Agreed, how they could allow anyone from the University of Georgia in the role of CIO is preposterous.
Posted on 09/16/2017 8:01:50 PM PDT by grundle
Following a security breach that exposed the credit information of 143 million people to hackers, it was revealed that Equifax Chief Information Security Officer Susan Mauldin was a music major in college.
Equifax, which is a credit reporting agency, hired Mauldin as their Chief Information Security Officer in 2013. Previously, Mauldin was the Senior Vice President and Chief Security Officer at First Data Corporation until 2013. Prior to that, she was also SunTrust Banks’ Group Vice President from 2007 to 2009.
How she got any of these positions, or the skillset required for them, is still an open question considering her educational background. According to her LinkedIn Mauldin did not have any technology or security credentials. Instead, she got a bachelor’s degree and a Master of Fine Art’s degree in music composition from the University of Georgia.
There’s been virtually no coverage of Mauldin’s credentials following the security breach but, as ZeroHedge has pointed out, Equifax scrubbed Mauldin’s LinkedIn and took down videos and podcasts with her. Since then, Mauldin has resigned from her position as Equifax’s CISO.
Could this all have been done in an attempt to hide that the individual that Equifax put in charge of protecting 143 million American’s credit information was an affirmative action hire meant to meet some quota?
That still remains to be seen, though we do know that Equifax, like most other major corporations, has diversity programs in place – indicating that their hiring process may also put a premium on women and racial minorities over white men. This is supported by the fact that the security breach and the handling of it since then both indicate that Susan Mauldin had no idea what she was doing.
As Lily Hay Newman at Wired and security journalist Brian Krebs have documented, Equifax committed an embarrassing series of mistakes that led to the security breach and then left multiple vulnerabilities in the following months.
The breach itself happened because Equifax was using an old web application that had not been updated – despite the fact that a security update that would have prevented the breach was made available two months prior to the incident. Following the breach, Equifax took six weeks to notify the public that it had occurred. Then, they set up a web portal for handling credit disputes with the username of “admin” and the password of… you guessed it, also “admin.”
But hey – diversity is our greatest strength, right?
Oh. everyone knows that proprietary software is 100% bullet proof. /sarcasm
My work place hired a Mexican supervisor I think for affirmative action reasons. Next thing I know we have the system down for 3 days because he wants to be the person to fix the problem and critical system instead of getting the right people to work on the problem.
I’m a programmer but I do a bit scripting on the system side of things so I check if our Apache web servers are patched up after I read about the details of the equafax hack. They haven’t been patched in over 9 months and are vulnerable. I alert him to this fact and he shrugs it off. He says they’ll patch the test servers next week sometime and then get around to doing the live ones eventually. I can even fathom how people deal with IT people who don’t take things seriously. But that’s what you get with affirmative action.
Pretty damn stupid if true.
She should have been in charge of the church choir and not responsible for the entire nations credit files.
Most people would take the opposite view. An open source framework like Struts is supposed to be written by highly experienced programmers, and thoroughly tested in thousands of applications. It handles the nuts and bolts so each application doesn’t have to re-create them individually. The code your mixed lot of programmers write is highly likely to have many more flaws than well-vetted open-source software.
The downside, of course, is that if open-source does turn out to have a serious flaw, hackers will try every web site on the web to see if it is vulnerable. They will get many hits.
If miss Dick is in a lesbian relationship, may we assume she plays the dominant role, given her name
Different article.
I remember reading that lots of early spammers were inside jobs (pre botnet days). Somebody would back a truck of a couple of servers up to a site, the inside guy would run some cables out to the truck, and up went the spam. Lots of people looking for ways to pick up a few bucks.
Agreed, how they could allow anyone from the University of Georgia in the role of CIO is preposterous.
“Agreed, how they could allow anyone from the University of Georgia in the role of CIO is preposterous. “
Several other blogs on Susan’s problem are saying she most likely got the job by hanging out at the local Jewish Community Center.
What’s your deal ?
She was a diversity hire (only one out of three points) and you’re good with that, right?
Are you her lover?
F Equifax and all their employees. And their guilty until proven innocent business policies. Glad to see this happen to them.
Nonsense!
Lesbian? Or Black?
content of character not the color of your skin, MLK, REPUBLICAN
This is known as black-box vulnerability assessment and is very common in many industries. I'm curious if Equifax was bound by PCI or regularly audited?
I work in financial services and we are audited by at least 3 different entities at least once per year by each, and for PCI, we are required to pass audit twice a year. If we don't pass audit, we lose a majority of our customer base. Not sure how Equifax got away with this.
I linked to a photo which did not display.
HadLater it properly displayed, you would probably have agreed with what I typed.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.