Let's continue the obvious - I don't consider that most professional roles have a specific training programme. They are built on experience and appropriate training and professional development as required.

I would consider CISSP and/or GIAC qualifications as being key indicators for professional development for someone in a CSO role. Of course there can be other qualifications or evidence of professional development - I'm not claiming there is a specific training programme; just as there isn't one for a web developer, call center agent, tester, CIO, or road sweeper.

-- Pete.

You didn't answer the question: what CSO training programs exist out there? None.

Well I'd start by expecting professional qualifications such as CISSP or at least one or more GIAC certifications...

Particularly GIAC Security Leadership or GIAC Strategic Planning, Policy, and Leadership.

-- Pete

Hmm, I really don't know where to start with the misinformation that you're spreading here...

The DAO issue was early in the lifetime of Ethereum, and indeed was a "bad contract", ETH was forked due to the scale of the hack and that it was still a new usage of the cryptocurrency. This is the only time that Ethereum forked because of a hack. People are a lot more careful about how contracts are written after this.

The CoinDash ICO hack was caused by someone hacking the site, and replacing the Ethereum address for the ICO - this is like a hacker hacking into a company site and modifying the bank details for payment - customers paid into the wrong "account". This is not a hack of Ethereum, and nothing to do with the way smart contracts work - it can be done with fiat currency by changing bank details, or any other cryptocurrency (including Bitcoin) by changing the wallet address.

The Parity wallet hack was a sloppy 3rd party wallet implementation - again, if you use 3rd party software for any financial transactions you need to be really sure that you trust the software - this is also not a hack of Ethereum, it was a hack of a 3rd party wallet implemntation - again nothing to do with smart contracts and could have happened for another cryptocurrency wallet (such as a Bitcoin 3rd party wallet).

The Classic Ether Wallet hack was also a hacker taking control of a 3rd party wallet - the same warnings apply as for the Parity wallet hack - again nothing to do with Ethereum smart contracts.

The hack under discussion in this article was a hack of Veritaseum - their VERI tokens were stolen, and these were sold for Ethereum - again, nothing to do with any hack on Ethereum, it was just the cyrptocurrency that the hackers exchanged for their stolen property. They could have sold VERI for Bitcoin, USD, or cheese and it wouldn't make this a Bitcoin, USD, or cheese issue...just as this is not an Ethereum issue.

-- Pete.

I was working as a Major Incident Manager for a very large consulting company working on a huge government project. The management in the consultancy company were generally terrible, on my first day my colleagues took me out for a drink - they pointed out a bunch of people across the room and mentioned that it was the configuration management team who had all just been fired because management weren't happy with the way the process was going...just as my first example.

Another time I had someone from second line support come to my desk and point out that some of the monitoring was showing red, I immediately directed one guy to check from an end-user perspective to see the actual impact for users, another guy to pull the logs, and a third to dig deeper into the monitoring - they all scurried away to start assessing the situation. In the mean-time I leaned over the partition to my boss who was sat next to me, and mentioned the issue - she stuck her head up like a meercat, looked around, and said (quoting word for word), "I can't hear any shouting, I can't see people running around, I can't see people panicing, I don't feel this is being managed properly!". She then asked me if I'd informed her boss yet - I told her we were still evaluating the situation (again, apparently unacceptable), so she immediately snatched up her phone and called him saying the monitoring was red and we were in a crisis. Just as she finished her call the guy from the end-user perspective came back to my desk and reported that the issue was completely transparent to end-users. I passed this news to my boss who threw her hands up and said, "But I've called X! Now it's nothing?!". Yes. Quite.

A third story would be from the time her replacement (she was eventually demoted then fired) pulled me to one side and started screaming and swearing in my face because he didn't feel I was motivating technical staff to fix issues quickly enough because I wasn't in their faces screaming and swearing at them until any issue was fixed (yes - this is exactly what he meant). I'm sure any techies here will be happy to agree that this is not an appropriate motivational technique to get the best from your staff...but there you go.

I could go on - but instead I'll just summarise to mention that in the 12 months I worked there everyone in my team quit or was fired and replaced twice over except for me and one other guy...when my contract finished I wasn't sad to leave.

-- Pete.

Imagine an office environment where each desk/meeting room includes a monitor/keyboard/mouse for each user where the monitor passes through all connectivity via USB-C. Each user just carries a tiny lightweight computer that is "theirs" with all associated configuration/application/data, plugs it into the USB-C socket and off they go.

Not so different from having a laptop, except the devices are smaller, lighter, and cheaper - and with a higher quality screen, keyboard, and mouse. Sure you are constrained to work at points where there is a monitor, but in many cases this is a great solution.

-- Pete.

A few seconds with Google and I found this USB 3.0 to Dual Port Gigabit Ethernet Adapter NIC

-- Pete.

black men have longer ... you know, than white men

Prison sentences?

-- Pete.

Where did the speed instruction come from? The driver's foot on the pedal?

The driver sets the maximum speed when they activate the autopilot, in much the same way as you set the speed when you use cruise control on any other car. Or are you saying speeding isn't the responsibility of any driver if they're using cruise control to break the limit?

Autopilot will slow down if there is traffic ahead, otherwise it travels at the speed set by the driver.

-- Pete.

I was interested to read in the article, "Medicare does not pay for them, nor do most insurers".

How is this even possible? You have overpriced healthcare in the USA, and then even if you have insurance, it won't pay for the treatment you need?!

Just for those people that think the NHS is a terrible thing, I'll just leave this here - hearing diagnosis, treatment, and aids are free on the NHS in the UK for people that need them...

-- Pete.

By "social engineering", I take it he's not planning to directly attack the hardware of the phone, which means he's planning to use the only other logical approach to breaking into this phone (and to me the only obvious attack vector open to him or anyone else as long as Apple stand their ground [correctly]).

Because this phone has a four digit passphrase, this means that the owner of the phone has hit the same four sections of screen at least hundreds, and more likely thousands of times. Maybe it is possible using very delicate and incredibly accurate equipment to detect some sort of impact print on the screen where it has been used in those four spots repeatedly. If it is possible to do this, then you have cut down the number of password from 10,000 to 24 different possibilities. From here you need to check everything you know about the phone owner to see if any of those combinations are personally significant in any way - even if the combination is entirely random, you'll still have a 41.5% to break the password with 10 attempts...

Meh - then again I'm not a half-million dollar a year hacker, so what do I know?

-- Pete.

I never played FreeCiv, but I knew Claus (virtually) as he was working on it. I was a player (known as "Mort") on AnotherMUD, which was another project Claus worked on.

Good to bring back memories, although MUDding could have easily cost me my degree... ;)

-- Pete

It's nice they've got an official box and all, but the service to send disks to Amazon has been there for a while (as a beta program).

Here is a blog post from 2009 explaining the service.

Of course, a nice official controlled and encrytped box is a far tidier way of doing things!

-- Pete.

Frankly, don't see the point of having separate bank accounts, it is both your money, but if it makes your life easier, go ahead. :)

We actually have a bunch of accounts, each serving different purposes. It helps for budgeting when you know that the X amount in your personal account is available for whatever personal expenditure, the Y amount in your general account is for bills, rent, etc, and the Z in the savings account is there for other purposes. As I am a freelance contractor, I also have a business account, and I need to be able to explain each transaction there for taxes etc.

-- Pete.

You let your wife have the money, but not the passwords?

Seriously, if you don't trust her with everything, why the hell are you married to her?

She has about the same access to the money as she does to the passwords actually...they're both in a vault (aka "bank") that she has access to if she absolutely needs it. Day to day access she has her own money and computer accounts that she can use, and she doesn't use the same ones that I do. Just because I'm the one who usually accesses the "main" bank account and my passwords, that doesn't mean she's not trusted to do it, and she's certainly not blocked in any way from either.

I see this as different from "sharing" passwords, she doesn't know my passwords because she doesn't need to look (need is different from capability here). She trusts me to have my own accounts, and I trust her to have hers.

-- Pete.

I answered, "... only if we're married or similarly situated", but even then it's not so cut and dried. I generally don't even let my wife have my passwords, but there is a paper note with the master password to my password vault that she can access if there's a dire need.

It doesn't help that whatever I do (including setting up her own password vaults), she keeps terrible passwords for herself, and forgets them on a regular basis. Whenever she needs to access files on the NAS even with her own ID, I need to reset her password etc. This is frustrating to say the least.

-- Pete.