undefined | Better HN

0 pointsDaviey8y ago0 comments

The Linkedin profile is now gone.. but the employment history was listed as "Professional" for the CSO's previous positions - rather than showing a graceful rise to a C-level position.

C-Level is amongst other things, a strategic and political position.

After an incident like this, it is understandable that people look at the profile of those entrusted with this responsibility.

If we look at Moxie's OSINT, we'd quickly see that he was perfectly qualified based on his presence in the ecosystem (conference talks etc).

A more suitable comparison would be the CSO of Equifax's competitor - which is Experian.

Do the same comparison with their CSO:

  - Director of Security / Compliance,Capital One
  - VP of Information Security, Citi Group
  - Director Information Security and Risk Management, Thomson Reuters
  - Director / CSO, Experian

Oh, this candidate also has relevant publications, certifications and a PhD in Computer Science..

Whilst I think the education is relevant, I don't think it is the defining factor... But.. We should be careful to jump to "education doesn't matter".

Was this the right person to be entrusted with the strategy for OUR data security? We simply don't know... but what we have seen has caused concern.

0 comments

1 comments · 1 top-level

jancsika8y ago

Are we talking about the same article?

Here's a quote from the one I read:

> Internet sleuths dutifully began digging into Mauldin's past — and uncovered what seemed like the perfect fuel for the raging firestorm of public outrage. It turned out that Mauldin, the top executive handling cybersecurity at Equifax, didn't have much formal training in technology. She had studied music composition at the University of Georgia.

> This was the smoking gun (my emphasis) that to some proved Mauldin's obvious unfitness for the job. With a bachelor of arts and a master's of fine arts, Mauldin's record betrayed a “lack of educational qualifications” for her job, according to a columnist writing for MarketWatch. Other outlets seized on the point and ran with it. “Equifax Execs Resign; Security Head, Mauldin, Was Music Major,” read one headline from NBC News.

Your well-reasoned comparison emphasizes the lack of work experience in any related field (and Moxie's wealth of such experience). The WAPO author on the other hand falls through to the only reported formal education, speculates that it is a "smoking gun", and attributes it to an anonymous group of unverifiable experts.

Furthermore, your well-reasoned argument works just as well if the person in question had studied computer science in college. The absence of any other experience in the field would be the same red flag as it was here. The only difference is in that case, the WAPO journalist would have been forced to lead with the less effective but more accurate "absence of experience" rather than "studied music". Instead, because the journalist had a choice and made it we can judge the veracity of their tech reporting accordingly.

Edit: typo

j / k navigate · click thread line to collapse