Case 3:17-cv-05659-WHA Document 49 Filed 04/09/18 Page 1 of 20
`
`
`
`PAUL J. ANDRE (State Bar No. 196585)
`pandre@kramerlevin.com
`LISA KOBIALKA (State Bar No. 191404)
`lkobialka@kramerlevin.com
`JAMES HANNAH (State Bar No. 237978)
`jhannah@kramerlevin.com
`KRISTOPHER KASTENS (State Bar No. 254797)
`kkastens@kramerlevin.com
`KRAMER LEVIN NAFTALIS & FRANKEL LLP
`990 Marsh Road
`Menlo Park, CA 94025
`Telephone: (650) 752-1700
`Facsimile: (650) 752-1800
`
`Attorneys for Plaintiff
`FINJAN, INC.
`
`
`
`IN THE UNITED STATES DISTRICT COURT
`
`FOR THE NORTHERN DISTRICT OF CALIFORNIA
`
`SAN FRANCISCO DIVISION
`
`FINJAN, INC., a Delaware Corporation,
`
`
`
`
`
`
`Plaintiff,
`
`v.
`
`
`JUNIPER NETWORKS, INC., a Delaware
`Corporation,
`
`
`
`
`
`
`
`Defendant.
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`Case No.: 3:17-cv-05659-WHA
`
`PLAINTIFF FINJAN, INC.’S LETTER
`BRIEF REGARDING DR. ERIC COLE
`
`
`
`CASE NO.: 3:17-cv-05659-WHA
`
`
`
`PLAINTIFF FINJAN, INC.’S LETTER BRIEF
`REGARDING DR. ERIC COLE
`
`

`

`Case 3:17-cv-05659-WHA Document 49 Filed 04/09/18 Page 2 of 20
`
`
`
`Dear Judge William Alsup,
`
`Plaintiff Finjan Inc. (“Finjan”) requests an order overruling Juniper Networks Inc.’s (“Juniper”)
`
`objection to Dr. Eric Cole and thereby permitting Dr. Cole to view Juniper’s confidential information
`
`in this case because he poses no risk to Juniper’s confidential information, has agreed to be bound by
`
`the protective order in this case, is well qualified, and was timely disclosed. Juniper’s only objection
`
`to Dr. Cole is irrational and unsupported in fact, namely that he is untrustworthy because eight years
`
`ago he spent one year working for McAfee Inc., an unrelated third-party security company. Juniper’s
`
`objection is unreasonable because Dr. Cole has no plans to work again at McAfee, or any another
`
`security company, and Dr. Cole’s work at McAfee was long ago and had no relationship to Juniper.
`
`See Ex. 1 (Dr. Cole’s CV). Furthermore, Dr. Cole is not in contact with anyone from his time at
`
`McAfee. Juniper’s objection is particular confounding because this issue is time sensitive, as Finjan
`
`intends to use Dr. Cole during the expedited summary judgment proceeding in just two months, on
`
`June 7, 2018, which requires him to access confidential material. See Patent Local Rule 2-2 Interim
`
`Model Protective Order (“Model Protective Order”) at 12.
`
`Finjan disclosed Dr. Cole on March 6, 2018 under the Model Protective Order, which currently
`
`governs the disclosure of expert witnesses in this case. The parties met and conferred by telephone on
`
`March 20th and again on April 5th on all issues in this letter. During the calls, Juniper alleged that
`
`McAfee is a competitor of Juniper and the Model Protective Order does not allow experts that have
`
`previously worked for a competitor. See Model Protective Order at 2 (defining the term “expert”).
`
`This Court has established that the standard for objecting to an expert is based on
`
`disqualification, which requires Juniper to bear the burden of proving that the harm to Juniper of Dr.
`
`Cole reviewing its confidential material substantially outweighs the prejudice to Finjan of
`
`disqualifying Dr. Cole. See Finisar Corp. v. Nistica, No. 13-cv-3345-BLF, Dkt. No. 244, slip op. at
`
`*10-12 (N.D. Cal. July 21, 2015) (overruling an objection and applying the disqualification test in
`
`Hewlett-Packard Co. v. EMC Corp., 330 F. Supp. 2d 1087, 1092, 1095 (N.D. Cal. Aug. 10, 2004))
`
`(relevant portions attached hereto as Ex. 2); Model Protective Order at 12 (the party seeking to exclude
`
`an expert from access to confidential information bears the burden of showing why the expert should
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`PLAINTIFF FINJAN, INC.’S LETTER BRIEF
`REGARDING DR. ERIC COLE
`
`1
`
`CASE NO.: 3:17-cv-05659-WHA
`
`

`

`Case 3:17-cv-05659-WHA Document 49 Filed 04/09/18 Page 3 of 20
`
`
`
`not view that information). This Court has recognized that “disqualification [of an expert] is a drastic
`
`measure that courts should impose only hesitantly, reluctantly, and rarely.” Ex. 1, Finisar, slip. op. at
`
`*12 (citing Hewlett-Packard, 330 F. Supp. 2d at 1092) (internal citations omitted). As such, Juniper
`must prove that “the interest in disqualification must substantially outweigh the interest in
`
`nondisclosure.” Hewlett-Packard, 330 F. Supp. 2d at 1095 (citation omitted) (emphasis added). Here,
`
`Juniper has no rational basis for why Dr. Cole cannot be trusted with its confidential material.
`
`Juniper’s only stated basis for prejudice is an unfounded fear that Dr. Cole may improperly use its
`
`information because he worked at McAfee. When pressed during the meet and confers on how this
`
`past work experience could increase the chance that Dr. Cole would impermissibly disclose Juniper’s
`
`confidential information, Juniper’s only stated argument is that Dr. Cole may still have “friends” from
`
`his time at McAfee and that he may feel pressured to provide them information. This is baseless, as
`
`Dr. Cole has no intent to return to work at a security company, does not keep in contact with anyone
`
`from his time at McAfee, and his work at McAfee is unrelated to this case, as the timeframe at issue
`
`for infringement all comes after Dr. Cole had already left McAfee.
`
`Instead of articulating a basis to disqualify Dr. Cole, Juniper instead states that the Model
`
`Protective Order excludes Dr. Cole because of his prior work at McAfee and because Juniper considers
`
`McAfee a “competitor.” See Model Protective Order at 2 (defining the term “expert”). However, the
`
`Model Protective Order does not overrule the established legal principal that disqualification of an
`
`expert requires Juniper to show that it will be harmed by Dr. Cole viewing their confidential
`
`documents, and that this harm substantially outweighs the prejudice to Finjan. Hewlett-Packard, 330
`
`F. Supp. 2d at 1092, 1095; Life Tech. Corp. v. Biosearch Techs., Inc., No. 12–00852-WHA (JCS),
`
`2012 WL 1604710, at *9 (N.D. Cal. May 7, 2012). Furthermore, Finjan has offered to compromise
`
`with Juniper, stating that it will not use any experts that have worked for a competitor in the last five
`
`years, a standard that Dr. Cole can easily meet and should address Juniper’s concerns given that the
`
`technology at issue in this case evolves rapidly. Juniper rejected this offer.
`
`Dr. Cole’s trustworthiness is demonstrated by his previous positions and conduct. Dr. Cole
`
`holds Top-Secret security clearances at the CIA, NSA, and DOD, he served as commissioner of cyber-
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`PLAINTIFF FINJAN, INC.’S LETTER BRIEF
`REGARDING DR. ERIC COLE
`
`2
`
`CASE NO.: 3:17-cv-05659-WHA
`
`

`

`Case 3:17-cv-05659-WHA Document 49 Filed 04/09/18 Page 4 of 20
`
`
`
`security to President Obama, and he is bound by the confidentiality provisions of Exhibit A to the
`
`Model Protective Order, which he already signed. See Ex. 3. Further establishing the baselessness of
`
`Juniper’s concerns, Dr. Cole has been a witness in several other litigations, and has viewed the source
`
`code and technical documents in other cases without incident.
`
`Disqualifying Dr. Cole would greatly prejudice Finjan. Dr. Cole is already familiar with the
`
`‘494 Patent and how it is applied to technology. If Dr. Cole is disqualified, Finjan will incur
`
`substantial time and costs to find and work with a new expert. This prejudice is especially burdensome
`
`given that early summary judgment on the ‘494 Patent is in two months. As such, the Court should
`
`overrule Juniper’s objection to Dr. Cole because the prejudice to Finjan of being forced to substitute in
`
`another expert for the ‘494 Patent far outweighs any potential risk to Juniper.
`
`The issues of fundamental fairness and public policy both weigh in favor of overruling
`
`Juniper’s objection. Finjan has an interest in “successfully litigating this action” with the expert of its
`
`choosing. Hewlett-Packard, 330 F. Supp. 2d at 1097. Juniper admitted during the March 20th meet
`
`and confer that “people move around in [the security] industry all the time.” But if Juniper’s position
`
`is accepted, there is a high risk of preempting qualified experts from this field. The Court expressed
`
`this very concern in Hewlett-Packard and later in Life Tech.: “[I]f [an expert] can be disqualified in
`
`this case, parties in other cases might be tempted to create a purported conflict for the sole purpose of
`
`preventing their adversaries from hiring particular experts.” 2012 WL 1604710, at *9 (also noting:
`
`“this concern is especially important in high-technology patent infringement cases” (quoting Hewlett-
`
`Packard, 330 F. Supp. 2d at 1098)). Here, Juniper is attempting to unfairly stop Finjan from using its
`
`expert of choice, one that is already familiar with the relevant patent and technology.
`
`As such, Juniper’s objection should be overruled and Dr. Cole should be accepted as an expert.
`
`
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`PLAINTIFF FINJAN, INC.’S LETTER BRIEF
`REGARDING DR. ERIC COLE
`
`3
`
`CASE NO.: 3:17-cv-05659-WHA
`
`

`

`Case 3:17-cv-05659-WHA Document 49 Filed 04/09/18 Page 5 of 20
`
`
`Dated: April 9, 2018
`
`
`Respectfully submitted,
`
`
`
`By: /s/ Kristopher Kastens
`Paul J. Andre
`Lisa Kobialka
`James Hannah
`Kristopher Kastens
`KRAMER LEVIN NAFTALIS
`& FRANKEL LLP
`990 Marsh Road
`Menlo Park, CA 94025
`Telephone: (650) 752-1700
`Facsimile: (650) 752-1800
`pandre@kramerlevin.com
`lkobialka@kramerlevin.com
`jhannah@kramerlevin.com
`kkastens@kramerlevin.com
`
`Counsel for Plaintiff
`FINJAN, INC.
`
`
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`PLAINTIFF FINJAN, INC.’S LETTER BRIEF
`REGARDING DR. ERIC COLE
`
`4
`
`CASE NO.: 3:17-cv-05659-WHA
`
`

`

`Case 3:17-cv-05659-WHA Document 49 Filed 04/09/18 Page 6 of 20
`
` 
`
` 
`
` 
`
` 
`
` 
`
` 
`
`Exhibit 1
`
`

`

`Case 3:17-cv-05659-WHA Document 49 Filed 04/09/18 Page 7 of 20
`
`Dr. Eric B. Cole
`Cyber Security Expert
`43605 Edison Club Court
`Ashburn, VA 20147
`703-675-2055
`
`
`A computer and cyber security expert with over 20 years of hands-on
`experience, Dr. Cole consults in information technology with a focus
`on information technology and cyber security. He is an invited
`speaker for and a member of many key organizations including the
`Commission on Cyber Security for the 44th President and the Purdue
`University Executive Advisory Board, and is a senior fellow with
`SANS. He is the author of several books and inducted into the
`InfoSec European Hall of Fame in 2014.
`
`
`
`
`Professional Experience
`
`Secure Anchor Consulting Services: 2005-Present
`Consulting services to Fortune 500, Fortune 50, financial institutions, international organizations
`and the federal government. One assignment has included a major system design and assessment
`for an international financial institution in Hong Kong. Employs cutting edge technology and
`technical components (network security, network architecture, and incident response, NOC/SOC
`design) to provide security solutions. Serves as an expert witness for a variety of litigation
`involving government and commercial companies.
`
`SANS (SysAdmin Audit Network Security): 1999-Present
`Director of Research-Computer Network Attack-Enterprise Security Architecture
`Director of the Cyber Defense Initiative
`Lead instructor and course developer for several security courses, including the top selling
`courses. One of the highest rated instructors and one of the few instructors teaching a variety of
`courses. Executed and contributed to the development of several of the GIAC certifications
`including GIAC Certified Security Essentials (GSEC), GIAC Certified Advanced Incident
`Handling Analysts (GCIH) and GIAC Certified Firewall Analysts (GCFW). Responsible for
`staying up on technology and developing new course material that teaches students the state of
`the art in networking, information technology, and security. Created and led several key efforts
`including the Levelone Notebook, top 10/20 vulnerability list and the Cyber defense initiative,
`including the author of the Critical Controls for Effective Cyber Defense. Developed business
`plans for and created new technological initiatives. Constantly researched, tested and evaluated
`new security products and research efforts.
`
`STI (SANS Technology Institute): 1999-2015
`Dean of Faculty
`Member of a five-person team tasked with creating a degree granting institution and receiving
`certification from the state of Maryland. Offered two Master’s degree programs focused on
`technical people needing managerial skills and managers needing technical skills. Designed and
`implemented curriculum and provided leadership to faculty to successful deliver the degrees.
`Successfully achieved accreditation.
`
`
`
`
`
`1
`
`

`

`Case 3:17-cv-05659-WHA Document 49 Filed 04/09/18 Page 8 of 20
`
`McAfee: 2009-2010
`SVP, CTO of the Americas
`McAfee’s visionary and evangelist responsible for strongly influencing the company’s technical
`direction in alignment with the CEO, EVP, Product Operations and other key product executives
`and technologists across the world. Played an integral role in the company’s strategic direction,
`development, and future growth as the global leader in digital security solutions. Key leader in
`the execution of technology strategy for technology platforms, partnerships, and external
`relationships. Worked closely with the CEO, EVP of Product Operations and other key
`stakeholders to establish a product vision and road map to achieve McAfee’s goals and business
`strategies. Focused on identifying and capturing intellectual property and driving new innovation
`across the company.
`
`Lockheed Martin: 2005-2009
`IS&GS Chief Scientist
`LM Senior Fellow
`The Sytex Group, Inc. (TSGI) was acquired by Lockheed Martin with a key component being the
`intellectual property created under the CTO leadership. I was selected by Lockheed Martin into its
`prestigious fellowship program, an award it makes to less than 1% of its 130,000 employees. As a
`Lockheed Martin Senior Fellow (the first Fellow within Lockheed Martin’s Information
`Technology Division), I was a frequently invited speaker at a variety of conferences and security
`events. As Lockheed Martin Chief Scientist, performed research and development to advance the
`state-of-the art in information systems security. Specialized in: secure network design, perimeter
`defense, vulnerability discovery, penetration testing, and intrusion detection systems. Played a lead
`technical advisory role in many high-profile, security-focused projects for Federal clients to include
`civil, Intel and Department of Defense, including the FBI Sentinel, DHS Eagle, JPL, Hanford and
`FBI IATI programs.
`
`The Sytex Group, Inc. (TSGI): 2001-2005
`Chief Technology Officer (CTO)
`Positioned company to accomplish corporate growth and meet financial targets by utilizing and
`enhancing technology. Worked as an executive team member to determine and implement
`technical direction and focus of company. Extensive experience with running projects including
`managing development efforts to exceed client requirements. Successfully created an intellectual
`property base (to include patents, journals, books and white papers) – this effort resulted in an
`overall increase in market value. The efforts of the research team’s intellectual property
`increased advertising, market share and customer satisfaction through conferences, proposal and
`magazine articles. Maintained full accountability for revenue of $55 million and indirectly
`involved in revenue of over $80 million. Provided continuous leadership to research team of over
`20 people that created intellectual property that competed and surpassed teams 20 times their size.
`Yearly patents were in line with the top 1000 producing patent companies in the United States.
`Developed and executed on creative techniques for influxing technology into non-technical
`business units to drive revenue and profit. Interfaced with government officials, including the
`Pentagon, White House and Capitol Hill, and corporate executives to identify critical network
`security problems that needed to be addressed and researched.
`
`GraceIC: 2000-2001
`Chief Security Officer (CSO)
`Designed and executed in establishing GraceIC as a leader in the network security arena.
`Developed the product line and executed on the expertise to build the services. Provided
`management and gave direction to successfully delivery on technical skills of security employees.
`Provided leadership and implemented the proper internal security infrastructure within Grace
`such as secure email, proper protection of data and security policies. Presented at several national
`and international conferences and wrote several articles. Performed and documented research
`
`
`
`2
`
`

`

`Case 3:17-cv-05659-WHA Document 49 Filed 04/09/18 Page 9 of 20
`
`into the area of future applications and solutions to the network security problem existing in the
`current market. Trained sales people, program managers and engineers on how to sell, manage
`and deliver security services. Maintained a pulse on technology in the market place to produce
`trending and markets plans.
`
`American Institutes for Research: 1999-2000
`Chief Information Officer (CIO)
`Brought in to fix and revamp the entire IT infrastructure based on the organization having several
`security breaches, virus outbreaks and unreliable performance on the network. Within three
`months stabilized the entire IT infrastructure and within nine months rebuilt the entire
`infrastructure. Network designed to achieve a balance between functionality and security while
`minimizing the monetary impact to the organization. After one year, there were no severe
`security breaches and all attempted breaches were contained prior to causing any significant
`monetary loss. Virus problems were contained and controlled and network uptime was 99.999%.
`Security and performance were greatly increased while overall IT costs were reduced by 15%. In
`addition, provided technical support for DARPA sponsored research projects. Helped invent
`technology and innovation that lead to a spin off company, Pynapse, which created a state of the
`art intrusion detection system known as Checkmate that was later sold to SAIC.
`
`Vista Information Technologies: 1998-1999
`VP of Enterprise Security Services
`Developed and executed the Enterprise Security Services Group and responsible for all internal
`and external security issues. Tracked and managed separate profit and loss center for security.
`Grew the team from one person to over 12 people and executed on several million in annual
`revenue in less than a year. Set up the security and other monitoring services for the NOC/SOC.
`Created all of the security services offerings and generated all necessary marketing and sales
`material. Followed and assured compliance with business plan and financial tracking of security
`group. Performed security assessments and consulted on all areas of security. Designed,
`implemented and monitored security solutions including firewall design, intrusion detection,
`vulnerability assessment and penetration testing. Performed evaluation and analysis of security
`tools and provided technical recommendations and product improvements for VC funded
`startups. Key presenter at Cisco sponsored security seminars around the country and performed
`partnership activities with Fortune 500 organizations.
`
`Teligent: 1996-1998
`Director of Security
`Created and in charge of IT Corporate Security Department. Central point of contact for all
`security concerns. Evaluated strategic plans and operational activities by performing risk
`assessment and determining how it might impact corporate security. Designed security solutions
`to meet operational needs. Integrated security and help create NOC to provide for proper
`monitoring of network. Developed the company’s security policy and all required security
`guidelines across the company. Set up security lab to properly test and enhance the security
`features of the network. Performed and executed on several computer investigations. Assisted
`and advised the legal department on researching laws, regulations, and policies relating to
`computer and information security. Evaluated several secure email solutions and installed PGP
`company-wide. Established and set up web traffic monitoring and password tracking systems.
`
`Central Intelligence Agency: 1991-1996
`Received Six Exceptional Performance Awards.
`Program Manager / Technical Director for the Internet Program Team with Office of Technical
`Services
`A Senior Officer of the agency that implemented the Internet Program Team that specializes in
`rapid development and in exploiting the latest Internet technologies that meet customer’s
`
`
`
`3
`
`

`

`Case 3:17-cv-05659-WHA Document 49 Filed 04/09/18 Page 10 of 20
`
`requirements. The team designs, develops, tests, and deploys products in three to six month
`intervals. Designed and developed several secure communication systems. Responsible for
`providing technical direction, technical design, security assessment, and programming modules.
`Secured internal servers, continually perform intrusion detection, and reviewed audit logs.
`Performed independent security reviews and penetration testing of (World Wide Web) servers for
`other offices. Identified several weaknesses and devised ways to fix those problems and secure
`the system. Received letter of appreciation from the DCI (Director of Central Intelligence) and
`several Exceptional Performance Awards for this project.
`
`Computer Engineer with Office of Security
`Member of the information security assessment team. Evaluated and performed security
`assessment of network operating systems. Identified potential vulnerabilities and ways to secure
`the holes. Designed a large scale auditing system with automated review capability. Worked on
`several virus investigations.
`
`Education
`
`Doctorate degree (now PhD) in Network Security, Pace University - 2003
`
`
`
`
`
`M.S., New York Institute of Technology - 1993
`Major:
`Computer Science
`GPA:
`4.0/4.0
`Honors:
`Harry Schure Graduate Memorial Award (awarded to one graduating senior)
`
`B.S., New York Institute of Technology - 1992
`Major:
`Computer Science
`Minor:
`Business
`GPA:
`
`3.7/4.0
`Honors:
`Graduated Magna Cum Laude, Dorothy Schure Memorial Award, Jules Singer
`Award, Grace Hopper Award from Computer Associates, Presidential Academic
`Award (4.0 all semesters), Presidential Service Award, Dean’s List, Member of
`Who’s Who Among Students in American Universities, and Member of Nu
`Ypsilon Tau Honor Society.
`
`
`Certifications
`
`CISSP (Certified Information Systems Security Professional)
`Created several of the GIAC (Global Information Assurance Certification) programs and exams
`
`Organizations / Memberships
`
`ACM (Association for Computing Machinery)
`IEEE (Institute of Electrical and Electronics Engineers)
`CSI (Computer Security Institute)
`ISSA (Information Systems Security Association)
`ICSA (International Computer Security Association)
`International Who’s Who in Information Technology
`CVE (Common Vulnerability and Exposures) - member of the editorial board (by invitation only)
`HoneyNet Project - member (by invitation only)
`for SANS Institute - author and speaker
`
`
`
`
`4
`
`

`

`Case 3:17-cv-05659-WHA Document 49 Filed 04/09/18 Page 11 of 20
`
`Publications
`
`Books
`Eric Cole. Advanced Persistent Threat: Understanding the Danger and How to Protect Your
`Organization. Syngress, 2012.
`Eric Cole. Network Security Bible.2nd Edition, Wiley, 2009.
`Eric Cole, Ronald L. Krutz, James Conley, Brian Reisman, Mitch Ruebush, Dieter Gollman, and
`Rachelle Reese. Wiley Pathways Network Security Fundamentals Project Manual. Wiley, 2007.
`Eric Cole and Sandra Ring. Insider Threat: Protecting the Enterprise from Sabotage, Spying, and
`Theft. Syngress, 2006.
`Eric Cole. Hiding in Plain Sight: Steganography and the Art of Covert Communication. Wiley,
`2003.
`Eric Cole. Hackers Beware: The Ultimate Guide to Network Security, New Riders/Sams
`Publishing, 2001.
`
`Monthly Column on TechTarget - http://www.techtarget.com/contributor/Eric-Cole
`• Supply chain security: Controlling third-party risks
`• Cyberhunting: Why enterprises need to hunt for signs of compromise
`• Six ways to improve endpoint device security
`• Why security operations centers are the key to the future
`• Offensive countermeasures: How they can slow down adversaries
`• Accidental insider threats and four ways to prevent them
`
`
`Selected White Papers - https://www.sans.org/reading-room/analysts-program
`• Decision Criteria and Analysis for Hardware-Based Encryption
`• Threat Hunting: Open Season on the Adversary
`• Automating the Hunt for Hidden Threats
`
`
`Selected Journal Publications
`Eric Cole, Sandy Ring, “Taking a Lesson from Stealthy Rootkits,” IEEE Security and Privacy,
`Vol 2 (4), pp. 38-45, Aug 2004
`Eric Cole, Sandy Ring, “Volatile Memory Computer Forensics to Detect Kernel Level
`Compromise,” Lecture Notes in Computer Science, Information and Communications
`Security, Springer Press, Vol 3269, ICICS Sep 2004, Malaga, Spain
`Eric Cole, David Esler, and Sandy Ring, “Self-healing Mechanisms for Kernel System
`Compromises,” Proceedings of ACM Workshop on Self-managed Systems (WOSS) 04, Oct
`2004, Newport Beach, CA, USA
`Eric Cole, Vignesh Kumar and Sandy Ring, “Ant colony based optimization based model for
`network zero-configuration,” Proceedings of SPCOM 04, Dec 2004, Bangalore India
`Eric Cole, Vignesh Kumar, Sandy Ring, “Transform Domain Steganography Detection using
`Fuzzy Inference Systems,” IEEE International Symposium on Multimedia Software
`Engineering, 2004
`Eric Cole, Vignesh Kumar and Sandy Ring, “Least Significant Bit-Spatial Domain
`Steganography Detection using Least Significant Bit Plane Smoothness,” The 6th IASTED
`International Conference on SIGNAL AND IMAGE PROCESSING, 2004
`Eric Cole, Sandy Ring, “Detecting Kernel Rootkits,” Sys Admin Magazine, Vol. 12 (9), pp. 28-
`33, Sept 2003
`
`
`
`5
`
`

`

`Case 3:17-cv-05659-WHA Document 49 Filed 04/09/18 Page 12 of 20
`
`Eric Cole, Ron Krutz, “The Computer Forensics CMM,” Proceedings of the SPIE Defense &
`Security Symposium, 28 March-1 April 2005
`Eric Cole and Angela Orebaugh, “Intrusion Prevention and Active Response: Implementing an
`Open Source Defense,” SysAdmin Magazine, 2005
`
`Presentations
`
`Numerous keynotes and presentations given to corporations and government entities as well as
`classes and courses taught on the subjects of cyber threats, information security, and technology
`innovation.
`
`Expert Witness Testimony in the Last 5 Years
`
`Activision Blizzard v. Acceleration Bay, Case No. IPR2016-00724 – Expert report and deposition
`Finjan, Inc. v. ESET SPOL. S.R.O. and ESET DEUTSCHLAND GMBH, District Court - 4th
`Civil Chamber Werdener Str. 1, 40227 Düsseldorf - Expert report
`Finjan, Inc. v. Sophos, Inc., Case No. 14-CV-01197-WHO – Expert report, deposition and
`testimony – Client awarded $15 million verdict September 2016
`Finjan v. ProofPoint, Inc. and Armorize Technologies, Inc., Case No. 3:13-cv-05808-HSG –
`Expert report and deposition – Case settled May 2016
`National Union Fire Insurance Company of Pittsburgh, Pennsylvania v. Tyco Integrated Security,
`LLC et al., Case No. 13-080371-CIV-BLOOM/HUNT – Expert report, deposition and testimony
`– April 2016
`FTC v. LifeLock, Case No. CV-10-00530-PHX-MHM – Expert report – Case settled and client
`awarded a $100 million settlement based on analysis in expert report August 2015
`Finjan, Inc. v. Blue Coat Systems, Inc., Case No. 13-cv-03999-BLF – Expert report, deposition
`and testimony – Client awarded $40 million verdict July 2015
`The Trustees of Columbia University in the City of New York v. Symantec Corporation, Civil
`Action No. 3:13-cv-00808 – Expert report and deposition – Case settled September 2014
`
`
`
`
`
`6
`
`

`

`Case 3:17-cv-05659-WHA Document 49 Filed 04/09/18 Page 13 of 20
`
` 
`
` 
`
` 
`
` 
`
` 
`
` 
`
`Exhibit 2
`
`

`

`Case 3:17-cv-05659-WHA Document 49 Filed 04/09/18 Page 14 of 20
`Case 5:13-cv-03345-BLF Document 244 Filed 07/21/15 Page 1 of 17
`
`
`
`
`
`
`
`
`UNITED STATES DISTRICT COURT
`NORTHERN DISTRICT OF CALIFORNIA
`
`FINISAR CORPORATION,
`Plaintiff,
`
`v.
`
`NISTICA, INC.,
`Defendant.
`
`Case No. 13-cv-03345-BLF (JSC)
`
`
`ORDER RE DISCOVERY DISPUTES
`Re: Dkt. Nos. 223, 225, 230, 231
`
`
`
`
`
`
`Now pending before the Court in this patent infringement action are three discovery
`disputes. Two disputes pertain to the adequacy of Nistica’s responses to Finisar’s discovery
`requests, while the third involves Finisar’s objection to Nistica’s expert witness. Having
`considered the parties’ letter briefs, the Court concludes that oral argument is unnecessary, see
`Civ. L.R. 7-1(b), and rules as follows.
`LEGAL STANDARD
`The Federal Rules of Civil Procedure provide that parties “may obtain discovery regarding
`
`any nonprivileged matter that is relevant to any party's claim or defense.” Fed. R. Civ. P. 26(b)(1).
`In a motion to compel, the moving party bears the burden of showing why the other party’s
`responses are inadequate or their objections unjustified. See Williams v. Gate, No. 090468, 2011
`WL 6217378, at *1 (E.D. Cal. Dec. 14, 2011) (the moving party “bears the burden of informing
`the Court . . . for each disputed response, why [the responding party’s] objection is not justified[.]
`[The moving party] may not simply assert that he has served discovery responses, that he is
`dissatisfied, and that he wants an order compelling further responses.”). “Once the moving party
`establishes that the information requested is within the scope of permissible discovery, the burden
`shifts to the party opposing discovery. An opposing party can meet its burden by demonstrating
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`Northern District of California
`United States District Court
`
`

`

`Case 3:17-cv-05659-WHA Document 49 Filed 04/09/18 Page 15 of 20
`Case 5:13-cv-03345-BLF Document 244 Filed 07/21/15 Page 9 of 17
`
`
`
`cv-986-SI, 2009 WL 1834147, at *3 (N.D. Cal. June 24, 2009), is misplaced. There, the court
`ordered the defendant to produce discovery on products identified during discovery that were
`substantially similar to those accused in plaintiff’s infringement contentions. Id. at *3. But in that
`case, not only was there a showing that the products were substantially similar, the plaintiff had
`shown that it only discovered the new products during a recent deposition. Id. Finisar makes no
`such showing here. At bottom, if Finisar wishes to obtain discovery on these other products, it
`must demonstrate good cause to amend its infringement contentions. It has not done so, and the
`Court therefore DENIES Finisar’s request for an order compelling Nistica to supplement its
`responses to requests for production of documents pertaining to technical details of Accused
`Products.
`
`The Court reaches the same conclusion with respect to Interrogatory Nos. 1 and 5.
`Nistica’s responses to these interrogatories include sufficient responses for all product numbers
`accused on infringement in Finisar’s contentions. Absent a showing of good cause to amend, the
`Court DENIES Finisar’s request for an order compelling Nistica to supplement its responses to
`include information about other products not specifically accused therein.
`C.
`Nistica’s Request to Overcome Finisar’s Claim that Expert Witness Keren Bergman
`
`has a Conflict of Interest (Dkt. No. 231)
`
`Nistica seeks an order overruling Finisar’s objection to Professor Keren Bergman,
`
`Chairman of the Electrical Engineering Department at Columbia University, Nistica’s technical
`expert witness. (Dkt. No. 231.)
`1.
`Background
`
`a.
`Issues in the Case
`
`Finisar accuses a number of Nistica products of infringing six of Finisar’s patents directed
`
`at devices and components used in optical communications networks.