K2 CEO Aaron Karczmer, along with K2’s Global Head of Data and Technology, Michael Flowers, sets technology-focused, AI-enabled future and announces acquisition of cutting-edge cybersecurity company Leviathan Security Group, led by Frank Heidt
NEW YORK/TUKWILA, WA – 10 March 2026 – K2 Integrity, a global leader in risk management, investigations, and assurance services, today announced the acquisition of Leviathan Security Group, an industry leader in designing and delivering cybersecurity services and programs utilizing cutting edge capabilities for some of the world’s most influential companies. Aaron Karczmer, who was named CEO of K2 in October of 2025, has set a technology and AI-enabled strategic focus for the company. Aaron came to K2 with more than two decades of experience in the areas of enterprise transformation, global operations, and risk, including financial crime, cyber, and regulatory risk. Aaron’s leadership experience spans PayPal, American Express, and the New York County District Attorney’s office where, in the early 2000s, he co-founded and led a unit dedicated to combating identity theft and cyber-crime. Throughout Aaron’s career, he has consistently leveraged technology, data, and cross-sector partnerships to drive transformation and deliver impact. Michael Flowers, a world-renowned data expert with deep expertise in data strategy, public and private sector innovation, and technology policy, joined Aaron at K2 in October of 2025. Mike has a proven track record of launching, executing, and scaling data-driven initiatives and capacities for the City of New York, the federal government where he had a leadership role in the Government Services Administration, and in private industry. As K2’s global leader for data and technology, Mike has quickly developed the foundation for a modern tech stack that enables the conversion of data into actionable insights and sets the stage for AI-powered services for K2 and its clients. With a career spanning nearly 30 years, Frank Heidt built Leviathan around a simple, yet powerful conviction: exceptional talent, working together, achieves what no individual can do alone. As the firm’s architect, Frank led the creation and long-term growth of Leviathan by deliberately assembling an elite team of security professionals drawn from the world’s leading consultancies, industries, and government agencies, practitioners who shared an uncompromising standard for excellence. This exceptional group has earned Leviathan a reputation for world-class information assurance, risk assessment, and penetration testing across both the private and public sectors. Before founding Leviathan in 2006, Frank served as a Managing Security Architect at @stake, where he led the Pacific Northwest practice. Frank’s earlier experience included key roles working at the intersection of technical expertise and national security, conducting advanced analysis for the NYPD and pioneering cybersecurity work for the Department of Defense, experiences that shaped both his leadership style and the team-first culture that defines Leviathan today. “I couldn’t be more excited for Frank and Leviathan to join K2. The combination of the collective capabilities and resources, and collaboration between Frank and Mike, will enable us to provide innovative tech-enabled services to our clients,” said Aaron. “Today’s announcement is the evolution of a long-term relationship I’ve maintained with Leviathan’s leader Frank Heidt, during which I have come to value his professionalism and innovative approach to cybersecurity challenges. We’ve continued to partner with Frank and Leviathan for their technical expertise, commitment to superior solutions, and respect amongst clients. Strengthening our relationship through this acquisition will be critical as we execute Aaron’s exciting vision,” said Jules Kroll, K2 Founder and Chairman of the Board. “I have had the pleasure of working with Jules Kroll and K2 for over a decade and have always respected Jules’ role in shaping the modern investigations industry. Joining K2 is a natural evolution of that legacy and is a testament to Aaron’s vision for offering modern technology solutions to clients. We are excited to position ourselves for greater innovation, resilience, and growth,” remarked Frank Heidt.Penetration testing (“Pentesting”) is a controlled security assessment in which experts simulate real-world attacks to identify vulnerabilities in applications, networks, cloud environments, APIs, or systems. Organizations use penetration testing to proactively detect weaknesses, validate security controls, and reduce the risk of data breaches before attackers can exploit them.
A red team engagement is an adversary simulation exercise designed to evaluate an organization’s ability to prevent, detect, and respond to real-world cyberattacks. Unlike traditional penetration testing, red team exercises evaluate people, processes, and technology together to uncover gaps in overall security readiness.
K2 Integrity provides end-to-end cybersecurity services, including penetration testing, cloud security assessments, AI security testing, digital forensics, incident response, and managed security services. These offerings help organizations identify risks, strengthen security controls, meet compliance obligations and build long-term cybersecurity resilience.
AI security focuses on protecting artificial intelligence systems from risks such as prompt injection, model manipulation, data leakage, insecure integrations, and AI supply chain vulnerabilities. As organizations adopt AI, securing these systems is critical to ensuring reliable outputs, protecting sensitive data,maintaining regulatory compliance, and reducing emerging risks.
A virtual Chief Information Security Officer (vCISO) provides executive-level cybersecurity leadership on a flexible basis. vCISO services typically include strategic guidance, program development, risk management, and ongoing oversight without the need for a full-time executive. Organizations leverage vCISO services to access experienced security leadership without the cost of a full-time executive.
Incident response is the structured process of identifying, containing, investigating, eradicating, and recovering from cybersecurity incidents.. It often includes digital forensics, threat containment, remediation, and recovery to minimize business disruption and prevent future incidents.
Cybersecurity supports regulatory compliance by implementing controls aligned with frameworks such as NIST CSF, ISO 27001, CIS Controls, PCI DSS, HIPAA, DORA, and SOC 2. These frameworks help organizations protect data, manage risk, demonstrate due diligence, and meet legal and regulatory requirements across industries.
Through the acquisition of Leviathan Security Group, K2 Integrity expanded its capabilities in penetration testing, red team operations, cloud security, and hardware security. This strengthens its ability to deliver comprehensive cyber risk management and advanced technical security services.
A vulnerability assessment identifies and prioritizes known security weaknesses across systems and applications, typically using automated tools and analyst review. A penetration test goes further by actively attempting to exploit vulnerabilities to demonstrate real-world impact, validate risk, and uncover attack paths that automated tools may miss.