Posted on 09/16/2017 1:16:19 PM PDT by MarvinStinson
Susan Mauldin, whose identity is being scrubbed from the internet, studied music composition
When Congress hauls in Equifax CEO Richard Smith to grill him, it can start by asking why he put someone with degrees in music in charge of the companys data security.
They might also ask him if anyone at the company has been involved in efforts to cover up Susan Mauldins lack of educational qualifications since the data breach became public.
And late Friday Equifax said both Mauldin and the companys chief information officer have retired effective immediately.
Susan Mauldins LinkedIn page was made private and her last name replaced with M.
Equifax Chief Security Officer Susan Mauldin has a bachelors degree and a master of fine arts degree in music composition from the University of Georgia. Her LinkedIn professional profile lists no education related to technology or security.
This is the person who was in charge of keeping your personal and financial data safe and whose apparent failings have put 143 million of us at risk from identity theft and fraud. It was revealed this week that the massive data breach came due to a software vulnerability that was known about, and should have been patched, months earlier.
Two videos of interviews with Mauldin have been removed from YouTube. A podcast of an interview has also been taken down.
A transcript of one interview has survived
In an interview I found, Mauldin said that in recruiting, [w]ere looking for good analysts, whether its a data scientist, security analyst, network analyst, IT analyst, or even someone with an auditing degree. ... Security can be learned.
But she also said she focuses college recruitment, understandably, on universities that have programs in security, cyber security, or IT programs with security specialties. She did not mention music composition.
(Excerpt) Read more at marketwatch.com ...
A self-referential example of poor security.
From the interesting article you linked...
‘Following the breach, Equifax took six weeks to notify the public that it had occurred. Then, they set up a web portal for handling credit disputes with the username of admin and the password of you guessed it, also admin.’
Classic. Just classic.
Myself and lots of others are saying the same thing happens when we go to the Equifax page to see if we are part of those whose info was hacked. We get a message saying we “may” have had our info hacked. Then when we go farther were asked for our SS #. You’d think Equifax would have my SS$. Something ain’t right.
Everyone is looking for someone to hang. The ones who should be hung are the members of congress since social security started in 1935. They have allowed the SSN to become the universal citizen identifier, used everywhere for everything. On my card, which I still have, it says “Not for Identification.”
I did not give Equifux permission to create a file on me, indexed on my SSN, with financial information, addresses, and names of my cats.
I did not give Experian and Transunion permission either.
I did not give the government permission to look into the file any time it wants to.
THAT is the problem.
I work in very high tech electronics and probably the very best electronics engineer I ever worked with was a literature major. Nobody even wanted to hire him because he wasn’t an engineer but he had bowled over the interview team and they fought for him. Turned out to be the right call, this guy could go into a lab and overnight fix a problem that teams of well-degreed engineers had been trying to figure out for weeks. He was a savant.
True. Some people just have an almost Rain-main like ability to see patterns or know where the problem is. Rare birds.
I worked in the IT field for 33 years. In the past decade or so certificates have taken the place of an education and experience. Most certificates are based on a short instructional period of cramming for an exam. The person is usually no more qualified in computer security ( or fill in the blank ) 2 weeks after the exam than they were 2 weeks before the class. Managers love it because they can check a box and hire a kid or a foreign worker with no experience and pay next to nothing. The company is happy because technically they are not libel if they followed the NIST procedures and protocols even though few people really understand what they are looking for / doing from the top down.
Most security related degrees and certificates are a joke. The person has learned to run network scans for open ports, write reports every other year to be in compliance with some ridiculous NIST standard written by a person at NIST who has even less practical experience, and they’ve learned to compare software and hardware release/version number list for known bugs.
Few companies have a staff of people who are actively working with and running proactive intrusion protection/detection software manned by human beings.
When someone like John Podesta, at the white house, can have a password of password1 and not have it detected within minutes of trying to set it automatically and not have that password rejected and then be scheduled for a remedial education class almost immediately you know your in deep doo-doo,
She's not alone in this respect, but most CISO's take no responsibility for their position. She will say, "I followed company policy." I bet she was making hundreds of thousands at this job as well.
time for a class action lawsuit.
or not?
Yes, had this discussion in earlier thread. Her degree is irrelevant. Besides, she was hired to manage, not do the hands on work, which she may be very capable of doing, we just don’t know.
Given the nature of the Equifax problem with a flawed version of Struts, what they really needed is proper controls limiting how open source software is used.
I’ll bet they didn’t have any controls. Programmers probably downloaded whatever open source libs they wanted, and put them into the applications with no supervision and no record of what they did. That is typical of poorly run shops.
I do not see an education in music composition as disqualifying, per se. I would be more curious about her background and work experience. If she's old enough to retire, when she started her career there were very few, if any, computer science majors offered, and probably no IT security majors.
I have my Bachelor's degree in musicology. Although I went back to school and got Master's degrees in Information Techology and Business Administration (as well as certificates in programming and database administration), I went into the software engineering field because, at the time, I was told that musicians use the same part of the brain as computer programmers, and that I'd be successful in either field. Been at it now for 30 years and haven't looked back.
I'm still grateful for my BA. I can still pick apart a Bach prelude and fugue, and enjoy it at the same time... :-)
143,000,000
I though HR was where they did the affirmative action hires. That’s where they have been in all of the companies I’ve worked at.
My best friend has her university degree in music.
She foolishly did not go into the cyber-security field.
Proving women can do things better than men. All the time.
Screwing up multiple things at once is not multitasking.
I went into music study at 44, after I got laid off in my chosen industry. I was a math & science nerd in my youth.
With very little knowledge or understanding (I did not know what a chord was), I achieved the highest average (about 99%) in my first year of theory; I was later asked to tutor music students. My (much younger) peers included some accomplished musicians from a young age who had been home schooled and who also excelled.
One of my avocations now is composing choral music. I also occasionally perform as a chorister. (I performed in Star Wars in Concert, and The Lord of the Rings in concert. Both were major productions, and enormous pleasures.)
Music is a mathematical language that happens to sound good.
What is your opinion of certificates from GIAC/SANS? They seem to be more substantial.
OMG!! OMG!!! How STUPID is this!!! A MUSIC MAJOR in charge of SECURITY!!!! SUE THEURE ASSES OFF!!!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.