[prvit]

>It is literally true that she had no relevant formal training.

Yes, but that's also true of almost all BigCo CISOs.

>It is also true AFAIK that when she got her first role as an executive in charge of security

By "AFAIK" you mean that this is just what you assume without checking, right?

[thwayunion]

> Yes, but that's also true of almost all BigCo CISOs.

Yes, we've been over this. The article is about Equifax. I made a comment about Equifax. I've previously criticized other execs after data breaches or other major technical failures (Eg Boeing).

> By "AFAIK" you mean that this is just what you assume without checking, right?

No, it means I did check and she does not according to any publicly available evidence. I added the AFAIK because I cannot personally certify that her publicly available resumes are complete.

It would be extremely odd to exclude relevant work experience from public profiles, so I strongly believe that she does not have relevant experience outside of exec positions (which she shouldn't have had in the first place without IC experience and/or relevant education). But I do not personally know her so I cannot personally attest that her public resumes are complete. Therefore, I added a qualifier.

I can understand why this wording confuses you, though. It's a result of the fact that I have personal integrity and take words and accusations seriously.

[P5fRxh5kUvp2th]

I'd like to add a piece to this as well.

People who wield power over IC's but themselves have never been an IC are more willing to make decisions that harm others, but not themselves.

And this is the crux of the issue with the security industry. Too many of their decisions are made in a vacuum and everyone else has to deal with it.