Are you absolutely certain that if their Chief Security Officer had a degree in CS that things would have been different?
Attacking someone a personal level like this is tempting in a case this serious, but it's in poor taste and will yield exactly 0 results. The data can't be un-breached, and placing blame in hindsight is unhelpful and will only escalate to more personal attacks.
Let's not pour oil on the 'Stem degrees are the only good degrees' echo chamber fire.
And, then, given that Music is entirely dependent on mathematical principles, and Music Theory especially: What are the chances that, as an MFA in Music, she has a rock solid background in mathematics?
Does that make her choice of degree less distasteful?
Would we be having this conversation if she had no degree? (Of course not.)
Unlikely? There is no standard math requirement for music majors, and that's pretty well known.
> Would we be having this conversation if she had no degree? (Of course not.)
Yes, even more so! A chief security officer with no degree presiding over the security of a nation's credit data?! I mean, she's already under scrutiny because Equifax has been hit by three big stories in the past couple weeks demonstrating their absolute lack of concern for security: the breach, the "random pins", the admin/admin credentials.
Would having a non-Tech degree make me less qualified than someone who has no degree? Of course not. It proves I can do the drudge work necessary to earn a degree, without which I must fall back on testimonials.
They have an MFA. That's a hell of a lot of hard work. Proves they are capable of doing hard work.
I don't see what the problem is here.
EDIT: Received a BA, magna cum laude, and MFA, summa cum laude. That's impressive regardless of the field. That's "succeed at all costs".
EDIT: Changed BS to degree in the first paragraph because I have no clue wtf makes something BA or BS. It's an arbitrary division that's used primarily as a weapon to disrespect women and is not a valid distinction of "intelligence" or "science-capable" or "technical-capable" in the modern era in any way whatsoever.
The massive breach of personal information.
They ignored security warnings from Apache and now we have the fallout from the breach. So did the CSO's lack of security knowledge aide in the breach? If so that is on Equifax for hiring her into that role.
You can't criticize Equifax's CSO about her degree without revealing how little you know about the infosec field.
The middlebrow dynamic has to do with assuming one knows more than one does and trying to constrain the spectrum of variation. Since unexpected variations are often the most interesting, that is a big bad deal.
More relevant to the situation is the overall technical competence of the organization. For a perspective, watch Alex Stamos' talk "Appsec is eating security" https://www.youtube.com/watch?v=2OTRU--HtLM&t=7s. The top 100 in the Fortune 500 are technical companies with technical culture. The others, not so much. He notes that the bottom 400 (he gives them a particular name) are likely to be doomed.The top 100 are serious technical companies or financial institutions.
Far more important to the security of an organization is the overall culture of the company and its technical competence compared to the degree that a CSO received decades ago.
One example. Is it not true that the bonus calculation of the Equifax higher-ups excludes losses due to breaches or legal or compliance hits?
Flip that around, and you will see a whole different level of internal culture.
That's my only point here. Her degree is irrelevant to the point of uselessness for determining whether she's qualified, and whether fault for this incident lies with her judgement calls, or with others.
Maybe we'll find out that she's been writing internal memos for years about the security catastrophes and they've been willfully ignored by the CEO and the Board of Directors. Hell, she has an MFA in Music, so she there's a non-zero chance she wrote them a song about how they'll all be burned at the stake someday if they don't listen to her. This is no less likely an outcome.
We literally have no information to accompany the bare facts of her profile. Hacker News is not Hacker "link to a list of facts with a clickbait, personal-attack title and hope that someone else investigates if they're newsworthy" News. There is no news here without further investigation, and no one has done that in this thread. This should never have been posted as-is.
EDIT: If you were doing a post-mortem of an incident and a manager came in and said "Well, obviously that incident occurred, we let the guy with a Music degree do production work", they'll probably end up being fired under a cloud of HR violations, because they likely have a habit of invoking personal attributes in an inappropriate context. Don't be That Guy. Personal attributes - and optics - are not relevant to a post-mortem. Work behaviors, intentions, statements, and judgements are.
First off, the title was literally a fact. There was no opinion or "click bait" added to the title.
Second, yes this is absolutely news. The Chief Security Officer of a company who has very private details of tens of millions of US citizens received two degrees in a music field. Some might find it news because it's, in my opinion, quite interesting she was able to go from studying music to becoming the CSO of a major and very important company. Some people might find it to be news because it most certainly could cause questions of her ability when looking at this fact and other Equifax security related facts.
I'm quite confused as to why you are so offended by this submission. It's not uncommon from C level executives of major businesses to have received degrees in the area they are working. The fact that computer/network security is an extremely focused field and the CSO of an extremely important company has two degrees in music instead of CS or a related field is quite interesting.
https://investor.equifax.com/news-and-events/news/2017/09-15...
