It is also true AFAIK that when she got her first role as an executive in charge of security, she had no formal training or IC experience in security. All of her "security" experience was in executive roles. Which is insane. That never happens with other types of technical leadership roles (legal, law, finance, accounting, engineering, etc.).

Yes, but that's also true of almost all BigCo CISOs.

>It is also true AFAIK that when she got her first role as an executive in charge of security

By "AFAIK" you mean that this is just what you assume without checking, right?

Yes, we've been over this. The article is about Equifax. I made a comment about Equifax. I've previously criticized other execs after data breaches or other major technical failures (Eg Boeing).

> By "AFAIK" you mean that this is just what you assume without checking, right?

No, it means I did check and she does not according to any publicly available evidence. I added the AFAIK because I cannot personally certify that her publicly available resumes are complete.

It would be extremely odd to exclude relevant work experience from public profiles, so I strongly believe that she does not have relevant experience outside of exec positions (which she shouldn't have had in the first place without IC experience and/or relevant education). But I do not personally know her so I cannot personally attest that her public resumes are complete. Therefore, I added a qualifier.

I can understand why this wording confuses you, though. It's a result of the fact that I have personal integrity and take words and accusations seriously.

People who wield power over IC's but themselves have never been an IC are more willing to make decisions that harm others, but not themselves.

And this is the crux of the issue with the security industry. Too many of their decisions are made in a vacuum and everyone else has to deal with it.