| I have worked at the Walmart home office, and if Target's corporate culture is remotely like Walmart's I can tell you their former CIO likely knew half as much about Target's security practices as any of us do. Walmart has zero career paths for technical expertise. There are low-level technical positions (rarely entry-level) and they peak at "Technical Expert", and to get past that you have to switch to pure people management. The IT division, internally called ISD, is so completely inept that the majority of the company still runs on Windows XP despite the fact that support will expire in about a month. They had a Windows 7 team at one point, but that team was dissolved and the rollout "suspended indefinitely". ISD is so universally recognized as terrible that they were actually the only reason I had a job there. Individual departments and divisions have been forming their own "IT Teams" for years, because it's a hell of a lot cheaper to pay somebody $70,000/year to create a half a dozen new applications yearly than it is to pay ISD $2.8 million to do one of those applications poorly over the course of two years. And then completely dissolve the development team responsible and offer little to no ongoing support for the application. Despite those exorbitant costs ISD is hemorrhaging money just trying desperately to keep the lights on, mostly because they're still running decades-old legacy applications and hardware. They only recently started drawing up plans to start sunsetting some of the hundreds of legacy systems over the course of the next decade or so. This is really just scratching the surface of how terrible retail IT can be, and how little they value real technical expertise. Given what I've seen I wasn't so much surprised that the Target et al breach happened, only that it didn't also include Walmart or happen much sooner. |