Stephen Toulouse

Stephen Toulouse, also known as Stepto, is the Director of Xbox Live Policy and Enforcement at Microsoft. He frequently represents Microsoft and Xbox Live in various media, including on Larry Hryb's "Major Nelson Radio" Xbox-related podcast, to discuss security and policy issues.

Prior to joining the Xbox team at Microsoft, Toulouse was the head of communications for security response with the Microsoft Security Response Center.

Professional history
Toulouse has worked at Microsoft since April 1994.

Microsoft Security Response Center
Toulouse joined the Microsoft Security Response Center (MSRC) in November of 2002. His first exposure to communications during a security response crisis was during the spread of the SQL Slammer computer worm in January 2003, where he was asked by Security Business Unit Vice President Mike Nash to handle creating a way for affected users to determine whether or not they had a vulnerable instance of SQL Server installed.

Toulouse later handled public relations for outbreaks such as Blaster, Sasser, and Zotob. During the Windows Metafile vulnerability Toulouse, together with noted Windows expert Mark Russinovich, refuted claims by security pundit Steve Gibson that the WMF vulnerability was introduced in 1989 by a rogue Microsoft programmer as an intentional remote back door. Toulouse and Russinovich both pointed out the code in question was introduced long before user trust models were a part of the Windows operating system, and indeed long before Windows itself contained any networking capability.

When Toulouse left the MSRC, he was praised by several notable security journalists for his candor and honesty about Microsoft's security challenges.

Xbox Live
In August 2007, Toulouse joined the Xbox Live Services group as Lead Program Manager for Enforcement, describing his role at the time as "Helping to make sure the Live experience is a safe and enjoyable one for users." Over the next years he expanded his role to include policy and enforcement for the Xbox Live and Zune Social services, building out a team of worldwide "enforcers" to implement the rules of the Xbox Live service. Toulouse was promoted to Director for Policy and Enforcement for Xbox LIVE in September 2009.

As a frequent guest of the Xbox podcast "Major Nelson Radio," Toulouse is the public face for the rules governing behavior and often explains and clarifies policies.

Apple
Toulouse suggested in a personal blog entry in 2006 that Apple's products enjoyed good security due to their small market share and that the company would have to focus on hiring a "Security Czar" at some point. Toulouse was ridiculed at the time, winning many Apple pundits' scorn for his suggestion.

Sexuality identification on Xbox Live
In February 2009, while Toulouse was head of policy for Xbox Live, Microsoft attracted negative attention for the gaming service's policies towards members' expression of their sexual identity. While the service allows for self expression of sexual orientation in voice chat during games, the service bans all mention of orientation — including of heterosexuality — in gamertags or profiles. Widespread criticism of this practice led to Toulouse publicly vowing to change the policy to allow for expression of sexual orientation. Changes announced in March 2010 permit Xbox Live members to express sexual orientation in their gamertags and profiles. The Gay and Lesbian Alliance Against Defamation has praised Toulouse for his work with their group in combating homophobia in online gaming.

Performances
Toulouse was a special guest at W00tstock 2.0 in Seattle, WA and W00tstock 2.1 – Portland, OR. He read from "The Book of Enforcement" "