In general it would not be, now that the personal data of 100+ millions of people have been stolen from these clowns, it seems relevant.
Leadership sets the priorities, and expectations. They get paid disproportionately more than other employees and I think they should be scrutinized and bear responsibility correspondingly.
But I have no doubt they probably found someone lower in the ranks as a scapegoat.
"Joe was in charge of patches. And we are all equally disturbed and horrified by his behavior. But we've reached out to him and let him go. Now give us more of your personal information so you can get free credit monitoring for 6 months [+]. -Sincerely and with deeper regrets, the Executive Team [++]"
[+] (fine print) then charged as $49.99 a month until cancelled. To cancel please visit one of the 3 Equifax location in person on the first Wednesday of the month. Accepting
[++] (even finer print) by accepting the free credit monitoring you agree to binding arbitration and forfeit your rights to participate in a class action suit against Equifax and its subsidiaries.
I'm not saying we shouldn't have serious questions about his competence after this breach. Rather, my point is that we should be questioning his competence (and that of the rest of the executive team's) due to this breach, not his credentials.
If he had a CS degree, that wouldn't make him any less responsible for this massive data leak.
Usually, the larger the company, the deeper processes go, shielding it from individual incompetence (so the company can hire for easy to measure attributes, like compensation, and protect itself from difficult metrics, like technical competence). Unfortunately, processes also prevent individual competence to have a noticeable impact on the company.
If I got the story right, this bug was present for the last 9 years and patched upstream a couple days before the leak. Some measures could have prevented its exploitation or reduced its impact, like throttling by IP, one-time session keys and so on - and should be in place for any serious application - but it's entirely possible they had fixed schedule for patches and mis-evaluated this flaw as non-critical.
A LOT of companies carry obsolete dependencies for a long time.
Leadership sets the priorities, and expectations. They get paid disproportionately more than other employees and I think they should be scrutinized and bear responsibility correspondingly.
But I have no doubt they probably found someone lower in the ranks as a scapegoat.
"Joe was in charge of patches. And we are all equally disturbed and horrified by his behavior. But we've reached out to him and let him go. Now give us more of your personal information so you can get free credit monitoring for 6 months [+]. -Sincerely and with deeper regrets, the Executive Team [++]"
[+] (fine print) then charged as $49.99 a month until cancelled. To cancel please visit one of the 3 Equifax location in person on the first Wednesday of the month. Accepting
[++] (even finer print) by accepting the free credit monitoring you agree to binding arbitration and forfeit your rights to participate in a class action suit against Equifax and its subsidiaries.