I'm not defending her, or Equifax. They failed in many ways.
I'm saying that pointing out a person's degree as any evidence of failure is improper.
It's interesting to note that her counterparts at the other two agencies have IT/CS backgrounds.
I'm thinking that if I'm the CSO/CTO of a top critical data company, I have some serious domain knowledge other than hanging out with the MBAs and a few management notches on the resume. The reason I feel this way, is that I've seen too many "business" types drive a technical company into the ground by going through the management motions without understanding the tech. Hundreds of companies over the decades. (Not that tech people can't mismanage tech companies as well...)
I don't want rent-a-cops guarding valuable hordes of personal data, I want serious cyber warrior types.
That's not really anything to do with those "business" types not understanding technology. It's more to do with those examples not knowing how to build and manage their own departments to where they DO understand where to go. This is pretty much universal across any team let alone IT because when you get to that level, you're almost always relying on the management team you hired for your department who are those serious domain knowledge people. If you can't do that effectively, then it doesn't matter if you have domain knowledge or not because domain knowledge is useless if you don't have the intel from your management team who is on the ground with the people doing the actual work with them.