He went in and did as much damage as he could, in a sort of drive your semi through the front door kind of way, failed to cover his tracks, got caught, confessed, and is doing 4 years hard time. Better that he walked away with his head held high and never looked back.
He should have followed best practices:
1. Be patient. Wait. Wait at least a year. In that time they will have let any number of people go, and you won't be the go-to suspect.
2. Plan ahead. Make sure there are a few well concealed back doors into their systems. A few ex-employees who didn't have their accounts deleted, maybe a vendor login. Write down the details, don't email them to yourself.
3. When you are officially fired, step away from your computer. Insist that someone disable all your accounts and access privileges. Have witnesses.
4. When it's time to strike, don't use your home computer and don't use your laptop at the closest starbucks. Bounce everything through TOR and a couple of VPNs. Don't short the stock first. Excessive paranoia is the key.
5. Lay your groundwork carefully. Make sure ALL the backups are corrupted first. Plan your logic bomb so it deletes all traces of itself. Your attack payload should ideally wipe every server and every workstation like you hit them with DBAN.
6. Trigger your logic bomb, log out, and never ever ever log back in again.