Marc Brawner is a Principal with Kroll’s Cyber Risk practice, based in the Nashville office. With over 20 years of experience in information technology, including 16 years focused on cyber security, Marc is an acknowledged expert in cyber risk management, incident response, and computer forensics investigations.
Marc rejoined Kroll in 2013 after spending seven years leading Marsh & McLennan Companies’ global incident response and risk assessment team, where he grew and refined its worldwide threat hunting, computer forensics, vulnerability management, and vendor risk management capabilities.
From 1999-2006, Marc honed his technical and leadership skills at Kroll. His technical work uncovered cases of corporate espionage and intellectual property theft, as well as major e-commerce and payment card breaches. During this time, Marc also performed malware analysis and penetration testing, architected and managed enterprise technology and cyber security solutions, and implemented policy and compliance programs for Kroll and its clients. Earlier in his career, Marc implemented and managed computer systems and networks for clients in healthcare, insurance, entertainment, and university settings.
Marc’s diverse background across multiple facets of information technology, coupled with years of experience as a consultant, practitioner, and manager, provide a unique blend of knowledge and understanding of the challenges both IT and cyber security teams face. He works closely with legal, HR, and compliance personnel at organizations worldwide to deliver significant value and savings through creative use of cyber security and forensic capabilities.
Marc has participated in hundreds of incident response, computer forensics, and risk assessment activities, implemented and managed enterprise technology solutions, led vendor and regulatory compliance programs, and managed global information technology and security teams.
Incident Identification and Response
Marc has years of experience identifying and responding to cyber security intrusions across multiple industries, as well as assessing networks and systems for the presence of malicious threats and developing effective remediation strategies. Marc served as an expert witness for the U.S. government on the topic of incident response.
Corporate Espionage and Insider Threats
Marc’s forensic work has uncovered major global corporate espionage activities and significant cases of theft of intellectual property by otherwise trusted insiders. Marc served as a lead forensic investigator at Enron during its bankruptcy.
Vendor Risk Management
Marc has extensive experience addressing information security challenges as both a consumer and as a provider of vendor services.
Audits and Assessments
Marc has led and participated in dozens of internal and external audit engagements and compliance initiatives in areas such as SOX, PCI, ISO27001, HIPAA, and FSA.
Corporate IT and Information Security
Marc has served as both a consultant to and a practitioner within information technology and security organizations, providing diverse perspectives on challenges and solutions.
Education & Certifications
- B.S., Computer Science, Lipscomb University
- Certified Information Systems Security Professional (CISSP)
- Certified in Risk and Information Systems Control (CRISC)
- Qualified Security Assessor, PCI Security Standards Council (QSA)
Affiliations & Memberships
- International Information Systems Security Certification Consortium, Inc. (ISC2), Member
- Senior Member, Information Systems Security Association (ISSA)
- Member, Information Systems Audit and Control Association (ISACA)