Thumbs both ways -- Tulsa CIO Tom Golliver: The city suspended him pending an investigation after the data breach his team reported turned out to be a test performed by a security contractor. True, Golliver jumped the gun and the city had to shell out a lot of money to report what turned out to be a false alarm. But in my book, what happened was better than doing nothing. That's when the real -- and damaging -- attacks happen. He deserves credit for an incident response program that could be outstanding with some tweaking.\tThumbs up -- Sophos: No matter how good the product, glitches happen. So it's sad when vendors try to downplay their own weaknesses. Sophos deserves credit for recently owning its failure. Customers recently reported detections of Shh\/Updater-B, indicating an attack was under way. Sophos issued a fix, then did something more: Admitted in\u00a0a headline in its Naked Security blog that this was a false positive on its part.. "Sophos would like to reassure users that these are false positives and are not a malware outbreak, and apologizes for any inconvenience," the company said in its post.\tThumbs up -- Mark Weatherford, undersecretary of cybersecurity for DHS: Government often has trouble seeing outside the box when looking for talent. That being the case, it's refreshing to see Weatherford looking for help in uncommon places. During the recent CSO Security Standard event in NYC, he noted that the best talent doesn't necessarily need a college degree. "There are people out there who didn't go to college, but they spent much of their time breaking things and putting them back together," and DHS needs their help, too, he said. Well said.\tThumbs down -- U.S. Congress: A lot of industry leaders have groused about Congress' inability to pass a cybersecurity bill, but there is an upside in its failure to act: The legislation that was on the table was loaded with pork that would do nothing to improve things and would in fact threaten our civil liberties. In this case, the failure to lead was in our best interests. And that's sad.