John deCraen



Associate Managing Director

John deCraen is an associate managing director in the Cyber Risk practice of Kroll, based in the Dallas office. He has over two decades of experience working with Global Fortune 500 businesses and AmLaw 100 law firms, delivering high-profile enterprise-class solutions enhanced with strategic and technical cyber security program leadership and guidance. He specializes in digital forensics, incident response, information security risk and compliance assessment matters that demand investigative and analytical thinking.

John's technical skills include vulnerability/fidelity management such as data classification and leakage prevention, domain and identity management and network engineering/administration. Additionally, he has an expert-level understanding of various cyber security and privacy frameworks, including NIST CSF and the 800 series, ISO 27k series, GDPR, CCPA, PCI, NACHA, HIPAA, HiTrust, DFARS and NYDFS. 

Prior to joining Kroll, John was a senior director with Alvarez & Marsal’s Disputes & Investigations Global Cyber Risk Services practice in Dallas. He was the original member of the firm’s Forensic Technology Services practice and the founding member of the Global Cyber Risk Services practice, where he was heavily involved in developing the culture, systems design, standard procedures and talent management throughout its 16-year history. He was also the lead architect and implementor of the firm’s data centers, systems and processes responsible for managing all all the litigation support efforts for the world’s two largest bankruptcies, simultaneously. These systems ultimately processed more than five petabytes of data and hosted data for more than 700 high-profile legal cases. 

Previously, John has also led and substantially contributed to many digital forensics and cyber security investigations worldwide, which includes representing a state insurance commissioner and a U.S. regulatory body on a comprehensive and global examination of the world’s largest insurance company’s cyber security and privacy programs. Further, he also designed and built a real-time end-point vulnerability and risk scoring system for a leading national ONG pipeline management company. 

John’s other significant engagements include representing a U.S. State Secretary of State in an exhaustive cyber security controls examination of that state’s electoral systems. He has also provided post-breach advisory services to a large northeastern U.S. state during its efforts to investigate a recent public credit rating agency’s breach. Additionally, he has built an internal multi-platform system designed to cross-map a dozen cyber security and privacy frameworks, which could electronically deliver a hyper skillset-focused questionnaire to the client workforce to facilitate the first phase of any cyber or risk assessment effort. 

Moreover, John also has extensive experience in the strategy and architecture of complex computing environments that include infrastructure design, entitlement programs, policy development, standards implementation and risk management frameworks. He is particularly strong in the area of cyber risk assessment having assisted multiple clients in determining their alignment with NY-DFS, HIPAA/HiTrust, DFARS, GDPR, FFIEC, and a range of maturity and risk models. He also has expertise in one-on-one and panel-on-one interview and evidence collection.

John has worked with clients across diverse industries such as higher education, governmental organizations, energy, healthcare, manufacturing and telecommunications, with special focus on large multi-national banking institutions. Additionally, he has worked with many international law firms in several international locales that include Europe and the Middle East.

John served numerous times as an expert witness in the fields of computer forensics in both federal and state courts and was called upon many times to communicate with the court through written deposition, affidavit and declaration.

John's articles have been featured in various publications on topics relating to cyber security and cyberthreats, including a recent article published by the Chief Privacy Officer Magazine. In addition to this, John has also been invited to speak at various notable universities and conferences and is a member of the cyber security advisory board for the Southern Methodist University in Dallas.

John completed his emergency medicine studies from the University of Florida. Additionally, he holds the following certifications: Microsoft Certified Systems Engineer, EnCase Certified Examiner and Cellebrite Mobile Forensics Trainer. He has also completed his training in SANS SEC504 – Security In-Depth. Further, under the Department of Homeland Security, he is an authorized user of the Chemical Terrorism Vulnerability Information – (CVI-20171101- 1163888) and Idaho National Labs - ICS SCADA CERT Cybersecurity 301, 2016. He is also a member of NIST Cybersecurity Center of Excellence (NCCoE). 

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Virtual CISO (vCISO) Advisory Services

Kroll’s Virtual CISO (vCISO) services help executives, security and technology teams safeguard information assets while supporting business operations with augmented cyber expertise to reduce business risk, signal commitment to data security and enhance overall security posture.

24x7 Incident Response

Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.

Cybersecurity Due Diligence for M&A

Pre and Post-transaction assessment can uncover costly risks.

Data Recovery and Forensic Analysis

Kroll's expertise establishes whether data was compromised and to what extent. We uncover actionable information, leaving you better prepared to manage a future incident.