What would be different if they had someone in that role?

The headline would be “despite having a Chief Security Officer, Solar Winds gets hacked.”

Equifax had a CSO (with no security background).

SolarWinds' VP of Security publicly posted a blog post entitled "Do Your Vendors Take Security Seriously?" in September, while according to reports, being completely compromised and distributing malware.

Hire executives who can actually do their job.

Hiring people who can perform a complex job at a high level is a very hard thing to do well, regardless of compensation. It feels like telling the hiring committee to just do their job, but better.

Hiring, in general, is hard.

From the website, I feel sick reading that given the circumstances...

“ We're Geekbuilt™.

Developed by network and systems engineers who know what it takes to manage today's dynamic IT environments, SolarWinds has a deep connection to the IT community.

The result? IT management products that are effective, accessible, and easy to use.”

> effective, accessible

because they all run as root

> , and easy to use

yeah

I thought it was funny that I can no longer access the solar winds website because my administrator has blocked it.

No CTO either