Are you absolutely certain that if their Chief Security Officer had a degree in CS that things would have been different?
Attacking someone a personal level like this is tempting in a case this serious, but it's in poor taste and will yield exactly 0 results. The data can't be un-breached, and placing blame in hindsight is unhelpful and will only escalate to more personal attacks.
Let's not pour oil on the 'Stem degrees are the only good degrees' echo chamber fire.
And, then, given that Music is entirely dependent on mathematical principles, and Music Theory especially: What are the chances that, as an MFA in Music, she has a rock solid background in mathematics?
Does that make her choice of degree less distasteful?
Would we be having this conversation if she had no degree? (Of course not.)
Would having a non-Tech degree make me less qualified than someone who has no degree? Of course not. It proves I can do the drudge work necessary to earn a degree, without which I must fall back on testimonials.
They have an MFA. That's a hell of a lot of hard work. Proves they are capable of doing hard work.
I don't see what the problem is here.
EDIT: Received a BA, magna cum laude, and MFA, summa cum laude. That's impressive regardless of the field. That's "succeed at all costs".
EDIT: Changed BS to degree in the first paragraph because I have no clue wtf makes something BA or BS. It's an arbitrary division that's used primarily as a weapon to disrespect women and is not a valid distinction of "intelligence" or "science-capable" or "technical-capable" in the modern era in any way whatsoever.
The massive breach of personal information.
You can't criticize Equifax's CSO about her degree without revealing how little you know about the infosec field.
The middlebrow dynamic has to do with assuming one knows more than one does and trying to constrain the spectrum of variation. Since unexpected variations are often the most interesting, that is a big bad deal.
More relevant to the situation is the overall technical competence of the organization. For a perspective, watch Alex Stamos' talk "Appsec is eating security" https://www.youtube.com/watch?v=2OTRU--HtLM&t=7s. The top 100 in the Fortune 500 are technical companies with technical culture. The others, not so much. He notes that the bottom 400 (he gives them a particular name) are likely to be doomed.The top 100 are serious technical companies or financial institutions.
Far more important to the security of an organization is the overall culture of the company and its technical competence compared to the degree that a CSO received decades ago.
One example. Is it not true that the bonus calculation of the Equifax higher-ups excludes losses due to breaches or legal or compliance hits?
Flip that around, and you will see a whole different level of internal culture.
That's my only point here. Her degree is irrelevant to the point of uselessness for determining whether she's qualified, and whether fault for this incident lies with her judgement calls, or with others.
Maybe we'll find out that she's been writing internal memos for years about the security catastrophes and they've been willfully ignored by the CEO and the Board of Directors. Hell, she has an MFA in Music, so she there's a non-zero chance she wrote them a song about how they'll all be burned at the stake someday if they don't listen to her. This is no less likely an outcome.
We literally have no information to accompany the bare facts of her profile. Hacker News is not Hacker "link to a list of facts with a clickbait, personal-attack title and hope that someone else investigates if they're newsworthy" News. There is no news here without further investigation, and no one has done that in this thread. This should never have been posted as-is.
EDIT: If you were doing a post-mortem of an incident and a manager came in and said "Well, obviously that incident occurred, we let the guy with a Music degree do production work", they'll probably end up being fired under a cloud of HR violations, because they likely have a habit of invoking personal attributes in an inappropriate context. Don't be That Guy. Personal attributes - and optics - are not relevant to a post-mortem. Work behaviors, intentions, statements, and judgements are.
https://investor.equifax.com/news-and-events/news/2017/09-15...
First off, the title was literally a fact. There was no opinion or "click bait" added to the title.
Second, yes this is absolutely news. The Chief Security Officer of a company who has very private details of tens of millions of US citizens received two degrees in a music field. Some might find it news because it's, in my opinion, quite interesting she was able to go from studying music to becoming the CSO of a major and very important company. Some people might find it to be news because it most certainly could cause questions of her ability when looking at this fact and other Equifax security related facts.
I'm quite confused as to why you are so offended by this submission. It's not uncommon from C level executives of major businesses to have received degrees in the area they are working. The fact that computer/network security is an extremely focused field and the CSO of an extremely important company has two degrees in music instead of CS or a related field is quite interesting.
They ignored security warnings from Apache and now we have the fallout from the breach. So did the CSO's lack of security knowledge aide in the breach? If so that is on Equifax for hiring her into that role.
How does the CSO's multiple degrees in Music convey a lack of knowledge in the domain she was hired for?
It doesn't, because there's no information to derive there. I believe you are attempting to construct an argument that says that an offtopic degree disqualifies her to be a skilled practitioner by default.
This is wrong. The topic of someone's degree has no implicit bearing on their work experience before and after it.
LinkedIn shows endorsements by tens of people at each of her jobs in the specific labels "Information Security", "Disaster Recovery", and "Business Continuity". By that basis, she is perfectly qualified to handle this breach.
Unfortunately, that information - which takes up as much or more screen space on her LinkedIn page than her dual degrees - wasn't considered relevant by the OP, and is being studiously ignored for some unknown reason.
LinkedIn endorsements are as meaningful as Facebook likes.
You're right, She was qualified.
Unlikely? There is no standard math requirement for music majors, and that's pretty well known.
> Would we be having this conversation if she had no degree? (Of course not.)
Yes, even more so! A chief security officer with no degree presiding over the security of a nation's credit data?! I mean, she's already under scrutiny because Equifax has been hit by three big stories in the past couple weeks demonstrating their absolute lack of concern for security: the breach, the "random pins", the admin/admin credentials.
"A chief security officer with 15 years of experience and peer accolades in the fields of banking-grade security and human data management"
Typically, this is where most people don't even ask what a degree is. However, as you indicate "no degree" is unacceptable: Which domain-relevant degree programs, initiated 20+ years ago and completed 15 years ago, would satisfy your terms?
The odds are near zero. Everyone learns their own domain. Quoting random properties of a specific subdomain of a branch of all possible learning demonstrates your knowledge, not disproves theirs.
Yet here we are, on Hacker News, with people calling her out for not having security experience based on her LinkedIn profile having an Art degree, rather than a Science degree.
I agree wholeheartedly with you that LinkedIn is as meaningful as Facebook. We absolutely should not be here evaluating her qualifications based on her LinkedIn profile. Any conclusions therein derived would be obviously wrong, by your own point.
The Linkedin doesn't paint the whole picture but it could indicate something and that what's being pointed out.
This isn't an attack on a single person it's an attempt to figure out how the biggest breach of user information in history went down.
You imply that Music is a non-technical degree, which is arguable, but it's certainly an Arts degree rather than a Science degree. If that's the distinction by which you draw the line, you're wrong to do so. If you reject job applicants to a technical role on that basis someday, that's more overlooked high-value opportunities for others to hire instead :)