Ripples from the latest management shake-up at Microsoft are being felt throughout the all-important STU (Security Technology Unit).
Mike Nash, the corporate VP who guided Microsoft through some of its biggest security crises and led an aggressive effort to reshape the companys embarrassing image, is leaving his STU office and handing the keys to Windows Server veteran Ben Fathi.
Nashs exit ends a topsy-turvy tenure that coincided with the Blaster, Slammer and Sasser network worm attacks; the release of the security-centric Windows XP SP 2 (Service Pack 2) operating system makeover; the repairing of Microsofts relationship with hackers; and the latest Vista delay that is partly due to lingering security testing concerns.
The 43-year-old Nash, who joined Microsoft in 1991 and was the first product manager on the original Windows NT marketing team, is leaving for a preplanned sabbatical and will be reassigned to a new post, according to a staff memo distributed on March 23.
When Nash assumed the role as security head honcho, Microsoft was the laughing stock of hacking community. The company bluntly refused to acknowledge software flaw warnings and released patches on an ad-hoc schedule, infuriating IT managers who struggled with the testing and deployment of updates.
All that would change in 2003 after three separate Windows worm attacks—Slammer, Sobig and Blaster—crippled networks around the world, forcing Microsoft to do an overhaul of its security response process.
Nash, a hands-on executive who camped out in the MSRC (Microsoft Security Response Center) war room and barked instructions during worm outbreaks, also managed the mandatory implementation of the SDL (Security Development Lifecycle).
He was also in charge of the delivery of Windows XP SP2 to more than 260 million machines and the creation of a security response process that is the envy of all software vendors.
Along the way, there were hiccups—and product shipment delays—that rested on Nashs shoulders. Zero-day flaw warnings and the constant release of fixes for critical vulnerabilities continue to haunt Windows users and, as Nash himself admitted in a Slashdot Q&A, the company was slow to react to the spyware epidemic.