Friday, February 23, 2018

Susan Mauldin: Equifax CISO (Update: “Retired” Effective 9/15)

Susan Mauldin, Equifax

UPDATE: On September 15 (Friday), Russ David Ayres, Senior IT Manager at Equifax, was named to take over Susan Mauldin’s position, at least in the interim.

Susan Mauldin was the Chief Information Security Officer (CISO) at Equifax Inc when the massive data hack occurred.

She has been with Equifax as CSO / CISO since 2013. She was previously Senior Vice President and Chief Security Officer at First Data Corporation, until July 2013. Mauldin was SunTrust Banks’ Group Vice President from 2007 to 2009. It is still unconfirmed whether her stint at SunTrust was in fact overseeing call-center operations.

Equifax Security Officer Education

Mauldin’s education credentials include a bachelor’s degree in music composition (magna cum laude) and a Master of Fine Arts degree in music composition (summa cum laude), both from the University of Georgia.

In March 2016, Equifax CISO Susan Mauldin was interviewed on camera by the CEO of the big-data company Cazena.

UPDATE: The videos featuring parts of an interview with Susan Mauldin, which were embedded on this page, have been taken down as of the afternoon of September 10.

The audio-only version of the interview that was publicly available on Soundcloud has also been scrubbed from the web.

A partial transcript of her remarks during the interview have been archived for posterity by a third party.

UPDATE: On September 15, late Friday evening, jlgaddis was able to provide a link to a copy of one of the videos. And a commenter farther down this page also contributed this copy uploaded to YouTube. It is one of the two known video clips of the Cazena interviews with Susan Mauldin where she talks about the role of a CISO.


Susan Mauldin’s old and current LinkedIn pages in Google search results as of 9/9/2017

Equifax Chief Security Officer
Mauldin’s original LinkedIn page was on this url before it was made completely private: (now a 404 page not found)

The page reappeared a few days after the news of the data hacking broke, with a different url and with the specific detail that her degrees were in Music Composition removed. Her surname Mauldin was also replaced with the initial letter M.

Equifax CISO Linked In
Among the skills touted on her LinkedIn page: Data Center, IT Solutions, PCI DSS, IT Service Management, IT Outsourcing

Susan Mauldin on Equifax
During her employment with First Data Corporation in Atlanta, she was identified with the following titles:
* Senior Vice President, Enterprise Security, Risk and Compliance
* SVP Enterprise Information Security, Risk & Compliance

Her title at Hewlett Packard (HP) appears to have been Senior Director of Information Security and Audit Compliance.

Below is a recent Equifax job ad for a Vice President of Cybersecurity under the Global Chief Security Officer, also known as Chief Information Security Officer.

Equifax Cybersecurity job

According to this job ad, the VP of Cybersecurity will be reporting to the Global CSO / CISO.

David “Dave” Webb is chief information officer for Equifax, where he is responsible for leading a global team of IT professionals in delivering the technology strategy as well as support for the company’s consumer and business solutions. He joined the company in 2010.

Webb earned a bachelor’s degree in Russian from the University of London and a master’s degree in business administration from the J.L. Kellogg Graduate School of Management at Northwestern University.

UPDATE: On September 15, Dave Webb was reportedly replaced by Mark Rohrwasser in his role as Equifax CIO.

More: 2011 video of EFX’s Trey Loughran giving advice to those whose personal data have been hacked

Leave a Reply

15 Comments on "Susan Mauldin: Equifax CISO (Update: “Retired” Effective 9/15)"

newest oldest most voted
Notify of
chuck stein

Incompetence at its best. D Webb and R Smith should be fired immediately.

Joe Blow
Joshua Clement Broyles
Joshua Clement Broyles

Summa Cum Laude and not a note to hear or read online? Golly, that’s not peculiar, is it.


So neither one of them knew a doggone thing about computers or cyber security. A woman with a music degree in charge of cyber security, brilliant.


Reeks of a diversity hire, maybe even a trophy diversity hire.

Diversity is our strength here in progressive corporate America.


Music to first job in tech. Makes perfect sense.

Jean FCP

Here’s an interview on youtube of Susan Mauldin talking about the challenges she faces as CISO.

They let her retire which is nice of them and she is not fully at fault rather all the fat cats around here are more so. They make billions off of our information, but chose not to put almost of all that towards keeping it safe?

Overall socials can no longer be used for private identification. A change needs to happen and it needs to happen now!


So the CISO had a degree in music and the CIO a degree in Russian?


Prime example of “It’s not what you know…It’s who you know!”

Tom Y

First Data has a few leaders with music/arts degrees. Diversity vs qualification?


I don’t think people realize, THIS WAS THE SECOND HACK IN FIVE MONTHS!

Douglas Sweetman

I don’t question the ability of people to move into different areas – I spent an entire career reinventing myself. The amount of time it took Susan to crack the C-Level is interesting given the level of competition I observed in my 20 years of InfoSec experience.