Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Security Businesses The Almighty Buck United States

Equifax CEO Hired a Music Major as the Company's Chief Security Officer 430

Susan Mauldin, the person in charge of the Equifax's data security, has a bachelor's degree and a master of fine arts degree in music composition from the University of Georgia, according to her LinkedIn profile. Mauldin's LinkedIn profile lists no education related to technology or security. If that wasn't enough, news outlet MarketWatch reported on Friday that Susan Mauldin's LinkedIn page was made private and her last name was replaced with "M", in a move that appears to keep her education background secret.

Earlier this month Equifax, which is one of the three major consumer credit reporting agencies, said that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver's license numbers. On Friday, the UK arm of the organisation said files containing information on "fewer than 400,000" UK consumers was accessed in the breach.

UPDATE (9/16/2017): CSO Susan Mauldin has abruptly 'retired' from Equifax.
This discussion has been archived. No new comments can be posted.

Equifax CEO Hired a Music Major as the Company's Chief Security Officer

Comments Filter:
  • Yes and no... (Score:5, Insightful)

    by cdreimer ( 4977441 ) on Friday September 15, 2017 @02:30PM (#55204813) Homepage
    Having a liberal arts degree doesn't disqualify you from working in IT. If you only have a liberal arts degree, no technical certifications and no previous IT experience for a high-level role as CSO, you must have really nice legs.
    • Re:Yes and no... (Score:5, Insightful)

      by UnknowingFool ( 672806 ) on Friday September 15, 2017 @02:34PM (#55204859)
      Yes nothing says she (or anyone with a liberal arts degree) can't be a good security officer. But it is suspicious that all of her background is now hidden. It might have been she was CSO for political reasons as one would find in big companies that the person who plays politics is promoted over people who have experience or skill.
      • Re: (Score:3, Interesting)

        by Anonymous Coward

        but what in her profile would suggest that she would be even remotely qualified to have an entry level IT position? she's barely qualified to to pour coffee.

        equifax fucked up. the pitchforks are totally justified.

        • by gweihir ( 88907 )

          Well, if you do not want the security person stand in your way, use somebody unqualified or very junior. They will not cause problems, because they will not dare to speak up. I have seen that principle in action several times. The IT security problems at those companies were impressive.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Yes nothing says she (or anyone with a liberal arts degree) can't be a good security officer. But it is suspicious that all of her background is now hidden. It might have been she was CSO for political reasons as one would find in big companies that the person who plays politics is promoted over people who have experience or skill.

        Nah waht's suspicious is that it's now hidden badly.

        If she was able to hide her education history from the prying eyes of the Internet that's be a practical demonstration of her relevant skills. Failing to do so, not as much.

      • by gweihir ( 88907 )

        The same is true for brain-surgery. Sure, there may be the one exceptional talent that can do it without a specific degree and years of training, but does that claim make sense? No, it does not.

        Down here in actual reality, you need that degree and that decade or two of on-topic training and experience to be any good in that role.

        • by HiThere ( 15173 )

          Sorry, but the degree is almost irrelevant. It's the experience that counts. Of course, you shouldn't be able to get the degree without some experience in the process...

      • Being politically adroit is an essential job skill for a high level executive. You wouldn't won't to work for an executive who has technical skills, but who doesn't know how to play politics. Your part of the organization would quickly become the guys with all the responsibilities and no say. Everything that's ever wrong would quickly become your fault and everything that's right would never be credited to you. You may think that "winning" should not be important to a productive environment, but you wil
      • Re:Yes and no... (Score:5, Informative)

        by slew ( 2918 ) on Friday September 15, 2017 @06:52PM (#55206745)

        Yes nothing says she (or anyone with a liberal arts degree) can't be a good security officer. But it is suspicious that all of her background is now hidden. It might have been she was CSO for political reasons as one would find in big companies that the person who plays politics is promoted over people who have experience or skill.

        Well, as it turns out, her "resume" prior to Equifax lists

        * Senior Director of Information Security, Audit and Compliance at HP
        * Senior Vice President and Chief Security Officer and First Data Corporation
        * Group Vice President Sun Trust Bank

        Sounds to me that she worked up the "vice-president" track (easy to do in a bank as everyone is a VP) and stumbled on to security from the audit/compliance side of the house. This is like a VP of engineering coming up from the marketing/product specification side of the house. All most of these folks know how to do is check the boxes... They might have learned some buzzwords along the way, but you would never trust them to actually *do* anything...

      • Yes nothing says she (or anyone with a liberal arts degree) can't be a good security officer. But it is suspicious that all of her background is now hidden. It might have been she was CSO for political reasons as one would find in big companies that the person who plays politics is promoted over people who have experience or skill.

        And the extra really super suspicious thing is that she oversaw the biggest data breach we know of.

        If you are going to be a CSO, you really need to be a little paranoid, and you need to run a hellava lot of penetration testing, install some honeypots, and know some stuff. I'd wager that most music majors will not have the mental outlook to do that.

        But Equifax promises that their next CSO will be a Women's study major, which should fix everything

      • Agreed. A music major could be a great security officer. She clearly wasn't. They're trying to hide it.

        The conclusion here should not be you need a technical degree to fill a technical role. It should either be
        1. that the idiots at Equifax are also sleezebags.
        Or 2. that the sleezebags at Equifax are also idiots.

        Clearly both are logically true, but which states the case with the proper emphasis?

    • Re:Yes and no... (Score:5, Insightful)

      by Anonymous Coward on Friday September 15, 2017 @02:40PM (#55204921)

      I've worked with some brilliant software engineers and engineering managers at my current job, and here is a list of the non-IT degrees they have:
      B.S. in Political Science
      B.A. in Media Design
      B.A. in English

      These are guys that are designing and implementing financial software for a Fortune 500. Sometimes what your degree is in has the square root of jack shit to do with what you are currently doing, and how well you do it.

      • I agree partly (I came out of Electrical Engineering), but it certainly helps if one's resume shows increasing experience in the field before you, say, become a C-level executive over that field in your company, yanno?

        It's doubly odd when one finds that her history on linkedin is now hidden/blocked, no?

        • Re:Yes and no... (Score:5, Insightful)

          by computational super ( 740265 ) on Friday September 15, 2017 @04:28PM (#55205847)
          There are no doctors without medical degrees. There are no lawyers without law degrees. Yet somehow, tech seems to be the one place where a degree is considered near irrelevant (in fact, according to Slashdot, having a degree in computer science may very well disqualify you from professional programming). The reason most often suggested for this difference is that technology isn't as important as medicine or law. Yet this line of thinking has apparently led to the collapse of the US consumer credit system.
      • by gweihir ( 88907 )

        And very likely none of them will have what it takes to be a reasonable CISO. That job is a bit more difficult than just being able to write good software. I also doubt that "brilliant" qualifier very much. In a pool of massive underperformers, somebody somewhat average will look "brilliant". (And yes, I have reviewed software created by supposedly "brilliant" people that did not have an IT related degree. It was functional but not good at all beyond that. And yes, this was critical software in about the sa

      • The best development manager I've ever seen had a philosophy degree and no formal technical training. He was a very talented programmer and the kind of manager who knew how to nurture people into life-long successful careers.
    • Re:Yes and no... (Score:5, Informative)

      by Anonymous Coward on Friday September 15, 2017 @02:45PM (#55204977)

      She was previously Senior Vice President and Chief Security Officer at First Data Corporation for four years

      • Next target hackers! We now know the former CSO wasn't the sharpest tool in the box. Rot is almost certainly there too.

        • Re:Yes and no... (Score:5, Informative)

          by swillden ( 191260 ) <shawn-ds@willden.org> on Friday September 15, 2017 @05:49PM (#55206413) Homepage Journal

          Next target hackers! We now know the former CSO wasn't the sharpest tool in the box. Rot is almost certainly there too.

          Hackers don't need some additional notice or incentive to go after First Data. First Data is one of the biggest, tastiest and most potentially lucrative targets in the world. But you haven't heard that, because they do a very good job on security.

          I worked several security projects at First Data when I was doing security consulting, and I was consistently impressed with quality of their people, systems and processes. I was also a little appalled at how many eggs are in the First Data basket. They issue and manage a large majority of the credit and debit cards in the United States. You almost certainly have a card they issued in your wallet, and they also generate your statements, process your payments and potentially even operate your bank's web site.

          The largest project I worked for First Data was directly supervised by the NSA (in their role of protecting the nation's data infrastructure, not their role of spying on everyone -- two very different organizations within the NSA) because the security of First Data systems is essential to national security. They're that big and that important to the country's credit and banking infrastructure. More important than Equifax, I'd say.

          The fact that she was CSO for First Data changes my perception of the headline considerably. I can't see First Data hiring someone unqualified for a role like CSO. Security is way, way too important there, and they have a lot of people who know how to do security.

    • No amount of nice legs would get you CSO of a security centered firm with no experience and an unrelated degree. The ruling class take care of their own. Always have. I sure wish the working class did the same...
      • To be fair, Equifax is a credit reporting bureau, and not FireEye, Tripwire, Qualys, F-Secure, PC-Matic (for consumers), etc. (though you are correct in that security is an incredibly high priority for a credit reporting bureau, or at least one would think so... but they got popped via a way outdated version of Struts, FFS.)

        A company like Qualys or Tripwire getting popped would spell certain doom for that company.

        Equifax on the other hand will likely survive this (as long as nothing else happens in the next

    • Re:Yes and no... (Score:5, Insightful)

      by pr0t0 ( 216378 ) on Friday September 15, 2017 @02:47PM (#55204993)

      Unless you are getting hired directly out of school for a tech job, whether or not you have a degree in tech means almost nothing. It's your experience that counts. If Mrs. Mauldin majored in music, graduated, found that was a dumb idea and worked her way up through the ranks over 20 years before landing the Chief Security role at Equifax, I have no problem with that.

      This woman may have to take the fall, but often, even senior security staff don't get to dictate everything you think they should. Cost considerations can override their wishes, inconvenience can override it. They can often set guidelines for IT staff that do not report to them and feel no obligation to do what they say.

      I wouldn't skewer this woman just yet.

      • Agreed, but she'd damned well better have at least one email in her possession showing that she (or one of her subordinates) had previously tried to warn the company to update their version of Struts...

        (...and if she does, then the devs will be in the hot seat for ignoring that one.)

        • Re:Yes and no... (Score:5, Informative)

          by HornWumpus ( 783565 ) on Friday September 15, 2017 @03:45PM (#55205483)

          Devs don't patch live systems at a company that size. Devs shouldn't touch live systems at a company that size.

          • ...but they should at least show evidence of patching test/staging systems, no?

            • The devs? No. That would be admins.

              At that size, there should be small team just testing patches then applying them.

          • Agreed. They provide the applications that are put into an environment that the Operations teams manages. This is only after the application has gone through rigorous testing, many time through multiple test environment. Devs ONLY do unit test in a development environment. All other tests (Certification, Integration, Regression. We even added two more separate tests of Performance and Release) go through a different group of folks with environments setup for each. Each with specific set of tests in m

      • by tomhath ( 637240 )

        If Mrs. Mauldin majored in music, graduated, found that was a dumb idea and worked her way up through the ranks over 20 years before landing the Chief Security role at Equifax, I have no problem with that.

        From her LinkedIn profile it appears she went from unemployed music student to Chief Security Officer in roughly ten years. Pretty impressive career.

      • She should be skewered for hiding her background, though. If her profile was incomplete, she could add her additional credentials. If she really was unqualified and got the job via dubious means she should just come out and say it. But to go into hiding after something like this, regardless of any other facts, her current behavior is worthy of a skewering.
      • by Holi ( 250190 )
        This.

        I have a degree in photography, it did not take long for me to realize I was not a professional photographer. And thus began my 20 years in IT.
      • Unless you are getting hired directly out of school for a tech job, whether or not you have a degree in tech means almost nothing. It's your experience that counts. If Mrs. Mauldin majored in music, graduated, found that was a dumb idea and worked her way up through the ranks over 20 years before landing the Chief Security role at Equifax, I have no problem with that.

        This... I, too, majored in music, but focused on audio engineering. I ended up building and maintaining radio stations, including repairing solid state and analog transmitters and rewiring audio consoles, building multi-site audio and data links, building automation computers and maintaining data networks, etc. In the course of doing that, I studied electrical engineering and programming, passed the FE, and eventually become a patent attorney specializing in communications and security.

        If she had no experi

        • Yet, basic things weren't done on her watch. Keeping your servers patched is very basic, but it's the kind of corner a non-technically proficient manager, like her, will cut.

          Proof of the pudding and all. She's done and deserves to be unemployable.

      • by gweihir ( 88907 )

        Bullshit. To be any good at IT security, you need 10-20 years of experience on top of a relevant degree (MA or PhD) that already included IT security. If you do not have that degree, you cannot, in a human lifetime, acquire enough experience to compensate for that. This stuff is hard.

    • Having a liberal arts degree doesn't disqualify you from working in IT. If you only have a liberal arts degree, no technical certifications and no previous IT experience for a high-level role as CSO, you must have really nice legs.

      Or, you know, she worked for 4 years as a Chief Security Officer for First Data Corporation just prior to this job and has a 15 year history in tech related industries, including HP. Perhaps you should read the article before spouting off sexist crap like that.

    • Re:Yes and no... (Score:4, Informative)

      by hey! ( 33014 ) on Friday September 15, 2017 @04:33PM (#55205885) Homepage Journal

      Judging from her profile, she had 11 years working in IT positions starting at HP in 2002 and including two banks and a major credit card processing company.

      It is not inconceivable that a person with such a background would acquire the necessary skills on the job; back in 2002 there weren't many (if any) degree programs in IT security, and to be frank a CS degree doesn't really prepare you to do security work much better than a music degree. So would you rather hire a recent grad with the right degree for this position, or someone who'd been working in the field since before the degree was commonly offered?

      On the other hand, Equifax just had a major security screw-up and did not handle it very professionally. So while nothing in her background precludes her being qualified for the job, her actual job performance calls her competence into question.

  • by Anonymous Coward on Friday September 15, 2017 @02:31PM (#55204825)

    A good share of this site's users do very important technical work--quite competently--without the educational credentials.
    Let's judge people here by their actions, not their degrees.

    • by HornWumpus ( 783565 ) on Friday September 15, 2017 @02:36PM (#55204885)

      How quickly you forget.

      Why are they in the news again? Incompetent administration, unpatched systems, no emphasis on security?

      Her results are on the record.

      • by Pascoea ( 968200 )

        Her results are on the record.

        I think that was the point.

      • by AmiMoJo ( 196126 )

        Why hasn't she been fired then? Maybe she warned them and the bean counters decided it wasn't worth it.

        We simply don't know, and speculation is pointless.

        • CSO is a responsible position. She can't just pass the buck. It was her job to take it to the board and resign over not being allowed to do her job (assuming that's her story).

          Three letter people don't get fired. She'll 'take time off to spend with her family' shortly. Likely followed by the COO and CEO.

      • by thomn8r ( 635504 )

        Why are they in the news again? Incompetent administration, unpatched systems, no emphasis on security?

        C-level execs bring home huge paychecks because of their (alleged) vast, exquisite expertise and the tremendous amount of responsibility they must bear. You can't collect a paycheck of this level while at the same time playing dumb and throwing underlings under the bus. Well, I guess you can, but you shouldn't.

    • do very important technical work--quite competently--without the educational credentials

      Well, it's not much of a stretch to extrapolate from that that you feel that educational credentials are, in effect, meaningless for technical work. Do you feel that way about all fields or just technology?

  • Yeah but (Score:2, Insightful)

    by Anonymous Coward

    Isn't there anyone else in the organization that knows the vpn user/pw is admin/admin that can blow the whistle before hackers dump your sack?

    Organizationally it shows these companies have no blue teams looking for red teams. And they have your mortgage documents.

  • by Anonymous Coward on Friday September 15, 2017 @02:33PM (#55204851)

    I myself am a music major and have since gone on to be a highly certified security individual. What a person takes as their post-secondary degree when they are 18-24 and starting life doesn't imply they haven't SINCE developed a full suite of skills and certifications making them perfectly suited to the job.

    • What a person takes as their post-secondary degree when they are 18-24 and starting life doesn't imply they haven't SINCE developed a full suite of skills and certifications making them perfectly suited to the job.

      What does being at the wheel when infosec Chernobyl happens imply?

    • Agreed - too bad she didn't have her LinkedIn profile sufficiently updated to reflect her current skillset BEFORE the big breach happened.

    • by gweihir ( 88907 )

      Certification is utterly worthless. In fact, certification makes things worse. When actual IT security experts work with people that just have "certifications", we not only have to explain how things actually work, we have to overcome all those wrong ideas first. It is utterly pathetic.

  • ... imo. Or at least, good programmers. There's a lot of metal overlap between the fields.
    • Re: (Score:2, Informative)

      by Anonymous Coward

      One of the early pioneers in Tech, the man that interviewed Bill Gate and was given the infamous "64K" quote, is a world class composer. (yes Dennis [wikipedia.org] I'm referring to you!).

    • by gweihir ( 88907 )

      Coders are routinely bad at security. It is a different skill. Also, self-taught coders usually suck badly as soon as the least bit of actual CS comes into it.

  • by burtosis ( 1124179 ) on Friday September 15, 2017 @02:36PM (#55204879)
    Wouldn't you want someone who isn't an expert at singing when it comes time to testify?
  • by Anonymous Coward

    You wanna bet the people that hacked Equifax didn't major in security too? Like she would have learned anything in college that would have prevented this. No, this mistake was made by someone much lower in the org than her and they probably had certs/degrees.

    • There are plenty of CS and Engineering people that wouldn't have known any better.

      But there are also some that would have. Music education had no chance of teaching her what she needed to know. She was almost setup to be a perfect victim of some security company's 'magic bullet marketing'.

      The practicals of security are tough and not taught in school. But 'three letter' executives aren't expected to be in the trenches, they are expected to set policy. For example: 'All patches should be tested and deplo

    • by eth1 ( 94901 )

      No, this mistake was made by someone much lower in the org than her and they probably had certs/degrees.

      Probably not...

      I'm in InfoSec as well, and it almost always goes like this:
      1. InfoSec - we need to do X, Y and Z to address these weak points. It will cost $A. (or potentially involve B amount of dealing with user gripes)
      2. Upper management - no, that's too expensive (or to much trouble, or whatever)
      3. InfoSec - well, ok, we have enough resources to partially address the worst offenders X and Y...
      4. Attackers - Z is weak! All your bytes are belong to us!
      5. Upper management - !?! Here's a stack of money, an

  • Found this interview (Score:5, Informative)

    by Dan667 ( 564390 ) on Friday September 15, 2017 @02:44PM (#55204961)
    They took it down, but of course the Wayback machine has it. https://web.archive.org/web/20... [archive.org]
    • Re: (Score:2, Insightful)

      So, there are two ways you could interpret this.

      One is that she's got a competent and well-developed perspective on the security industry. She's put a lot of thought into many new and upcoming problems, has kept herself on the leading edge, and is well-appraised of many deep and complex topics in information security. On top of all that, she also has excellent taste in music.

      The other is that she's a woman and obviously doesn't know what any of those big words she's using actually mean.

      The major deba

      • by swb ( 14022 )

        Will you let me know what sub to watch for the debate, or will it just make the front page? Or do I have to wait for the whining thread in r/conspiracy about how the mods conspired to kill the debate on CIA mind control music ruining internet security?

      • is well-appraised of many deep and complex topics in information security

        Well, considering they were running an unpatched version of Apache struts and using "admin" as their passwords, we can pretty much rule that out.

        doesn't know what any of those big words she's using actually mean

        So you must be saying option B.

        I love the smell of moralizing high-and-mighty white knights painting themselves into a corner in the morning.

        • Although I think your point has some validity, in many large organizations, there is no application portfolio management whatsoever so you don't even have a list of deployed systems never mind information about their internals or patches.
          • So she didn't even review the vulnerability scans? Or didn't make sure that they were even done? This is simple standard stuff that any vulnerability scanner would find - Nessus or even nikto would uncover this stuff.
            • Nessus and Nikto will only find this if they find the vulnerable systems. If the apps are in a "forgotten" DMZ this won't help one bit.
    • by Anonymous Coward

      It seems she's not a complete novice, she's uses some of the right words and is familiar with the idea of tokenization for securing PII in "the cloud" (which is f*cking stupid idea that adds complexity and increases the attack surface but all the rage with a lot of the security groups I've worked with). This statement also stood out for me "In today's environment, fully funded, well staffed adversaries can pretty much get to any asset that they decide to target." Oddly enough, I usually consider an attitu

  • by wonkey_monkey ( 2592601 ) on Friday September 15, 2017 @02:47PM (#55204999) Homepage

    I've got grade 2 piano and no IT qualifications, and yet I'm working in IT instead of busking my way through chopsticks.

    If that wasn't enough, news outlet MarketWatch reported on Friday that Susan Mauldin's LinkedIn page was made private and her last name was replaced with "M", in a move that appears to keep her education background secret.

    I doubt it has anything to do with keeping her education background secret, and more to do with simply wanting to disappear until this particular shit storm blows over. Lot of (rightfully) angry people out there, some of whom might do (unrightfully) angry things.

  • by sandbagger ( 654585 ) on Friday September 15, 2017 @02:51PM (#55205017)

    In my humble experience, musicians and mathematicians can converse very coherently upon the subject of algorithms. It's truly something to be a fly on the wall for one of those conversations.

    However, back to the matter at hand. I suspect that we will learn that Equifax was a shell of a company that is still running XP or even NT and that the business people treated the tech side of the company as janitors who basically had to keep the place looking tidy and those credit card transactions coming in.

  • Unqualified people working in IT/software. There needs to be laws to set a bare minimum of qualified degrees or certifications to work above a certain level. Shit even plumbers must certified to fix your shitter.
    • Nothing sets Slashdot off like suggesting that programmers should be subject to certain qualifications (just look through the rest of the comments here). As far as Slashdot is concerned, everybody is a competent programmer except the ones who've ever actually studied it academically.
      • by gweihir ( 88907 )

        Well, a lot of people here have a lot to lose. But the abysmally bad state that most current software is in is due to the abysmally bad skills of most coders. And this cannot continue.

    • by gweihir ( 88907 )

      I fully agree. It is pathetic. I just recently had to explain to some 5-year web application developers at a really large company where they write mission-critical software, what an HTTP-header looks like. These people have zero understanding what they do. They can use some frameworks for implementing simple business logic, but ask them whether a variable is actually stored on client or server side and they just look at you without any understanding at all.

      What we need in software creation is _engineers_. Y

  • Keep it classy, /. (Score:5, Insightful)

    by hrbrmstr ( 324215 ) on Friday September 15, 2017 @03:07PM (#55205137) Homepage Journal
    IMO this post shld be taken down. It is not a technology discussion and it's definitely not "stuff that matters". I personally know liberal arts majors, one of whom has degrees in music and nothing else who are likely more experienced and qualified in security than 99% of the security folks on /. Good step onto the slippery slope of becoming yet-another-Reddit. But, if one needs clickbait for ad revenue, one will do just about anything.
    • At least a couple of the funny mods were slightly merited, but I'm pretty baffled by the "insightful" on this one. Something about the financial model of Slashdot? What's to say beyond "It's broken"? Maybe some deeper insightful suggestion on how to improve it?

      So after scanning all of the "funny" and "insightful" comments, I did another round of searches for relevance and eventually wound up back at your post for the "personal" embedded in "personally". As of now, it's the only match in the visible part of

  • This is an insult to anyone working hard to make the best of information security. Equifax deserved it!!

  • ... of formal vs informal education.

    I am a retired IT guy. I never went to school for a goddam thing.

    I started as a hobbyist in 1978 (TRS-80) and LIVED the digital revolution.

    I have an aptitude for it that school would probably have fucked up.

    Infosec and backup were my two nightmares.

    I handled them both with best practices, limited only by management's lack of infinite resources, including common sense.

  • that sounds about right...
  • There's lots of valid career paths that could lead to a job in IT, and I would normally accept any reasonable explanation for how she got the job

    They tried to cover her academic qualifications up, though, which leads me to a slightly different conclusion...that she got the job by composing an original piece with a title something like, "Duet for Skin Flute and Tulips".

  • So many on here seem to think that a college degree is not required for certain IS/IT related positions. They taut how college degrees are useless.

    Well, here you go - she had a BA and MFA. She is obviously intelligent and capable of learning. Her work background had her working in at least two tech related positions given the companies for which she worked.

    The comments made by former coworkers indicate she is organized and able to lead her teams. Ultimately, that's what get you an executive job.

    However,

  • by next_ghost ( 1868792 ) on Friday September 15, 2017 @05:25PM (#55206239)
    Obligatory XKCD [xkcd.com]. There really is one for everything.

A transistor protected by a fast-acting fuse will protect the fuse by blowing first.

Working...