Her LinkedIn profile, before it was scrubbed, showed her as an employee of those companies, but her job title for each was listed as "Professional". It's not entirely clear what her previous roles were and exactly how relevant they were to the role of Chief Security Officer.
It's the same divide between self taught developers and developers with a formal computer science background. If I'm hiring someone to make a website, then it may not make much of a difference, but if I need them to write kernel device drivers, more often than not your best bet is going to be with someone with a formal background who has had to demonstrate at school that they have certain knowledge prerequisites in a standardized setting.
I can't speak for the cybersecurity at HP, Sun Trust, and First Data. It's possible they have great records, or it's possible they've made mistakes and gotten away with them, and these experiences led Mauldin to believe Equifax was more secure than it was.
Edit: I found that she was Group VP at SunTrust from 07-09 and Senior VP and Chief Security Officer at First Data from 09-13. Her experience at First Data is relevant to the discussion and it's strange that the Washington Post article you linked to didn't mention that.
