PGH Networks is a Pittsburgh-based managed services provider delivering IT support for wealth management and RIA firms across the Pittsburgh metro, including Downtown, the Strip District, Southpointe, Cranberry Township, Wexford, Sewickley, and Fox Chapel. This case study describes an anonymized engagement with a registered investment adviser (RIA) headquartered in Allegheny County, and how a vertical-specific approach to security, compliance, and custodial integrations changed the firm's exam posture.
The client is a roughly $450M AUM independent RIA with 22 employees split between a Pittsburgh headquarters and a smaller Washington County office. Like most growth-stage advisers, they had outgrown the generic break-fix relationship that carried them from launch through their first decade. With an SEC examination cycle approaching and a new custodial transition underway, the principals needed an IT partner who understood Reg S-P, the SEC Marketing Rule, FINRA-aligned recordkeeping expectations, and the specific software stack their advisers use every day.
The scenario: a Pittsburgh RIA preparing for an SEC exam
The firm's operations director reached out after a peer adviser failed a mock exam on cybersecurity controls. Their environment was a typical mix: Microsoft 365 Business Standard, a Redtail CRM tenant, Orion for portfolio accounting, eMoney for planning, DocuSign for client agreements, and a shared OneDrive structure that had accumulated seven years of unstructured client data. Two advisers were also piloting Wealthbox alongside Redtail, and the back office was exporting performance data to spreadsheets for quarterly reporting.
No written information security program (WISP) existed in a defensible form. MFA was enabled inconsistently. Email forwarding rules — a known exfiltration vector flagged repeatedly in SEC Risk Alerts — had never been audited.
A Pittsburgh RIA does not fail an SEC cybersecurity review because it lacks tools; it fails because no one mapped the tools it already owns to the rules it is actually examined against.
The challenge
The engagement had three converging deadlines: a custodial data migration window, the SEC exam notification, and the firm's annual compliance review with its outsourced CCO. The specific gaps we documented in the first two weeks:
Identity and access were fragmented across Microsoft 365, Orion, Redtail, eMoney, and the custodian's advisor portal, with no single sign-on and inconsistent MFA enforcement. Endpoint protection was the consumer-grade tier bundled with the prior IT vendor's stack — no EDR, no centralized logging, no 24/7 monitoring. The firm had no incident response runbook, no tabletop history, and no documented breach notification workflow aligned to Reg S-P's amended 30-day customer notice requirement. Email security relied on the M365 default configuration, with no DMARC enforcement and no impersonation protection for the principals — the exact profile attackers target for wire-fraud social engineering against advisory clients. Finally, the WISP on file was a generic template with no asset inventory, no vendor due-diligence log for the fintech stack, and no evidence of annual testing.
How it was solved
TL;DR: We mapped each SEC and FINRA cybersecurity expectation to a specific control in the firm's existing Microsoft 365 and fintech stack, then closed the residual gaps with named tools and documented evidence.
PGH Networks rebuilt the environment in four parallel workstreams over roughly ten weeks.
Microsoft 365 hardening. We moved the tenant to Business Premium, enabled Conditional Access with phishing-resistant MFA for all users, disabled legacy authentication, audited and removed unauthorized mailbox forwarding rules, deployed Defender for Office 365 with impersonation protection on the principal and operations mailboxes, and stood up DMARC at p=reject after a monitored ramp. Sensitivity labels were applied to client folders containing PII and account numbers, and a 7-year retention policy was implemented to align with SEC Rule 204-2 books-and-records expectations.
Fintech stack integration and access governance. We documented every integration between Redtail, Orion, eMoney, DocuSign, and the custodial portal; standardized MFA across each; and built a quarterly access-review process the CCO could sign off on. Service accounts used for Orion data feeds were moved to least-privilege roles with logged access. The Wealthbox pilot was either consolidated into Redtail or formally added to the vendor inventory — no shadow CRM.
MFA, EDR, and monitoring. A managed EDR agent was deployed to every endpoint with 24/7 SOC review. Microsoft 365 audit logs were forwarded to a centralized SIEM with alerting tuned for the behaviors SEC examiners ask about: impossible travel, mass download from SharePoint, new inbox rules, and OAuth consent grants.
WISP authoring and IR tabletop. We authored a firm-specific WISP that named the actual systems in use, mapped each control to Reg S-P, the Safeguards Rule, and the SEC's 2023 cybersecurity proposals, and included a vendor due-diligence log for every fintech provider touching client data. We then ran a two-hour incident response tabletop with the principals, operations director, and outsourced CCO walking through a simulated business email compromise targeting a $1.2M wire.
Outcomes
The firm completed its custodial migration without a security incident and entered its SEC examination cycle with a defensible, evidence-backed control set. Measurable changes over the engagement:
MFA coverage moved from inconsistent to 100% of users on phishing-resistant methods. Mean time to detect suspicious mailbox activity dropped from "never" to under 15 minutes through SIEM alerting. The WISP, vendor inventory, access reviews, and tabletop minutes gave the CCO a complete evidence binder for the exam. Two unauthorized mailbox forwarding rules — both pre-existing — were discovered and remediated during the initial audit. Help-desk ticket volume dropped roughly 40% in the first quarter after stabilization, largely because identity and integration issues stopped recurring.
The principals' quotable summary after the exam: the examiners asked exactly the questions the tabletop had rehearsed.
Takeaway for other Pittsburgh-area RIAs
If you run a wealth management or RIA firm in the Pittsburgh region, the pattern above is the pattern. The tools you already license — Microsoft 365, Redtail or Wealthbox, Orion or a comparable portfolio system, eMoney, DocuSign — can satisfy the majority of what the SEC and FINRA expect, but only when they are configured against the rules, documented in a firm-specific WISP, and monitored by someone who reads SEC Risk Alerts as part of their job. Pittsburgh IT support for wealth management and RIA firms is a vertical practice, not a generic managed-services package, and the firms that treat it that way are the ones whose exams go quietly.
If your firm is approaching an exam, a custodial transition, or simply a renewal conversation with an IT vendor who does not speak fluent Reg S-P, PGH Networks can run the same assessment described here against your environment.