Sure you have a lot of educated idiots with tech degrees when it comes to InfoSec, but you have a lot more when they don't have this background.
What we are beginning to see, is the lack of experience and practice in more disciplines than just InfoSec who are responsible for this breach.
For example, where was auditing, compliance, risk management and operations? These aren't InfoSec disciplines, these are straight up management disciplines designed to ensure everyone is doing whatever their job is effectively.
For this reason, it isn't just the tech bosses like the CIO who should step down. The top officers responsible for auditing, compliance, risk and operations should also step down.
The CEO should also step down, as his/her primary role is to protect the stock holders. Obviously this wasn't done, and he continues to fail in this regard.