Since news broke of an Equifax data breach impacting around half of the adults in the United States people have been trying to sort out how this happened. Someone eventually covered a detail that was clearly considered damning evidence. Equifax's Chief Security Officer (CSO) at the time of the breach was *gasp!* a music major. Since then, numerous people have run with this bit of data using a music degree as a synonym for incompetence and pointing to the fact that Equifax hired a music major as CSO as clear evidence of the company's willful negligence.
This is all nonsense. Yes, some very bad things happened at Equifax. Yes, it is likely that some of those things were either the result of or made worse by decisions made by the CSO, but tying that directly to the fact that the CSO studied music is unfair and ridiculous.
Education doesn't end in school
I'm not sure exactly when the now-former Equifax CSO graduated, but I've seen comments saying it was about 40 years ago. Technology and its information security challenges have changed substantially over the past four decades. Even if the CSO had a computer science degree from back then how much of it do you think would have been applicable to what happened at Equifax? Professionals are expected to continue learning long after graduation. Whether or not your diploma has words related to your current job isn't a good measure of your actual relevant knowledge (particularly if you graduated more than five years ago). Having the expected degree doesn't necessarily mean you are good at your job.
A CSO is not an engineer
Also, we are talking about a c-suite role here. A CSO is not an engineer. A CSO should understand enough concepts about the technology used in their company to make risk decisions, but a lot of their job relies on much less technically focused skills such as leadership and communication. The most important skill a CSO needs is to be able to effectively communicate risk to the CEO and others in order to get the support for key projects. A computer science or other IT degree is not likely to prepare someone for that any more than a music degree would.
Interests can change
Perhaps part of the perceived problem with the CSO's music degrees (technically there are two: undergrad and MFA) is that music study doesn't indicate the appropriate dedication to technology. Computers and security were not in this person's blood from birth! Clearly everyone is fully capable at the age of 18 everyone to decide exactly what they should be doing for the rest of their lives, and they should stay in that lane! Ugh. Sure, some people find their passions early on, but that doesn't make people who come into those fields later inherently less valuable.
Diverse thought is needed in IT
I may be a bit biased having gotten hooked on both computers and theatre at a young age, but I feel that information technology and computer security benefit from people with backgrounds that aren't fully immersed in computers. People with different backgrounds and interests can provide new ideas and perspectives. Those diverse voices can help solve problems in innovative ways, create better user experiences, and improve how "techies" communicate with non-techies. If someone has the necessary skills to do a job AND has a background in music or art or history I consider that to be a bonus not a weakness.
Many tech leaders don't have tech degrees
The Equifax CSO is far from the only technology leader to not have a degree in technology. As this essay points out, there are many tech leaders who have degrees in seemingly unrelated fields. Some of them even presided over large data breaches, yet their educational qualifications were not brought into question. As a result, the author of that essay suggest that this music degree outrage has to do more with gender:
You’ll be very hard put to find discussions of a male security executive’s per se right to have occupied the position he occupied, no matter his qualifications going into the job or what happens during his tenure. That kind of talk is reserved for women who have the misfortune of being in positions of authority when bad things happen.
Yes, the Equifax CSO at the time of the breach was Susan Mauldin, a woman. Didn't I mention that? No? Well, that's because her gender has no more to do with the breach and its handling than her music degrees do. Still, one does wonder if people are harping on her music degrees because they know it is unacceptable to harp on her gender.
Don't blame Equifax on the CSO's music education
I'm not arguing that Susan Mauldin was a great CSO or that she did nothing wrong. I'm saying that whatever happened at Equifax has nothing to do with her music background. Continuing to say so only hurts those current and future brilliant tech leaders who may happen to have majored in something other than tech (and who may have even done so while female).
RELATED POST: Learning to code is NOT the new literacy
PREVIOUS POST: The training all women in tech really need
Get notified of new posts by email. Type your email address in the box and click the "create subscription" button. My list is completely spam free, and you can opt out at any time.