When Congress hauls in Equifax CEO Richard Smith to grill him, it can start by asking why he put someone with degrees in music in charge of the company’s data security.
And then they might also ask him if anyone at the company has been involved in efforts to cover up Susan Mauldin’s lack of educational qualifications since the data breach became public.
It would be fascinating to hear Smith try to explain both of those extraordinary items.
If those events don’t put the final nails in his professional coffin, accountability in the U.S. is officially dead. And late Friday Equifax said both Mauldin and the company’s chief information officer have retired effective immediately.
Equifax “Chief Security Officer” Susan Mauldin has a bachelor’s degree and a master of fine arts degree in music composition from the University of Georgia. Her LinkedIn professional profile lists no education related to technology or security.
This is the person who was in charge of keeping your personal and financial data safe — and whose apparent failings have put 143 million of us at risk from identity theft and fraud. It was revealed this week that the massive data breach came due to a software vulnerability that was known about, and should have been patched, months earlier.
I emailed Equifax’s EFX, +1.51% multiple media relations people but have not heard back.
I was tipped off to this by a contact on Twitter. There has been very little coverage so far of Susan Mauldin’s background and training. Given the ongoing disaster of the hack and Equifax’s handling of the affair, the media spotlight has so far been elsewhere.
Reporting by a few tech-savvy blogs has found that as soon as the Equifax data breach became public, someone began to scrub the internet of information about Mauldin.
Her LinkedIn page was made private and her last name replaced with “M.” Two videos of interviews with Mauldin have been removed from YouTube. A podcast of an interview has also been taken down.
Unhappily for the scrubbers, the internet archives some material and a transcript of one interview has survived.
To play devil’s advocate, Mauldin does at least have 14 years’ private-sector experience since getting her degrees. Music, to stretch the point as far as possible, is an academic subject that can be highly mathematical.
The question is how far any of this can take you in this field if you don’t have a formal education in technology. Mauldin’s counterparts at Equifax’s two biggest competitors, TransUnion TRU, +1.78% and Experian EXPN, -0.07% studied computers and science, respectively.
In an interview I found, Mauldin said that in recruiting, “[w]e’re looking for good analysts, whether it’s a data scientist, security analyst, network analyst, IT analyst, or even someone with an auditing degree. … Security can be learned.”
But she also said she focuses college recruitment, understandably, on “universities that have programs in security, cyber security, or IT programs with security specialties.” She did not mention music composition.
Everything about this fiasco just gets more and more surreal.