Susan Mauldin
Posted on 09/16/2017 1:16:19 PM PDT by MarvinStinson
Susan Mauldin, whose identity is being scrubbed from the internet, studied music composition
When Congress hauls in Equifax CEO Richard Smith to grill him, it can start by asking why he put someone with degrees in music in charge of the company’s data security.
They might also ask him if anyone at the company has been involved in efforts to cover up Susan Mauldin’s lack of educational qualifications since the data breach became public.
And late Friday Equifax said both Mauldin and the company’s chief information officer have retired effective immediately.
Susan Mauldin’s LinkedIn page was made private and her last name replaced with “M.”
Equifax “Chief Security Officer” Susan Mauldin has a bachelor’s degree and a master of fine arts degree in music composition from the University of Georgia. Her LinkedIn professional profile lists no education related to technology or security.
This is the person who was in charge of keeping your personal and financial data safe — and whose apparent failings have put 143 million of us at risk from identity theft and fraud. It was revealed this week that the massive data breach came due to a software vulnerability that was known about, and should have been patched, months earlier.
Two videos of interviews with Mauldin have been removed from YouTube. A podcast of an interview has also been taken down.
A transcript of one interview has survived
In an interview I found, Mauldin said that in recruiting, “[w]e’re looking for good analysts, whether it’s a data scientist, security analyst, network analyst, IT analyst, or even someone with an auditing degree. ... Security can be learned.”
But she also said she focuses college recruitment, understandably, on “universities that have programs in security, cyber security, or IT programs with security specialties.” She did not mention music composition.
(Excerpt) Read more at marketwatch.com ...
I like that!
143,000,000
How many of those poor souls have dependents, who will suffer from this horrible incident?
“I did not give Equifux permission to create a file on me, indexed on my SSN, with financial information, addresses, and names of my cats.
I did not give Experian and Transunion permission either.
I did not give the government permission to look into the file any time it wants to.”
Let’s abolish these companies and require businesses to do their own credit checks...you know, like in the old days.
I was typing an entire response to you and some how fat fingered it into the bit bucket, so I’ll summarize my response real quickly. They SANS stuff is fine for people who have a significant background before they even enter the class room or pick up a book. I find that most people in the “security field” lack the necessary background like our music major in this article.
Most managers are totally unaware of any technical information and therefore are not capable of even knowing whether a job applicant is qualified or not.
Essentially Certificates are proof of an individuals attempts to keep up with the field. A person would need a lot of certificates after thousands of dollars to prove sufficiently to me that they have the knowledge I acquired in 33 years of On the Job Training and 6 years of education at the BS and MS levels in CS. I had some responsibilities with regards to security and it was difficult to sleep at night with the level of knowledge I have.
Uncle Sam paid for many hours of my “ethical hacker” training and hence I knew that security was always behind the curve and always playing catch up.
Read my tagline.
Imagine an OS call with an undocumented flag that’s not in a header that executes (e_uid = 0) instead of (e_uid == 0).
That’s a single character difference that would be easy to slip into a device driver in a Git repository on an Open Source project somewhere unnoticed. It might even make it into production.
I retired! I sleep much better now. I would not want another security job for all the tea in china! A whole stack of certificates obtained in intense two week classes doesn’t in-still great confidence in me either. I retired because of crap like that for which I had no control and my supervisors had no clue. I’m not even suppose to talk about what I worked on. It scared the shit out of me.
It’s Scary stuff when one mistake can severely impact the lives of millions! It’s a young man’s game and he better be diligent and brilliant. I’m done with it. Thank god. Probably took 10 years off my life.
Susan Mauldin
In the middle ages, music was taught as a means of learning mathematics, because among other reasons of the computations necessary to study ancient Greek modes. One of the worst things to happen to music, tonally speaking, was Pythagoras' presumption that musical intervals were to be multiples of 3/2, rather than the mathematically complex but tonally pure intervals based on higher numbers, such as the 5/4 "major third" and 6/5 "minor third", not to mention the "blues third," 11/9, about halfway between. When syllables (ut, re, mi...) and later letters (A, B, C...) were substituted for numbers and intervals, music performance stopped being mathematical, but serious music composers and musicologists always know that math is the numerical expression of music, and music the aural expression of math.
I used to try composing coral music, but the water makes the music inaudible.
Also, when I lead a choir I do it with one hand, so that I can be a semiconductor.
But seriously...me too, and the few times I have succeeded brings me goosebumps when I hear it, not because it is my music, but because its beauty is in itself, in spite of me.
The hallmark of classical Indian music is its melodic complexity, and to a lesser extent with Persian/Arab music, but the hallmark of Euro-American classical music is its harmonic complexity--and the bane of popular music is that it is practically all based on the same four chords, in the same chordal progression.
My father was a music major in college, receiving BA & MA in music, then got his teaching credentials to be a music teacher in primary & secondary schools. He also worked nights and weekends as a professional musician.
Technology always interested him, and when the TRS-80 was first released, he rushed out and baught one, teaching himself to program in basic.
The following year, the school district cut music teachers, but began hiring computer teachers, so he transferred and became a computer teacher in the district. While he continued to learn basic, the concept of databases fascinated him, and he began teaching himself dBaseIII, and eventually FoxBase. Several years later, the district again began getting rid of teachers, but needed a district database programmer, and he got that job. In addition to working for the school district, programming in FoxPro and VisualFox, he began picking up part time contract work, and after he retired from the school district, was hired on full time at J.P. Morgan on Wall Street as a programmer.
Your daughter is right, many people who are talented in music also do very well in IT.
Mark
I’ll bet HE could do the job! :-)
There is a story, which may or may not have happened, where Albert Einstein was playing violin with a world renowned violinist, and when Einstein flubbed a line, the violinist asked, "can't you count to 4?"
Mark
That’s an amazing story about your Dad——he sounds like a VERY smart man.
I knew of an insurance underwriter who had been a music major.
Well that wasn’t the case here with this woman
Mutable variables by default and the assignment operator I increasingly see as super dangerous. That’s par for the course with most languages. With so many languages some of the more insecure and crappy are also the most popular. It’s really sad and pathetic. I’m hoping this rust languages become popular but it’s compiler too strict for most agile types shops.
“I am not bothered by the fact that she is an art major”
What bothers me, a Music major, is that Music is considered one of the Arts. To me, arts generally are free-form airy-fairy types of endeavors. True music is highly structured and disciplined. If someone wants to call jazz “music”, then I guess that could be considered an art. (I consider it the Tourette’s Syndrome of music.)
I believe that learning Music Theory starting at around four years old made it possible for me to comprehend many different concepts throughout my life more easily than I could have without it. In my career I often was called upon to manage projects that people with degrees in the respective fields couldn’t do; and I had no degree. There’s a good chance this hire will do a kick-ass job in this position. And maybe she won’t. I’m just saying it’s possible.
It is true that checking if the effective process user ID is equal to zero is not the same as assigning zero to the effective process user ID. The end result could be that the effective process user ID becomes zero or the ‘root’ ‘superuser’ process ID, and the process is granted superuser authority on the system.
If the check is performed as the result of a control operation accessed by a constant value that does not have a macro value definition in a header file, then it would be fairly apparent to a code review that the problem (essentially, a trapdoor, if i understand the description correctly) was deliberately inserted into the kernel source code by someone.
ISO 9000 procedures are intended to avoid this type of problem, but since the procedures are performed by humans and nobody’s perfect, mistakes can creep in to a software product.
Alas, the standard metric is not how secure one’s code is but how many lines one can code per week and how little is required to pay one for it according to age, demographics, nationality, and visa status. Woops, my computer needs a reboot for important upgrades. :-)
hmm, what sometimes bothers me is a music major who insists that he cannot play a musical instrument without a piece of sheet music on a music stand in front of him.
“what sometimes bothers me is a music major who insists that he cannot play a musical instrument without a piece of sheet music on a music stand in front of him.”
Definitely! Or the reverse. Our church hired a new music director. Someone requested that we sing a hymn in the hymnal and the director nixed that idea because he didn’t “know the song”. A director doesn’t need to “know the song” if he can read music.
Thank you, he was. He passed away about 11 years ago. I inherited his stubbornness and hard-hardheadedness, in those ways we were quite alike.
He once suggested that we start a computer business together (while I was once a programmer, I prefer hardware, OS work, and networking,) my step-mother chimed in that she would need to be hired as well. My father would do the software, I'd do the hardware, and she'd be the referee!
Mark
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.