[ISN] Microsoft taps former DOJ cybercop for top security slot

From: InfoSec News (isnat_private)
Date: Sun Feb 03 2002 - 22:29:30 PST

  • Next message: InfoSec News: "[ISN] Councils of War"

    By Dan Verton and Deborah Radcliff
    Jan. 31, 2002
    Computerworld has learned that Microsoft Corp. plans to name Scott
    Charney, the former chief of computer crime at the U.S. Department of
    Justice (DOJ) and a partner at New York-based PricewaterhouseCoopers,
    as its new chief security strategist. He replaces Howard Schmidt, who
    left the company on Jan. 28 to join the Bush administration (see
    Charney confirmed his appointment in a telephone interview this
    morning. He assumes his new position on April 1.
    The change in title from chief security officer to chief security
    strategist does not indicate a major shift in responsibilities, said
    Charney. Rather, it's "actually a more accurate description of the
    role Howard had been filling," he said. "I will be working to secure
    products and services and developing domestic and international
    polices that support a more secure infrastructure."
    Microsoft officials declined to comment on the appointment this
    Sources close to the interview process said that while they wouldn't
    necessarily place Charney on the short list of top IT security experts
    in the country, he landed the job because of his long career at the
    DOJ, where he earned a reputation as a skilled and staunch
    antihacking, cybercrime hardliner.
    "I realized that [one Microsoft executive] in particular was looking
    for someone with significant [government] ties and current contacts,"
    said a source close to the selection process. Microsoft "saw Howard
    [Schmidt] as unique and wanted to define the position around their
    real needs and the strengths of the new [executive]."
    Schmidt left Microsoft to become vice chairman of the President's
    Critical Infrastructure Protection Board and is admired by many
    throughout industry and government for having a rare combination of
    technical and interpersonal skills, especially on Capitol Hill.
    However, the job search for a new security strategist hasn't gone as
    smoothly as the company would have liked, said a senior Microsoft
    executive, speaking on condition of anonymity.
    "It's hard to find somebody who knows the technology and has a little
    bit of business sense and can talk to people on Capitol Hill," said
    the executive. Senior officials at Microsoft viewed many of the
    candidates that applied for Schmidt's position as being good at one
    aspect of the job but not others, the executive said.
    Eric Friedberg, a former computer crimes coordinator at the DOJ who
    reported to Charney indirectly, called him one of the "shining lights"
    in information security. "He's got national credibility," said
    Friedberg, who credited Charney with developing the DOJ's computer
    crime and intellectual property division. "He is responsible for
    building the federal prosecutorial infrastructure for computer crimes
    Alan Paller, research director at the SANS Institute in Bethesda, Md.,
    said Charney is the best candidate to carry on Schmidt's Trusted
    Computing initiative -- not because of his technical background but
    because of his experience at the DOJ.
    "Remember the job [Charney] has to do. He has to get marketing-driven
    development people to delay, assess and correct their tools so they do
    not cause harm to the outside world," Paller said. "[Charney] is
    probably the best guy in the country to pull that off, because he
    comes from the purest understanding of the damage that the bad guys
    do. What a brilliant choice, because you have to prove to some very
    strong-willed people that it's worth doing this right. And who better
    than someone who's been in the heat of the battles of computer crime?"
    An executive said that Microsoft founder Bill Gates and CEO Steve
    Ballmer had considered restructuring the company's security
    organization in the aftermath of Schmidt's departure. One option on
    the table included hiring two executives to fill the slot, with one
    individual focusing strictly on product architecture and the other
    taking responsibility for business strategy as well as physical and
    executive security.
    According to the executive, Schmidt approached Gates and Ballmer last
    year with a proposal to change the role of chief security officer from
    one involving oversight of both product and physical security,
    including executive protection, to strictly product development.
    Although Ballmer initially balked at the idea, Gates eventually agreed
    to the proposal and Schmidt shed his physical security
    responsibilities, the executive said.
    A source with ties to the interview process who asked that his name
    not be disclosed confirmed that "the issue of placement and emphasis"
    was a primary topic of discussion within Microsoft. However, there
    were no indications, the source said, that Gates and Ballmer were in
    Charney, who holds degrees in English and history, also considers
    himself "more technical than your average lawyer for sure." However,
    Charney, the son of a systems administrator who started programming in
    Cobol when he was eight, acknowledges that he is "not a
    Microsoft-level technologist."
    On the technical side, Charney will be supported by a small but elite
    team, Paller said. This team includes Eric Schultz, co-author of
    Hacking Exposed, David LeBlanc, a Windows security expert formerly
    with Internet Security Systems Inc., and Jasper Johansen, a former
    SANS faculty member.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Mon Feb 04 2002 - 02:37:25 PST