For RIAs · Broker-Dealers · Funds · Family Offices

When the examiner asks,
your evidence is ready.

We build, test, and maintain the cybersecurity compliance program your SEC or FINRA examiner, insurer, custodian, and investors expect to see.

Independent by design: no product resale, no commissions, no vendor bias.

300+audits & security reviews
2009advising regulated firms since
600+vendors researched for members
0vendor commissions — ever
Why Firms Call Us

The request arrives.
Your program has to answer.

Most engagements begin with a deadline, a questionnaire, or a concern that the current documentation will not survive scrutiny.

01

An exam is coming

You need a defensible evidence file — not a last-minute binder of policies nobody has tested.

02

Insurance is renewing

The carrier wants precise answers on MFA, backups, response plans, controls, and ownership.

03

A DDQ is blocking growth

A custodian, prime broker, or investor expects controls your MSP cannot credibly document.

04

A gap has surfaced

An incident or exposure revealed the distance between written policy and operational reality.

The MTradecraft Method

Built once.
Maintained every quarter.

Cybersecurity compliance is not a document purchase. It is a repeatable operating discipline with proof attached.

Explore the Engagements
  1. 01

    Find what is exposed

    Assess the public attack surface, cloud configuration, credentials, vendors, and internal controls the way an adversary — and examiner — would.

  2. 02

    Map the rule to the work

    Turn findings into policies, procedures, accountable owners, and evidence mapped to Reg S-P, Reg S-ID, Rule 206(4)-7, and Rule 204-2.

  3. 03

    Keep the file current

    Test, update, and retain evidence throughout the year so readiness does not depend on a scramble when the request arrives.

Choose Your Operating Model

We can run the program.
Or give you the playbook.

Two paths for two kinds of firm. Both use the same examiner-focused methodology and working materials.

Self-Directed Membership 02

Run it in-house with the BrainTrust.

For CCOs and IT leaders who need the same policies, frameworks, training, and readiness tools we use in client engagements.

  • 61 editable, rule-mapped templates
  • Reg S-P vendor due-diligence portal with 600+ vendors
  • FieldCraft security training for up to 50 users
  • Incident response tools, quarterly exposure scan (beta), and email support
Brian Hahn, Founder and Principal Consultant of MTradecraft Founder & Principal Consultant
Experience on Both Sides of the Table
“Your cybersecurity advisor should understand the rule, the technology, and the operating reality of a financial firm.”

Brian Hahn founded MTradecraft after two decades inside financial services — including the CCO chair, trading operations, and corporate intelligence work. He has built the systems examiners inspect and taken a firm through an SEC examination with no material findings.

Bridgewater alumnus Former CCO & head trader Since 2009 advising firms
Meet Brian & Read Our Principles
Start With the Trigger

Tell us what is driving the timing.
We'll tell you honestly if we can help.

An exam, a renewal, a DDQ, a custodian attestation, or a concern you cannot quite dismiss. Twenty minutes is enough to establish fit.

Not ready for an engagement? The BrainTrust starts free →