Several thoughts here...
First, I tend to agree with where Earle is going, wondering if computing in general, and IT security in particular, have gotten so advanced that you really need formal training. Sure, there will always be the savants who don't need it, but I'd hate to build an ITS function on only those guys.
Kind of like the advances in automotive technology -- years ago, shade tree mechanics could work a day job, and race on weekends. No more...the engines are just so complex, complete with software and electronic interfaces that the shade tree guys could never imagine.
Regarding Equifax's CISO: I promise you, the person responsible for installing the patch isn't within three organizational layers of the C-suite. Equifax wasn't breached because the CISO lacked technical expertise. It was breached because she didn't develop and enforce a culture that treated ITS as the single most important aspect of the business.
The instant a gap was identified, and a solution coded and tested, it should have been installed...no matter how many people might have to work how many hours straight. She didn't have that sort of culture (which, as the CISO, is far more her job than technical expertise), somebody down the line got complacent, as a result they got dope-slapped, and a whole bunch of people got hurt. The CISO lost a seven-figure job, and will wear that scarlet letter the rest of her life.
Finally, freezing credit might not be for everybody, even if it's free.
A number of years ago, Mrs. Basket Case and I had an identity theft scare. Long story short, nothing bad actually happened, but we were badly shaken. So we put a hard freeze on our credit reports at all three agencies. In the 10+/- years since, we've applied for credit of any description only a very few times. So the cost and hassle of unfreezing, monitoring when the desired report was pulled, and slamming the freeze back at the first possible instant, was easily justified by the peace of mind.
But credit reports get pulled for reasons you might not think of as applying for credit: switching insurance carriers, switching phone carriers, and a number of other things most of us don't think of as related to credit cards or loans.
So even if it's free, if you're in the stage of life where you're out buying a lot of tangible and intangible stuff, it could be a real pain to take that level of responsibility for your credit information.
Even if you do that, the agencies still have to have the passwords by which you impose and lift freezes. So that information lives somewhere in the bowels of the credit agencies' information systems, and if it gets breached, you're still screwed.
There are just no guarantees, no matter how conscientious you are.