Results 1 to 25 of 97
  1. Member
    Join Date
    Aug 2016
    Posts
    98
    #1

    Is this why Equifax was hacked?


  2. -->
  3. Senior Member
    Join Date
    Dec 2013
    Location
    behind you!
    Posts
    2,007

    Certifications
    ACAS,Comp TIA Security +, Novell CNE, HDI Customer Service, ITIL Foundation, MTA
    #2
    Could be...
    Never let your fear decide your fate....

  4. Senior Member
    Join Date
    May 2016
    Posts
    1,647
    #3
    Bizarre to say the least.

  5. Senior Member
    Join Date
    Jul 2017
    Location
    Seattle, WA
    Posts
    151

    Certifications
    Security+, Network+, Server+
    #4
    Wow is this a bad joke or something because it's ridiculous.
    2017 Goals: Security+ [] Server+ []
    2018 Goals: CCNA R/S, Security [ ]

  6. Senior Member
    Join Date
    May 2016
    Posts
    1,647
    #5
    Band teacher heading the security department at a fortune 500. How the hell did that happen?

    I'll be the first to rip on certifications, but if there ever was a person who need the CISSP it's this one.....

  7. Senior Member
    Join Date
    Apr 2013
    Posts
    1,921
    #6
    Yeah I know some stupid subreddits were passing this around, absolutely silly. You think someone got to a CISO level at a company that big and doesn't have tons of proper experience and that them not having a CS degree means anything? Come on.

    Also, imagine a company that large, do you think the CISO is patching servers? They can put all the policies in the world in place, if someone stands up a server that has a vuln, forget even a zero day, things can get by.

  8. Senior Member
    Join Date
    Jan 2015
    Location
    Chicago, IL
    Posts
    974

    Certifications
    Too many MCPs and MCTS, MCSA: Security, MCSE: Security, MCSA: 2003, 2008, 2012, MCITP: EA, CISSP-ISSAP, SCS DLP, GREM
    #7
    There is a JD out there for a VP of cyber position that reports to her that requires having CISSP or CISM or have them in progress. She doesn't seem to have it.

    To be fair, what she labels as "Professional" were all senior positions, like a director of this and that in HP, some bank and whatever else.

    I watched two of video interviews with her and she sounded meh, but the interviewer didn't grill her on anything so it's hard to judge.

    She also has given 9 recommendations on linkedin to other people and IMO they are all ridiculous. Like, she recommends a guy who helped her in designing her bath and/or kitchen, some real estate specialist, some HR specialist. Only 2 recs are to the same cybersecurity guy, but nothing specific, general blah-blah.

    I say we have tons of folks here on TE whose resumes are better. The question is, how come they aren't Equifax CISOs? Was this breach in part because they hired too managerial (for a lack of a better term, can't tell if her managerial skills are proven) type of person?

    In my experience if a CISO lets things slide and doesn't fight for security and isn't technical enough to understand what their team is doing or capable of leads to a poor overall team quality and top-notch specialists prefer not to work in such places. No surprise this can lead to a breach.

    Overall doesn't look good.

    Hard to tell though if she had proper budgets and power to insist on secure solutions, etc. because not everything depends on CISO.
    Last edited by gespenstern; 09-12-2017 at 12:58 AM.

  9. Senior Member
    Join Date
    Jul 2015
    Posts
    874

    Certifications
    Lots of security certifications, yet the more I learn, the further I have to go...
    #8
    Ah my young brethren. In time you shall come to the truth. Many, many companies, especially the big ones that haven't modernized to the threats of 2017 and beyond, still live in the old days. In the old days the role of CISO was a joke and something you needed to check that compliance checkbox or put forth a "good faith" effort of this or that. Those old school companies get someone who knows someone, probably the CEO's old piano teacher in this case, and throws her a bone because she's the CFO's golf buddy's wife who doesnt want to retire yet but doesn't want a job where she has to do much, either. I see this all the time. Totally inappropriate person for the security position who is there just because someone needs to be and they're the quickest, easiest, and best pushover for the job.

    Disclaimer - I have no idea who the CISO of equifax is, if that person indicated above is even real, etc. Just generally stating what i've seen across many, many large global companies...

  10. Went to the dark side.... Moderator
    Join Date
    Jul 2007
    Posts
    11,665

    Certifications
    CCNA, CCNP, CCIP, JNCIA-JUNOS, JNCIS-SP, JNCIP-SP, MCA200
    #9
    You think they were teaching how to defeat modern security threats back when she was in college anyway?
    An expert is a man who has made all the mistakes which can be made.

  11. Cyber Donkey
    Join Date
    Jul 2003
    Location
    East Texas
    Posts
    617

    Certifications
    VCDX:NV - A+ Net+ Sec+ MCSA08 CISSP CCNA B.S. IT/WGU
    #10
    143 Million records exposed - 300 million people in the US and not all of them have applied for credit, so virtually, almost everyone who has ever filled out a credit application was exposed. WOW! Something at this level can't be attributed to any one person, but is more than likely the product of poor leadership across the board. Sadly, in my experience a lot of the break downs occur at the engineering level, team building just isn't something that happens magically.

  12. Senior Member
    Join Date
    May 2016
    Posts
    1,647
    #11
    Originally Posted by 636-555-3226
    Ah my young brethren. In time you shall come to the truth. Many, many companies, especially the big ones that haven't modernized to the threats of 2017 and beyond, still live in the old days. In the old days the role of CISO was a joke and something you needed to check that compliance checkbox or put forth a "good faith" effort of this or that. Those old school companies get someone who knows someone, probably the CEO's old piano teacher in this case, and throws her a bone because she's the CFO's golf buddy's wife who doesnt want to retire yet but doesn't want a job where she has to do much, either. I see this all the time. Totally inappropriate person for the security position who is there just because someone needs to be and they're the quickest, easiest, and best pushover for the job.

    Disclaimer - I have no idea who the CISO of equifax is, if that person indicated above is even real, etc. Just generally stating what i've seen across many, many large global companies...
    I love this post.

  13. Senior Member
    Join Date
    May 2016
    Posts
    1,647
    #12
    Originally Posted by slinuxuzer
    143 Million records exposed - 300 million people in the US and not all of them have applied for credit, so virtually, almost everyone who has ever filled out a credit application was exposed. WOW! Something at this level can't be attributed to any one person, but is more than likely the product of poor leadership across the board. Sadly, in my experience a lot of the break downs occur at the engineering level, team building just isn't something that happens magically.
    Does she fall on the sword or does she live to see another day.

  14. Senior Member
    Join Date
    Nov 2012
    Location
    Denver, CO
    Posts
    1,281

    Certifications
    CompTIA A+, Network+, Security+, Server+, Linux+ and CSA+; MCSA: Windows 7, ITIL Foundations
    #13
    equifax.jpg

    I love that the person whose picture is above hers looks like he is shaking his head wondering how it all happened...
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me

  15. Senior Member
    Join Date
    Apr 2016
    Location
    DC
    Posts
    353

    Certifications
    CISSP CEH CCNP Security
    #14
    Originally Posted by DatabaseHead
    Does she fall on the sword or does she live to see another day.
    I think she has to be gone, one way or the other.
    To the OP's point, I've met plenty of smart IT people without certs or CS degrees. It doesn't take a few college courses to be good at what you do.

  16. Senior Member
    Join Date
    Sep 2016
    Location
    AR
    Posts
    426

    Certifications
    A+, Network+, i-Net+, Server+, Security+, MCP 70-210, Novell CNA 5.0
    #15
    Originally Posted by daneil3144
    Attachment 8646

    you decide?
    dammit dammit SOB!

    https://www.youtube.com/watch?v=fTWvEgb3Egw
    2017 -> Chillaxing & (reading C|EH - Matt Walker)
    2018 -> CCNA CyberOps (July Cohort)

  17. Senior Member
    Join Date
    May 2016
    Posts
    1,647
    #16
    Originally Posted by stryder144
    Attachment 8647

    I love that the person whose picture is above hers looks like he is shaking his head wondering how it all happened...
    Well played!

  18. Senior Member
    Join Date
    May 2016
    Posts
    1,647
    #17
    Originally Posted by mbarrett
    I think she has to be gone, one way or the other.
    To the OP's point, I've met plenty of smart IT people without certs or CS degrees. It doesn't take a few college courses to be good at what you do.
    I don't think it's too much to ask to require your chief security officer to have some formalized education in their specific field. You wouldn't want a cardiologist with a hospitality degree working on your heart, even if they went and received their masters......

  19. Senior Member
    Join Date
    Sep 2016
    Location
    AR
    Posts
    426

    Certifications
    A+, Network+, i-Net+, Server+, Security+, MCP 70-210, Novell CNA 5.0
    #18
    2017 -> Chillaxing & (reading C|EH - Matt Walker)
    2018 -> CCNA CyberOps (July Cohort)

  20. Senior Member
    Join Date
    Mar 2017
    Location
    Hampton, VA
    Posts
    314
    #19
    Originally Posted by shochan
    Its variable by state. The limit is whatever small claims limit applies in your state.

  21. Senior Member
    Join Date
    May 2007
    Location
    Chicago, IL
    Posts
    5,818

    Certifications
    GCFE, GCED, GCIH, CISSP, CCSP, and others that should never be mentioned
    #20
    This story is making the Target breach look like child's play.

    Up until a few days ago they were pulling this:
    OMG, Equifax security freeze PINs are worse than I thought. If you froze your credit today 2:15pm ET for example, you'd get PIN 0908171415. Verified PIN format w/ several people who froze today. And I got my PIN in 2007—same exact format. Equifax has been doing this for A DECADE.
    It's fixed now and they are allegedly providing "random" PINs, but clearly indicative of of a massive lack of common Infosec sense.

  22. Senior Member
    Join Date
    Jul 2011
    Location
    Vancouver, WA
    Posts
    159

    Certifications
    My puny list of certifications made me feel inadequate so now you have to guess :-)
    #21
    SANS Data Breach Summit and Training - https://www.sans.org/event/data-breach-summit-2017 - maybe we should all chip in and buy a couple seats for Equifax #justsaying

  23. Senior Member
    Join Date
    Mar 2011
    Location
    Chicago
    Posts
    1,315

    Certifications
    CISSP-ISSAP, HCISPP GPEN, GSEC, GSNA, GCIH, E|CH, ECSA, Security+
    #22
    I learned that much of my time pounding silly technical details, and endless number of reasonably difficult exams an MBA and a multi-discipline undergraduate consisting of Computer Science, Mathematics ("minor" with 46 full semester hours and psychology major) could easily be usurped simply going the music path straight to a Fortune 500 CSO position!

    Also enjoy all those "professional" titles in the background. Now, if that doesn't lend some credibility to the career cover up I don't know what does!

    Music school here I come!

    - b/eads

  24. Senior Member
    Join Date
    May 2007
    Location
    Chicago, IL
    Posts
    5,818

    Certifications
    GCFE, GCED, GCIH, CISSP, CCSP, and others that should never be mentioned
    #23
    In her defense, the degree does hold a lot of value. After all she will now have to face the music. Ba dum tsssss!

  25. Cyber Donkey
    Join Date
    Jul 2003
    Location
    East Texas
    Posts
    617

    Certifications
    VCDX:NV - A+ Net+ Sec+ MCSA08 CISSP CCNA B.S. IT/WGU
    #24
    I don't think she is the one to focus on here, she has an honest resume and profile out there, the CEO is the one at fault.

  26. Senior Member
    Join Date
    Mar 2017
    Location
    Hampton, VA
    Posts
    314
    #25
    Originally Posted by slinuxuzer
    I don't think she is the one to focus on here, she has an honest resume and profile out there, the CEO is the one at fault.
    I think we will find quite a few people at fault. Mistakes at this scale are rarely the fault of one person. I am interested to hear the results of conversations with the auditors. There are quite a few PCI/DSS red flags alone.


Social Networking & Bookmarks

best-it-exam-    | for-our-work-    | hottst-on-sale-    | it-sale-    | tast-dumps-us-    | test-king-number-    | pass-do-it-    | just-do-it-    | pass-with-us-    | passresults-everything-    | passtutor-our-dumps-    | realtests-us-exam-    | latest-update-source-for-    | cbtnuggets-sale-exam    | experts-revised-exam    | certguide-sale-exam    | test4actual-sale-exam    | get-well-prepared-    | certkiller-sale-exam    | buy-discount-dumps    | how-to-get-prepared-for-the    | in-an-easy-way    | brain-dumps-sale    | with-pass-exam-guarantee    | accurate-study-material    | at-first-try    | 100%-successful-rate    | get-certification-easily    | material-provider-exam    | real-exam-practice    | with-pass-score-guarantee    | certification-material-provider    | for-certification-professionals    | get-your-certification-successfully    | 100%-Pass-Rate    | in-pdf-file    | practice-exam-for    | it-study-guides    | study-material-sku    | study-guide-pdf    | prep-guide-demo    | certification-material-id    | actual-tests-demo    | brain-demos-test    | best-pdf-download    | our-certification-material    | best-practice-test    | leading-provider-on    | this-course-is-about    | the-most-reliable    | high-pass-rate-of    | money-back-guarantee    | high-pass-rate-demo    | recenty-updated-key    | only-for-students-free-download    | courseware-plus-kit-for    | accurate-answers-of    | the-most-reliable-id    | provide-training-for    | welcome-to-buy    | material-for-success-pass    | provide-free-support    | best-book-for-pass    | accuracy-of-the-answers    | pass-guarantee-id    |
http://forensics.sch.ac.kr/    | http://forensics.sch.ac.kr/    |