![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Entry tags:
More Equifax joy: their Corporate Security Officer was a Music Major. Also, scammers abound.
and apparently did not have an IT background. Her LinkedIn profile has been deleted, and apparently an effort is being made to purge her from the internet. It won't be entirely successful, but it'll slow information retrieval down. The article mentions that she spent 14 years in industry, we don't know in what industry, which means she could have picked up a fair amount of IT knowledge, but not as much as if she'd studied IT and gotten a degree and a CISSP cert.
http://www.marketwatch.com/story/equifax-ceo-hired-a-music-major-as-the-companys-chief-security-officer-2017-09-15
https://it.slashdot.org/story/17/09/16/0244211/equifax-cso-retires-known-bug-was-left-unpatched-for-nearly-five-months
Also, scammers are calling people at random, claiming to be Equifax, wanting to verify your information. Obviously Equifax has better things to do right now than call you. Just hang up, don't give them your name or the time of day.
https://arstechnica.com/tech-policy/2017/09/ftc-opens-equifax-investigation-says-beware-of-equifax-calling-scams/
ETA:Apparently the Internet Archive Wayback Machine never cached her LinkedIn page, more's the pity. It says it has a page from September 9, but nothing is retrieved when you click on it.
http://www.marketwatch.com/story/equifax-ceo-hired-a-music-major-as-the-companys-chief-security-officer-2017-09-15
https://it.slashdot.org/story/17/09/16/0244211/equifax-cso-retires-known-bug-was-left-unpatched-for-nearly-five-months
Also, scammers are calling people at random, claiming to be Equifax, wanting to verify your information. Obviously Equifax has better things to do right now than call you. Just hang up, don't give them your name or the time of day.
https://arstechnica.com/tech-policy/2017/09/ftc-opens-equifax-investigation-says-beware-of-equifax-calling-scams/
ETA:Apparently the Internet Archive Wayback Machine never cached her LinkedIn page, more's the pity. It says it has a page from September 9, but nothing is retrieved when you click on it.
no subject
no subject
(In a previous department, it was kept in a file called "microforms bequests.")
no subject
I used multiple obfuscation methods for passwords if I had to write them down, such as writing down multiple passwords in a column, etc., and knowing which was the real one. If I need to write down a social security number, I write it down as three 3-digit numbers in a column, then I'll add them up, so it looks like I was doing a math problem. Then shred the paper when I'm done with it.
When I was a sysadmin for the police department, I printed out some passwords and taped them to the bottom of my keyboard. They were really good, strong passwords. I don't know what they went to, but they looked really neat. They didn't unlock any system that I was responsible for. I was always hoping someone would do an audit and find those passwords and pop a gasket, and then I'd get to tell them that they didn't unlock anything.
My personal passwords are based on a formula that I know, and if they belong to someone else, they're in a password vault on my phone. You'd need the phone's combination, you'd need to know where that program is stored on my phone, then you'd need the program's password or my fingerprint to get deeper.
no subject
While I fully agree that degrees and certs are not proof of competence as I am one of the great unwashed and have been making my living in IT since the mid '80s, if you're a CSO of a major international corporation -- I kinda expect more. My understanding was that her LI profile showed no employment in IT roles: if she was working in a different department and fulfilling IT duties and picking up IT knowledge catch as catch can, I don't think that's enough to qualify one as a CSO of something like Equifax. You really need a serious IT and security background to be able to draft a good and effective security policy for that big of a corporation: it is certainly a job that I know I am not qualified for. Equally, I've known people with IT degrees who can't find the Any key on a keyboard. The guy I was working with last week wasn't familiar with configuring consumer WiFi routers, which I found a little odd, but not entirely unreasonable. Now, the guy I worked with who equated digital circuits that terminated in RJ-11 connectors with analog modems -- that's different. You can't hold down the retaining clip of the plug and slide it in and out of the jack without having the communications controller of the mainframe on the other side freak out.