Equifax CEO Hired a Music Major as the Company's Chief Security Officer

← Back to Stories (view on slashdot.org)

Equifax CEO Hired a Music Major as the Company's Chief Security Officer

Posted by msmash on Friday September 15, 2017 @07:25AM from the caught-red-handed dept.

Susan Mauldin, the person in charge of the Equifax's data security, has a bachelor's degree and a master of fine arts degree in music composition from the University of Georgia, according to her LinkedIn profile. Mauldin's LinkedIn profile lists no education related to technology or security. If that wasn't enough, news outlet MarketWatch reported on Friday that Susan Mauldin's LinkedIn page was made private and her last name was replaced with "M", in a move that appears to keep her education background secret.

Earlier this month Equifax, which is one of the three major consumer credit reporting agencies, said that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver's license numbers. On Friday, the UK arm of the organisation said files containing information on "fewer than 400,000" UK consumers was accessed in the breach.

UPDATE (9/16/2017): CSO Susan Mauldin has abruptly 'retired' from Equifax.

22 of 430 comments (clear)

Min score:

Reason:

Sort:

Yes and no... by cdreimer · 2017-09-15 07:30 · Score: 5, Insightful

Having a liberal arts degree doesn't disqualify you from working in IT. If you only have a liberal arts degree, no technical certifications and no previous IT experience for a high-level role as CSO, you must have really nice legs.
1. Re:Yes and no... by UnknowingFool · 2017-09-15 07:34 · Score: 5, Insightful
  
  Yes nothing says she (or anyone with a liberal arts degree) can't be a good security officer. But it is suspicious that all of her background is now hidden. It might have been she was CSO for political reasons as one would find in big companies that the person who plays politics is promoted over people who have experience or skill.
  
  --
  Well, there's spam egg sausage and spam, that's not got much spam in it.
2. Re:Yes and no... by Anonymous Coward · 2017-09-15 07:40 · Score: 5, Insightful
  
  I've worked with some brilliant software engineers and engineering managers at my current job, and here is a list of the non-IT degrees they have:
  B.S. in Political Science
  B.A. in Media Design
  B.A. in English
  These are guys that are designing and implementing financial software for a Fortune 500. Sometimes what your degree is in has the square root of jack shit to do with what you are currently doing, and how well you do it.
3. Re:Yes and no... by Anonymous Coward · 2017-09-15 07:45 · Score: 5, Informative
  
  She was previously Senior Vice President and Chief Security Officer at First Data Corporation for four years
4. Re:Yes and no... by pr0t0 · 2017-09-15 07:47 · Score: 5, Insightful
  
  Unless you are getting hired directly out of school for a tech job, whether or not you have a degree in tech means almost nothing. It's your experience that counts. If Mrs. Mauldin majored in music, graduated, found that was a dumb idea and worked her way up through the ranks over 20 years before landing the Chief Security role at Equifax, I have no problem with that.
  This woman may have to take the fall, but often, even senior security staff don't get to dictate everything you think they should. Cost considerations can override their wishes, inconvenience can override it. They can often set guidelines for IT staff that do not report to them and feel no obligation to do what they say.
  I wouldn't skewer this woman just yet.
  
  --
  I'm sorry, but your opinion seems to be wrong.
5. Re: Yes and no... by computational+super · 2017-09-15 08:13 · Score: 4, Insightful
  
  Well, that's some grade-A lack of reading comprehension you have going there. What OP said was that, if you have affirmative action hiring policies in place - hiring less qualified people to artificially inflate diversity on any metric - then EVERYBODY who fits that diversity metric carries the suspicion of being a "diversity" (i.e. otherwise unqualified) hire. Even if they actually weren't.
  
  --
  Proud neuron in the Slashdot hivemind since 2002.
6. Re: Yes and no... by Penguinisto · 2017-09-15 08:33 · Score: 5, Funny
  
  Either way, she's in real deep Treble right about now...
  (...I kid! I kid!)
  
  --
  Quo usque tandem abutere, Nimbus, patientia nostra?
7. Re:Yes and no... by HornWumpus · 2017-09-15 08:45 · Score: 4, Informative
  
  Devs don't patch live systems at a company that size. Devs shouldn't touch live systems at a company that size.
  
  --
  John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
8. Re: Yes and no... by Hognoxious · 2017-09-15 08:47 · Score: 5, Funny
  
  That was very clefer.
  
  --
  Confucius say, "Find worm in apple - bad. Find half a worm - worse."
9. Re:Yes and no... by thomn8r · 2017-09-15 09:26 · Score: 4, Funny
  
  but thought she was the cat's meow when it came to managing high-tech companies
  To be fair, slaying 30,000 serfs is pretty much the same in the 2000's as it was in the 1400's
10. Re:Yes and no... by computational+super · 2017-09-15 09:28 · Score: 5, Insightful
  
  There are no doctors without medical degrees. There are no lawyers without law degrees. Yet somehow, tech seems to be the one place where a degree is considered near irrelevant (in fact, according to Slashdot, having a degree in computer science may very well disqualify you from professional programming). The reason most often suggested for this difference is that technology isn't as important as medicine or law. Yet this line of thinking has apparently led to the collapse of the US consumer credit system.
  
  --
  Proud neuron in the Slashdot hivemind since 2002.
11. Re: Yes and no... by rholtzjr · 2017-09-15 09:39 · Score: 4, Funny
  
  She fell sharply flat with her security approach. Anymore to keep it going?
12. Re:Yes and no... by swillden · 2017-09-15 10:49 · Score: 4, Informative
  
  Next target hackers! We now know the former CSO wasn't the sharpest tool in the box. Rot is almost certainly there too.
  Hackers don't need some additional notice or incentive to go after First Data. First Data is one of the biggest, tastiest and most potentially lucrative targets in the world. But you haven't heard that, because they do a very good job on security.
  I worked several security projects at First Data when I was doing security consulting, and I was consistently impressed with quality of their people, systems and processes. I was also a little appalled at how many eggs are in the First Data basket. They issue and manage a large majority of the credit and debit cards in the United States. You almost certainly have a card they issued in your wallet, and they also generate your statements, process your payments and potentially even operate your bank's web site.
  The largest project I worked for First Data was directly supervised by the NSA (in their role of protecting the nation's data infrastructure, not their role of spying on everyone -- two very different organizations within the NSA) because the security of First Data systems is essential to national security. They're that big and that important to the country's credit and banking infrastructure. More important than Equifax, I'd say.
  The fact that she was CSO for First Data changes my perception of the headline considerably. I can't see First Data hiring someone unqualified for a role like CSO. Security is way, way too important there, and they have a lot of people who know how to do security.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
13. Re:Yes and no... by slew · 2017-09-15 11:52 · Score: 5, Informative
  
  Yes nothing says she (or anyone with a liberal arts degree) can't be a good security officer. But it is suspicious that all of her background is now hidden. It might have been she was CSO for political reasons as one would find in big companies that the person who plays politics is promoted over people who have experience or skill.
  Well, as it turns out, her "resume" prior to Equifax lists
  * Senior Director of Information Security, Audit and Compliance at HP
  * Senior Vice President and Chief Security Officer and First Data Corporation
  * Group Vice President Sun Trust Bank
  Sounds to me that she worked up the "vice-president" track (easy to do in a bank as everyone is a VP) and stumbled on to security from the audit/compliance side of the house. This is like a VP of engineering coming up from the marketing/product specification side of the house. All most of these folks know how to do is check the boxes... They might have learned some buzzwords along the way, but you would never trust them to actually *do* anything...
14. Re: Yes and no... by Jon+Abbott · 2017-09-15 17:14 · Score: 4, Funny
  
  I don't want to string anyone along here, but let's not harp on her minor credentials. While they struck a chord in some people, joining the chorus of citizens at fever pitch won't fix Equifax's systems that are baroque and in need of fiddling on a scale we haven't seen B4. It's important to note that the movement of filing key lawsuits will work in unison and reach a crescendo at some point. The drum beat of progress will necessitate major reforms that will even the score and serve as the prelude for improved security. The measure of any company in a situation like this is whether they change their tune and raise the bar, or have their finale.
  
  --
  Slashdot's first reaction to VMware
Let's not be hypocritical by Anonymous Coward · 2017-09-15 07:31 · Score: 5, Insightful

A good share of this site's users do very important technical work--quite competently--without the educational credentials.
Let's judge people here by their actions, not their degrees.
1. Re:Let's not be hypocritical by HornWumpus · 2017-09-15 07:36 · Score: 5, Insightful
  
  How quickly you forget.
  Why are they in the news again? Incompetent administration, unpatched systems, no emphasis on security?
  Her results are on the record.
  
  --
  John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
Having a degree in a different field isn't wrong by Anonymous Coward · 2017-09-15 07:33 · Score: 5, Insightful

I myself am a music major and have since gone on to be a highly certified security individual. What a person takes as their post-secondary degree when they are 18-24 and starting life doesn't imply they haven't SINCE developed a full suite of skills and certifications making them perfectly suited to the job.
I suppose but by burtosis · 2017-09-15 07:36 · Score: 4, Funny

Wouldn't you want someone who isn't an expert at singing when it comes time to testify?
Found this interview by Dan667 · 2017-09-15 07:44 · Score: 4, Informative

They took it down, but of course the Wayback machine has it. https://web.archive.org/web/20...
So? Also better reasons for hiding profile by wonkey_monkey · 2017-09-15 07:47 · Score: 5, Insightful

I've got grade 2 piano and no IT qualifications, and yet I'm working in IT instead of busking my way through chopsticks.

If that wasn't enough, news outlet MarketWatch reported on Friday that Susan Mauldin's LinkedIn page was made private and her last name was replaced with "M", in a move that appears to keep her education background secret.
I doubt it has anything to do with keeping her education background secret, and more to do with simply wanting to disappear until this particular shit storm blows over. Lot of (rightfully) angry people out there, some of whom might do (unrightfully) angry things.

--
systemd is Roko's Basilisk.
Keep it classy, /. by hrbrmstr · 2017-09-15 08:07 · Score: 4, Insightful

IMO this post shld be taken down. It is not a technology discussion and it's definitely not "stuff that matters". I personally know liberal arts majors, one of whom has degrees in music and nothing else who are likely more experienced and qualified in security than 99% of the security folks on /. Good step onto the slippery slope of becoming yet-another-Reddit. But, if one needs clickbait for ad revenue, one will do just about anything.

--
Mind the gap...