Yesterday, it was announced that the Chief Information Security Officer of Equifax, Susan Mauldin, had retired (

This is the person who was responsible for the security of 143M American’s financial records. And this doesn’t even count the number of British and Canadian records that were compromised.
And, 2 months after the security breach was discovered she was allowed to retire.

If Equifax really cared about the damage she, and her greoup, has done they would have fired her, with cause, back in July or early August.

And this doesn’t even take into consideration her questionable background.

What does it look like when she has BA and MFA degrees in Music Composition from the University of Georgia? I’m not saying that she might not be a genius. She might even have the capacity to become an expert on computer security and manage the sensitive financial security needs of most of the people in the U.S. However, as a public company with so much at stake, couldn’t Equifax have hired someone who has done nothing but live and breathe security for their entire career and has a Computer Science background?

In addition, someone is doing a pretty good job of scrubbing the web of her background. First, her Linkedin profile was renamed and changed, now it has disappeared completely. Below is what it was before getting deleted.

Mauldin Linkedin Profile

Why does it list her titles as merely ‘Professional’? What is she trying to hide?

You can’t find anywhere on the web what she did immediately after earning that MFA in Music Composition. In particular, what did she do to be able to earn the position of Senior Director of Information Security, Audit and Compliance for Hewlett-Packard’s outsourcing practice from 2002 to 2007 which seems to be the springboard into the eventual position of CISO at Equifax? What was she Group Vice President for at Sun Trust Banks? Her background has been very carefully crafted and sanitized. Think about that. Most people want you to know what their background and experience are. ITtappears that she doesn’t want you to know.

This breach is going to cause irreparable financial harm to millions of people and the economy, caused by someone who may not have been qualified to be in her job.

Let’s hope this is a wake-up call to the government and financial industry to fundamentally change the system and develop something more secure with tighter security and restrictions on what information companies can retain and store.

In the meantime, Equifax needs to go the same path as Enron – into oblivion. If not merely for the fact that their lax security will result in most people in the US worrying about their credit and finances for a long time to come, but also for the fact that they allowed her to gently retire instead of rapidly firing her for cause.

Over the past several posts I’ve talked about the technical roles you might need to fill in your startup along with some of the factors you need to take into consideration, but I’ve only briefly touched on answering the key question of whether you need a CTO.

Let me start by looking at the two easy cases.

You probably don’t need to hire a CTO if you have a very simple app for which you are not planning on adding new features and functionality. In this case you can hire a firm, on a project basis, to develop and roll-out the app.

At the other extreme, you do need to hire a CTO if your application is complex, has cutting edge technology, is an MVP with substantial plans for improvements and enhancements, requires a sophisticated hardware architecture to support it, will require a product evangelist and/or you have substantial investment capital.

That leaves us with the large, and more complex, middle ground. I’ll break this up too since the skill sets you need at the inception of product design and development are most likely going to be different than the skills you will need later on.

I think that when you are creating a product you need someone with an immense amount of technical experience, particularly in creating products and architecting for the future, a visionary, a great project manager and someone who has the credibility to scope and make the tough calls on features and functionality in the initial release – all wrapped up into one. This really means you’re looking for someone who has led product development at a startup before. And, you’re certainly looking for someone who has more experience than a developer. Technical decisions made at this stage of a startup can have tremendous cost and timeline implications, even years into the future. You want to give your concept the best chance of success at the same time you want to conserve what are most likely limited investment funds. You also want someone who can identify and bring on the right people, when they are needed, to fill the technical roles that I previously discussed. Therefore, I think that you need someone with previous experience at a startup to fill the CTO role during product conceptualization, development and rollout.

However, after an initial product has been developed, there are certainly scenarios where you may only need a developer and/or someone to monitor and administer your application and not need the services of a CTO. For example, you launched a great product with a solid infrastructure. Your organization is now into the sales and marketing phase and acquiring customers. Depending on the complexity of your product, you may not need a CTO for a period of time. Minor functionality additions or bug fixes can be handled by a developer. This can save you money, especially if the sales cycle turns out to be longer than expected. At some point you may need the services of a CTO again to handle growth and new functionality, but you may be able to save on this expense for a period of time. Several other options in this scenario are part-time or fractional CTOs that I will discuss in future posts.

To conclude this series of posts, there are multiple considerations to take into account on whether you need a CTO, and multiple technical roles that need to be filled in a tech startup. In some instances it is clear that you will need a CTO to start, others where you don’t need a CTO and then a big gray area where you may or may not, but also may for a time and then not. If you do need a CTO, make sure you look for one with the experience and expertise to get your product to market efficiently and effectively, especially in what is likely to be a resource constrained environment.

In follow-up posts I’ll talk about part-time and fractional CTOs.

In a previous post, I started talking about the technical roles an organization would need to fill as a prelude to discussing whether the organization needed an actual CTO.

The roles I previously discussed were:

• Technical Business Analyst
• Software Architect
• Infrastructure Architect
• UX/UI Designer
• Developer

In this post, I’ll talk about:

• Technical Project Manager
• QA Engineer
• System Administrator/Database Administrator/Network Administrator
• Technical Product Evangelist

Let’s get started!

• Technical Project Manager

A software development project requires a balance between technical and project management skills. The TPM oversees and manages most aspects of the requirement analysis, specification development, coding/development, testing and implementation processes.

• QA Engineer


Quality Assurance – A software quality assurance engineer is someone who monitors every phase of the software development process so as to ensure design quality, making sure that the software adheres to the standards set by the development company. Software quality assurance engineers make sure that new products work before they are released to the public.

• System Administrator/Database Administrator/Network Administrator

From Wikipedia

A system administrator, or sysadmin, is a person who is responsible for the upkeep, configuration, and reliable operation of computer systems; especially multi-user computers, such as servers.
A database administrator (DBA) maintains a database system, and is responsible for the integrity of the data and the efficiency and performance of the system.
A network administrator maintains network infrastructure such as switches and routers, and diagnoses problems with these or with the behavior of network-attached computers.

These are the people who keep the servers, databases and network running smoothly. They initially implement the Hardware Architect’s design, but thereafter they are responsible for keeping things running.

• Technical Product Evangelist

From Wikipedia –

“An evangelist promotes the use of a particular product or technology through talks, articles, blogging, user demonstrations, recorded demonstrations, or the creation of sample projects.”

Essentially, this person promotes the product and the technology used by the product, both inside and outside of the organization.


Even if I’m talking about whether you need to hire a CTO, there are some CTO like roles or functions that someone needs to address in a startup. These would include the following:

o Estimate development time and costs. Developers and Project Managers have some of these skills, but for larger projects you may need someone with a fair amount of experience with this.

o Work with architects to include provisions for scalability and future functions. Knowing what the business objectives and growth plans are and planning for that growth in the initial design can prevent costly and time consuming efforts later on. Again, experience helps with this function.

o Determine features and functionality for MVP – 80% of the functionality for 20% of the time and cost. Once again, experience and seniority are needed to be able to identify what functionality is important, but you also need someone with the credibility to get the business people to agree to an initial reduced set of functionality.

In my next post I’ll cover whether you need to hire a CTO or just hire the a la carte skill sets to fulfill these roles.