The Man Who Showed Up Before the Alarm Went Off
An Appreciation of Dr. Eric Cole
Most people discover cybersecurity after something goes wrong. A breach. A headline. A wake-up call that arrives too late. Dr. Eric Cole spent thirty years trying to make sure that call never came.
He died on May 19, 2026, at 56 years old. Sudden. Unexpected. The kind of loss that hits a community before it has time to prepare; this is exactly the kind of threat he spent his career warning us about.
I didn’t know him personally the way many in this community did. But my friend and colleague, Dr. George Shea, did. She sent me a long note last week praising this man for not only his major contribution to the cybersecurity field but also for just being a generous human being.
I had the privilege of working alongside Eric in the early 2000s in the intelligence community, and I can attest that he was not only a brilliant technologist but a genuinely generous colleague who always made time to share his knowledge and expertise.
Clearly, this man mattered.
A Career Built in the Shadows First
Cole didn’t start at a conference podium. He started at the CIA, working as a professional hacker and breaking into systems because his country asked him to. That experience gave him something most cybersecurity professionals never get: a genuine adversarial mindset, earned in the field, not in a classroom.
From there, he moved into the private sector in ways that shaped institutions. He became the McAfee CTO, where he helped steer the technical direction of one of the world’s most recognized security companies. He served as Chief Scientist and Senior Fellow at Lockheed Martin, the first Fellow in their Information Technology Division, leading advanced research on secure network design and, according to his professional biography, working on federal projects including FBI Sentinel and DHS Eagle. He served as a Presidential Commissioner on Cybersecurity under President Obama.
These aren’t resume line items. They represent his ability to operate at the highest levels to influence decision makers in government and industry about both offensive and defensive issues. But he could just as easily get down in trenches with the practitioners.
What He Built at SANS
If you trained in cybersecurity at any point in the last twenty-five years, there’s a good chance Eric Cole had a hand in what you learned.
He wasn’t just an instructor at the SANS Institute. He served as Dean of Faculty, helped build the SANS Technology Institute into a degree-granting institution, and developed the Cyber Defense curriculum that remains foundational to the organization today. He contributed to the GIAC certifications (GSEC, GCIH, and GCFW) that have become industry benchmarks.
That is a staggering force multiplier. The people he taught went on to defend hospitals, power grids, financial systems, and government networks. His influence didn’t stop with him . It distributed itself across an entire generation of practitioners.
The Books: Written for the Person Who Needed Them Most
I run the all-volunteer nonprofit Cybersecurity Canon Project. We are, as I like to say, the Rock and Roll Hall of Fame for cybersecurity books. We find the works that are timeless; the big ideas that won’t change as technology advances.I want to be honest with you: Eric Cole’s books are not Canon books. And I mean that in the most respectful way possible.
His books (see bibliography below) were more immediate, the now, the leading edge, capturing the field as it was, not as it would eventually be. They represent the current state of the situation. He was trying to reach the CISO who needed to explain risk to a board. The network administrator who needed to understand what an attacker actually does inside a system. The parent who had no idea their family was exposed. The executive who kept dismissing security as an IT problem.
Cole wrote for the person standing at the edge of understanding, trying to step in. That is genuinely hard to do well, and he did it across two decades and multiple audiences. The Canon honors books that advance the expert. Cole honored the person who wasn’t one yet. Both matter. The field needs both.
The Mission Behind Everything
What strikes me most, looking back at his career, is the consistency of the through-line. CIA hacker. Corporate executive. Presidential commissioner. SANS dean. Expert witness. Author. Speaker. Founder.
Every role points at the same thing: make cyberspace safer for people who don’t know they’re at risk.
He was inducted into the Information Security Hall of Fame. He received the Cyber Wingman Award from the U.S. Air Force. He advised Fortune 500 companies and financial institutions across the globe. And then he was gone at 56, still working, still pushing.
The cybersecurity industry produces a lot of experts. It produces far fewer people who treat the work as a genuine moral obligation, who see the human cost of digital vulnerability and can’t stop trying to reduce it.
Eric Cole was one of those people. The space he leaves behind will not be filled any time soon.
Eric Cole’s Bibliography
Eric Cole, 2001. Hackers Beware [Book]. Goodreads, URL: https://www.goodreads.com/book/show/276522.Hackers_Beware
Eric Cole, 2003. Hiding in Plain Sight: Steganography and the Art of Covert Communication [Book]. Goodreads, URL: https://www.goodreads.com/book/show/276528.Hiding_in_Plain_Sight
Eric Cole, Ronald Krutz, James Conley, 2005. Network Security Bible [Book]. Goodreads, URL: https://www.goodreads.com/book/show/979213.Network_Security_Bible
Eric Cole, Sandra Ring, 2005. Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft [Book]. Goodreads, URL: https://www.goodreads.com/book/show/276524.Insider_Threat
Eric Cole, Ronald L. Krutz, James Conley, Brian Reisman, Mitch Ruebush, Dieter Gollmann, Rachelle Reese, 2007. Wiley Pathways Network Security Fundamentals [Book]. Goodreads, URL: https://www.goodreads.com/book/show/979223.Wiley_Pathways_Network_Security_Fundamentals
Eric Cole, 2012. Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization [Book]. Goodreads, URL: https://www.goodreads.com/book/show/15066587-advanced-persistent-threat
Eric Cole, 2018. Online Danger: How to Protect Yourself and Your Loved Ones from the Evil Side of the Internet [Book]. Goodreads, URL: https://www.goodreads.com/book/show/37916262-online-danger
Eric Cole, 2021. Cyber Crisis: Protecting Your Business from Real Threats in the Virtual World [Book]. Goodreads, URL: https://www.goodreads.com/book/show/57228261-cyber-crisis
Eric didn't really believe the importance of COVID. Quote form his podcast: “Look at COVID. You couldn’t go on any news channel for over an entire year where COVID wasn’t there – a COVID counter, number of infections, number of deaths – it was the hottest topic. I don’t watch the news, but I get exposed to it – gyms, airports - there’s enough exposure that COVID was alive and well. Yet, you look at the impact, and the damage, of the cyber war – WW3 is having – it FAR outweighs COVID. FAR outweighs the number of people impacted, the severity to our country and our world, the monetary impact, and all those other factors, by far this cyber war is much more impactful and more damaging than COVID was, and nobody’s talking about it. Let data drive decisions, not emotions.”
Seven million people died from COVID, and he didn't care. "I don't watch the news." How very selfish of him.
He had anti stay at home posts on his Instagram where he complained that he couldn't travel during COVID -- apparently, security is more important than human lives.
He didn't believe in allowing people to work from home. He ranted about this on his podcast all the time. Boomer mentality.
He hosted his podcast on a conservative radio program. He talked constantly about "raising a family" and for many of us, that is not a thing. It is insulting to think people must raise a family.
I have many issues with the man. I don't see anyone discussing this. It's the classic "he was nice to me" but when it really counts -- people dying from COVID, allowing people to actually live their lives that's not consumed from work (i.e., WFH) -- he didn't care at all. He was purely a capitalist.