MTradecraft serves SEC-registered investment advisers, hedge funds, broker-dealers, and family offices. The firm is independent: no hardware resale, no MSP partnerships, no vendor commissions, no managed services pass-through. Recommendations exist because they are right for the client, not because they're profitable for us.
Founder & Principal Consultant
Brian Hahn is the founder of MTradecraft. His background combines disciplines most cybersecurity consultancies lack: the operational discipline of a Wall Street trading floor, the seat of a registered investment adviser's chief compliance officer, and the analytical methodology of corporate intelligence tradecraft.
Brian spent two decades inside the financial industry before that experience became the foundation of MTradecraft. He ran trade execution as head equity trader at a long/short equity fund, moving three million shares a day across equities, options, and futures, where a single configuration error or settlement break cost real money in real time. He is an alumnus of Bridgewater Associates, working in CS Analytics, where research, data integrity, and information security were integrated parts of his job duties. He has also worked at several small SEC-registered firms, where his duties and projects covered operations management, chief compliance officer responsibilities, and the design of cybersecurity programs, IT policy, business continuity plans, and compliance manuals, including taking a firm through an SEC examination with no material findings.
That arc matters because it is the same arc his clients live. Brian has sat in the CCO chair. He has built the operational systems that an examiner inspects. He has executed in markets where documentation of every process is the audit trail, not an afterthought. Most cybersecurity firms have never seen the inside of a regulated financial institution. Brian has run one.
MTradecraft draws on that discipline directly. The firm does not treat compliance as an IT problem with regulatory paperwork bolted on. It treats compliance as a documentation problem with technical evidence underneath. That is how SEC examiners, cyber insurance underwriters, and institutional investors actually evaluate firms, and it is the standard MTradecraft builds toward from the first engagement.
The OSINT and corporate intelligence side of the practice runs deep. Before MTradecraft became a compliance practice, Brian spent three years based in Costa Rica working as a private intelligence consultant, doing the reconnaissance, source analysis, and information asymmetry work that most cybersecurity firms only read about. He brings that adversarial framework to every assessment. The result is a compliance program built around what an adversary could actually exploit and what a regulator could actually ask for, rather than a checklist of generic controls. Since 2009 he has run more than 300 SEC-style cybersecurity audits, penetration tests, and compliance reviews, and authored MTradecraft's SEC exam readiness framework and the Securing Compliance report.
MTradecraft is headquartered in Dallas, TX, and works with clients across the globe.
Every technical recommendation has to map to a specific regulatory obligation — Rule 206(4)-7, Regulation S-P, Regulation S-ID, Rule 204-2, or current SEC examination priorities. Generic "best practices" without a regulatory anchor are noise.
Every finding is supported by an artifact — scan output, screenshot, DNS record, log excerpt, configuration evidence. If a finding cannot be demonstrated to an SEC examiner with evidence, it did not happen.
MTradecraft sells no hardware, resells no MSP services, and accepts no vendor commissions. The firm has no financial reason to recommend any tool, platform, or provider it does not believe is right for the client.
A clear scope protects clients from overreach and protects MTradecraft from drift. The list below is the actual perimeter of the firm's work.
MTradecraft is built to do a specific thing well — cybersecurity compliance for SEC-registered firms — and to stay out of the work that belongs to other parties. The first call is a chance to confirm we are the right fit before either side commits.
Book an intro call →