Ask HN: Would you work for Equifax (or the likes?)
The Equifax hack(s) have resulted in impassioned discussions on security, patching and due diligence in general. Many CISOs and security stalwarts have had a lot to say on the matter and yet we don't see any security leaders actually wanting to work at companies like Equifax.
So I am curious to learn what would it take for the security champions to be enticed into working for Equifax et al.
5 comments
[ 4.0 ms ] story [ 24.6 ms ] threadWith that said, most technical people don't want to be politicians.
Equifax failed at security because Equifax's leadership doesn't care. They will only be convinced by seeing revenue drop or incurring larger penalties from the government. Revenue will not drop because the affected people are not paying customers. Penalties will not increase because the current political climate is "All regulations are bad" when it should be "Bad regulations are bad; Good regulations are good."
The problem at a lot of businesses is security has no tangible ROI. You're not going to make a million bucks because you implemented a new SIEM.
The value of security is hidden. It prevents you from having loss. It's hard to quantify the value when your job is, essentially, preventing bad things from happening.
But it would be beyond ironic if such an institution, selling a sense of security as their main product, could not see the value in protecting the security of their own assets.
It would be also sad that in a myopic attempt to squeeze every single penny in profit, such a company would underpay the very people who run the machinery it is built on.