Marc Brawner is a managing director and global head of managed services with Kroll’s Cyber Risk practice, based in the Nashville office. With over 20 years of experience in information technology, including 16 years focused on cyber security, Marc is an acknowledged expert in cyber risk management, incident response, and computer forensics investigations.
Marc rejoined Kroll in 2013 after spending seven years leading Marsh & McLennan Companies’ global incident response and risk assessment team, where he grew and refined its worldwide threat hunting, computer forensics, vulnerability management, and vendor risk management capabilities.
From 1999-2006, Marc honed his technical and leadership skills at Kroll. His technical work uncovered cases of corporate espionage and intellectual property theft, as well as major e-commerce and payment card breaches. During this time, Marc also performed malware analysis and penetration testing, architected and managed enterprise technology and cyber security solutions, and implemented policy and compliance programs for Kroll and its clients. Earlier in his career, Marc implemented and managed computer systems and networks for clients in healthcare, insurance, entertainment, and university settings.
At Kroll, Marc's expertise helps strengthen our managed security services, including our managed detection and response solution, Kroll Responder. See how Responder works:
Marc’s diverse background across multiple facets of information technology, coupled with years of experience as a consultant, practitioner, and manager, provide a unique blend of knowledge and understanding of the challenges both IT and cyber security teams face. He works closely with legal, HR, and compliance personnel at organizations worldwide to deliver significant value and savings through creative use of cyber security and forensic capabilities.
Marc has participated in hundreds of incident response, computer forensics, and risk assessment activities, implemented and managed enterprise technology solutions, led vendor and regulatory compliance programs, and managed global information technology and security teams.
- Incident Identification and Response
Marc has years of experience identifying and responding to cyber security intrusions across multiple industries, as well as assessing networks and systems for the presence of malicious threats and developing effective remediation strategies. Marc served as an expert witness for the U.S. government on the topic of incident response.
- Corporate Espionage and Insider Threats
Marc’s forensic work has uncovered major global corporate espionage activities and significant cases of theft of intellectual property by otherwise trusted insiders. Marc served as a lead forensic investigator at Enron during its bankruptcy.
- Vendor Risk Management
Marc has extensive experience addressing information security challenges as both a consumer and as a provider of vendor services.
- Audits and Assessments
Marc has led and participated in dozens of internal and external audit engagements and compliance initiatives in areas such as SOX, PCI, ISO27001, HIPAA, and FSA.
- Corporate IT and Information Security
Marc has served as both a consultant to and a practitioner within information technology and security organizations, providing diverse perspectives on challenges and solutions.
Education and Certifications
- B.S., Computer Science, Lipscomb University
- Certified Information Systems Security Professional (CISSP)
- Certified in Risk and Information Systems Control (CRISC)
- Qualified Security Assessor, PCI Security Standards Council (QSA)
Affiliations and Memberships
- International Information Systems Security Certification Consortium, Inc. (ISC2), Member
- Senior Member, Information Systems Security Association (ISSA)
- Member, Information Systems Audit and Control Association (ISACA)
Global, end-to-end cyber risk solutions.
Five Considerations on Service Providers' Privacy and Security
Case Study – Online Skimming Attack Facilitated by Work-From-Home Arrangements
Effective Cyber Crime Investigations Demand Thoughtful Disclosures
CVE-2020-10189: Zoho ManageEngine Vulnerability Still Dangerous Nearly a Year Later – The Monitor, Issue 15
Kroll—Including Duff & Phelps Business—Announces 31 Managing Director Promotions
Kroll Expands Cyber Risk Offering with Acquisition of Redscan
Duff & Phelps Announces Plans to Unify Company Under Kroll Brand
Kroll Cyber Risk Practice Announces New Hires to Fuel Global Expansion