John deCraen is an associate managing director in the Cyber Risk practice of Kroll, based in the Dallas office. He has over two decades of experience working with Global Fortune 500 businesses and AmLaw 100 law firms, delivering high-profile enterprise-class solutions enhanced with strategic and technical cyber security program leadership and guidance. He specializes in digital forensics, incident response, information security risk and compliance assessment matters that demand investigative and analytical thinking. His technical skills include vulnerability/fidelity management such as data classification and leakage prevention, domain and identity management and network engineering/administration. Additionally, he has an expert-level understanding of various cyber security and privacy frameworks, including NIST CSF and the 800 series, ISO 27k series, GDPR, CCPA, PCI, NACHA, HIPAA, HiTrust, DFARS and NYDFS. 

Prior to joining Kroll, John was a senior director with Alvarez & Marsal’s Disputes & Investigations Global Cyber Risk Services practice in Dallas. He was the original member of the firm’s Forensic Technology Services practice and the founding member of the Global Cyber Risk Services practice, where he was heavily involved in developing the culture, systems design, standard procedures and talent management throughout its 16-year history. He was also the lead architect and implementor of the firm’s data centers, systems and processes responsible for managing all the end-to-end eDiscovery efforts for the world’s two largest bankruptcies, simultaneously. These systems ultimately processed more than five petabytes of data and hosted eDiscovery data for more than 700 high-profile legal cases. 

Previously, John has also led and substantially contributed to many digital forensics and cyber security investigations worldwide, which includes representing a state insurance commissioner and a U.S. regulatory body on a comprehensive and global examination of the world’s largest insurance company’s cyber security and privacy programs. Further, he also designed and built a real-time end-point vulnerability and risk scoring system for a leading national ONG pipeline management company. 

John’s other significant engagements include representing a U.S. State Secretary of State in an exhaustive cyber security controls examination of that state’s electoral systems. He has also provided post-breach advisory services to a large northeastern U.S. state during its efforts to investigate a recent public credit rating agency’s breach. Additionally, he has built an internal multi-platform system designed to cross-map a dozen cyber security and privacy frameworks, which could electronically deliver a hyper skillset-focused questionnaire to the client workforce to facilitate the first phase of any cyber or risk assessment effort. 

Moreover, John also has extensive experience in the strategy and architecture of complex computing environments that include infrastructure design, entitlement programs, policy development, standards implementation and risk management frameworks. He is particularly strong in the area of cyber risk assessment having assisted multiple clients in determining their alignment with NY-DFS, HIPAA/HiTrust, DFARS, GDPR, FFIEC, and a range of maturity and risk models. He also has expertise in one-on-one and panel-on-one interview and evidence collection.

John has worked with clients across diverse industries such as higher education, governmental organizations, energy, healthcare, manufacturing and telecommunications, with special focus on large multi-national banking institutions. Additionally, he has worked with many international law firms in several international locales that include Europe and the Middle East.

John served numerous times as an expert witness in the fields of computer forensics in both federal and state courts and was called upon many times to communicate with the court through written deposition, affidavit and declaration.

John's articles have been featured in various publications on topics relating to cyber security and cyberthreats, including a recent article published by the Chief Privacy Officer Magazine. In addition to this, John has also been invited to speak at various notable universities and conferences and is a member of the cyber security advisory board for the Southern Methodist University in Dallas.

John completed his emergency medicine studies from the University of Florida. Additionally, he holds the following certifications: Microsoft Certified Systems Engineer, EnCase Certified Examiner and Cellebrite Mobile Forensics Trainer. He has also completed his training in SANS SEC504 – Security In-Depth. Further, under the Department of Homeland Security, he is an authorized user of the Chemical Terrorism Vulnerability Information – (CVI-20171101- 1163888) and Idaho National Labs - ICS SCADA CERT Cybersecurity 301, 2016. He is also a member of NIST Cybersecurity Center of Excellence (NCCoE). 

deCraen /en-ca/our-team/john-decraen /-/media/kroll/images/headshots/managing-directors/john-decraen.jpg people {E39587AD-8F0B-4FE2-865F-969BC5501096} {058CEC4B-AB74-4982-A8CC-B399FCB93BB2} {3A077BFC-C74A-40AF-A14C-13BCF6E3873E} {BF3D2BBB-D6E2-4A45-A8F9-465548719C7D} {CE2347F0-D222-4014-BA97-6A415CC633DF} {2DEEE4D2-8278-4C50-B3FF-1563BB257804}

OTHER AREAS WE CAN HELP

Cyber Risk

Global, end-to-end cyber risk solutions.

Cyber Risk

Virtual CISO Advisory Services

Services to help teams safeguard information assets while supporting business operations.

Virtual CISO Advisory Services

24x7 Incident Response

Compliant notifications, reputation-saving remediation, and litigation support.

24x7 Incident Response

Cybersecurity Due Diligence MA

Cyber due diligence helps identify and assess the risks an acquisition would represent.

Cybersecurity Due Diligence MA

Data Recovery Forensic Analysis

Evidence handling with sound methodology, recovery tools and processes supported by case law.

Data Recovery Forensic Analysis

Insights

Cyber

Five Considerations on Service Providers' Privacy and Security

Cyber
Cyber

Case Study – Online Skimming Attack Facilitated by Work-From-Home Arrangements

Cyber
Cyber

Effective Cyber Crime Investigations Demand Thoughtful Disclosures

Cyber
Security Risk Management

Three Ways to Boost Business Resilience and Maintain Critical Infrastructure

Security Risk Management

News