Yesterday, it was announced that the Chief Information Security Officer of Equifax, Susan Mauldin, had retired (http://www.msn.com/en-us/money/companies/key-equifax-executives-departing-after-huge-data-breach/ar-AArZrIF).

This is the person who was responsible for the security of 143M American’s financial records. And this doesn’t even count the number of British and Canadian records that were compromised.
And, 2 months after the security breach was discovered she was allowed to retire.

If Equifax really cared about the damage she, and her greoup, has done they would have fired her, with cause, back in July or early August.

And this doesn’t even take into consideration her questionable background.

What does it look like when she has BA and MFA degrees in Music Composition from the University of Georgia? I’m not saying that she might not be a genius. She might even have the capacity to become an expert on computer security and manage the sensitive financial security needs of most of the people in the U.S. However, as a public company with so much at stake, couldn’t Equifax have hired someone who has done nothing but live and breathe security for their entire career and has a Computer Science background?

In addition, someone is doing a pretty good job of scrubbing the web of her background. First, her Linkedin profile was renamed and changed, now it has disappeared completely. Below is what it was before getting deleted.

Mauldin Linkedin Profile

Why does it list her titles as merely ‘Professional’? What is she trying to hide?

You can’t find anywhere on the web what she did immediately after earning that MFA in Music Composition. In particular, what did she do to be able to earn the position of Senior Director of Information Security, Audit and Compliance for Hewlett-Packard’s outsourcing practice from 2002 to 2007 which seems to be the springboard into the eventual position of CISO at Equifax? What was she Group Vice President for at Sun Trust Banks? Her background has been very carefully crafted and sanitized. Think about that. Most people want you to know what their background and experience are. ITtappears that she doesn’t want you to know.

This breach is going to cause irreparable financial harm to millions of people and the economy, caused by someone who may not have been qualified to be in her job.

Let’s hope this is a wake-up call to the government and financial industry to fundamentally change the system and develop something more secure with tighter security and restrictions on what information companies can retain and store.

In the meantime, Equifax needs to go the same path as Enron – into oblivion. If not merely for the fact that their lax security will result in most people in the US worrying about their credit and finances for a long time to come, but also for the fact that they allowed her to gently retire instead of rapidly firing her for cause.

Fractional or Part-time CTO

July 15th, 2017

Another alternative for a startup might be a fractional or part-time CTO. I’ve previously talked about the spectrum of scenarios surrounding whether you need or don’t need a CTO. Running parallel to that spectrum is the scenario of utilizing the services of a Fractional or Part-time CTO. My previous posts have dealt with the need for a CTO from purely a technical and product perspective. However, another consideration is chemistry.

If you consider that bringing on co-founders is similar to a marriage then you should only want to bring on people that you’ve previously worked with. If you don’t have anyone that you know, then finding a true co-founder is a bit risky.

While not complete, here are some of the advantages and disadvantages of a fractional or part-time CTO:

Advantages:
• As I previously discussed, your startup may not need the full-time services of a CTO. Going the part-time route will save you money on paying full-time for part-time effort.
• If the person doesn’t fit with your organization the “break-up” cost will probably be less.
• You may be able to scale-up or scale-down how much time the fractional CTO spends with your organization based on need.

Disadvantages:
• Plenty of people believe that you need to have a CTO who is fully engaged, involved and has skin in the game.

In the end, the decision will come down to a combination of factors including need, funding available and your comfort level with the individual person and the role.

While a part-time or fractional CTO may not work for every organization, it is certainly a very viable option for many.

Over the past several posts I’ve talked about the technical roles you might need to fill in your startup along with some of the factors you need to take into consideration, but I’ve only briefly touched on answering the key question of whether you need a CTO.

Let me start by looking at the two easy cases.

You probably don’t need to hire a CTO if you have a very simple app for which you are not planning on adding new features and functionality. In this case you can hire a firm, on a project basis, to develop and roll-out the app.

At the other extreme, you do need to hire a CTO if your application is complex, has cutting edge technology, is an MVP with substantial plans for improvements and enhancements, requires a sophisticated hardware architecture to support it, will require a product evangelist and/or you have substantial investment capital.

That leaves us with the large, and more complex, middle ground. I’ll break this up too since the skill sets you need at the inception of product design and development are most likely going to be different than the skills you will need later on.

I think that when you are creating a product you need someone with an immense amount of technical experience, particularly in creating products and architecting for the future, a visionary, a great project manager and someone who has the credibility to scope and make the tough calls on features and functionality in the initial release – all wrapped up into one. This really means you’re looking for someone who has led product development at a startup before. And, you’re certainly looking for someone who has more experience than a developer. Technical decisions made at this stage of a startup can have tremendous cost and timeline implications, even years into the future. You want to give your concept the best chance of success at the same time you want to conserve what are most likely limited investment funds. You also want someone who can identify and bring on the right people, when they are needed, to fill the technical roles that I previously discussed. Therefore, I think that you need someone with previous experience at a startup to fill the CTO role during product conceptualization, development and rollout.

However, after an initial product has been developed, there are certainly scenarios where you may only need a developer and/or someone to monitor and administer your application and not need the services of a CTO. For example, you launched a great product with a solid infrastructure. Your organization is now into the sales and marketing phase and acquiring customers. Depending on the complexity of your product, you may not need a CTO for a period of time. Minor functionality additions or bug fixes can be handled by a developer. This can save you money, especially if the sales cycle turns out to be longer than expected. At some point you may need the services of a CTO again to handle growth and new functionality, but you may be able to save on this expense for a period of time. Several other options in this scenario are part-time or fractional CTOs that I will discuss in future posts.

To conclude this series of posts, there are multiple considerations to take into account on whether you need a CTO, and multiple technical roles that need to be filled in a tech startup. In some instances it is clear that you will need a CTO to start, others where you don’t need a CTO and then a big gray area where you may or may not, but also may for a time and then not. If you do need a CTO, make sure you look for one with the experience and expertise to get your product to market efficiently and effectively, especially in what is likely to be a resource constrained environment.

In follow-up posts I’ll talk about part-time and fractional CTOs.