Devon Ackerman is a managing director and head of incident response for North America with Kroll's Cyber Risk practice, based in New York. Devon is an authority on digital forensics and has extensive experience in the investigation and remediation of cyber-related threats and incidents from his years with the Federal Bureau of Investigation as well as in the private sector. In his current role, Devon leads engagements for clients across a wide range of industries involving investigative digital forensics, intrusion response (unauthorized access), and malware analysis. He also serves as a Senior Forensic Science Team Lead, where he conducts and oversees digital evidence collection, triage, and preservation.
Devon’s extensive cyber investigative experience includes physical and cyber-based corporate espionage and sabotage investigations; ransomware and malware cyber intrusion events; unauthorized user access; PII and PHI compromise; malicious spear phishing and whaling campaigns; Office 365 and G Suite compromises and related log analytics; data destruction events;breach response; and other events involving misuse of networked endpoints and infrastructure.
Devon joined Kroll from the FBI, where he was a Supervisory Special Agent and Senior Digital Sciences Forensics Examiner in the Digital Evidence Field Operations Unit. In this role, he oversaw and coordinated all FBI Digital Forensics-related field operations across the United States, spanning a variety of matters such as domestic terrorism, mass shootings, critical incident response events, and large-scale electronic evidence collections. Devon has also provided expert witness testimony in federal and state courts.
During this time, Devon developed a number of forensic tools that are still widely used. He was also the course material revision architect and co-author for the FBI’s CART Tech Certification program and Digital Evidence Extraction Technician (DExT) training curriculums. He began his career with the FBI in 2008, where he co-founded the FBI’s first North Carolina Cyber Security and Intrusion Working Group (eShield).