2021 Study of Professional Golfers’ Future Career Value Download the Report Chevron

Marc Brawner is a managing director and global head of managed services with Kroll’s Cyber Risk practice, based in the Nashville office. With over 20 years of experience in information technology, including 16 years focused on cyber security, Marc is an acknowledged expert in cyber risk management, incident response, and computer forensics investigations.

Marc rejoined Kroll in 2013 after spending seven years leading Marsh & McLennan Companies’ global incident response and risk assessment team, where he grew and refined its worldwide threat hunting, computer forensics, vulnerability management, and vendor risk management capabilities.

From 1999-2006, Marc honed his technical and leadership skills at Kroll. His technical work uncovered cases of corporate espionage and intellectual property theft, as well as major e-commerce and payment card breaches. During this time, Marc also performed malware analysis and penetration testing, architected and managed enterprise technology and cyber security solutions, and implemented policy and compliance programs for Kroll and its clients. Earlier in his career, Marc implemented and managed computer systems and networks for clients in healthcare, insurance, entertainment, and university settings.

At Kroll, Marc's expertise helps strengthen our managed security services, including our managed detection and response solution, Kroll Responder. See how Responder works:

Brawner /en/our-team/marc-brawner /-/media/kroll/images/headshots/senior-advisors/marc-brawner.jpg people {E39587AD-8F0B-4FE2-865F-969BC5501096} {2DEEE4D2-8278-4C50-B3FF-1563BB257804}

Marc’s diverse background across multiple facets of information technology, coupled with years of experience as a consultant, practitioner, and manager, provide a unique blend of knowledge and understanding of the challenges both IT and cyber security teams face. He works closely with legal, HR, and compliance personnel at organizations worldwide to deliver significant value and savings through creative use of cyber security and forensic capabilities.

Marc has participated in hundreds of incident response, computer forensics, and risk assessment activities, implemented and managed enterprise technology solutions, led vendor and regulatory compliance programs, and managed global information technology and security teams.

Professional Experience
  • Incident Identification and Response
    Marc has years of experience identifying and responding to cyber security intrusions across multiple industries, as well as assessing networks and systems for the presence of malicious threats and developing effective remediation strategies. Marc served as an expert witness for the U.S. government on the topic of incident response.
  • Corporate Espionage and Insider Threats
    Marc’s forensic work has uncovered major global corporate espionage activities and significant cases of theft of intellectual property by otherwise trusted insiders. Marc served as a lead forensic investigator at Enron during its bankruptcy.
  • Vendor Risk Management
    Marc has extensive experience addressing information security challenges as both a consumer and as a provider of vendor services.
  • Audits and Assessments
    Marc has led and participated in dozens of internal and external audit engagements and compliance initiatives in areas such as SOX, PCI, ISO27001, HIPAA, and FSA.
  • Corporate IT and Information Security
    Marc has served as both a consultant to and a practitioner within information technology and security organizations, providing diverse perspectives on challenges and solutions.


Education and Certifications
  • B.S., Computer Science, Lipscomb University
  • Certified Information Systems Security Professional (CISSP)
  • Certified in Risk and Information Systems Control (CRISC)
  • Qualified Security Assessor, PCI Security Standards Council (QSA)


Affiliations and Memberships
  • International Information Systems Security Certification Consortium, Inc. (ISC2), Member
  • Senior Member, Information Systems Security Association (ISSA)
  • Member, Information Systems Audit and Control Association (ISACA)

Other Areas We Can Help

Cyber Risk

Cyber Risk

Global, end-to-end cyber risk solutions.

Cyber Risk


Regulatory Compliance

Hong Kong SPAC Proposal and Singapore SPAC Launch Provide Something for Everyone to Global Markets

Regulatory Compliance

AMF and CSSF Regulatory Update – Third Quarter 2021


KAPE Quarterly Update – Q3 2021


Tracking Exchange Online Powershell Access Into Microsoft 365 Environments