IMO being a music major isn't the story here, having no related experience/knowledge is. But that doesn't get clicks quite as well.<p>One of the best engineers I've ever met had a bachelors in Psychology. Another was a highschool dropout. The difference though was that those folks spent a ton of time learning everything they could, and continually improved.<p>Having a music major isn't a bad thing at all. Having no relevant experience is a much larger concern for me.<p>I'd go as far as saying that this headline is harmful. It perpetuates the "only people with CS degrees can program/security/architect", which isn't true at all. We shouldn't be shaming people who come from another walk of life. More power to those who didn't get a traditional CS degree and still kick ass :)
I'm no fan of Equifax, but some of the most talented engineers I've worked with have been music majors, musician, etc. It has nothing to do with whether she is qualified or not for the job.<p>The real story here is how Marketwatch (and HN, and Reddit, and Twitter, etc) is coming to the conclusion that she is unqualified simply by looking at her LinkedIn profile. I know many security professionals that have no LinkedIn profile, or list very barebones information on it because they see themselves as targets for spear phishing and see no need to give potential attackers any easy ammunition.<p>From looking at her LinkedIn profile (<a href="https://www.linkedin.com/in/susan-m-93069a/" rel="nofollow">https://www.linkedin.com/in/susan-m-93069a/</a>), it looks like she also follows this practice. If you look at her previous positions they are listed simply as "Professional".<p>TL;DR She may indeed be unqualified, but there is no way to determine that only from her LinkedIn profile.
This is bullshit.<p>Alice Goldfuss, SRE at github: "reddit is mocking the Equifax CISO for having a music degree, meanwhile I know no one in infosec with a CS one" <a href="https://twitter.com/alicegoldfuss/status/908430394529259520" rel="nofollow">https://twitter.com/alicegoldfuss/status/908430394529259520</a>
I don't think people are dissing her for having a music degree. They are dissing her for apparently having no infosec experience (an accusation further intensified by her education also not being in a technical field). Whether that is true or not can be investigated. But saying that the row is about her having a music degree is a slight misrepresentation.
I would really like to post the link to video interviews with Susan Mauldin (they made quite an impression on me) but they were deleted apparently only hours after I watched them.<p><a href="https://www.hollywoodlanews.com/equifax-chief-security-officer/" rel="nofollow">https://www.hollywoodlanews.com/equifax-chief-security-offic...</a><p>There is a transcript that you can still read at:<p><a href="http://archive.is/6M8mg" rel="nofollow">http://archive.is/6M8mg</a>
There is absolutely nothing wrong with having a music degree then going into tech. I have a CS degree but I worked with a lot of talented and smart individuals who either didn't finish college.<p>That is true in general, however in this case we know there was a major breach maybe one of the biggest ones, now all of the sudden having a Music degree _and_ seemingly not having relevant infosec experience doesn't look too good.<p>Had there been no breach, fine, nobody would have noticed and everyone would have given the benefit of the doubt, even say "How nice, they could pivot from a different degree etc."<p>Moreover what looks shady is that they changed their last first name to M. instead Mauldin in LinkedIn profile. Their interviews have been taken down etc. If they had experience and this was just an unfortunate example, they would have stood by and defended and explained what happened. The weasily hiding looks shady like they are hiding their incompetence.
This is the wrong thing to focus on. The situation we're in isn't a result of where this person was educated. The fact that they had a lack of professional experience required to demand a standard of security that would prevent this type of problem is the only thing I think worth discussing here.<p>I dropped out of school as soon as I realized I could make 50k/year doing IT work vs <i>paying</i> 50k a year to a school whose curriculum was from the stone age. I fully endorse education of all forms but our current model for educating the next generation of workforce is broken but I digress.
I'm kinda amazed this is now such a big story. It was picked up on Reddit 4 days ago.<p>The story is more complicated than this <a href="http://greyenlightenment.com/equifax-hack-analysis/" rel="nofollow">http://greyenlightenment.com/equifax-hack-analysis/</a><p>1. she was hired in 2013. Butting against equifax stock on this knowledge would have resulted in a large loss.<p>2. The odds of Equifax (or any company) being hacked are high if hackers are determined enough. It Bitcoin exchanges, ICOs, and online wallets, which are run by STEM people, find it very hard to stop hackers, what does that say about most websites in general.
Hey! I'm an engineer that has a major in music! I take offense to this headline.<p>No, I don't think I'm currently qualified to be CSO anywhere - but I don't think it's a stretch that a music major could be.
A lot of comments here are saying education is irrelevant.. It is very much relevant , you don't want a self taught doctor . All other professional fields such as lawyers, doctors, accountants have highly regulated practice where qualifications are very important, expect engineering.<p>It should not be acceptable to have dam built by a self taught engineer, or the privacy of 100 million ppl is safe guarded by music major even she had "relevant experience" there is a reason education and certification exist
The problem is definitely not the music degree. As many have said there are many brilliant technical folks who have music degrees.<p>The problem is the low quality hiring of executives. This seems to plague almost every large company out there. These "executive level" people are just part of some inner circle and know somebody who knows somebody. They might look good on paper. The reality is that boards and CEOs have too little knowledge of the specifics of their business and make chicken-shit hires.
She did have an MBA, so maybe that degree should be a sign of incompetence.<p>Instead of asking the Infosec community for their thoughts this journalist is showing he is already out of his depth.
Red Herring to irrelevant what she majored in in college. C level employees are not in the weeds or frontline when it comes to security anyway. At worst, she could be blamed for not having the correct vision or grasping the scope of importance securing this data required. As long as she hired and trusted the right people that is all that really matters. A breach like this is more than just one persons fault...
I am as mad as anyone about the Equifax breach but this story is bs. A degree or lack thereof has nothing to do with ones technical competence. The best programmer I've ever met was self taught. The worst had a masters degree.
Well, we can all argue one way or another about how relevant a CS degree would have been. The fact though that the profile was altered and other data deleted remains highly suspicious, if true.