Steve Zalewski LinkedIn Profile

Contact Steve Zalewski www.linkedin.com/in/szalewski CISO | Advisor | Investor | Speaker (LinkedIn) San Francisco Bay Area Top Skills Summary Enterprise Architecture Mr. Zalewski currently provides Retained CISO, security consulting Information Security and security advisory services. These include: Strategic Planning • International cybersecurity advisor and trainer. • Executive advisory board member for security startups, providing Certifications guidance on security market direction and product requirements. CISM - Certified Information Security • CISO advisory board member for venture capital firms Manager internationally. CISSP - Certified Information Systems Security Professional • Retained CISO for companies requiring temporary or part-time CRISC - Certified in Risk and CISO expertise. Information Systems Control Services also include guidance and solutions to address incident Patents response, security program design, security assessment, security • Methods and Apparatus for due-diligence, vendor/supplier due-diligence, security architecture creating a storage pool by dynamically mapping replication review, board reporting and other key security leadership schema to provisioned storage requirements. Operational experience in Healthcare, Utilities and volumes International Retail verticals. Multiprocessor Computer Architecture with Multiple Operation System Instances and Software Key Strengths: Controlled Resource Allocation •Organizational Management •Strategic Planning & Software Partitioned Multi-Processor Execution System with Flexible Resource Sharing Levels •Enterprise Security Architecture/Strategy •Executive and BOD • Method and Apparatus for Security Governance/Reporting Migrating Resources in a •Cybersecurity Incident Response •Security Risk & Multiprocessor Computer System Compliance Management Additionally, I co-hosts the CISOSeries Defense-in-Depth Podcasts and am a frequent speaker and panel moderator at industry events. Experience S3 Consulting, Inc. Cybersecurity Advisor October 2021 - Present (3 years 2 months) San Francisco Bay Area Page 1 of 5

Mr. Zalewski, through his company S3 Consulting, provides the following security advisory services: • Executive advisor for early-stage security companies • CISO advisor to venture capital firms internationally • Retained CISO for companies requiring a temporary or part-time CISO • International cybersecurity training and facilitation He is the former CISO at Levi Strauss & Co and has held senior security positions at Pacific Gas & Electric and Kaiser Permanente. Other positions Steve has held include senior engineering mgmt. roles in storage networks, data protection and enterprise operating systems. His credentials include multiple patents in data protection and multi-processor operating system design and CISSP, CISM and CRISC security certifications. Steve also co-hosts the CISOSeries Defense-in-Depth Podcasts and is a frequent speaker and panel moderator for webinars and industry events. Levi Strauss & Co. 5 years 10 months Chief Information Security Officer January 2021 - June 2021 (6 months) San Francisco Bay Area Responsible for leading the company’s global cybersecurity organization. Deputy Chief Information Security Officer (CISO) September 2017 - December 2020 (3 years 4 months) San Francisco Bay Area Accountable for defining and leading multiple programs in support of the company's cyber security objectives. Responsible for operational security leadership as well as providing leadership with business teams relative to security design and processes, as well security consulting expertise in support of strategic company initiatives. - Lead the company’s cybersecurity strategy, roadmaps and implementation in support of executing a risk based cybersecurity program to protect Levi Strauss’s information assets and brand reputation. - Lead the company’s Global Cybersecurity Threat Intelligence and Incident Response functions, including managing the international team of employees and contractors that monitors and responds to cyber events for the company. Page 2 of 5

- Provide strategy and guidance to the business leadership of our product lines in support of strategic business planning and corporate cybersecurity policy adherence. - Support business leaders and operations partners in infrastructure and application organizations in considering holistic and integrated approaches that provide for data integrity, information confidentiality and service availability of company and consumer data. - Demonstrated experience presenting information security to a wide range of audiences, including Executive Leadership and the Board. Chief Security Architect Accountable for defining and leading the company's security strategy as the company’s senior most technical security leader of our risk based security program. Responsible for security strategy, architecture and roadmaps to design in security controls at an architecture level to protect Levi Strauss’s information assets and brand reputation. Chief Security Architect September 2015 - August 2017 (2 years) Accountable for defining and leading the company's security strategy as the company’s senior most technical security leader of our risk based security program. Responsible for security strategy, architecture and roadmaps to design in security controls at an architecture level to protect Levi Strauss’s information assets and brand reputation. Pacific Gas & Electric Co. Managing Enterprise Security Architect June 2009 - August 2015 (6 years 3 months) San Francisco Bay Area Led the Enterprise Security Architecture practice at PG&E focusing on enterprise security technology strategies, roadmaps and consulting to address cybersecurity vulnerabilities and threats across the company (Business, Customer, Gas and Electrical Power grid infrastructures). This 4 member security architecture team developed the 3-5 year Strategic Roadmap and Security Practices used for planning and funding justification purposes to implement the NERC/CIP security framework and controls. Executed a 2 year program to define and implement the companies Identity and Access Management (IAM) Strategy, Architecture and Roadmap. Led a team of 18 solution architects, developers and project managers to deliver Page 3 of 5

the first release of PG&E’s Identity, Credentialing and Access Management Services. Under the Office of the CTO, was responsible for security, Information and Integration shared services portfolio to provide strategic guidance and roadmap direction. Specific portfolio services included: • Security •Content Management (Records/Documents) •Enterprise Integration (SOA/ESB, ETL, Batch) •Business Intelligence/Analytics/Reporting Kaiser Permanente Sr. Security Manager - Identity and Access Management Services 2004 - 2009 (5 years) San Francisco Bay Area Managed the Development team for Kaiser’s Identity and Access Management group. This 10 member team of architects, consultants and engineers, with a budget of $2 million, developed Kaiser’s Identity and Access Management Services. Managed a team of 12 architects, consultants and and production support personnel for the deployment of Kaiser’s Enterprise Service Bus (ESB) infrastructure,a $10 Million dollar strategic initiative. Fujitsu Sr. Data Security Architect 2002 - 2004 (2 years) San Francisco Bay Area Developed technical architecture for the company’s storage resource management (SRM) data protection and recovery product line. Filed 4 U.S. patent applications for methods developed in data protection processes. Tom Sawyer Software VP Engineering 2001 - 2001 (less than a year) San Francisco Bay Area Led the Engineering, Documentation and Marketing departments. Vixel Corporation Director of Software Engineering 1998 - 2000 (2 years) Page 4 of 5

Recruited to manage Vixel’s software development organization. Grew the software engineering organization from 4 to 50 engineers as Vixel transitioned from a startup company, through a successful IPO, and into a publicly traded company. Digital Equipment Corporation (DEC) Technical Director 1981 - 1998 (17 years) Defined and executed the technical strategy and roadmaps for the VMS Operating System Development group, Digital’s largest enterprise operating system • Granted 3 U.S. patents in the area of software controlled adaptive partitioned multi-processing. Education Worcester Polytechnic Institute BS, Computer Science Babson College - Franklin W. Olin Graduate School of Business Technical Management Education Program Certificate, Business Strategy and Organizational Leadership Page 5 of 5