I would say the role of a CISO [Chief Information Security Officer] is similar to a military role, in fact, we see in the military and various government agencies that they actually talk about cyber warfare now. We’ve historically used guns and that kind of thing, but now we have cyber weapons to fight the cyber war. I think that the CISO role is analogous to that at the enterprise level.
— Alleged comments by Chief Information Security Officer Susan Mauldin, whose company Equifax lost 143 million Americans’ identities
The unprecedented hacking of 143 million Americans’ credit file details, including their social security numbers, government-issued IDs, names, addresses, and other personal information, is raising serious questions about the credentials and academic qualifications of a major corporation’s female head of IT security. Susan Mauldin, who serves as credit-reporting agency Equifax’s Chief Information Security Officer (CISO), appears to lack any proper academic qualifications for her role, which required her to thwart exactly the kind of massive hack that hit her employer in late July.
With firms desperate to hire women in senior IT and other STEM roles under threat of financial sanctions from governments, it is possible that Susan Mauldin got her current job because of her gender. She has a bachelor’s degree in music composition and a master’s degree in music composition, a major that seems to have had no relevance whatsoever to protecting the details of the affected 143 million people.
For Equifax, this might become one of the costliest mistakes imaginable. Vanity Fair and other outlets are reporting a somewhat likely $70 billion loss as a result of anticipated litigation. One Senator, Heidi Heitkamp, is presently calling for at least some senior Equifax employees to be jailed, though in this case she is mostly responding to allegations of insider trading after several executives sold company shares before reporting the hack.
Regarding college dropouts like Bill Gates and Mark Zuckerberg, at least they made sure that their uncompleted degrees roughly matched the fields they made their billions in. The same cannot be said of Susan Mauldin, whose entire job description revolves around protecting sensitive data.
What is Susan Mauldin trying (badly) to hide?
Many online commentators have pointed out that Mauldin’s original LinkedIn page has been mysterious deleted. Before the current scandal, it read like this:
Her current resumé is titled only “Susan M.” (at the time of publication) and omits any references to her Music Composition degrees. All I could see was “University of Georgia,” without further elaboration, under her educational attainments. To almost any reasonable observer, this is a tacit admission by her that she lacks the normal or expected requirements for such a high-profile (and well-paid) role.
More alarmingly still, a website called Cazena evidently deleted the transcript of an interview (archive link) conducted last year with Susan Mauldin, in which, very fittingly, she tried to ridicule people who questioned IT cloud security (Google cache). The video version has also gone walkabouts and when I tried to access it, I was redirected to a generic resources page.
Susan Mauldin should be proud to stand on her record. She has taken high levels of remuneration for her role at Equifax and pruning the internet of anything that might compromise her professionalism is deceptive and highly problematic in light of the serious criminal damage the hacking scandal has caused and will continue to cause.
The female STEM curse
Sound familiar? Well, I brought you the implosion of Elizabeth Holmes’ blood-testing “empire” last year and ROK guest contributor Justin Puck had already called her shaky company Theranos out the year before that. Holmes dazzled–and allegedly scammed–her investors for years, with few, especially in the media, willing to criticize such a feminist golden girl. This ignorance risked countless lives and eventually caused the US Federal Government to intervene and half-chase the very exposed young woman out of her chosen industry.
In another case, a far less well-known woman working in IT as a “relationship manager,” Jayde Phoenix, used her breasts to try and promote herself. With no obvious qualifications that could lead to her being described as an “expert,” Phoenix was nonetheless feted as some sort of STEM super-genius by various papers. Such is the desperation of affirmative action and diversity politics.
These stories might seem anecdotal, but they reflect wider problems, not to mention a general dumbing down of STEM fields–and workplaces–to accommodate women. One of my articles earlier this year covered a female physicist’s complaints that high school and even university physics courses were being eroded specifically to make them easier for girls.
Susan Mauldin and those who hired her need to explain how on God’s green earth she could possibly serve as the Chief Information Security Officer of Equifax. Short of her having some prodigy-like talent she failed to ever mention on LinkedIn, no person in their right mind should hire a woman with no discernible technical qualifications in IT security.
Who’s going to take the blame for this?
Whilst no one is suggesting Susan Mauldin has any criminal responsibility, nor that any hacking attempt is preventable, Equifax seriously needed a properly trained and relevantly educated professional to command its IT security operations. Perhaps more evidence will be revealed in the coming weeks, yet so far the indication is that the company should have looked further and harder for a candidate with a robust, including theoretical, background in information technology.
If someone flying a plane without a pilot’s license crashes an aircraft, no one questions who is responsible–the unqualified flier and the company that hired them. Whilst there may not be strict legal demands that a Chief Information Security Officer have a typical academic background, someone without such a pedigree needs to share a large proportion of the blame when a corporation like Equifax finds its IT security systems utterly eviscerated.
But for what does something like this matter, if companies insist on hiring women in STEM fields at all costs?