INFORMATION SECURITY LEADER -------------------------------------------------- Trusted security professional with 17 years of experience advancing the state of security in the industry and in organizations large and small. A rare combination of deep subject matter expertise and outstanding collaboration and leadership skills have allowed me to achieve notable accomplishments and increasing responsibility throughout my career. Demonstrated success: • Developing and shipping security products • Architecting security solutions • Defining security programs • Leading security teams HIGHLIGHTED CAREER ACHIEVEMENTS ----------------------------------------------------------- • DEVELOPMENT OF MICROSOFT WINDOWS SECURITY COMPONENTS – Program Manager for: Security Configuration Wizard, Security Configuration Engine and the Security Settings Extension to Group Policy • ARCHITECT OF KEY MICROSOFT WINDOWS SECURITY CONCEPTS – Defined and implemented the concept of the standard/limited user in Microsoft Windows as well as the concept of Secure Server Roles - two critical architectural concepts that still impact today how Windows is shipped, installed, and secured. • PRIMARY INVENTOR ON 3 US PATENTS - for methods related to securing Windows server operating systems, infrastructure services and applications. • FOUNDING MEMBER OF THE UNIVERSITY OF MICHIGAN INFORMATION ASSURANCE OFFICE - Key contributor in the establishment and expansion of the university’s information assurance office and the success of the university’s information security program. • CREATOR OF THE UNIVERSITY OF MICHIGAN'S RISK ASSESSMENT METHODOLOGY - Developed the tools and methodology that the University of Michigan uses to manage information security risks associated with its most sensitive and critical assets. • RESPECTED MANAGER AND LEADER – Consistently high supervisor ratings; Selected as a member of the 5th cohort to attend the university’s leadership development program for IT staff.

ASERT Threat Intelligence and Response Manager @ From September 2013 to Present (2 years 4 months) Information Systems Security Manager @ • Provide strategic planning, direction, and guidance related to organizational, operational, and architectural aspects of information security as a member of the CISO’s lead team and the designated security representative to the university’s Enterprise Architecture team. • Manage a team of 11 information security specialists performing advanced security operations university-wide. Services include: Risk Management, Vulnerability Management, Network Monitoring and Protection, Incident Response, Education and Awareness, Penetration Testing, and Consulting. • Service Owner and Service Manager for the above mentioned services. Responsible for: lifecycle plan, continuous improvement, alignment with industry trends and leading practices, input on investment decisions, authorization of enhancements, ensuring that service level expectations are exceeded or met. • Provide strategic planning and direction for the office of Information and Infrastructure Assurance (IIA) as a member of the IIA lead team. • Provide strategic planning, direction, and guidance related to security architecture as the information assurance representative on the university’s Enterprise Architecture team. • Collaborate on security issues with other institutions as the University of Michigan’s delegate to the Big Ten’s Security Working Group. From January 2008 to September 2013 (5 years 9 months) Senior University Security Analyst @ • As one of IIA’s original hires, instrumental contributor to the establishment and maturation of the university’s information security program and the successful evolution and expansion of the information assurance office itself. During my eight year tenure, the office has grown from a staff of 3 to a staff of 21 accommodating ever increasing scope and responsibility. • Developed the university’s risk assessment methodology creating an approach, framework, and tools based on ISO and NIST concepts yet tailored to the university environment and focused on the proactive engagement of business leaders in information security risk decisions. • Technical authority for PCI compliance. Worked extensively with the Treasurer’s office to develop a strategy for achieving and maintaining PCI-DSS compliance for nearly 400 university merchants. Interpreted the standard, established technical positions, developed training material, assisted merchants with deployment decisions, liaised with acquiring bank to resolve ambiguous aspects of the standard. • As a non-voting member of the university’s Institutional Review Board (IRB), assisted this governance body and faculty researchers with achieving appropriate levels of security in order to protect the interests of human subjects and a research complex worth 100’s of millions of dollars in funding. • Authored numerous technical papers, “how to” guides, and a comprehensive Windows security training course that was used to train the University’s distributed security work force. • Received 4 Director’s Awards and 1 Spirit of Excellence award From October 2004 to January 2008 (3 years 4 months) Program Manager and Senior Program Manager, Windows Core Security @ • Project lead and principal architect for the Microsoft Windows Security Configuration Wizard (SCW). SCW provides system administrators with guided attack surface reduction for Windows Servers systems and was released with Windows Server 2003 in Service Pack 1. • Managed all aspects of the SCW project including eight full-time and 13 part-time employees, project schedule, resource allocation, design reviews, delivery vehicle, risk assessment and mitigation, status tracking and reporting, and cross-group coordination needed for localization, customer and press communications, evangelism, development of the SCW knowledge base and cross company testing thereof. • Listed as primary inventor and awarded 3 US Patents for innovative work associated with SCW. • Introduced the concept of the secure limited user account and authored the original paper on the philosophy behind the Windows default access control settings: http://technet.microsoft.com/en-us/library/bb742509.aspx that supported this concept. • Responsible for the default out-of-box security settings for the Windows 2000, Windows XP, and Windows Server 2003 Operating Systems. Defined and drove the adoption of numerous improvements in the default security posture of the Windows operating system – a massive undertaking given the sheer size of the installed base and the implications on application compatibility. • Program Manager for the Security Configuration Engine (SCE) and Security Settings Extension to Group Policy. Tools used by system administrators and commercial entities alike to manage the security of Windows environments. From December 1998 to October 2004 (5 years 11 months) Senior Consultant II @ • Designed the Windows-based client-server computing infrastructure for Sears’ new high-end store: The Great Indoors. • Designed the Windows-based client-server computing infrastructure for the 28,000 node Personal Lines division of CNA Insurance Corporation. From September 1995 to December 1998 (3 years 4 months)

MASTER OF SCIENCE, COMPUTER SCIENCE @ Michigan State University From 1991 to 1993 Bachelor of Science in Engineering, Computer Engineering @ University of Michigan From 1982 to 1987 Kirk Soluk is skilled in: Information Assurance, Information Security, Information Security Management, Strategic Planning, Strategic Thinking, Enterprise Architecture, Architectural Design, Technical Leadership, Program Management, Risk Management, Security, Computer Security, Windows Security, Operating Systems, Project Management