While it's easy to jump on the Equifax Sucks Bandwagon (they do), I find it hard to believe that the degree earned has anything to do with this breach.<p>Are you absolutely certain that if their Chief Security Officer had a degree in CS that things would have been different?<p>Attacking someone a personal level like this is tempting in a case this serious, but it's in poor taste and will yield exactly 0 results. The data can't be un-breached, and placing blame in hindsight is unhelpful and will only escalate to more personal attacks.<p>Let's not pour oil on the 'Stem degrees are the only good degrees' echo chamber fire.
If I hadn't quit college to continue my tech career, I would have ended up with a degree in Sociology.<p>Would having a non-Tech degree make me <i>less</i> qualified than someone who has <i>no</i> degree? Of course not. It proves I can do the drudge work necessary to earn a degree, without which I must fall back on testimonials.<p>They have an <i>MFA</i>. That's a hell of a lot of hard work. Proves they are capable of doing hard work.<p>I don't see what the problem is here.<p>EDIT: Received a BA, magna cum laude, and MFA, summa cum laude. That's impressive regardless of the field. That's "succeed at all costs".<p>EDIT: Changed BS to degree in the first paragraph because I have no clue wtf makes something BA or BS. It's an arbitrary division that's used primarily as a weapon to disrespect women and is not a valid distinction of "intelligence" or "science-capable" or "technical-capable" in the modern era in any way whatsoever.
This is unduly personal and therefore beneath the standard this community ought to keep. Not cool.<p><a href="https://news.ycombinator.com/newsguidelines.html" rel="nofollow">https://news.ycombinator.com/newsguidelines.html</a>
One of the best developers and architects I've ever known has a Ph.D. in Music Composition. Never took a formal CS course in his life - yet he was one of the best. I suggest not being too quick to judge people by their degrees.
So from a CSO perspective, it isn't useful information what degree the CSO had. Keep in mind the level of experience that she had in the position. Not zero.<p>More relevant to the situation is the overall technical competence of the organization. For a perspective, watch Alex Stamos' talk "Appsec is eating security" <a href="https://www.youtube.com/watch?v=2OTRU--HtLM&t=7s" rel="nofollow">https://www.youtube.com/watch?v=2OTRU--HtLM&t=7s</a>. The top 100 in the Fortune 500 are technical companies with technical culture. The others, not so much. He notes that the bottom 400 (he gives them a particular name) are likely to be doomed.The top 100 are serious technical companies or financial institutions.<p>Far more important to the security of an organization is the overall culture of the company and its technical competence compared to the degree that a CSO received decades ago.<p>One example. Is it not true that the bonus calculation of the Equifax higher-ups excludes losses due to breaches or legal or compliance hits?<p>Flip that around, and you will see a whole different level of internal culture.
Would the breach appear worse if her degree was in CS or not? Seems the HN community is trying to correlate her degree to the breach and this is virtually impossible. Her MFA did not cause the breach nor is their an identifiable correlation.
And what is the alternative? Hiring a Licensed Software Security professional? Oh wait, those don't exist. It's software, so literally anything you do can never be considered negligent. So it goes.
Music is incredibly intellectually challenging and stimulating. I'm getting a STEM degree because I couldn't handle a music degree. Music students I know work just as long if not longer days than I and my ECE peers do. This personal attack of the CSO isn't relevant.