Marc Brawner



Global Head of Managed Services

Marc Brawner is the global head of managed services in Kroll’s Cyber Risk practice, based in Nashville. With over 20 years of experience in information technology, including 16 years focused on cyber security, Marc is an acknowledged expert in cyber risk management, incident response, and computer forensics investigations.

Kroll Responder

Marc rejoined Kroll in 2013 after spending seven years leading Marsh & McLennan Companies’ global incident response and risk assessment team, where he grew and refined its worldwide threat hunting, computer forensics, vulnerability management, and vendor risk management capabilities.

From 1999-2006, Marc honed his technical and leadership skills at Kroll. His technical work uncovered cases of corporate espionage and intellectual property theft, as well as major e-commerce and payment card breaches. During this time, Marc also performed malware analysis and penetration testing, architected and managed enterprise technology and cyber security solutions, and implemented policy and compliance programs for Kroll and its clients. Earlier in his career, Marc implemented and managed computer systems and networks for clients in healthcare, insurance, entertainment, and university settings.

Marc’s diverse background across multiple facets of information technology, coupled with years of experience as a consultant, practitioner, and manager, provide a unique blend of knowledge and understanding of the challenges both IT and cyber security teams face. He works closely with legal, HR, and compliance personnel at organizations worldwide to deliver significant value and savings through creative use of cyber security and forensic capabilities.

Marc has participated in hundreds of incident response, computer forensics, and risk assessment activities, implemented and managed enterprise technology solutions, led vendor and regulatory compliance programs, and managed global information technology and security teams.

Professional Experience
  • Incident Identification and Response
    Marc has years of experience identifying and responding to cyber security intrusions across multiple industries, as well as assessing networks and systems for the presence of malicious threats and developing effective remediation strategies. Marc served as an expert witness for the U.S. government on the topic of incident response.
  • Corporate Espionage and Insider Threats
    Marc’s forensic work has uncovered major global corporate espionage activities and significant cases of theft of intellectual property by otherwise trusted insiders. Marc served as a lead forensic investigator at Enron during its bankruptcy.
  • Vendor Risk Management
    Marc has extensive experience addressing information security challenges as both a consumer and as a provider of vendor services.
  • Audits and Assessments
    Marc has led and participated in dozens of internal and external audit engagements and compliance initiatives in areas such as SOX, PCI, ISO27001, HIPAA, and FSA.
  • Corporate IT and Information Security
    Marc has served as both a consultant to and a practitioner within information technology and security organizations, providing diverse perspectives on challenges and solutions.


Education and Certifications
  • B.S., Computer Science, Lipscomb University
  • Certified Information Systems Security Professional (CISSP)
  • Certified in Risk and Information Systems Control (CRISC)
  • Qualified Security Assessor, PCI Security Standards Council (QSA)


Affiliations and Memberships
  • International Information Systems Security Certification Consortium, Inc. (ISC2), Member
  • Senior Member, Information Systems Security Association (ISSA)
  • Member, Information Systems Audit and Control Association (ISACA)

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Managed Security Services

World-renowned cyber investigators and leading technology fuel Kroll’s managed security services, augmenting security operations centres and incident response capabilities.

Kroll Responder

Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.