As I’m busily trying to figure out how to protect myself from the Equifax hack and its aftermath, I’m left to wonder who this company had put in charge of protecting this information to begin with.
Surely they know how important it is that their leaders in technology have the right background and are qualified to do the job?
Turns out that the Chief Information Officer of Equifax, David Webb, has an undergraduate degree in Russian and a graduate degree in Business Administration. Chief Security Officer, Susan Mauldin, has an undergraduate and graduate degree in Music Composition and seemingly no background in technology or security!
Equifax is not alone in this and there are many companies that make the same mistakes. If you want to gauge the level of technological competence of any given company, all you have to do is work your way down from the very top of the organization and see how long it takes before you get to individuals that have expertise around various key building blocks of Computer Science, and how empowered those individuals are.
Let’s take a look at a few companies that we know are good at managing technology and see who their leaders in information security are and what they studied in college:
- Google: Heather Adkins, Director of Information Security => Computer Science
- Twitter: Michael Coates, Chief Information Security Officer => Computer Science
- Amazon: Jim Waschak, Director of Information Security => Systems Engineering
Having a technical degree is not the end-all and there are individuals that don’t have degrees in Computer Science, Electrical Engineering, or a related field but are still amazing technologists. But those are exceptions and before being put in charge of the technical fortunes of a company they should still be able to demonstrate a proven history of technical competence.
This is not just relevant for avoiding data leaks and hacks but also crucial for the ability of the company to maintain long-term profitability and the ability to avoid disruption.