MTradecraft is a BrainTrust to our clients.
braintrust (noun): A team of seasoned advisors offering strategic guidance and actionable solutions in cybersecurity, compliance, and intelligence—with an unwavering commitment to your objectives, free from outside influence.
MTradecraft provides corporate intelligence and cybersecurity consulting services to over 250 SEC-registered RIAs, Hedge Funds, Broker/Dealers, and Family Offices around the globe.
We work side-by-side with our clients to ensure they’re prepared for cyber attacks, regulatory compliance audits, and equipped with the intelligence needed to operate with an edge over the market and competitors.
Our services are completely independent—unbiased toward any vendor, software, or hardware. Unlike others, we never have anything to sell on the back-end. That independence sets us apart.

Brian Hahn founded MTradecraft in 2009.
With over 25 years of investment firm intelligence and trade operations experience, Brian has worked on the elite teams at Bridgewater Associates and has served as Chief Compliance Officer and Chief Operations Officer for several SEC-registered hedge funds and RIAs.
He specializes in investment operations, information security, SEC compliance, corporate intelligence, and cyber warfare.
Our Services
MTradecraft provides specialized security testing and compliance-focused assessments across IT systems, applications, and infrastructure. Our goal is to identify vulnerabilities, assess their business impact, and deliver regulator-ready recommendations without unnecessary vendor upsells.
Web Application Security Tests
We identify vulnerabilities in custom-developed applications, review code, and validate implementations against the OWASP Application Security Verification Standard (ASVS). Tests simulate both external attackers and insider threats.
Mobile Application Security Tests
Using the OWASP Mobile Security Verification Standard (MASVS), we evaluate Android and iOS applications for security gaps, insecure data flows, and exploitable flaws across mobile ecosystems.
Internal & External Network Tests
We conduct IPv4/IPv6 scans, vulnerability assessments, wireless audits, and configuration reviews. Internal tests validate segmentation and access controls, while external scans measure real-world exposure.
Social Engineering & Phishing
We design and execute phishing simulations and social engineering campaigns to measure employee resilience and validate technical countermeasures. Reports include intelligence logs, campaign metrics, and recommendations for awareness training.
Penetration Testing & Red Teaming
From scoped penetration tests to full-scale red team engagements, we emulate attacker tactics (mapped to MITRE ATT&CK) to measure how well defenses detect, resist, and respond to advanced threats.
Telephony & VoIP Security Tests
We assess VoIP and telephony infrastructure for weaknesses including caller ID spoofing, registration hijacking, toll fraud, and eavesdropping risks across communication channels.
Hardware Security Tests
For embedded and specialized devices, we review physical, firmware, and interface exposures that attackers could exploit.
- Anti-tamper checks, board/component mapping, and debug interface discovery
- Fault injection and fuzzing (USB/serial)
- Firmware extraction and secure boot validation
Ultra-Secure Hardware & OS Hardening
We specialize in designing, deploying, and hardening systems built for maximum security. This includes:
- Corebooted QubesOS laptops: open-source firmware with compartmentalized OS isolation
- GrapheneOS mobile deployments: hardened Android-based OS for high-security environments
- Custom OS & hardware hardening: reducing attack surface and enforcing secure defaults
These builds are tailored for executives, compliance officers, and security teams that require systems resistant to both cyber and physical compromise.
Custom Application & System Security Tests
Complex systems—IoT, cloud-based services, client-server applications—require bespoke testing. We map data flows, identify logic flaws, and validate cross-component interactions to ensure resilience.
Secure Development Training
Developers and IT staff receive tailored training on secure coding practices, vulnerability identification, and regulator-aligned remediation workflows.
Phone: 210-201-2102
Email: info@mtradecraft.com
Need to Book a Meeting?