SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


The Blame Game


The Blame Game

Author
Message
Steve Jones
Steve Jones
SSC Guru
SSC Guru (249K reputation)SSC Guru (249K reputation)SSC Guru (249K reputation)SSC Guru (249K reputation)SSC Guru (249K reputation)SSC Guru (249K reputation)SSC Guru (249K reputation)SSC Guru (249K reputation)

Group: Administrators
Points: 249277 Visits: 19809
Comments posted to this topic are about the item The Blame Game

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
chrisn-585491
chrisn-585491
SSCertifiable
SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)

Group: General Forum Members
Points: 5932 Visits: 2649
This is a failure in management, C-level and the board. Period. If the CTO of one of the most "important" data driven companies has two music composition degrees and no technical/data/security chops, the board are zenith level idiots.
Eric M Russell
Eric M Russell
SSC-Forever
SSC-Forever (48K reputation)SSC-Forever (48K reputation)SSC-Forever (48K reputation)SSC-Forever (48K reputation)SSC-Forever (48K reputation)SSC-Forever (48K reputation)SSC-Forever (48K reputation)SSC-Forever (48K reputation)

Group: General Forum Members
Points: 48358 Visits: 12286
... This is the first time I've seen an IT employee blamed. BA said an IT systems failurean IT systems failure with their major issues. Yahoo and Target were hacked, but no one in IT was blamed. Sony didn't blame their IT staff after their emails and films were released. Yet Equifax did. I hope this isn't a sign of things to come. ...


If IT staffer is publicly named, he or she may choose to sit with the media and provide their own set of additional details that don't reflect well on Equifax corporate. For example, there are (or should be) more layers of technology and controls between an external hacker and a database than just a web server. Even with a faulty Apache build and a poorly designed website, there is no reason for a hacker to dump millions of records from the database. It suggests a poorly implemented, managed, and supervised data architecture for a corporation whose business model is built upon data and public trust. I think it's in the best interests of Equifax to handle the matter between themselves and the employee privately and reasonably.



"The universe is complicated and for the most part beyond your control, but your life is only as complicated as you choose it to be."
mjh 45389
mjh 45389
SSCrazy
SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)

Group: General Forum Members
Points: 2320 Visits: 1791
In my experience "blame" culture is a top down thing. In one company I worked for when I started the MD (when did MDs and chairmen become CEOs?) had worked his way up over decades as a hardware engineer and then a sales support engineer. If an issue was raised to him he would come and ask "How can we fix this?". No blame at all - he would only ever ball out someone if they had been a total idiot. If you went beyond the call of duty he could be quite generous with bonuses! When he was replaced we got an MD that had worked his way up by blaming and back-stabbing others. His view of a bonus was "You still have a job". Turnover went up as profitability went down and after two more MDs the company failed (I had left by then). Another company I worked for had this through and through and at one stage I got blamed because a client supplied incorrect information when there was no way I could have spotted this!

I am within 20 miles of Luton Airport and after the collapse of Monarch am watching things at Ryanair to see if the CEO accepts the blame for the thousands of flight cancellations (the business model is appalling IMHO) or tries to blame IT, HR or someone else?*!
Eric M Russell
Eric M Russell
SSC-Forever
SSC-Forever (48K reputation)SSC-Forever (48K reputation)SSC-Forever (48K reputation)SSC-Forever (48K reputation)SSC-Forever (48K reputation)SSC-Forever (48K reputation)SSC-Forever (48K reputation)SSC-Forever (48K reputation)

Group: General Forum Members
Points: 48358 Visits: 12286
OK, two more separate screw-ups have occurred after the data breach. I'm beginning to lose faith in the IT guy over at Equifax.

Someone Made a Fake Equifax Site. Then Equifax Linked to It.
https://www.nytimes.com/2017/09/20/business/equifax-fake-website.html

Equifax website hacked again, this time to redirect to fake Flash update
https://arstechnica.com/information-technology/2017/10/equifax-website-hacked-again-this-time-to-redirect-to-fake-flash-update/


"The universe is complicated and for the most part beyond your control, but your life is only as complicated as you choose it to be."
Steve Jones
Steve Jones
SSC Guru
SSC Guru (249K reputation)SSC Guru (249K reputation)SSC Guru (249K reputation)SSC Guru (249K reputation)SSC Guru (249K reputation)SSC Guru (249K reputation)SSC Guru (249K reputation)SSC Guru (249K reputation)

Group: Administrators
Points: 249277 Visits: 19809
chrisn-585491 - Thursday, October 12, 2017 6:17 AM
If the CTO of one of the most "important" data driven companies has two music composition degrees and no technical/data/security chops...

I dislike this statement. A huge number of people in this industry do not have technical degrees, and are still quite cable. The CSO, not CTO, had a music degree. She worked at two banks and HP before Equifax. Implying or insinuating she didn't have technical skills isn't fair or appropriate. It makes a nice headline for media, but has no basis or grounding without additional research. Please don't speculate unless there is evidence.


Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Steve Jones
Steve Jones
SSC Guru
SSC Guru (249K reputation)SSC Guru (249K reputation)SSC Guru (249K reputation)SSC Guru (249K reputation)SSC Guru (249K reputation)SSC Guru (249K reputation)SSC Guru (249K reputation)SSC Guru (249K reputation)

Group: Administrators
Points: 249277 Visits: 19809
[quote
Eric M Russell - Thursday, October 12, 2017 7:27 AM

If IT staffer is publicly named, he or she may choose to sit with the media and provide their own set of additional details that don't reflect well on Equifax corporate.
[/quote]

Would like to think so, but many people might not like/want the attention. Not to mention plenty of people would be reluctant to hire this person in their company if they disclose this. It's a lose-lose for them.
Plus, they might not know what controls exist, or which are lacking. Hard to be sure you want to stick your neck out here.


Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Steve Jones
Steve Jones
SSC Guru
SSC Guru (249K reputation)SSC Guru (249K reputation)SSC Guru (249K reputation)SSC Guru (249K reputation)SSC Guru (249K reputation)SSC Guru (249K reputation)SSC Guru (249K reputation)SSC Guru (249K reputation)

Group: Administrators
Points: 249277 Visits: 19809
Eric M Russell - Thursday, October 12, 2017 8:49 AM
OK, two more separate screw-ups have occurred after the data breach. I'm beginning to lose faith in the IT guy over at Equifax.

Someone Made a Fake Equifax Site. Then Equifax Linked to It.
https://www.nytimes.com/2017/09/20/business/equifax-fake-website.html

Equifax website hacked again, this time to redirect to fake Flash update
https://arstechnica.com/information-technology/2017/10/equifax-website-hacked-again-this-time-to-redirect-to-fake-flash-update/


It's the whole culture and setup. They're a mess.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Eric M Russell
Eric M Russell
SSC-Forever
SSC-Forever (48K reputation)SSC-Forever (48K reputation)SSC-Forever (48K reputation)SSC-Forever (48K reputation)SSC-Forever (48K reputation)SSC-Forever (48K reputation)SSC-Forever (48K reputation)SSC-Forever (48K reputation)

Group: General Forum Members
Points: 48358 Visits: 12286
Steve Jones - SSC Editor - Thursday, October 12, 2017 9:33 AM
[quote
Eric M Russell - Thursday, October 12, 2017 7:27 AM

If IT staffer is publicly named, he or she may choose to sit with the media and provide their own set of additional details that don't reflect well on Equifax corporate.

Would like to think so, but many people might not like/want the attention. Not to mention plenty of people would be reluctant to hire this person in their company if they disclose this. It's a lose-lose for them.
Plus, they might not know what controls exist, or which are lacking. Hard to be sure you want to stick your neck out here.
[/quote]

I don't think a preemptive strike on the part of the IT guy would be a smart decision. However, if his employer does ultimately set him up as the fall guy, and his name then gets into the news that way, then he has nothing to lose by counter punching. He may want to communicate through an attorney that he wishes simply to make a clean break from the company quietly, and no one would gain from playing the blame game... least of all Equifax.



"The universe is complicated and for the most part beyond your control, but your life is only as complicated as you choose it to be."
chrisn-585491
chrisn-585491
SSCertifiable
SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)

Group: General Forum Members
Points: 5932 Visits: 2649
Steve Jones - SSC Editor - Thursday, October 12, 2017 8:50 AM
chrisn-585491 - Thursday, October 12, 2017 6:17 AM
If the CTO of one of the most "important" data driven companies has two music composition degrees and no technical/data/security chops...

I dislike this statement. A huge number of people in this industry do not have technical degrees, and are still quite cable. The CSO, not CTO, had a music degree. She worked at two banks and HP before Equifax. Implying or insinuating she didn't have technical skills isn't fair or appropriate. It makes a nice headline for media, but has no basis or grounding without additional research. Please don't speculate unless there is evidence.

Maybe she should work at NASA or Boeing then... I hear John Scully did well at Apple since selling soft drinks and computers are just interchangeable "widgets".

The point is that there's a whole set of business/security requirements and best practices that a CTO/CSO should known and have their reports follow, especially one that holds the sensitive level of data that the big three reporting agencies do. And if she did work at banks, she should know better.

This is the same issue as Volkswagen, except it's neglect/ignorance instead of malfeasance.

Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum







































































































































































SQLServerCentral


Search