Slashdot Mirror

← Back to Stories (view on slashdot.org)

Equifax CEO Hired a Music Major as the Company's Chief Security Officer

Posted by msmash on from the caught-red-handed dept.

Susan Mauldin, the person in charge of the Equifax's data security, has a bachelor's degree and a master of fine arts degree in music composition from the University of Georgia, according to her LinkedIn profile. Mauldin's LinkedIn profile lists no education related to technology or security. If that wasn't enough, news outlet MarketWatch reported on Friday that Susan Mauldin's LinkedIn page was made private and her last name was replaced with "M", in a move that appears to keep her education background secret.

Earlier this month Equifax, which is one of the three major consumer credit reporting agencies, said that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver's license numbers. On Friday, the UK arm of the organisation said files containing information on "fewer than 400,000" UK consumers was accessed in the breach.

UPDATE (9/16/2017): CSO Susan Mauldin has abruptly 'retired' from Equifax.

9 of 430 comments (clear)

  1. Found this interview by Dan667 · · Score: 4, Informative

    They took it down, but of course the Wayback machine has it. https://web.archive.org/web/20...

  2. Re:Yes and no... by Anonymous Coward · · Score: 5, Informative

    She was previously Senior Vice President and Chief Security Officer at First Data Corporation for four years

  3. Re:Musicians can make good computer scientists by Anonymous Coward · · Score: 2, Informative

    One of the early pioneers in Tech, the man that interviewed Bill Gate and was given the infamous "64K" quote, is a world class composer. (yes Dennis I'm referring to you!).

  4. Re:Yes and no... by HornWumpus · · Score: 4, Informative

    Devs don't patch live systems at a company that size. Devs shouldn't touch live systems at a company that size.

    --
    John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
  5. Re:Yes and no... by hey! · · Score: 3, Informative

    Judging from her profile, she had 11 years working in IT positions starting at HP in 2002 and including two banks and a major credit card processing company.

    It is not inconceivable that a person with such a background would acquire the necessary skills on the job; back in 2002 there weren't many (if any) degree programs in IT security, and to be frank a CS degree doesn't really prepare you to do security work much better than a music degree. So would you rather hire a recent grad with the right degree for this position, or someone who'd been working in the field since before the degree was commonly offered?

    On the other hand, Equifax just had a major security screw-up and did not handle it very professionally. So while nothing in her background precludes her being qualified for the job, her actual job performance calls her competence into question.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  6. Re:Yes and no... by Anonymous Coward · · Score: 1, Informative

    That's in no small part because the industry was largely built by people who didn't have computer science degrees. Not to mention that everybody in the industry knows at least one non-comp-sci graduate developers who kicks everyones ass, and at one MIT Ph.D in comp sci who couldn't find their ass with both hands.

    Fun fact: In the 1960's, before there were comp sci degrees, IBM would hire people with music degrees as programmer trainees, music being structured like a programming language, having loops, conditional branches, unconditional branches, etc.

  7. Re:Yes and no... by xevioso · · Score: 1, Informative

    There's a number of reasons for this, but the main one is that in most cases, by the time you go through a certification process or get a degree, the technology you learned may very likely be out of date. In addition, the folks teaching would be the folks actually doing that job professionally if they could. Whereas, with doctors, those teaching are actually often practicing doctors, and laws and the skills needed to become a lawyer change slowly.

  8. Re:Yes and no... by swillden · · Score: 4, Informative

    Next target hackers! We now know the former CSO wasn't the sharpest tool in the box. Rot is almost certainly there too.

    Hackers don't need some additional notice or incentive to go after First Data. First Data is one of the biggest, tastiest and most potentially lucrative targets in the world. But you haven't heard that, because they do a very good job on security.

    I worked several security projects at First Data when I was doing security consulting, and I was consistently impressed with quality of their people, systems and processes. I was also a little appalled at how many eggs are in the First Data basket. They issue and manage a large majority of the credit and debit cards in the United States. You almost certainly have a card they issued in your wallet, and they also generate your statements, process your payments and potentially even operate your bank's web site.

    The largest project I worked for First Data was directly supervised by the NSA (in their role of protecting the nation's data infrastructure, not their role of spying on everyone -- two very different organizations within the NSA) because the security of First Data systems is essential to national security. They're that big and that important to the country's credit and banking infrastructure. More important than Equifax, I'd say.

    The fact that she was CSO for First Data changes my perception of the headline considerably. I can't see First Data hiring someone unqualified for a role like CSO. Security is way, way too important there, and they have a lot of people who know how to do security.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  9. Re:Yes and no... by slew · · Score: 5, Informative

    Yes nothing says she (or anyone with a liberal arts degree) can't be a good security officer. But it is suspicious that all of her background is now hidden. It might have been she was CSO for political reasons as one would find in big companies that the person who plays politics is promoted over people who have experience or skill.

    Well, as it turns out, her "resume" prior to Equifax lists

    * Senior Director of Information Security, Audit and Compliance at HP
    * Senior Vice President and Chief Security Officer and First Data Corporation
    * Group Vice President Sun Trust Bank

    Sounds to me that she worked up the "vice-president" track (easy to do in a bank as everyone is a VP) and stumbled on to security from the audit/compliance side of the house. This is like a VP of engineering coming up from the marketing/product specification side of the house. All most of these folks know how to do is check the boxes... They might have learned some buzzwords along the way, but you would never trust them to actually *do* anything...