Equifax Chief Information Security Officer Was An Affirmative Action Hire

in News by
   

Following a security breach that exposed the credit information of 143 million people to hackers, it was revealed that Equifax Chief Information Security Officer Susan Mauldin was a music major in college.

Equifax, which is a credit reporting agency, hired Mauldin as their Chief Information Security Officer in 2013. Previously, Mauldin was the Senior Vice President and Chief Security Officer at First Data Corporation until 2013. Prior to that, she was also SunTrust Banks’ Group Vice President from 2007 to 2009.

How she got any of these positions, or the skillset required for them, is still an open question considering her educational background. According to her LinkedIn Mauldin did not have any technology or security credentials. Instead, she got a bachelor’s degree and a Master of Fine Art’s degree in music composition from the University of Georgia.

There’s been virtually no coverage of Mauldin’s credentials following the security breach but, as ZeroHedge has pointed out, Equifax scrubbed Mauldin’s LinkedIn and took down videos and podcasts with her. Since then, Mauldin has resigned from her position as Equifax’s CISO.

Could this all have been done in an attempt to hide that the individual that Equifax put in charge of protecting 143 million American’s credit information was an affirmative action hire meant to meet some quota?

That still remains to be seen, though we do know that Equifax, like most other major corporations, has diversity programs in place – indicating that their hiring process may also put a premium on women and racial minorities over white men. This is supported by the fact that the security breach and the handling of it since then both indicate that Susan Mauldin had no idea what she was doing.

As Lily Hay Newman at Wired and security journalist Brian Krebs have documented, Equifax committed an embarrassing series of mistakes that led to the security breach and then left multiple vulnerabilities in the following months.

The breach itself happened because Equifax was using an old web application that had not been updated – despite the fact that a security update that would have prevented the breach was made available two months prior to the incident. Following the breach, Equifax took six weeks to notify the public that it had occurred. Then, they set up a web portal for handling credit disputes with the username of “admin” and the password of… you guessed it, also “admin.”

But hey – diversity is our greatest strength, right?

  • Freedom Rides Again

    Affirmative action in theory was noble, In practice it is a fraud. A friend described it as a vicious tax. Companies must recruit, hire, and promote on the basis of sex or ethnicity. Companies are therefore forced to hire or promote unqualified people and retain them on their payrolls. The Government also practices affirmative action, on steroids. But the Govermnet doesn’t have to worry because it never runs out of other people’s money.

  • objective123

    She must have stayed at a Holiday Inn Express for the Management of Equifax to think a Music Major is qualified to be in charge of IT and Security. Up is down, down is up.

  • Corruption every where as the US is circling the drain.

  • Lou Sander

    She couldn’t direct a stream of her own urine, let alone the security forces of Equifax.

  • JC

    So whose decision was it to hire her? The CEO? Sounds like he needs to go as well. We have two other credit reporting agencies, we don’t need three. Time to give the other two notice by shutting down Equifax.

  • retrain her as a tea lady?

  • John Hammersmith

    liberalism at its finest! how many qualified candidates were passed over and discriminated against. this company should be sued for their incompetence out of existence!

  • Red

    CyberSecurity is not an industry which anchors on academia for one very simple reason. It’s only existed as an academic field for what, 5-10 years?

    Maybe what, 3%? 5%? of people working in the Security Industry have ‘formal cybersecurity’ academic qualifications. In my 15 years in the field I think I’ve met one.

    So, I think you’re off-base this time.

    Plenty of blame to go around, but her educational background is a red-herring.

    • Jeff Bridges

      Valid point, but you’re still missing the most important point: They put a woman in an extremely critical job position with a great deal of responsibility. There’s a reason only 4% of women are CEOs, only 6% of CFOs, 3% of COOs, VPs, Presidents, etc.

      Women can’t even show up everyday or on time and rarely stay a full 8 hours, out sick every other day & are constantly requesting huge amounts of time off and when women in a position of authority do manage to make it into the office, all their time is wrapped up in holding meetings brow beating all of the men who are doing all of the actual work with unnecessary and petty, trivial issues and even firing the best quality men if they refuse to grovel to the ‘almighty’ ‘queen’ cunt. https://www.bloomberg.com/news/articles/2014-10-16/women-dislike-having-female-bosses-more-than-men-do

      Spiteful, extremely flaky, lazy, irresponsible, arrogant, unaccountable, women are as useless as pedals on a wheelchair in the workplace. I should know, I have to deal with them all day, everyday in my line of work and have been for 11 years.

    • Robert Enders

      This is a great point. I worked as a private security officer for 17 years. My degree is in political science. I did meet a lot of people working towards degrees in criminal justice, but their long term plans were careers in law enforcement. Private security isn’t something you go to school for. In fact, it probably a great choice if you are just now realizing you have the wrong degree.

  • Trouble Clef

    Equifax not smart enough to know that the only function of AA hires is to sit by or near the front door. They should be given no actual responsibility. For every AA hire a second, merit-based, hire must also be made in case some actual work needs to be done.

  • humann

    I don’t know enough about corporate network security structures and chains of command to make many of the assumptions that the article does.

    I can’t say how much or little impact any affirmative action guidelines or quotas may have had to do with her being hired. The further conclusion that she was unqualified for the position and that’s what led to the vulnerability the hackers exploited, I can’t assume that either. I’d say it’s possible if not probable that she didn’t fix their system due to being bad at her job but I doubt that was the only or even chief factor.

    What I can guess however is that the buck ought to stop with the Chief Information Security Officer and that is Ms. Mauldin in this case. One of the most important parts of the “straw man” that is the modern corporation is that its officers can always point out that they didn’t personally do whatever reckless illegal thing they did. Like the Germans used to say, “I was only following orders.”

    My opinion of Equifax and their business model is already so low that no amount of compounded stupid and evil could surprise me.

    When Equifax and the others like them assemble our financial records and sell them for a profit against our wills they are doing disabled people like me a real disservice. Being unable to pay the bills on all my back surgeries has left me with a phone that rings constantly with harassing calls and. And now they want to sell me a “service” to protect my file that they assembled from falling into the wrong hands. The definition of a racket.

    “We wouldn’t want anything to happen to your nice front windows.”

  • HoosierView

    Good article. Sad to see that this was an Affirmative Action hire. Not only does she not know anything about Cyber Security but she’s piss-poor manager to boot. I hope the entire corporate structure at Equifax is removed for this gross incompetence. Keep in mind that our most sensitive data that runs our entire country and our defense systems are on the Internet. I have seen first hand fraud of our federal government employees sitting around for hours, sometimes days, for our systems to work. It’s non-stop chaos because the best IT people don’t work for the government. Our stupid leadership in Washington D.C. is leading us to ruin and it will probably happen because a 16 year old kid got bored and wanted to see fireworks. Or worse yet, something will break and China will refuse to make a replacement for us. DRAIN the f-ing SWAMP!!

  • HoosierView

    Well, we know for certain that she wasn’t elevated to that position for her stunning good looks.

  • John El-Amin

    Affirmative action hire over white men- but wasn’t it qualified white guys who hired her??

  • Robert Enders

    I wouldn’t exactly call a middle-aged white woman a “diversity hire.” It’s not like they are underrepresented in the workforce. It does seem like this person may have been a poor choice for the job, but I don’t think that affirmative action was the reason for the poor choice.

  • Jimmy Rustler

    Come on dont you know that all degrees are equal !

  • Nino2

    She must have worn out a lot of knee pads to climb the corporate ladder…ahem…