[wglb]

So from a CSO perspective, it isn't useful information what degree the CSO had. Keep in mind the level of experience that she had in the position. Not zero.

More relevant to the situation is the overall technical competence of the organization. For a perspective, watch Alex Stamos' talk "Appsec is eating security" https://www.youtube.com/watch?v=2OTRU--HtLM&t=7s. The top 100 in the Fortune 500 are technical companies with technical culture. The others, not so much. He notes that the bottom 400 (he gives them a particular name) are likely to be doomed.The top 100 are serious technical companies or financial institutions.

Far more important to the security of an organization is the overall culture of the company and its technical competence compared to the degree that a CSO received decades ago.

One example. Is it not true that the bonus calculation of the Equifax higher-ups excludes losses due to breaches or legal or compliance hits?

Flip that around, and you will see a whole different level of internal culture.