October 11, 2017 at 9:04 pm
Comments posted to this topic are about the item The Blame Game
October 12, 2017 at 6:17 am
This is a failure in management, C-level and the board. Period. If the CTO of one of the most "important" data driven companies has two music composition degrees and no technical/data/security chops, the board are zenith level idiots.
October 12, 2017 at 7:27 am
... This is the first time I've seen an IT employee blamed. BA said an IT systems failurean IT systems failure with their major issues. Yahoo and Target were hacked, but no one in IT was blamed. Sony didn't blame their IT staff after their emails and films were released. Yet Equifax did. I hope this isn't a sign of things to come. ...
If IT staffer is publicly named, he or she may choose to sit with the media and provide their own set of additional details that don't reflect well on Equifax corporate. For example, there are (or should be) more layers of technology and controls between an external hacker and a database than just a web server. Even with a faulty Apache build and a poorly designed website, there is no reason for a hacker to dump millions of records from the database. It suggests a poorly implemented, managed, and supervised data architecture for a corporation whose business model is built upon data and public trust. I think it's in the best interests of Equifax to handle the matter between themselves and the employee privately and reasonably.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
October 12, 2017 at 8:33 am
In my experience "blame" culture is a top down thing. In one company I worked for when I started the MD (when did MDs and chairmen become CEOs?) had worked his way up over decades as a hardware engineer and then a sales support engineer. If an issue was raised to him he would come and ask "How can we fix this?". No blame at all - he would only ever ball out someone if they had been a total idiot. If you went beyond the call of duty he could be quite generous with bonuses! When he was replaced we got an MD that had worked his way up by blaming and back-stabbing others. His view of a bonus was "You still have a job". Turnover went up as profitability went down and after two more MDs the company failed (I had left by then). Another company I worked for had this through and through and at one stage I got blamed because a client supplied incorrect information when there was no way I could have spotted this!
I am within 20 miles of Luton Airport and after the collapse of Monarch am watching things at Ryanair to see if the CEO accepts the blame for the thousands of flight cancellations (the business model is appalling IMHO) or tries to blame IT, HR or someone else?*!
October 12, 2017 at 8:49 am
OK, two more separate screw-ups have occurred after the data breach. I'm beginning to lose faith in the IT guy over at Equifax.
Someone Made a Fake Equifax Site. Then Equifax Linked to It.
https://www.nytimes.com/2017/09/20/business/equifax-fake-website.html
Equifax website hacked again, this time to redirect to fake Flash update
https://arstechnica.com/information-technology/2017/10/equifax-website-hacked-again-this-time-to-redirect-to-fake-flash-update/
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
October 12, 2017 at 8:50 am
chrisn-585491 - Thursday, October 12, 2017 6:17 AMIf the CTO of one of the most "important" data driven companies has two music composition degrees and no technical/data/security chops...
I dislike this statement. A huge number of people in this industry do not have technical degrees, and are still quite cable. The CSO, not CTO, had a music degree. She worked at two banks and HP before Equifax. Implying or insinuating she didn't have technical skills isn't fair or appropriate. It makes a nice headline for media, but has no basis or grounding without additional research. Please don't speculate unless there is evidence.
October 12, 2017 at 9:33 am
Eric M Russell - Thursday, October 12, 2017 7:27 AM[/b]
Would like to think so, but many people might not like/want the attention. Not to mention plenty of people would be reluctant to hire this person in their company if they disclose this. It's a lose-lose for them.
Plus, they might not know what controls exist, or which are lacking. Hard to be sure you want to stick your neck out here.
October 12, 2017 at 9:34 am
Eric M Russell - Thursday, October 12, 2017 8:49 AMOK, two more separate screw-ups have occurred after the data breach. I'm beginning to lose faith in the IT guy over at Equifax.Someone Made a Fake Equifax Site. Then Equifax Linked to It.
https://www.nytimes.com/2017/09/20/business/equifax-fake-website.htmlEquifax website hacked again, this time to redirect to fake Flash update
https://arstechnica.com/information-technology/2017/10/equifax-website-hacked-again-this-time-to-redirect-to-fake-flash-update/
It's the whole culture and setup. They're a mess.
October 12, 2017 at 10:57 am
Steve Jones - SSC Editor - Thursday, October 12, 2017 9:33 AMEric M Russell wrote:Eric M Russell - Thursday, October 12, 2017 7:27 AM[/b]
If IT staffer is publicly named, he or she may choose to sit with the media and provide their own set of additional details that don't reflect well on Equifax corporate.
Would like to think so, but many people might not like/want the attention. Not to mention plenty of people would be reluctant to hire this person in their company if they disclose this. It's a lose-lose for them.
Plus, they might not know what controls exist, or which are lacking. Hard to be sure you want to stick your neck out here.
I don't think a preemptive strike on the part of the IT guy would be a smart decision. However, if his employer does ultimately set him up as the fall guy, and his name then gets into the news that way, then he has nothing to lose by counter punching. He may want to communicate through an attorney that he wishes simply to make a clean break from the company quietly, and no one would gain from playing the blame game... least of all Equifax.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
October 12, 2017 at 11:12 am
Steve Jones - SSC Editor - Thursday, October 12, 2017 8:50 AMchrisn-585491 - Thursday, October 12, 2017 6:17 AMIf the CTO of one of the most "important" data driven companies has two music composition degrees and no technical/data/security chops...I dislike this statement. A huge number of people in this industry do not have technical degrees, and are still quite cable. The CSO, not CTO, had a music degree. She worked at two banks and HP before Equifax. Implying or insinuating she didn't have technical skills isn't fair or appropriate. It makes a nice headline for media, but has no basis or grounding without additional research. Please don't speculate unless there is evidence.
Maybe she should work at NASA or Boeing then... I hear John Scully did well at Apple since selling soft drinks and computers are just interchangeable "widgets".
The point is that there's a whole set of business/security requirements and best practices that a CTO/CSO should known and have their reports follow, especially one that holds the sensitive level of data that the big three reporting agencies do. And if she did work at banks, she should know better.
This is the same issue as Volkswagen, except it's neglect/ignorance instead of malfeasance.
October 12, 2017 at 12:10 pm
I'm not defending her, or Equifax. They failed in many ways.
I'm saying that pointing out a person's degree as any evidence of failure is improper.
October 12, 2017 at 3:05 pm
Steve Jones - SSC Editor - Thursday, October 12, 2017 12:10 PMI'm not defending her, or Equifax. They failed in many ways.I'm saying that pointing out a person's degree as any evidence of failure is improper.
It's interesting to note that her counterparts at the other two agencies have IT/CS backgrounds.
I'm thinking that if I'm the CSO/CTO of a top critical data company, I have some serious domain knowledge other than hanging out with the MBAs and a few management notches on the resume. The reason I feel this way, is that I've seen too many "business" types drive a technical company into the ground by going through the management motions without understanding the tech. Hundreds of companies over the decades. (Not that tech people can't mismanage tech companies as well...)
I don't want rent-a-cops guarding valuable hordes of personal data, I want serious cyber warrior types.
October 12, 2017 at 8:05 pm
chrisn-585491 - Thursday, October 12, 2017 3:05 PMSteve Jones - SSC Editor - Thursday, October 12, 2017 12:10 PMI'm not defending her, or Equifax. They failed in many ways.I'm saying that pointing out a person's degree as any evidence of failure is improper.
It's interesting to note that her counterparts at the other two agencies have IT/CS backgrounds.
I'm thinking that if I'm the CSO/CTO of a top critical data company, I have some serious domain knowledge other than hanging out with the MBAs and a few management notches on the resume. The reason I feel this way, is that I've seen too many "business" types drive a technical company into the ground by going through the management motions without understanding the tech. Hundreds of companies over the decades. (Not that tech people can't mismanage tech companies as well...)
I don't want rent-a-cops guarding valuable hordes of personal data, I want serious cyber warrior types.
I don't think Steve is giving anyone a pass on knowing what they need to in order to be competent. A lot of people who are competent in IT didn't start out in IT or have the actual degree: they learned it on the job etc. More of a "don't throw the baby out with the bath" simply because of her undergrad degree.
----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
October 13, 2017 at 7:03 am
chrisn-585491 - Thursday, October 12, 2017 3:05 PMSteve Jones - SSC Editor - Thursday, October 12, 2017 12:10 PMI'm not defending her, or Equifax. They failed in many ways.I'm saying that pointing out a person's degree as any evidence of failure is improper.
It's interesting to note that her counterparts at the other two agencies have IT/CS backgrounds.
I'm thinking that if I'm the CSO/CTO of a top critical data company, I have some serious domain knowledge other than hanging out with the MBAs and a few management notches on the resume. The reason I feel this way, is that I've seen too many "business" types drive a technical company into the ground by going through the management motions without understanding the tech. Hundreds of companies over the decades. (Not that tech people can't mismanage tech companies as well...)
I don't want rent-a-cops guarding valuable hordes of personal data, I want serious cyber warrior types.
That's not really anything to do with those "business" types not understanding technology. It's more to do with those examples not knowing how to build and manage their own departments to where they DO understand where to go. This is pretty much universal across any team let alone IT because when you get to that level, you're almost always relying on the management team you hired for your department who are those serious domain knowledge people. If you can't do that effectively, then it doesn't matter if you have domain knowledge or not because domain knowledge is useless if you don't have the intel from your management team who is on the ground with the people doing the actual work with them.
October 13, 2017 at 8:21 am
I wasn't aware of the fact that the former CEO of Equifax classed the data breach on a hardware failure and someone in IT. You're right Steve, this is a potentially disturbing development. Other companies that have a data breach, may point the finger to someone in IT. I'm sure that to a degree, whoever the IT person is they are partially responsible. But I don't think it's all their fault.
Kindest Regards, Rod Connect with me on LinkedIn.
Viewing 15 posts - 1 through 15 (of 23 total)
You must be logged in to reply to this topic. Login to reply