A look at individuals and groups leading the way -- or not -- in tough times. Thumbs both ways — Tulsa CIO Tom Golliver: The city suspended him pending an investigation after the data breach his team reported turned out to be a test performed by a security contractor. True, Golliver jumped the gun and the city had to shell out a lot of money to report what turned out to be a false alarm. But in my book, what happened was better than doing nothing. That’s when the real — and damaging — attacks happen. He deserves credit for an incident response program that could be outstanding with some tweaking. Thumbs up — Sophos: No matter how good the product, glitches happen. So it’s sad when vendors try to downplay their own weaknesses. Sophos deserves credit for recently owning its failure. Customers recently reported detections of Shh/Updater-B, indicating an attack was under way. Sophos issued a fix, then did something more: Admitted in a headline in its Naked Security blog that this was a false positive on its part.. “Sophos would like to reassure users that these are false positives and are not a malware outbreak, and apologizes for any inconvenience,” the company said in its post. Thumbs up — Mark Weatherford, undersecretary of cybersecurity for DHS: Government often has trouble seeing outside the box when looking for talent. That being the case, it’s refreshing to see Weatherford looking for help in uncommon places. During the recent CSO Security Standard event in NYC, he noted that the best talent doesn’t necessarily need a college degree. “There are people out there who didn’t go to college, but they spent much of their time breaking things and putting them back together,” and DHS needs their help, too, he said. Well said. Thumbs down — U.S. Congress: A lot of industry leaders have groused about Congress’ inability to pass a cybersecurity bill, but there is an upside in its failure to act: The legislation that was on the table was loaded with pork that would do nothing to improve things and would in fact threaten our civil liberties. In this case, the failure to lead was in our best interests. And that’s sad. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe