Alright, so let's answer this. First I assume you're talking about Susan Mauldin who was the CSO (not CIO) of Equifax at the time of the 2017 breach. She did indeed have a music degree, actually 2 (BA and MA). And I have no problem with that fact in and of itself. 1/ https://twitter.com/bjverzal/status/1291565799979790336
Degrees matter little in terms of job preparedness unless it's THE thing you're claiming prepares you for a role. As your experience grows, the need to rely on the educational components of a degree are lessened. By the time someone reaches an executive level, it's in many 2/
ways approaching irrelevancy. What is important is what did she do in her years of private sector work prior to Equifax. Well among other things she was a director of infosec audits and compliance at HP for 6 years. So I'd say she had some relevant experience. 3/
Both a UC Berkeley study and my own survey from the beginning of this year have found that most #Infosec professionals do not have a Cyber Security degree or a CS Degree. Some don't have any degree at all. There have been multiple high profile breeches where the 4/
executive overseeing security at the time did not hold a technology related degree yet their educational qualifications weren't questioned. Mauldin's were because some idiots on Reddit claimed she was a "diversity hire". The problem isn't the education, we actually don't 5/
know what it was at all. Was she a scapegoat? Did she elevate concerns that were ignored? Was she ineffective and influencing others? Did she not fit with the culture? Did she do everything right but an analysts mistake led to the vulnerable version of Struts remaining 6/
on the target system? We don't know any of the answers to these. So to look at her education on Linkedin and say well she had a BA in music and a Master's in Fine Arts therefore she wasn't qualified, is wholly irresponsible and misguided. So back to my answer to your 7/
question, how do I feel about her having that educational background? Well I couldn't give a shit less. What I care about is how did she do her job at HP and other companies and was it her job performance 8/
that led to the breach. Without insider info we'll never know. What I do know is that her degree is the least thing I'm concerned with. /FIN
You can follow @AlyssaM_InfoSec.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.