Marc Brawner is a managing director and global head of managed services with Kroll’s Cyber Risk practice, based in the Nashville office. With over 20 years of experience in information technology, including 16 years focused on cyber security, Marc is an acknowledged expert in cyber risk management, incident response, and computer forensics investigations.
Marc rejoined Kroll in 2013 after spending seven years leading Marsh & McLennan Companies’ global incident response and risk assessment team, where he grew and refined its worldwide threat hunting, computer forensics, vulnerability management, and vendor risk management capabilities.
From 1999-2006, Marc honed his technical and leadership skills at Kroll. His technical work uncovered cases of corporate espionage and intellectual property theft, as well as major e-commerce and payment card breaches. During this time, Marc also performed malware analysis and penetration testing, architected and managed enterprise technology and cyber security solutions, and implemented policy and compliance programs for Kroll and its clients. Earlier in his career, Marc implemented and managed computer systems and networks for clients in healthcare, insurance, entertainment, and university settings.
At Kroll, Marc's expertise helps strengthen our managed security services, including our managed detection and response solution, Kroll Responder. See how Responder works:
Marc’s diverse background across multiple facets of information technology, coupled with years of experience as a consultant, practitioner, and manager, provide a unique blend of knowledge and understanding of the challenges both IT and cyber security teams face. He works closely with legal, HR, and compliance personnel at organizations worldwide to deliver significant value and savings through creative use of cyber security and forensic capabilities.
Marc has participated in hundreds of incident response, computer forensics, and risk assessment activities, implemented and managed enterprise technology solutions, led vendor and regulatory compliance programs, and managed global information technology and security teams.
- Incident Identification and Response
Marc has years of experience identifying and responding to cyber security intrusions across multiple industries, as well as assessing networks and systems for the presence of malicious threats and developing effective remediation strategies. Marc served as an expert witness for the U.S. government on the topic of incident response.
- Corporate Espionage and Insider Threats
Marc’s forensic work has uncovered major global corporate espionage activities and significant cases of theft of intellectual property by otherwise trusted insiders. Marc served as a lead forensic investigator at Enron during its bankruptcy.
- Vendor Risk Management
Marc has extensive experience addressing information security challenges as both a consumer and as a provider of vendor services.
- Audits and Assessments
Marc has led and participated in dozens of internal and external audit engagements and compliance initiatives in areas such as SOX, PCI, ISO27001, HIPAA, and FSA.
- Corporate IT and Information Security
Marc has served as both a consultant to and a practitioner within information technology and security organizations, providing diverse perspectives on challenges and solutions.
Education and Certifications
- B.S., Computer Science, Lipscomb University
- Certified Information Systems Security Professional (CISSP)
- Certified in Risk and Information Systems Control (CRISC)
- Qualified Security Assessor, PCI Security Standards Council (QSA)
Affiliations and Memberships
- International Information Systems Security Certification Consortium, Inc. (ISC2), Member
- Senior Member, Information Systems Security Association (ISSA)
- Member, Information Systems Audit and Control Association (ISACA)
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Insider Threat Indicators and Detection: When Employees Turn Ransomware Accomplices
The THIP Model: Embedding Emotional Intelligence in Third-Party Risk Management
Valuation Insights – Fourth Quarter 2021
Shannon Pratt’s "Valuing a Business" - Preserving a Legacy
Kroll Appoints David Lewis, Former Executive Secretary of the FATF, as a Managing Director to Lead its AML Advisory Practice
Who’s Who Legal Recognizes Six Kroll Professionals in the Fields of Financial Restructuring and Insolvency Worldwide
Kroll Expands Cloud Security and Red Team Capabilities with Acquisition of Security Compass Advisory
Prime Clerk, A Kroll Business, Welcomes Former Kirkland & Ellis Partner Brad Weiland to Its Team