and working a little bit overseas. We had a few cases in Europe and Germany, but most of the cases tend to be in the US. And then, as I mentioned, we are getting more into regulatory cases. With the FCC and FTC, we have done some cases there. We are also starting to get into some ITC cases where it is not about damage but blocking the import of the products into the country. We deal with international matters. But most of them involve international issues within the United States.
Michelle Loux: Every country has a different legal system. Do you find that when you work in another country’s courts, you are provided legal guidance for being an expert in those courts when you are retained?
Dr. Eric Cole: Some international courts do not allow experts to testify in person. The expert’s highly technical translated report provides information to the judge. The judge cannot question the expert on the stand if they have questions about the data. Another thing I discovered about international depositions.is they are often allowed to have multiple attorneys. Recently, I tried a case in Canada where there was no time limit on questioning. The trial lasted three or four days, and seven attorneys questioned me. So that was a whole different ball game. While one attorney was questioning a witness, another attorney jumped in. They could tag team. The expert is at a different level of exposure.
The strategy is different because if one attorney is taking your deposition, you understand how deep they can go in their knowledge so you can tailor how you approach the testimony. If there are seven attorneys and this attorney is not technical, and I go technical, I cannot use it to my advantage because another attorney will jump in. Who is more tactical? You have a different strategy for answering the questions, and that’s once again just working with the attorneys and making sure you understand and ask a lot of questions because, as they said, attorneys are very busy, so that they will give you a quick prep. And assume that you’re ready. If you only ask questions, I find the trick as an expert is to use the time wisely but have excellent questions. So how is this handled in this country? How do we take that in this country and make sure that you ask many questions before testifying,
Michelle Loux: With your government and regulatory background, do you find that the government is using you as an expert witness? They usually use their own unless you are an outside contractor. Has the government retained you as their expert?
Dr. Eric Cole: Yes, I have. I have worked with the FCC and the FTC on those cases and that one more. Of strategic business where I like to know both sides. It is essential to say you have worked on both sides. You understand the strategies and how they work, but the big challenge is as they get. As my rate gets a little higher and higher, the government has many more financial restrictions. More and more.
So, in many cases, we have to either work out a different deal or provide different rates or things like that to get that work. So for us, it’s much more strategic where. The government would not use us regularly just because of some of the rate issues, but on the other hand, if they are interesting cases. And right within my sweet spot of expertise, I will decide that, yes, this strategy makes sense to take those cases, so we do get reach out a lot. We are more selective in those cases, but we try to balance them.
Michelle Loux: AI (artificial intelligence) is trending now. Do you find that is changing the landscape of your world and business? Is the technology shifting your requirements? How do you respond to it?
Dr. Eric Cole: AI is one of those on my radar, but interesting enough, I have not seen it come that much into the expert in this case. I think it is one where it is still relatively new, and it has not got there. But that is one that we keep a pulse on, and think will get hot in another two to three years. The other one that is getting hot as we speak is cryptocurrency. My Ph.D. in cryptography has allowed us to track that. I have done papers and presentations anticipating that coming. Now, we are starting to get more and more work on the cryptocurrency side.
Michelle Loux: Is there one last story that you would like to share? Perhaps an experience as an expert witness, that was challenging, insightful, or helpful?
Dr. Eric Cole: The one I will end with is I was testifying in Virginia Federal Court on a patent infringement case with a lead attorney that I worked with many times. We are both engaging, prepared, and have a script. We ad Lib a little bit. It was a Friday afternoon. The courthouse was warm, the trial was long, and the jury was done when the other expert finished around 2:00. One course went from 8:00 to 5:00, and I came up at 2:00. There are still three more hours in the day, and the jury is ready to go to sleep, and the lead attorney I see takes our script. He looks at the jury. He looks at the script and flips it over.
Like he is not going to use it, he gives me a look like are you ready to go? I am like, let’s go, and we ended up just it was just much more. It is funny because everyone who saw me goes, “Eric, that was the most relaxed we have ever seen you.” On that front, I got to get in the element, tell the story, and go through it instead. Cover prepared components, and then this is a part I don’t like but do like for my client after my testimony. That evening, the lead counsel for the other side ended up having a heart attack and going to the hospital. The case ended up settling, so we weren’t able to finish the testimony because the case settled in favor of our client. That is one of those where, I wish that it happened, and I hope they were not in the hospital, but it was just one of those wild cases where sometimes, if you just sort of go from within and trust your instinct, you get some excellent results for your clients. It was a wild ride where we were getting done on Friday and going in. We have to prep for Monday, and then you are hearing about all these medical issues and other things. It was one of those crazy things I remember sitting there on Saturday afternoon, going. What just happened that it felt like five weeks compressed into 24 hours? Fortunately, the part of the story I always like telling is the attorney ended up being fine.
Michelle Loux: Right.
Dr. Eric Cole: He is super healthy, and as things progressed, I worked with him a few cases later. It ended up being positive, but that was probably one of the craziest, wildest cases I have worked on.
Michelle Loux: You just never know what to expect. Well, thank you Eric, I really appreciate your time.
Dr. Eric Cole: Thank you, Michelle and it was a pleasure.
After a quarter century helping litigators find the right expert witnesses, Round Table Group’s network contains some of the world’s greatest experts. On the Discussions at the Round Table podcast, we talk to some of them about what’s new in their field of study and their experience as expert witnesses.
Dr. Eric Cole is an expert, industry leader and author in the world of Cybersecurity with 30 years’ experience. He began his career with the CIA as a professional hacker when network and computer security was in its formative years. Dr. Cole eventually left the intelligence community to join the SANS Institute where he developed coursework that is now the foundations of the SANS Information Security Training and Security Certification.
Every business that has some level of digital operations is concerned with computer security. By 2023, half of all the data breaches globally will occur in the US. Our computer security experts have been retained in order to help provide their opinions and apply their expertise to the extremely complex area of information technology.
Information technology (IT) is the study or use of computers and telecommunications to store, retrieve, transmit, or send data. IT departments worldwide build communications networks, protect information and data, create and manage databases, troubleshoot problems with employee computers and mobile devices, and other tasks needed to safeguard security and efficiency.
Every 39 seconds a hacker carries out an attack, with the expected average cost of a data breach in 2020 exceeding $150 million. Security industry experts are estimating 200 billion connected devices by the year 2020, which is creating a massive demand for skilled network security experts.