{"id":4909,"date":"2017-09-18T12:36:23","date_gmt":"2017-09-18T16:36:23","guid":{"rendered":"https:\/\/www.thesslstore.com\/blog\/?p=4909"},"modified":"2017-09-19T05:04:11","modified_gmt":"2017-09-19T09:04:11","slug":"equifaxs-cso-music-major-college","status":"publish","type":"post","link":"https:\/\/www.thesslstore.com\/blog\/equifaxs-cso-music-major-college\/","title":{"rendered":"Equifax\u2019s CSO Was a Music Major in College\u2013 So What?"},"content":{"rendered":"<h2>Let\u2019s be careful with our critiques of Susan Mauldin&#8217;s educational background before we set a dangerous precedent.<\/h2>\n<p>On Friday I came across an article that was as sensational as it was troubling: <a href=\"http:\/\/www.marketwatch.com\/story\/equifax-ceo-hired-a-music-major-as-the-companys-chief-security-officer-2017-09-15\" rel=\"nofollow\">MarketWatch was reporting that Equifax\u2019s Chief Security Officer was a music major in college<\/a>. Since then, the story has spread like wildfire.<\/p>\n<p>Yes, on its face, it looks incredible when it\u2019s discovered that the person presiding over the cyber defenses of a company that just suffered a massive breach was studying music back in college\u2014and you know, not computers or information technology or some related field.<\/p>\n<p>And while I\u2019ll be the first to admit that music is not the ideal background for a candidate of this scope, I think it\u2019s worth taking a moment to pause and reflect on why framing a discussion this way is unproductive and possibly even dangerous: while having an educational background in an IT-related field is certainly a great foundation, disqualifying anyone without the right degree is an extremely harmful precedent to set.<span id=\"newline\"><\/span><\/p>\n<h2>First, let me concede a few points<\/h2>\n<p>As with any thought piece, I think it\u2019s important to begin with a few concessions. First of all, I don\u2019t know Susan Mauldin. I don\u2019t know her level of competence. But, I can concede that on its face, given Equifax\u2019s recent breach and <a href=\"https:\/\/www.thesslstore.com\/blog\/cyber-security-news-roundup-keeps-getting-worse-equifax\/\">some of the other unflattering news that\u2019s come from the company since<\/a>, you can certainly argue that things didn\u2019t go well.<\/p>\n<p>And if MarketWatch\u2019s report is true, and Equifax immediately began scrubbing the internet of any record of her as soon as she took her breach-imposed retirement, then that raises some very troubling questions in and of itself.<\/p>\n<p>But frankly, for the sake of this conversation, we\u2019re talking less about Mauldin on a specific level and more about what Mauldin represents: a member of the cyber security community that doesn\u2019t come from a traditional background.<\/p>\n<h2>Let\u2019s talk about Education<\/h2>\n<p>It\u2019s easy to look at what happened, look at Ms. Mauldin and connect the dots that someone unqualified caused all of this to happen. That\u2019s a gross oversimplification. Equifax is massive, with a digital infrastructure that spans the entire world. The CSO isn\u2019t the one updating Apache or making decisions on passwords for Argentinian databases. For something like that the company would create policies and then delegate those tasks.<\/p>\n<p>It\u2019s very easy to make the case that Ms. Mauldin\u2019s department was poorly managed. All indications would seem to point to that. But calling into question her competence on the basis of her education is myopic.<\/p>\n<p>For starters, it\u2019s insulting to anyone that has made it in this field with a non-traditional background. And there\u2019s quite a few more of those people than you might realize. As Ms. Mauldin once said in a (curiously) now-deleted interview, \u201cyou can learn security.\u201d<\/p>\n<p>And that\u2019s true.<\/p>\n<p>Pretending otherwise, as if you can\u2019t enter the industry without the correct degree, is both unproductive and downright damaging to the prospect of acquiring and growing new talent. Especially when this industry operates in the shadows of great thinkers like Bill Gates, Paul Allen and Steve Jobs\u2014none of whom even graduated from college.<\/p>\n<p>Beyond that trio, there\u2019s countless examples of CSOs without computer-related educational backgrounds. Bob Lord, of Yahoo, studied political science. Tisha Merly, CSO of the FBI, studied international affairs. Michael Cava of Amazon studied police science and administration. Plenty of talented people studied other things in college and perform admirably in their roles as CSOs and CISOs.<\/p>\n<h2>The Right Degree Helps, But Not Having it Isn\u2019t Disqualifying<\/h2>\n<p>And that brings us to my next point: this is still a fairly young field, all things considered.<\/p>\n<p>Colleges and universities have programs that cover computer science and IT and cyber security nowadays, but they\u2019re relatively new and have only recently been built out. I graduated from Florida State University (a school that is comparable in every way to Mauldin\u2019s University of Georgia) in 2008, and at that point \u2013 less than a decade ago \u2013 FSU\u2019s computer sciences programs were still fledgling.<\/p>\n<p>Now, it\u2019s untoward to speculate on someone\u2019s age, but based on photographs and her work experience, you can probably ballpark Ms. Mauldin as being somewhere in her late 40\u2019s or early 50\u2019s. That would put her in college sometime in the 1990\u2019s at the earliest. This was not a time when computer science was seen like it is today. There were not a ton of programs \u2013 especially highly refined ones \u2013 at her disposal.<\/p>\n<p>Beyond that, even if there were programs readily available, how relevant would that information be today? Ms. Mauldin would have needed to continue her education as a professional, regardless of her college background, to be where she is today. And given that she had worked at other reputable companies like First Data, SunTrust Banks and Hewlett Packard before stepping into her role as Equifax CSO in 2013, it would seem like her professional resume was at least passable.<\/p>\n<p>It\u2019s not like Equifax plucked her out of a concert hall and told her to run its cyber security operations. And if it did\u2014that\u2019s on Equifax, not Mauldin.<\/p>\n<p>I\u2019m not trying to litigate Equifax\u2019s staffing decisions, frankly, that\u2019s its own unique discussion. I\u2019m not even trying to defend Susan Mauldin, the person. <strong>The point I\u2019m making is that we set a very dangerous precedent when we start disqualifying people based on their college major.<\/strong> It undercuts the value of professional experience and it eliminates a pool of talented candidates.<\/p>\n<p>Granted, a strong educational background definitely supports a candidate\u2019s case. Nobody\u2019s arguing that studying computers and IT in college doesn\u2019t make you a more well-equipped candidate for this kind of position. I\u2019m just saying that not having studied computers in college shouldn\u2019t be a disqualifying factor, either.<\/p>\n<p>You can learn cyber security. Even if that\u2019s not what you knew you wanted to do at 20 years old.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Let\u2019s be careful with our critiques of Susan Mauldin&#8217;s educational background before we set a dangerous precedent. On Friday I came across an article that was as sensational as it&#8230;<\/p>\n","protected":false},"author":6,"featured_media":4911,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[16],"tags":[175,4092],"class_list":["post-4909","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hashing-out-cyber-security","tag-cybersecurity","tag-equifax","post-with-tags"],"views":10220,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2017\/09\/iStock-115869634.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/4909","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=4909"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/4909\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/4911"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=4909"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=4909"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=4909"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}