Posted on 09/16/2017 8:01:50 PM PDT by grundle
Following a security breach that exposed the credit information of 143 million people to hackers, it was revealed that Equifax Chief Information Security Officer Susan Mauldin was a music major in college.
Equifax, which is a credit reporting agency, hired Mauldin as their Chief Information Security Officer in 2013. Previously, Mauldin was the Senior Vice President and Chief Security Officer at First Data Corporation until 2013. Prior to that, she was also SunTrust Banks’ Group Vice President from 2007 to 2009.
How she got any of these positions, or the skillset required for them, is still an open question considering her educational background. According to her LinkedIn Mauldin did not have any technology or security credentials. Instead, she got a bachelor’s degree and a Master of Fine Art’s degree in music composition from the University of Georgia.
There’s been virtually no coverage of Mauldin’s credentials following the security breach but, as ZeroHedge has pointed out, Equifax scrubbed Mauldin’s LinkedIn and took down videos and podcasts with her. Since then, Mauldin has resigned from her position as Equifax’s CISO.
Could this all have been done in an attempt to hide that the individual that Equifax put in charge of protecting 143 million American’s credit information was an affirmative action hire meant to meet some quota?
That still remains to be seen, though we do know that Equifax, like most other major corporations, has diversity programs in place – indicating that their hiring process may also put a premium on women and racial minorities over white men. This is supported by the fact that the security breach and the handling of it since then both indicate that Susan Mauldin had no idea what she was doing.
As Lily Hay Newman at Wired and security journalist Brian Krebs have documented, Equifax committed an embarrassing series of mistakes that led to the security breach and then left multiple vulnerabilities in the following months.
The breach itself happened because Equifax was using an old web application that had not been updated – despite the fact that a security update that would have prevented the breach was made available two months prior to the incident. Following the breach, Equifax took six weeks to notify the public that it had occurred. Then, they set up a web portal for handling credit disputes with the username of “admin” and the password of… you guessed it, also “admin.”
But hey – diversity is our greatest strength, right?
We don’t even need visual confirmation
FReepmuch?
http://www.freerepublic.com/focus/f-news/3586205/posts
http://www.freerepublic.com/focus/f-news/3586398/posts
She probably broke in as a programmer or in some other sort of technical position. Most skilled musicians easily adapt to programming, and back in the 80s I hired quite a few programmers with a music background.
I wonder how much this stupid b***** made in salary and other compensation.
Come to think of it, Øbama was an affirmative action “hire”.
I should add that in a large company like this, the CSO flies at 50,000 feet. She is unlikely to be aware of the sloppy practices that go on at ground level, and frequently it is very difficult to get subordinates to admit that their departments have a lot of problems.
In a dotted line situation, every manager concentrates on pleasing his primary manager, who wants the work done as rapidly and cheaply as possible, and pays only lip service to corporate-wide programs like security.
So they say. I’m suspicious that a lot of these data breaches aren’t insider jobs. Cases where an employee acting as a foreign agent and getting paid well to do it.
The actual cause of the problem has been admitted. It was a J2EE Struts app that used a release of Struts that had a serious flaw.
I’m sure if you asked a high-level manager: “Do your systems use Struts?” he would have answered “I don’t know; what is Struts?” Thus these problems....
Maybe in the 80's; not anymore.
She was in IT where programming is not a necessity but keeping up with the threat and counter threat is a priority. Also a working knowledge of networking and protocols is a plus.
She should of had “secret” staff dedicated to breaching security unknown to the actual IT department staff.
Wow, really?
Could this all have been done in an attempt to hide that the individual that Equifax put in charge of protecting 143 million American’s credit information was an affirmative action hire meant to meet some quota?
That still remains to be seen...
Or not.
Why post this?
As it turned out, the problem was apparently caused by sloppy development and implementation practices. Good code management is what was needed, and this is a purely operational issue.
Be that as i may there is still plenty of room in there for an insider to have initiated or allowed this. Not saying it’s so, just say if any investigation goes on, they would be remiss to assume it wasn’t.
Sure forensics tells them how the data was accessed, but who allowed the fault to remain or become installed? Who was responsible to maintain it?. Who coded it?
No, there is not. A major Struts project involves many programmers, and at the time they downloaded the flawed version, nobody knew about the flaw. If the flaw had been known, the version would not have been on the Apache site for download.
Struts is an open-source framework coded by volunteers worldwide. A vulnerability like this is a serious blow against open-source software, and a great embarrassment to the Apache project.
I don’t know anything about her but this wasn’t her first IT security job. She is a long executive, hired to manage the group, not do the hands on work. Seems that the problem could have happened to any company and if we read the news and watch how many replacement credit cards we quietly get, it happens all the time. She is being unfairly pillared in my opinion. As others noted, we’ve all hired and worked with music majors in IT, not unusual and definitely doesn’t infer the are incompetent or anything. Nothing also suggests she’s an affirmative action hire. Overall, while I thoroughly hate Equifax, I think the comments are speculative at best, reflect bias of writers that assume a woman is incompetent, assume that on certain pedigrees can manage certain companies and dpartments, etc. Very short sighted. And very unfair to her.
Here's how and why she rose to "Britain's top police:"
Cressida Dick: A ProfileI wonder if we'll ever return to a time when police medals were awarded for courage in action against deadly criminals - rather than in "accelerated promotion" and "diversity?""...quickly moved up the ranks as a part of an accelerated promotion scheme"UK’s most senior police officer Cressida Dick is in same-sex relationship"...made a commander in charge of the force’s diversity directorate"
And, and why Open Source shouldn’t be used where security is required.
bookmark
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.
