Slashdot Mirror
Equifax CEO Hired a Music Major as the Company's Chief Security Officer
Susan Mauldin, the person in charge of the Equifax's data security, has a bachelor's degree and a master of fine arts degree in music composition from the University of Georgia, according to her LinkedIn profile. Mauldin's LinkedIn profile lists no education related to technology or security. If that wasn't enough, news outlet MarketWatch reported on Friday that Susan Mauldin's LinkedIn page was made private and her last name was replaced with "M", in a move that appears to keep her education background secret.
Earlier this month Equifax, which is one of the three major consumer credit reporting agencies, said that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver's license numbers. On Friday, the UK arm of the organisation said files containing information on "fewer than 400,000" UK consumers was accessed in the breach.
UPDATE (9/16/2017): CSO Susan Mauldin has abruptly 'retired' from Equifax.
Earlier this month Equifax, which is one of the three major consumer credit reporting agencies, said that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver's license numbers. On Friday, the UK arm of the organisation said files containing information on "fewer than 400,000" UK consumers was accessed in the breach.
UPDATE (9/16/2017): CSO Susan Mauldin has abruptly 'retired' from Equifax.
but what in her profile would suggest that she would be even remotely qualified to have an entry level IT position? she's barely qualified to to pour coffee.
equifax fucked up. the pitchforks are totally justified.
No amount of nice legs would get you CSO of a security centered firm with no experience and an unrelated degree. The ruling class take care of their own. Always have. I sure wish the working class did the same...
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
It seems she's not a complete novice, she's uses some of the right words and is familiar with the idea of tokenization for securing PII in "the cloud" (which is f*cking stupid idea that adds complexity and increases the attack surface but all the rage with a lot of the security groups I've worked with). This statement also stood out for me "In today's environment, fully funded, well staffed adversaries can pretty much get to any asset that they decide to target." Oddly enough, I usually consider an attitude like that a sign of security staff who know what they're talking about. I've dealt with too many admins and CISO who think they are god's gift to security and no one can penetrate their environment. Generally their wrong... often in spectacular fashion (I was working with such a team this week that was insisting an XSS vulnerability in their custom IDP solution caused by a failure to sanitize inputs was really because it was being "called wrong"... and they just continued to double down when anyone tried to argue their logic... bad guys always follow the rules ya know).