Colin Sheppard

Colin Sheppard

Managing Director, EMEA Head of Incident Response

Colin Sheppard is a managing director and the EMEA Head of Incident Response with Kroll's Cyber Risk business, based in London. With a 25-year career spanning offensive and defensive security, Colin has extensive experience helping large enterprises and government clients prepare for, respond to and recover from complex cyber incidents.

Prior to joining Kroll, Colin was at IBM, where he most recently led IBM Security's X-Force IR practice. In this role, he was responsible for the development and delivery of incident readiness and incident response services across EMEA. During his tenure with IBM, he also led IBM Security's X-Force Red practice across EMEA. This is IBM's elite team of offensive security professionals tasked with delivery of penetration testing, red teaming and risk-based vulnerability management services.

Prior to IBM, Colin focused on building digital forensics, incident response, and threat intelligence capabilities for two global fintech companies: FIS and Fiserv. He also previously served as Director of Digital Forensics and Incident Response for Trustwave Spiderlabs where he oversaw unprecedented growth of the practice across the Americas.

Colin holds a Bachelor of Science in business administration from Old Dominion University. Additionally, he holds multiple industry-recognized information security certifications, including  (ICS)2 Certified Information Systems Security Professional (CISSP), GIAC Certified Forensic Professional (GCFA), GIAC Cyber Threat Intelligence (GCTI), GIAC Reverse Engineering Malware (GREM), GIAC Continuous Monitoring Certification (GMON), GIAC Cloud Security Essentials (GCLD) and AWS Certified Cloud Practitioner.



Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

24x7 Incident Response

Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.

Cyber Risk Retainer

Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.


Penetration Testing Services

Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.

Kroll Responder MDR

Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.

Red Team Security Services

Red team security services from Kroll go beyond traditional penetration testing, leveraging our frontline threat intelligence and the adversarial mindset used by threat actors to push the limits of your information security controls.


Incident Response Tabletop Exercises

Kroll’s field-proven incident response tabletop exercise scenarios are customized to test all aspects of your response plan and mature your program.

Cyber Litigation Support

Whether responding to an investigatory matter, forensic discovery demand, or information security incident, Kroll’s forensic engineers have extensive experience providing litigation support and global eDiscovery services to help clients win cases and mitigate losses.

Global eDiscovery Services

Award winning, Forrester-recognized eDiscovery specialist trusted by clients year after year with experienced professionals who provide support throughout the entire eDiscovery lifecycle.