Susan Mauldin, the person in charge of the Equifax's data security, has a bachelor's degree and a master of fine arts degree in music composition from the University of Georgia, according to her LinkedIn profile. Mauldin's LinkedIn profile lists no education related to technology or security. If that wasn't enough, news outlet MarketWatch reported on Friday that Susan Mauldin's LinkedIn page was made private and her last name was replaced with "M", in a move that appears to keep her education background secret.
Earlier this month Equifax, which is one of the three major consumer credit reporting agencies, said that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver's license numbers. On Friday, the UK arm of the organisation said files containing information on "fewer than 400,000" UK consumers was accessed in the breach.
Her background is hidden, because idiots are seasing on this (and idiots are implying she got job by sex). That being said, given fuckups the company produced, we can say safely the security there sucked and that was her responsibility.
Major in music is ok. Collosal hacks and apparent low general security is not ok and has nothing to do with major - but a lot to do with after.
It seems you think that "Affirmative Action and Diversity hiring" means that any minority or female that applies for a job will get the job, regardless of their qualifications. In reality, it's usually used to help minorities/females get an interview and may be used as a tie breaker amongst similarly qualified candidates.
In this case, it is much more likely that if she's drastically under-qualified it was more of a political decision.
I've worked with some brilliant software engineers and engineering managers at my current job, and here is a list of the non-IT degrees they have:
B.S. in Political Science
B.A. in Media Design
B.A. in English
These are guys that are designing and implementing financial software for a Fortune 500. Sometimes what your degree is in has the square root of jack shit to do with what you are currently doing, and how well you do it.
She was previously Senior Vice President and Chief Security Officer at First Data Corporation for four years
Next target hackers! We now know the former CSO wasn't the sharpest tool in the box. Rot is almost certainly there too.
Unless you are getting hired directly out of school for a tech job, whether or not you have a degree in tech means almost nothing. It's your experience that counts. If Mrs. Mauldin majored in music, graduated, found that was a dumb idea and worked her way up through the ranks over 20 years before landing the Chief Security role at Equifax, I have no problem with that.
This woman may have to take the fall, but often, even senior security staff don't get to dictate everything you think they should. Cost considerations can override their wishes, inconvenience can override it. They can often set guidelines for IT staff that do not report to them and feel no obligation to do what they say.
I wouldn't skewer this woman just yet.
Having a liberal arts degree doesn't disqualify you from working in IT. If you only have a liberal arts degree, no technical certifications and no previous IT experience for a high-level role as CSO, you must have really nice legs.
Or, you know, she worked for 4 years as a Chief Security Officer for First Data Corporation just prior to this job and has a 15 year history in tech related industries, including HP. Perhaps you should read the article before spouting off sexist crap like that.
didn't like introverted males so she refused to interact with them.
A good share of this site's users do very important technical work--quite competently--without the educational credentials.
Let's judge people here by their actions, not their degrees.
How quickly you forget.
Why are they in the news again? Incompetent administration, unpatched systems, no emphasis on security?
Her results are on the record.
Her results are on the record.
I think that was the point.
Because I'm sure the C-level executive of a large enterprise like Equifax is writing GPOs for Windows Update or popping into an SSH console and running apt upgrade -y / configuring automatic updates.
Ultimately she bears responsibility because the direction and emphasis should have come from her, and any breach big enough to land you in the nightly news will ultimately have someone answering to the board of directors; in reality it's the middle management and the incompetent engineers that are directly respo
If the company survives this, they will certainly need to replace the entire security team. Find the ones that quit in disgust and hire them back.
But it's ultimately on her, the CTO, COO, CEO and board. They are fully responsible for the team in place, it's budget and the priorities they operated under.
When your servers aren't getting patched, it goes to the top. That's just basic.
Having been around, I bet patching Struts (and all the rest of the server software) was nobody's 'job', a low priority si
Isn't there anyone else in the organization that knows the vpn user/pw is admin/admin that can blow the whistle before hackers dump your sack?
Organizationally it shows these companies have no blue teams looking for red teams. And they have your mortgage documents.
I myself am a music major and have since gone on to be a highly certified security individual. What a person takes as their post-secondary degree when they are 18-24 and starting life doesn't imply they haven't SINCE developed a full suite of skills and certifications making them perfectly suited to the job.
This isn't her secondary degree tho. She's got a BS and masters in music. That is what she studied.
Also if she is self taught, post that in LinkedIn, along with some projects you've worked on that helped you along the way. Yet, all we get is crickets.
Hell Donald Trump is president of the USA, why can't a third rate musician with no valid understanding of technology or security be in charge of privacy at such a massive firm?
She's helping them sing the blues now.
I was under the impression programmers are more into dubstep these days.
One of the early pioneers in Tech, the man that interviewed Bill Gate and was given the infamous "64K" quote, is a world class composer. (yes Dennis [wikipedia.org] I'm referring to you!).
You wanna bet the people that hacked Equifax didn't major in security too? Like she would have learned anything in college that would have prevented this. No, this mistake was made by someone much lower in the org than her and they probably had certs/degrees.
There are plenty of CS and Engineering people that wouldn't have known any better.
But there are also some that would have. Music education had no chance of teaching her what she needed to know. She was almost setup to be a perfect victim of some security company's 'magic bullet marketing'.
The practicals of security are tough and not taught in school. But 'three letter' executives aren't expected to be in the trenches, they are expected to set policy. For example: 'All patches should be tested and deplo
So, there are two ways you could interpret this.
One is that she's got a competent and well-developed perspective on the security industry. She's put a lot of thought into many new and upcoming problems, has kept herself on the leading edge, and is well-appraised of many deep and complex topics in information security. On top of all that, she also has excellent taste in music.
The other is that she's a woman and obviously doesn't know what any of those big words she's using actually mean.
I've got grade 2 piano and no IT qualifications, and yet I'm working in IT instead of busking my way through chopsticks.
If that wasn't enough, news outlet MarketWatch reported on Friday that Susan Mauldin's LinkedIn page was made private and her last name was replaced with "M", in a move that appears to keep her education background secret.
I doubt it has anything to do with keeping her education background secret, and more to do with simply wanting to disappear until this particular shit storm blows over. Lot of (rightfully) angry people out there, some of whom might do (unrightfully) angry things.
In my humble experience, musicians and mathematicians can converse very coherently upon the subject of algorithms. It's truly something to be a fly on the wall for one of those conversations.
However, back to the matter at hand. I suspect that we will learn that Equifax was a shell of a company that is still running XP or even NT and that the business people treated the tech side of the company as janitors who basically had to keep the place looking tidy and those credit card transactions coming in.
We have our scapegoat to let the board members off the hook. Not that's she's qualified or anything... They just hired somebody that wouldn't demand a high salary. Sounds like a common practice to me.
Now then, as for the other two major consumer credit reporting agencies, when will they report the "breaches"* into their systems? You know it happened there too.
*euphemism for what really was a transfer to a buyer
Seriously?!? (Score:2)
This is an insult to anyone working hard to make the best of information security. Equifax deserved it!!
... of formal vs informal education.
I am a retired IT guy. I never went to school for a goddam thing.
I started as a hobbyist in 1978 (TRS-80) and LIVED the digital revolution.
I have an aptitude for it that school would probably have fucked up.
Infosec and backup were my two nightmares.
I handled them both with best practices, limited only by management's lack of infinite resources, including common sense.