Mark Nicholls



Global Head of Research & Development

Mark Nicholls is the global head of research & development of the Cyber Risk practice, based in London. Mark leverages more than 14 years of cybersecurity experience, helping organizations enhance their cyber resilience.

As part of his role, Mark leads engineering teams across the practice. He is also responsible for driving continuous improvements to the company’s strategy for threat detection, managed detection and response (MDR), and proactive security assessment capabilities. Over the 14 years, Mark has established himself as a leading UK information security professional. One of the most qualified information security consultants in the industry, Mark has extensive experience in managing and delivering cyber assessment services across both public and private sectors. His first-hand knowledge of how malicious hackers think and operate has played a vital role in helping organizations across many sectors to understand and improve their cybersecurity posture.

Mark joined the firm through the acquisition of Redscan in 2021. During his stint with Redscan, he was Chief Technology Officer, where he played a critical role in the development of the company’s offensive security and MDR services. He was also responsible for the evolution of Redscan’s platform for endpoint, network and cloud monitoring, a key element in the company’s award-winning MDR service. His role then developed to lead the integration of the MDR service and the Redscan technology platform within Kroll Responder.

He began his career as a security consultant, conducting risk assessments for organizations within government departments. A desire to specialize in cyber-offensive security led him to pursue a career in penetration testing, an area in which he has achieved many industry certifications. His work across the financial services sector is particularly noteworthy, and he has led numerous CBEST engagements across the industry. He was previously one of a select group of security professionals in the UK trusted to perform red teaming engagements in accordance with the standards outlined by the Bank of England and the Financial Conduct Authority.

Another key area of focus for Mark is the simulation of insider threats, widely viewed as one of the biggest risks to organizations. His background in digital forensics and malware analysis has also been important in helping organizations mitigate the risk of hard-to-detect threats such as those commonly used by advanced threat actors.

Mark’s speaking engagements include CRESTCon 2012 and InfoSecurity Europe 2022. He has been regularly featured in the media, including in The Daily Telegraph, The Financial Times, the Evening Standard, Forbes, Computer Weekly, InfoSecurity Magazine, The Stack, The Register and Wired.

In 2019, Mark was awarded the prestigious CREST Fellowship Award in recognition of his significant contribution to the industry.

Mark received an M.Sc. in Information Security from Royal Holloway, University of London. He also holds a B.Sc. in Information Systems and Information Technology from the Dublin Institute of Technology. He is a CREST Certified Simulated Attack Specialist (CCSAS), a CREST Certified Infrastructure Tester (CCT Inf), a CREST-Certified Simulated Attack Manager (CCSAM) and a CREST Application Tester (CCT App).

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.