ANNOUNCING

DEMO THE CYBEREASON DEFENSE PLATFORM

Future-Ready Cybersecurity Protection

See how Cybereason allows defenders to detect earlier and remediate faster with one lightweight agent and an array of deployment options.
devon-ackerman
View All

Devon Ackerman

Global Head, Digital Forensics and Incident Response

Key Takeaways

  • Devon Ackerman is the Global Head, Digital Forensics and Incident Response at Cybereason 
  • Leverages over 15 years of experience in the cybersecurity industry
  • Has built, managed, and led large global incident response teams
  • Has worked hundreds of digital forensics and incident response engagements, including some of the most complex in the world

Biography

Devon Ackerman is the Global Head of Digital Forensics and Incident Response (DFIR) at Cybereason, based in Raleigh, NC. Devon leverages over 15 years of experience in cybersecurity, focused on digital forensics and incident response. Throughout his career, Devon has built and managed large scale global incident response teams who have handled over 3,000 engagements, annually. 


In his role at Cybereason, Devon is responsible for the development and assembly of high-performing DFIR hybrid consulting teams designed to address complex cyber threats and adapt to rapidly evolving attack vectors both proactively and reactively. He contributes thought leadership based on first-hand knowledge and experience across the cybersecurity landscape through professional writing, public speaking, and contributions to industry publications, with a focus on emerging technologies and observed threats, trends, and tactics. He is also responsible for insights on nation-state actors, organized crime syndicates, and initial access brokers, advising clients on proactive defense strategies and reactive, investigative best practices. Participation with cybersecurity panels, working groups, and at conferences have further highlighted the intersection between modern cybercrime, geopolitical influences, and cutting-edge detection and response technologies. In addition, he is a cyber engagement manager and senior team lead experienced in providing technical liaison facilitation between Law Firms, Corporate Clients, Cyber Insurance Carriers, and others.

Prior to joining Cybereason, Devon led the global DFIR team at Kroll, a financial and risk advisory firm. In this role, Devon and his team investigated various types of cyber incidents, including some of the most complex incidents in the world. These incident types included ransomware, corporate-based espionage, nation state threats, network and cloud intrusion events, and business email compromise. In addition to providing rapid response, Devon’s team also provided preparedness services including threat hunting, executive tabletop exercises, incident response planning, and compromise assessments. He supported clients of all sizes, from small/medium size business to enterprise accounts, liaising closely with law firms, cyber insurance carriers, and brokers. 

Before this, Devon served as a Special Agent in the FBI from 2008 - 2016. During his time in the FBI, Devon held numerous positions including certified senior digital sciences forensics examiner and was promoted to supervisory special agent. In his role as Senior Digital Sciences Examiner on the Computer Analysis Response team (CART), Devon was responsible for examination of digital evidence under a documented quality assurance program that included annual proficiency testing, technical/peer and administrative reviews, and adherence to standard operating procedures. He was also certified and trained to conduct forensic examinations on digital evidence, conduct timeline construction and artifact analysis, author digital evidence opinions, perform search and seizure operations and provide instruction to new field examiners. As Special Agent of National Security Counterintelligence and Cyber Intrusion in the FBI, Devon was responsible for leading cyber-focused and foreign counterintelligence investigations. Cyber investigative responsibilities ranged from national security and criminal-related network intrusions, website defacements (hacktivism), Critical National Asset (CNA) protection, economic espionage, intellectual property rights violations, internet fraud, and violent crimes (i.e., bank robbery, kidnapping, civil rights violations, and violent crimes against children). He is also co-founder of the FBI’s North Carolina Cyber Security and Instruction Working Group (e-SHIELD). In this role, Devon held top secret clearance with SCI and SAP access. 

Devon received his Bachelors of Science from Champlain College in Computer and Information Systems, as well as his Masters of Science from Champlain College in Digital Forensic Science. He graduated both with Honors. Since finishing his degree, Devon has participated in several thousand hours of post-graduate continuing education studies and professional training in the fields of Digital Forensic Sciences, Digital Evidence, Incident Response, and Cyber Security. Prior involved in the implementation and organization of the FBI’s Field Instructor Program (FiP), the creation and management of the FBI’s CART digital forensics classroom grading system, as principal course material revision architect and co-author for the Technical Refresh of the FBI’s Digital Evidence Extraction Technician (DExT) two-week course, and as Master of Science in Cybercrime Advisory board member for the University of South Florida.

 

FORENSIC EXAMINATION, DEPOSITION, & EXPERT TESTIMONY EXPERIENCE

Devon’s breadth of experience in Digital Forensics and Incident Response work includes forensic examination and analysis of thousands of pieces of digital and multimedia evidence in support of or as primary forensic examiner in private sector civil matters, Federal national security and criminal matters, and state criminal matters. In addition, experience includes participation in the execution of hundreds of Federal and state search warrants, search and seizure operations, child abduction crimes, violent crimes against children (VCAC) investigations, national security cyber intrusion investigations, as well as field (triage) incident response and laboratory-based forensic examinations. Examinations have supported & resulted in forensic and expert digital evidence testimony in both Federal & state courts. Some of those experiences include: 

  • East Orange Board Of Education, Et Al. V. Great American Insurance Company, 2022
  • Cabi Et Al. V. BCH Et Al., 2017
  • United States Of America V. Shamieka Goodall, 2017
  • United States Of America V. Kelvin Melton, 2016
  • United States Of America V. David Christopher Mayhew, 2015
  • United States Of America V. Nikhil Nilesh Shah, 2015

 

PROFESSIONAL ASSOCIATIONS

  • Cybereason Executive Advisory Board, EMEA & US, 2025
    2025 NetDiligence SanDiego Co-Chair, 2024
  • Master of Science in Cybercrime Advisory Board, University of South Florida, 2021
  • The International Association of Computer Investigative Specialists (IACIS) including the Research and Development Subcommittee (R&D) and Online Training Committee, Development Team, 2015-2023
  • 2016 Scientific Working Group on Digital Evidence (SWGDE), 2013
  • FBI North Carolina Cyber Security and Intrusion Working Group (e-SHIELD), 2012 - 2023
  • FBI AccessData and Live Capture Subject Matter Expert (SME) Groups, 2012 - 2016
  • Anti-Phishing Working Group (APWG), 2008 - 2012
    The International Society of Forensic Computer Examiners (ISFCE), 2007 - 2023

 

CERTIFICATIONS/AWARDS/HONORS/RECOGNITION

Digital Forensic Investigator of the Year; Annual Forensic 4:Cast Awards; Certificate of Recognition from Operation Technology Division (OTD), FBI; Department of Defense (DoD) Intelligence Award; SANS Lethal Forensicator Award; National Counterintelligence Award for Insider Threat Team; Certified Forensic Analyst (GCFA); Certified Forensic Examiner (GCFE); Advanced LAB & Forensic Networks Certification; A+ Certification; Security+ Certification; Network+ Certification; Senior Digital Forensics Examiner Certification; Citation for Special Achievement, FBI; Presentation Skills Certified, FBI; Cellphone and GPS Certification; Timeline Reporting & Time-of-Incident Opinions Certification; Digital Cameras & Mobile Device Certification; Wintel & Live Capture Certification; Imaging Competency Certification; IACIS Certified Forensic Computer Examiner (CFCE); Computer & Digital Forensics Certification (CDFC); ISFCE: Certified Computer Examiner (CCE); Computer Forensic Examiner Certification (CFEC); SANS Computer Forensic Investigations-Windows In-Depth Certification, 2023 and 2024 Incident Response Award Winner (RSA). 

 

AUTHORED & PUBLISHED WORK / TRADEMARKS

Devon is the author of a number of different pieces of thought leadership, including: 

  • Diving In - An Incident Responder’s Journey: A Guide for Executives, Lawyers, Insurance, Brokers
  • Kroll Intrusion Lifecycle™ creation and trademark acceptance
  • MFA Prompt Bombing No More: Countering MFA Bypass Tactics 
  • 10 Essential Cyber Security Controls for Increased Resilience (and Better Cyber Insurance Coverage) 
  • Tracking Exchange Online PowerShell Access into Microsoft 365 Environments 
  • Three Tactics to Bypass Multifactor Authentication in Microsoft 365 
  • Forensic Quick Wins with EventTranscript.DB: Win32kTraceLogging 
  • Phishing in New Waters: Exploiting Live Chat to Deliver Malware 
  • Ephemeral Lockpicker 
  • Evolving World of Cybercrime - Banking Trojans and Ransomware Deployment 
  • Enhanced Elasticsearch Security - 10 Hardening Recommendations to Help Avoid Exploits 
  • Malware Analysis: Emotet Resurgence and Evolution 
  • Malware Analysis: Vidar Version 4.5 
  • Forensically Sound Incident Response in Microsoft’s Office 365 
  • CIA’s Vault7 leak opens a Pandora’s box of doubt (The Hill)
  • Navigating the World of Smartphones & Digital Forensics 
  • RawPOS Malware: An Intruder’s Toolkit (PenTest Magazine)
  • The Ransomware Overview and Research Project
  • Digital Forensics/Incident Response - The Definitive Compendium Project (AboutDFIR.com)
  • Field Instructor Program (FiP) Faculty Development & Program Guide - Developing the FBI’s 21st Century Digital Sciences Instructors (FBI)
  • Digital Evidence - A Critical Response Workflow (FBI)
  • Special Agents in CART - Investigative Forensic Examiners (FBI)
  • Computer Analysis Response Team - Professional Development Career Ladder (FBI)
  • Course material revision architect and co-author of approximately 80 hours of instructional material for the FBI’s CART Tech Certification program and Digital Evidence Extraction Technician (DExT) training curriculums

 

INSTRUCTIONAL EXPERIENCE / TECHNICAL PRESENTATIONS / INTERVIEWS

In addition, he has significant experience doing instructional/technical presentations and interviews including: 
  • Kensington/Vanguard, “Threats Trends and Tactics”; Chubb Classic, “A Generation of AI”; CFA Society NY, “Security the Financial Frontier, Cyber Security Trends and Strategies for 2025 and Beyond”; Executive Advisory Board EMEA and US; Vanliner Advisory Board Meeting, “Understanding the Cyber Risk Exposure”; The Tech Exec Wellness Podcast; University of South Carolina, “Cyber Risk and Resilience”
  • Wall Street Journal Pro Cybersecurity, “Change Healthcare Grinds Through Massive Breach Probe”; Wall Street Journal Pro Cybersecurity, “UnitedHealth Begins Testing Restored Change Healthcare Claims Platform”; Data Connectors Raleigh Cybersecurity Conference, Keynote “An Incident Responder’s Journey - Threats & Trends”; Wall Street Journal Pro Cybersecurity, “UnitedHealth Begins Testing Restored Change Healthcare Claims Platform”; Polsinelli PC, “Anatomy of a Cyber Attack”; North Carolina Bar Association, “Data Breach Response and Liability”; “Lessons Learned from 3,000 Incidents” RSA and Gartner Security and Risk Conferences, The Cincinnati Insurance Companies, “Threats, Trends, and Tactics”; Michigan State University; University of Arkansas at Little Rock; Malicious Life; Indianapolis Cybersecurity Summit; Berkley Cyber Risk Solutions; Mullen Coughlin Law Firm, “Forensics 101”; Chubb, “Step By Step, the Intrusion Path”
  • Cornell University Tech Board Institute, “Cyber Threats, Incidents & Tabletop Exercises”; Nationwide Insurance on “Forensics 101”; Amerisure Technical on “Threats, Trends, and Tactics”; SANS DFIR Summit - “Once More unto the Data-Breach: Navigating Investigations of Unconventional Data Sources”; The Cybersecurity Defenders Podcast; Sayata Podcast Series - “Threats, Trends, and Top 10 Security Controls”; Sayata Webinar – “Anatomy of a Cyber Attack”; Law.com - “What Executives Should Take From Ex-Uber Security Chief Joe Sullivan's Sentence”; Enterprise Security, “Opportunism, Targeted Attacks, Outright Destruction and Possible Violence: The Changing Face of Cybercrime”; GRC Outlook magazine, “Incident Response Meets Governance Risk and Compliance (GRC) in Digital Forensics”; Winterwood Inc.; Megan Gates for Security Magazine on cyberattacks between Russia and Ukraine; cyberwarfare; decrease in IR investigations as a result of the cyberwar; and cyber insurance.
  • Keynote speaker at the HTCIA International Conference & Expo; “Threats Trends and Tactics” speaker at various conferences, seminars and board rooms including Nellore Capital; Allied World; Greyling Insurance Brokerage & Risk Consulting; RSUI Group Professional Claims Seminar; CyberCube Foresight Series; Georgetown Law Advanced eDiscovery Institute; Berkley Cyber Risk Solutions Technical Training; Advisen Zywave NY Cyber Risk Conference; and NHE, Inc. Cyber Guest speaker on the Crime Lab Podcast; Technical presenter at the Cambridge Forum; Ransomware presentation at 2022 American Health Law Association (AHLA) Annual Meeting, Raleigh Cybersecurity Conference.
  • “Threats Trends and Tactics” speaker at various conferences, seminars and board rooms including NetDiligence Cyber Risk Summit; FBI Cyber Ransomware Summit; North Carolina Bar Association; Club Management Association of America (CMAA); Lewis Brisbois Bisgaard & Smith. Ransomware presentations to FinCEN, Department of the Treasury, and Department of Justice/Federal Bureau of Investigation (FBI); EPIC Brokers; Baker Donelson/GA Hospital Association; Baker Donelson/TN Hospital Association; NetDiligence.
  • “Threats Trends and Tactics” speaker at various conferences, seminars and board rooms including Data Center World Global Summit; Serent Capital; Providence Mutual; NetDiligence; Victor O. Schinnerer & Company Annual Conference; Magnet User Summit. Guest Speaker on NPR Planet Money; Guest speaker with John Edwards, SC Magazine; Kate Fazzini, Wall Street Journal Pro Cybersecurity; David Cowen and Matthew Seyer, The Forensic Lunch; Rhys Dipshan, Legaltech News; Morgan Chalfant, The Hill. Speaker on “A Planned Methodology for Forensically Sound Incident Response in Microsoft's Office 365 Cloud Environment” SANS DFIR Summit.
  • “Threats Trends and Tactics” speaker at various state capitols, foreign delegations, conferences, seminars and board rooms including Illinois House of Representatives, Springfield, Illinois; Belgian Federal Police Delegation, FBI Academy, Quantico, Virginia; University of North Carolina, Chapel Hill; Privacy + Security Forum, George Washington University; AFCOM, NC State University; Katalyst Summit; Contingency Planning Association of the Carolinas (CPAC). Guest speaker with David Cowen, The Forensic Lunch; Allison Grande, Law360; Adam Janofsky, Wall Street Journal; Rhys Dipshan, Legaltech News; Ian Lopez, Legaltech News; Scar de Courcier, Forensic Focus; North Carolina Farm Bureau; Scar de Courcier, Forensic Focus. 
  • Threats Trends and Tactics” speaker at various foreign delegations, conferences, seminars and board rooms including Turkish Cyber Leadership and accompanying foreign delegation officials; New South Wales delegation; CART Senior Forensics Research Project Review Board and CART community; North Carolina chapter, Association for Computer Operations Management (AFCOM); Greater Raleigh Chamber of Commerce; Campbell University; North Carolina Office of Information Technology Services; “Digital Forensic Science” instructor at FBI Operational Technology Division Subject Matter Experts (SME), Cyber Special Agent Class, Computer Scientist Field Operations, and Forensic Examiner Trainee Class, FBI Academy, Quantico, Virginia.
  • “Digital Forensics” speaker at various conferences, seminars and board rooms including FBI CE Division Cyber Security and Intrusion Working Group (eShield); Methodist University; Agio Cyber Security IR Conference; Annual Child Abuse Conference; North Carolina chapter, Association for Computer Operations Management (AFCOM). “Digital Forensic Science” instructor at CART Forensic Examiner Trainees class; FBI ITS Executive Management, and Cyber Special Agent Class, FBI Academy, Quantico, Virginia; course material revision architect and co-author of approximately 80 hours of instructional material for FBI’s CART Tech Certification program and Digital Extraction Technician (DExT) training curriculums.

 

FORENSIC SOFTWARE & TOOL DEVELOPMENT/TECHNICAL COLLABORATION

  • Indicators of Compromise Database (IOC DB) v1 and v2, 2019
  • Witness v2 (Office 365 Artifact Collection & Analysis Suite), 2019
  • Office365 Incident Response PowerShell scripts for evidence preservation of forensic artifacts associated with Microsoft’s cloud email environment, 2017 - 2018
  • base64Decoder Python script for automatic decoding of numerous base64 encoding and obfuscation techniques commonly identified during intrusion response investigations, 2016
  • fileExaminer Python script for file header/footer identification, internal metadata extraction, and file hashing, 2016
  • LECmd (Link .lnk Explorer) and PECmd (Prefetch .pf Explorer), 2016
  • Magnet Forensics AXIOM v1.0.3 and v1.0.4, 2016
  • Registry Explorer and Windows Registry ShellBags Explorer, 2014 - 2017
  • eMule Parser, 2014 - 2015
  • FTK/LAB v5.1 Report Optimization Tool (underlying coding and styling adopted by AccessData Group Inc. as official in commercial releases >v5.1 of their forensic suite software), 2014
  • osTriage v2 Live Response & Triage Tool, 2013 - 2015
  • Sanderson Forensics’ Reconnoitre, 2013
  • FTK/LAB v4.0 and v5.0 Report Cleanup Tool, 2012 - 2014

Related Services

eDiscovery & Document Review

IR Plans & Tabletop Exercises

Cybersecurity Consulting Services

Incident Response & Retainers

Related Blogs

cr-sdr-solution

Cybereason and Observe launch a new SDR solution, converging SIEM and XDR

Cybereason, the leader in future-ready attack protection, is proud to announce its new SIEM Detection and Response (SDR) solution with Observe.

Read More
cr-xdr-market

Cybereason's Evolution to Disrupt Beyond Siem and XDR Market

Cybereason’s SDR Platform is a significant evolution in the company’s approach to cyber-protection. With SDR, Cybereason delivers a comprehensive cybersecurity solution that converges endpoint.

Read More