SEC / NFA / FINRA Registrants must comply with critical cybersecurity regulatory requirements—or face regulatory or possibly even civil penalties.
In this complex world, criminals and nation states continue to search for weaknesses and prey upon the financial industry.
To help mitigate these risks of attack and address your compliance needs, BW Cyber Services provides turn-key cyber audit and cyber regulatory compliance services.
UPDATES
BW Cyber Services, Expert Panelist for National Futures Association Cybersecurity Workshops in Chicago, NYC, June 2018
BW Cyber Services in the News: Investment News: Cyber Assailants Targeted…
BW Cyber Services at Hedge Connection Table Talks: The Unique Complexities Related to Cryptocurrency Fund Investing
BW Cyber Services at FINRA’s 2018 Conference in Washington, DC
BW Cyber Services Sponsor/Exhibitor at FINRA’s 2018 Cybersecurity Conference
BW Cyber in the News: Brice Interview at the Global Fund Forum
Michael Brice is Cybersecurity Speaker at Global Fund Forum in Bermuda, 10/16 – 10/18/17
Michael Brice as Cybersecurity Expert Panelist for IA Watch Conference on Cybersecurity in Washington DC, 10/6/17
Michael Brice is Panel Moderator for CTA Expo in Chicago (Emerging Manager Forum), 9/13/17
BLOGS & WEBINARS
Ransomware: How to Avoid the Crushing Effects & Regulatory Fines
Cybersecurity Regulations & Operational Benefits of Penetration Testing & Vulnerability Assessments:
Founder Michael Brice explains regulatory requirements, critical benefits of this crucial testing
BW Cyber Services / BasisCode:
Guest Blog on Penetration Testing for BasisCode
BW Cyber Services / TruShield:
Guest Blog on SEC, FINRA, and NFA cybersecurity compliance requirements for TruShield
BW Cyber Services / NSCP Webinar:
BW Cyber Services supports the NSCP: Navigating Indemnities & Insurance Options
BW Cyber Services Cybersecurity Insurance Webinar:
Understanding Cybersecurity Insurance in the Financial Services Industry: Secrets You Need to Know
Past Updates
Michael Brice Serves as Expert Cybersecurity Panelist
NFA’s NY and Chicago (5/10 – 5/11/17) Member Workshops
BW Cyber Services Featured on Asset TV: Watch Michael Brice, interviewed on Asset TV…
BW Cyber Services in the Press: ThinkAdvisor.com: Organized Crime Has Gone Online and Hackers Are Looking at You
BW Cyber Services Joins BasisCode Advisory Council: The advisory council will provide independent guidance and industry insights that reflect ongoing changes in the regulatory environment. Learn more…
BW Cyber Services presents at Global Fund Forum 2016
Michael Brice to lead a table at Table Talks on 10/25th at the Global Fund Forum 2016 in Bermuda”. Watch the interview on Asset TV…
BW Cyber Services at NYSSA’s Emerging Manager Forum
Michael Brice to provide cybersecurity closing remarks at NYSSA’s Emerging Manager Forum on 10/3 in NYC.
CFTC releases guidance of Cybersecurity Control Testing
On Sept 8, 2016 the CFTC released Final Rules related to cybersecurity control testing. Specifically, these “Final Rules” enhance and clarify existing requirements relating to cybersecurity testing and system safeguards risk analysis by, among other things, specifying and defining five types of cybersecurity testing essential to a sound system safeguards program. The five types of testing include (1) vulnerability testing, (2) penetration testing, (3) controls testing, (4) security incident response plan testing, and (5) enterprise technology risk assessment.
BW Cyber Services partners with TruShield
TruShield Security Solutions to provide 24/7 managed security services to all BW Cyber Services’ clients. Read the press release…
Published 5/12/16: NIBA article
NYC Conference Follow Up: Attaining a Viable Cyber Security Program at a Reasonable Price by Michael Brice. Read the article at theNIBA.com
4/20/16: Panelist: “Cyber Security Compliance”
Michael Brice in NYC on April 20, at the National Introducing Brokers Association (NIBA) conference.
4/19/16: Panelist: Demystifying Your Cyber Security Program
Michael Brice in NYC on April 19, at a Peltz International event, co-sponsoring: Cybersecurity Issues—Demystifying Your Cyber Security Program.
Published 3/29/16: FuturesMag.com
NFA Cyber ISSP Mandate Has Arrived by Michael Brice. Read the article at FuturesMag.com
Regulatory Complexity
- SEC/NFA/FINRA guidance
- Overview of cyber security landscape
- NIST framework and supporting IT controls
- Risk analysis and prioritization of threats
- Cyber security training
- Third-party risk assessment
- Incident management playbook
BW Simplicity
- Perform cyber audit of your “As-Is” IT environment based on industry standard controls
- Identify and prioritize threats to your organization
- Teach your team how to identify and address critical third-party risks
- Provide follow-on support to further remediate cyber risks
Penetration and Vulnerability Testing
This custom-tailored penetration test and supporting vulnerability assessment is specifically targeted for the small- to medium- size NFA/SEC regulated client facing current and anticipated financial industry threats. Completed within 24 hours, this streamlined testing process perfectly complements our ISSP offering while providing exceptional operational value.
Compromise Assessment
Compromise Testing is offered as a follow-up to our Penetration and Vulnerability Assessment and is used to determine if your organization is/or has been recently compromised.
Cyber Due Diligence
We develop a Cyber Due Diligence Response document that dovetails with your ISSP. Without disclosing any critical information, this document will demonstrate to potential investors how your organization’s cyber security plan and related cyber implementation activities have been implemented in the form of a continuous cyber security improvement program.
Managed Security Services
Our turnkey Managed Security Service Plan provides world-class cyber security support and monitoring at a cost that is extremely reasonable for the small- to mid-sized NFA/SEC member. This is a unique capability offered by BW Cyber Services that is unmatched in the industry.
Cyber Incident and Response Management Planning
Inherent within our cyber audit, BW Cyber Services provides an initial Incident and Response Management Plan. Moreover, for some of our larger customers we provide a more strategic document and supporting processes related to explicit, predetermined coordination with external entities such as law enforcement, on-demand forensic support, public relationships, and other strategic partnerships.
Forensics
We possess the expertise to provide immediate, on-demand forensic support in all cyber breaches. We quickly identify what happened, how it happened and when the breach occurred. This is an area where our deep technical expertise and strong industry experience (e.g., coordination with law enforcement) are critical to success.
Cyber Security Insurance
While BW Cyber Services is not an insurer, we do understand the intricacies of cyber security insurance and bring a network of strong cyber insurance partnerships to our customers.
Specialized Cyber Legal Services
We have a strong relationship with a leading cyber law firm that is ready to meet with you or support your unique cyber legal needs at a moment’s notice.
Already well-established in financial services cybersecurity, BW Cyber Services has also surfaced as the preeminent leader in the crypto realm for institutional assets.
Throughout this industry’s rapid evolution, we have been providing industry-leading cybersecurity guidance, support and related solutions to asset managers, emerging cryptocurrency custodians, and institutions.
Our team helps protect their assets and mitigate the many strategic threats directed at them by organized crime and rogue nation-state hackers.
If your business deals with cryptocurrency, reach out to one of our highly experienced experts to learn how we can secure your infrastructure and protect your crypto assets.
Moreover, finding and hiring a qualified individual that has the operational and technical experience to oversee your unique security need and regulatory requirements is challenging at best. Without the proper expertise, your organization increases the risk of exposure to cyber threats and regulatory actions.
Our outsourced CISO’s have decades of real-world security experience and are available on-demand depending on your requirements.
We are a flexible and cost-effective alternative to a full-time CISO. You have the benefit of an experienced security team with financial industry expertise that can identify and mitigate vulnerabilities, establish security best practices, and implement the right technology to protect your business operations.
Our CISO-As-A-Service provide valuable insight on how to enhance your security posture and are an extension of your IT team. Here are just a few areas where we can assist:
- Security Awareness Training Services
- Vulnerability Management Monitoring
- Data Breach Management
- Data Loss Prevention Implementation
- Compliance Initiatives (SEC, FINRA, CFTC, NFA)
- Security Program Design
- Identity & Access Management Security Architecture Design & Deployment
- Policy Writing
- BYOD Strategies
- Risk Reviews
- Audit Remediation & Audit Management
- Incident Response
Enterprise Risk Assessment (ERA)
In a world exemplified by the loss of critical client data, ERA for the legal industry has become our flagship. With the release of the “Panama Papers”, the risks associated with a cyber breach can no longer be ignored.
BW Cyber Services addresses this very critical need using a systemic approach to evaluate all of your firm’s security controls against know vulnerabilities and threats. Once we have captured your threat and vulnerability profile, we outline a roadmap of proven mitigation tools and techniques to immediately improve your overall security posture.
Penetration and Vulnerability Testing
This custom-tailored penetration test and supporting vulnerability assessment is specifically tailored for law firms facing current and anticipated cybersecurity and related industry espionage threats. Completed within 1–3 days, this streamlined testing process perfectly complements our ERA offering while providing exceptional operational value.
Compromise Assessment
Compromise Testing is offered as a follow-up to our Penetration and Vulnerability Assessment and is used to determine if your organization is/or has been recently compromised. It is a critical tool for any organization that believes it may already have been compromised.
Managed Security Services
Our turnkey Managed Security Service Plan provides world-class cyber security support and monitoring at a cost that is extremely reasonable for the small-to mid-sized law firms. This is a unique capability offered by BW Cyber Services that is unmatched in the industry.
Cyber Incident and Response Management Planning
If desired, BW Cyber Services will work with your organization to develop an Incident and Response Management Plan. For our larger customers, we have expanded this service to include supporting processes related to explicit, predetermined coordination with external entities such as law enforcement, on-demand forensic support, public relationships, and other strategic partnerships.
Forensics
We possess the expertise to provide immediate, on-demand forensic support in all cyber breaches. We quickly identify what happened, how it happened and when the breach occurred. This is an area where our deep technical expertise and strong industry experience (e.g., coordination with law enforcement) are critical to success.
Cyber Security Insurance
While BW Cyber Services is not an insurer, we do understand the intricacies of cyber security insurance and bring a network of strong cyber insurance partnerships to our customers.
Their ISSP process was efficient and seamless. And the operational value they provided far exceeded the initial compliance needs.” BOB DOHERTY
They took a complex subject and translated it to actionable items for remediation in an cost effective, efficient and understandable way.” TIMOTHY BRADLEY
“As a rapidly growing systematic trader in which our technology is critical to our core operations, we found that BW Cyber Services provided exceptional value to PlusPlus in terms of regulatory compliance AND real-world cyber risk mitigation. Their process not only helped to assess and address our technology risks, it also provided us the basis for our cybersecurity risk management program to meet our client’s demanding security expectations now and into the future.”
MURAT UNLUER
Anton Webre
FOUNDER
Anton brings almost 30 years experience in all facets of the managed futures industry. Anton began his career in 1988 working for Merrill Lynch on the floor of NYMEX, and was a member ’89 to ’93.
Read more…
Close
Michael Brice
FOUNDER
Michael has more than 28 years providing technology, security, and related cybersecurity consulting solutions for multiple industries, including deep commercial and military experience in the financial services industry as well as classified government operations.
Read more…
Close
JOHN COURSEN: Hedge Fund Security
Experience in design and implementation of Hedge Fund security programs to address risks across the Kill Chain:
- 10 years of direct experience in advanced Hedge Fund Cyber programs.
- CryptoAsset security strategy including multi-wallet, multi-sig, hybrid infrastructure designs providing clients with the highest-grade protection of assets while still allowing necessary liquidity for trading.
LESTER THOMPSON: (CISSP, CITP, MBCS, PMP) Identity & Access Management
Cyber Security Architect with expertise in Identify and Access Management:
- Expertise leading and delivering Privileged Access Management solutions.
- Data protection assessments making recommendations for protection controls.
- System health-checks reviewing system architectures and recommending changes to improve performance and security.
- Identity and Access Management projects with onshore and offshore teams, responsible for the design, architecture and delivery of Enterprise and Federated identity solutions.
ERIC R. GOLBERG: Alternative Investment Portfolio Manager with Focus on Cybersecurity Due Diligence
Alternative investment portfolio manager (to include multi-manager portfolios) w/expertise in cybersecurity due diligence:
- Alternative investment cybersecurity due diligence from the investor and manager perspective with a particular experience in hedge fund and commodity trading advisors
- Manager sourcing, due diligence, selection and portfolio construction
- Investing via managed accounts and fund structures
RICH BROWN: Behavior Analytics
Experience in the hedge fund market developing advanced IT and related security programs to address risks across the physical, cyber, and insider threat domains:
- Pilot projects to identify various security issues including data exfiltration, highly privileged access abuse, and anomalous network activities as well as insider threat detection
- Development and prioritization of requirements for enterprise security initiatives that include:
– End Point Protection and forensic analysis capabilities
– Network Access Control implementation
– End user analytics
ARVE KJOELEN: Special Advisor: (CISM) Third-Party Risk Management & Technical Controls
Financial Services background managing security and developing cybersecurity solutions:
- Arve has more than 20 years’ Big 4 consulting experience in cyber security — both inside the Brokerage and Hedge Fund Industry
- Broad experience providing extensive cyber security assessments, architecture and related IT control implementation work
- Specialization in cyber threats, third-party risk management, and cybersecurity technical countermeasures
KENNETH LERMAN: (CISA) Cyber Risk Management & Control Analysis
Deep experience in diversified Financial Services Disciplines — Broker/Dealer, Custody and Fund Accounting, Clearance, Retail Banking, and Insurance:
- Cybersecurity Risk and Control Expertise — IT Governance, Information Security, Third Party Risk Management, Application and Infrastructure Assessment, Secure Code Development
- Legal/Regulatory/Standards — NFA & SEC (cybersecurity Interpretive Notices and Rules), Federal (HIPAA, SOX, FFIEC), Third Party (PCI, COBIT, ISO, ITIL), Government (NIST)
JACK P. HEALEY: (CPA/CFF, CFE) Cyber Security Auditor, Crisis Management & Breach Coach, Fraud Analyst
Cyber Security, Crisis Management, Breach Coach, Fraud and Forensic Expert:
- Operational, financial and organizational crisis management, strategies and tactics. He is a leader in Cyber Incident Response strategies and tactics and has consulted Fortune 50 as well as small companies on the preparation, identification, remediation and recovery from Cyber Incidents.
- Cyber Incident Response Plan development, hands on cyber scenario testing, after action report protocols, security team assessment and team augmentation.
- Dynamic interactive workshop on need for cyber preparedness and why “Cyber Security and Cyber Hygiene is a business issue, not an IT issue.”
MIKE WHISENANT: Advanced Technology Implementation & Cloud Security Services
Advanced Technology Implementation & Cloud Security Services:
- Mike has more than 22 years providing advanced technology and cybersecurity consulting solutions. He carries deep experience in diversified Infrastructure Services Disciplines with a focus on I.T. Service Providers and Retail Banking
- Mike specializes in infrastructure assessments and implementations with a deep understanding of “Cloud” and IAAS solutions delivered in highly secured environments that include AWS, Azure, and and other alternative cloud environments.
PATRICK GORMAN: Senior Intelligence & Cyber Security Advisor
Senior
Intelligence
& Cyber
Security Advisor:
- Patrick has more than 30 years working in risk and cybersecurity in the military, civil government, intelligence, and the private sector.
- Deep specialization in threat analysis, modeling and simulation, and countermeasure development.
- Functional experience in cyber risk management, audit and assessments, cybersecurity operations, architecture and controls design, and performance management.
- As Deputy Director for the Director National Intelligence (DNI), ran cyber strategy, risk management and policy for the DoD and the US Intelligence Community.
- Key civilian cyber executive positions include CSO for the world’s largest bank as well as for the world’s largest hedge fund.
