MTradecraft

MTradecraft
Sign in Subscribe
Menu

The Betterment Breach : A Case Study in How Modern RIA Breaches Actually Happen.

Comments 0
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0


The Betterment Breach (January 2026):What Actually Happened — and Why Every RIA Should Be Paying Attention


In early January, Betterment disclosed a cybersecurity incident affecting customer information and communications. Most…

Latest posts View all

BrainTrust Video: Operationalizing Cybersecurity Governance Under Amended Regulation S-P

Comments 0
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0
The SEC’s amendments to Regulation S-P represent one of the most significant shifts in cybersecurity expectations for investment advisers in over two decades. While the rule is often described as

How the SEC Expects RIAs to Supervise AI — Today

Comments 1
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 1
Artificial intelligence does not trigger a new regulatory regime — it operates within the one that already exists.

An adviser needs a formal AI governance structure as soon as AI…

You Can’t Prove Cybersecurity Compliance Without Internal Vulnerability Scans

Comments 0
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0

Let's discuss the internal vulnerability scan — the process regulators expect firms to use to identify cybersecurity risks in systems that handle client data.

Under SEC expectations for investment advisers…

The 206(4)-7 Annual Compliance Review Template and Checklist

Comments 0
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0
Hi everyone —

If you’re an SEC-registered investment adviser, your Rule 206(4)-7 Annual Review isn’t optional — and the SEC expects it to be more than a once-a-year “checkbox.” 

The…

Practical Takeaways from the SEC’s M Holdings Cybersecurity Case

Comments 1
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0
 

MTradecraft has no affiliation with M Holdings.  We both just fancy the 13th letter of the English alphabet.


The SEC actions against M-Holdings are extremely noteworthy so lets jump…

Best Practices for Securing a Microsoft 365 Environment

Comments 0
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0


Microsoft 365 sits at the center of most advisory and financial firms’ operations. Email, document storage, identity, collaboration, and authentication all converge there—which makes it one of the most critical…

Cufflinks or Handcuffs: Navigating the New Era of Executive Cybersecurity Liability

Comments 0
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0

For years, cybersecurity was treated as a technical problem—something delegated to IT, managed quietly in the background, and addressed with vague references to “best practices.” I have spent enough time…

Guide to Performing a Cybersecurity Risk and Threat Assessment using Shodan.

Comments 0
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0


Introduction to the Risk and Threat Assessment.

Most SEC-registered firms believe they have a clear understanding of which systems are exposed to the public internet. In reality, many firms do…

New Guide Posted: How to Execute the Cybersecurity Policies & Procedures Manual

Comments 0
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0
I’ve posted a new document to The BrainTrust repository:


“An Overview and Introduction to the MTradecraft Cybersecurity Policies & Procedures Manual.” 


This guide is the execution-layer companion to the…

How A Spy Would Conduct a Vendor Due Diligence Analysis for an SEC Registered Firm

Comments 0
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0

Leveraging Open Source Intelligence (OSINT) to Fortify RIA Vendor Oversight:

In the intelligence world, you never rely solely on what a subject tells you.  

 You validate the story through…

The Future of RIA Operations, IT Infrastructure, and Security...my $0.02.

Comments 1
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 1
Over the past year or two-ish, a powerful convergence of forces has quietly — but decisively — reshaped the risk landscape for every RIA and financial institution.

This shift is…

New Cybersecurity Policies & Procedures Template Released — Fully Updated for the 2024 Regulation S-P Amendments

Comments 0
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0
A newly revised Cybersecurity Policies & Procedures Template is now available to all members. This update incorporates the 2024 amendments to Regulation S-P (effective August 2, 2024) and aligns the…