Slashdot Mirror

← Back to Stories (view on slashdot.org)

Equifax CEO Hired a Music Major as the Company's Chief Security Officer

Posted by msmash on from the caught-red-handed dept.

Susan Mauldin, the person in charge of the Equifax's data security, has a bachelor's degree and a master of fine arts degree in music composition from the University of Georgia, according to her LinkedIn profile. Mauldin's LinkedIn profile lists no education related to technology or security. If that wasn't enough, news outlet MarketWatch reported on Friday that Susan Mauldin's LinkedIn page was made private and her last name was replaced with "M", in a move that appears to keep her education background secret.

Earlier this month Equifax, which is one of the three major consumer credit reporting agencies, said that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver's license numbers. On Friday, the UK arm of the organisation said files containing information on "fewer than 400,000" UK consumers was accessed in the breach.

UPDATE (9/16/2017): CSO Susan Mauldin has abruptly 'retired' from Equifax.

18 of 430 comments (clear)

  1. Yes and no... by cdreimer · · Score: 5, Insightful

    Having a liberal arts degree doesn't disqualify you from working in IT. If you only have a liberal arts degree, no technical certifications and no previous IT experience for a high-level role as CSO, you must have really nice legs.

    1. Re:Yes and no... by UnknowingFool · · Score: 5, Insightful

      Yes nothing says she (or anyone with a liberal arts degree) can't be a good security officer. But it is suspicious that all of her background is now hidden. It might have been she was CSO for political reasons as one would find in big companies that the person who plays politics is promoted over people who have experience or skill.

      --
      Well, there's spam egg sausage and spam, that's not got much spam in it.
    2. Re:Yes and no... by Anonymous Coward · · Score: 5, Insightful

      I've worked with some brilliant software engineers and engineering managers at my current job, and here is a list of the non-IT degrees they have:
      B.S. in Political Science
      B.A. in Media Design
      B.A. in English

      These are guys that are designing and implementing financial software for a Fortune 500. Sometimes what your degree is in has the square root of jack shit to do with what you are currently doing, and how well you do it.

    3. Re:Yes and no... by pr0t0 · · Score: 5, Insightful

      Unless you are getting hired directly out of school for a tech job, whether or not you have a degree in tech means almost nothing. It's your experience that counts. If Mrs. Mauldin majored in music, graduated, found that was a dumb idea and worked her way up through the ranks over 20 years before landing the Chief Security role at Equifax, I have no problem with that.

      This woman may have to take the fall, but often, even senior security staff don't get to dictate everything you think they should. Cost considerations can override their wishes, inconvenience can override it. They can often set guidelines for IT staff that do not report to them and feel no obligation to do what they say.

      I wouldn't skewer this woman just yet.

      --
      I'm sorry, but your opinion seems to be wrong.
    4. Re: Yes and no... by Anonymous Coward · · Score: 2, Insightful

      That's the problem with Affirmative Action and Diversity hiring. You're affirming the suspicion that these people are not qualified by merit, and get jobs because of their sex or skin color.

      You can't even dispute it, because you don't actually know for sure, and it's not even unlikely.

    5. Re: Yes and no... by computational+super · · Score: 4, Insightful

      Well, that's some grade-A lack of reading comprehension you have going there. What OP said was that, if you have affirmative action hiring policies in place - hiring less qualified people to artificially inflate diversity on any metric - then EVERYBODY who fits that diversity metric carries the suspicion of being a "diversity" (i.e. otherwise unqualified) hire. Even if they actually weren't.

      --
      Proud neuron in the Slashdot hivemind since 2002.
    6. Re: Yes and no... by wizkid · · Score: 3, Insightful

      It depends on the kind of work.

      Does she have a CISSP, or similar.
      How many years in security?

      Or maybe the experience is in the office back room, or CEO's office with the doors closed.

      Either way, with Insider Trading allegations, info coming out 4 or months out, bonehead releases and f**ked up websites, poor patching policies, etc. He's going to have to kiss a lot of politicians butts to get out of this one.

      --
      I take no responsibility for what I say. Even though I'm never wrong :)
    7. Re:Yes and no... by Anonymous Coward · · Score: 2, Insightful

      Yes nothing says she (or anyone with a liberal arts degree) can't be a good security officer. But it is suspicious that all of her background is now hidden. It might have been she was CSO for political reasons as one would find in big companies that the person who plays politics is promoted over people who have experience or skill.

      Nah waht's suspicious is that it's now hidden badly.

      If she was able to hide her education history from the prying eyes of the Internet that's be a practical demonstration of her relevant skills. Failing to do so, not as much.

    8. Re:Yes and no... by computational+super · · Score: 5, Insightful

      There are no doctors without medical degrees. There are no lawyers without law degrees. Yet somehow, tech seems to be the one place where a degree is considered near irrelevant (in fact, according to Slashdot, having a degree in computer science may very well disqualify you from professional programming). The reason most often suggested for this difference is that technology isn't as important as medicine or law. Yet this line of thinking has apparently led to the collapse of the US consumer credit system.

      --
      Proud neuron in the Slashdot hivemind since 2002.
  2. Let's not be hypocritical by Anonymous Coward · · Score: 5, Insightful

    A good share of this site's users do very important technical work--quite competently--without the educational credentials.
    Let's judge people here by their actions, not their degrees.

    1. Re:Let's not be hypocritical by HornWumpus · · Score: 5, Insightful

      How quickly you forget.

      Why are they in the news again? Incompetent administration, unpatched systems, no emphasis on security?

      Her results are on the record.

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
  3. Yeah but by Anonymous Coward · · Score: 2, Insightful

    Isn't there anyone else in the organization that knows the vpn user/pw is admin/admin that can blow the whistle before hackers dump your sack?

    Organizationally it shows these companies have no blue teams looking for red teams. And they have your mortgage documents.

  4. Having a degree in a different field isn't wrong by Anonymous Coward · · Score: 5, Insightful

    I myself am a music major and have since gone on to be a highly certified security individual. What a person takes as their post-secondary degree when they are 18-24 and starting life doesn't imply they haven't SINCE developed a full suite of skills and certifications making them perfectly suited to the job.

  5. Musicians can make good computer scientists by Rujiel · · Score: 1, Insightful

    ... imo. Or at least, good programmers. There's a lot of metal overlap between the fields.

  6. Majors don't mean shit by Anonymous Coward · · Score: 2, Insightful

    You wanna bet the people that hacked Equifax didn't major in security too? Like she would have learned anything in college that would have prevented this. No, this mistake was made by someone much lower in the org than her and they probably had certs/degrees.

  7. So? Also better reasons for hiding profile by wonkey_monkey · · Score: 5, Insightful

    I've got grade 2 piano and no IT qualifications, and yet I'm working in IT instead of busking my way through chopsticks.

    If that wasn't enough, news outlet MarketWatch reported on Friday that Susan Mauldin's LinkedIn page was made private and her last name was replaced with "M", in a move that appears to keep her education background secret.

    I doubt it has anything to do with keeping her education background secret, and more to do with simply wanting to disappear until this particular shit storm blows over. Lot of (rightfully) angry people out there, some of whom might do (unrightfully) angry things.

    --
    systemd is Roko's Basilisk.
  8. Re:Found this interview by bluefoxlucid · · Score: 1, Insightful

    So, there are two ways you could interpret this.

    One is that she's got a competent and well-developed perspective on the security industry. She's put a lot of thought into many new and upcoming problems, has kept herself on the leading edge, and is well-appraised of many deep and complex topics in information security. On top of all that, she also has excellent taste in music.

    The other is that she's a woman and obviously doesn't know what any of those big words she's using actually mean.

    The major debate will be held on Reddit and will primarily feature these two points of view.

    --
    Support my political activism on Patreon.
  9. Keep it classy, /. by hrbrmstr · · Score: 4, Insightful

    IMO this post shld be taken down. It is not a technology discussion and it's definitely not "stuff that matters". I personally know liberal arts majors, one of whom has degrees in music and nothing else who are likely more experienced and qualified in security than 99% of the security folks on /. Good step onto the slippery slope of becoming yet-another-Reddit. But, if one needs clickbait for ad revenue, one will do just about anything.

    --
    Mind the gap...