Ray Denis’ Post

Founder @ Sandbox Wealth | Banking solutions for families, founders, and advisors.

1mo Edited

We're very excited to share that Sandbox Wealth has completed its first SOC 2 Type II audit, with no exceptions noted. A SOC 2 examination is a report on controls at a service organization, including fintech platforms like Sandbox. These reports cover an array of "trust services criteria" relevant to security, availability, processing integrity, confidentiality, or privacy. SOC 2 reports are intended to meet the needs of a broad range of users who need detailed information and assurance about the controls at a service organization. For early-stage firms, institutional relationships often hinge on an ability to deliver evidence of a clean SOC 2 report. We kicked off this process nearly a year ago, and it's taught us some extremely valuable lessons. I'd like to share five key takeaways: 1. An ounce of prevention is worth a pound of cure. Ensuring data privacy is not just about compliance but about proactively identifying and mitigating risks. We’re building a culture that is consistently vigilant about identifying vulnerabilities before they present themselves. 2. Stagnant risk management practices can be fatal. The SOC 2 audit process emphasizes the importance of continuous monitoring and improvement. This audit isn’t a one-time deal. As we’ve seen with the emergence of AI, risks are constantly evolving, and remaining SOC 2 compliant over time will ensure we are prepared to manage emerging risks. 3. Transparency builds trust. By undergoing a SOC 2 audit at such an early stage, we’ve built a dedication to transparency into our foundation. Our partners and prospects can access our full SOC 2 report and gain detailed insights into each test we passed. 4. Security is a team sport. Completing this process required the collective effort of our entire team, from new hires to our founders. Collaboration, communication, and responsiveness are critical traits by which we measure success internally, and everyone played a role in this successful audit. 5. Client Confidence: Most importantly, this achievement gives our members and partners confidence that their sensitive information is protected. Sandbox is a safe environment where our members can gather insights, explore myriad solutions, and execute a well-considered strategy to manage their balance sheets and cash flow across generations. Thank you to Christine Izuakor, PhD, CISSP, and Bill Dixon CISSP, CISM, CRISC, for sharing their thoughts in the blog post linked below. We also couldn't have done this without the help of many people who devoted their time and energy to making our platform a safe place for our members to manage and deploy liquidity. Andrew Nelson, PhD Justin O'Boyle Ellen Studer Mfoniso Ekong Destiney D. Mohammed Precious P. Drew Moiz Dawoodbhai Craig Schedler Megan Fulton VioletX Vanta Johanson Group LLP

Sandbox Wealth

521 followers

1mo

We're extremely proud to announce that we have completed our initial SOC 2 Type II audit. This marks the completion of one of our first major initiatives, and after nearly a year of planning, we couldn't be more excited about building our platform on a stable, secure foundation. To mark this achievement, we spoke to Dr. Christine Izuakor of Cyber Pop-up and Bill Dixon of VioletX to get their thoughts on why the human element of cybersecurity is so critically important, as well as diving into detail about the relevance of SOC 2 in driving trust with clients and partners. We feel our platform provides Risk Management as a Service, and enables our members to devote more time to preserving and growing their liquid capital. Thank you to the teams at Vanta, VioletX, and Johanson Group LLP for partnering with us on this effort, and to our dedicated team of engineers, who have fully bought in to building an innovative, security-first platform.

Risk Management as a Service

20 Comments

Calogero Zarbo

Machine Learning/Deep Learning in Fintech and Healthcare, Quantum Computing project lead

1mo

That's amazing Ray!! And this is just the starter - can't wait for the main course!

1 Reaction

Marcel Conyers

IT Governance, Risk & Compliance Leader | Darden MBA | CRISC | Technology Angel Investor

1mo

Incredible leadership foresight to build in solid IT and cyber risk management practices from Day 1. Outstanding!

1 Reaction

Moiz Dawoodbhai

Impact Investor at Northwestern Mutual | Senior Director | Venture Capital | Startup Advisor | Creating Greater Access To Capital

1mo

Congrats to the Sandbox Wealth team! This is great news.

1 Reaction

Brian Mitchell

Strategic thinker and analytical mind.

1mo

Such an important milestone. Wishing you continued success!

1 Reaction

Megan Fulton

1mo

It was a pleasure to build this with you and your team, Ray!

1 Reaction

Abim Kolawole

Chief Audit Executive | JD | Northwestern Mutual

1mo

Congratulations Ray Denis. Your perspectives are spot on. Great work

1 Reaction

Johanson Group LLP

1mo

Congratulations!

Molly Dexter

Account Executive at Vanta

1mo

Love to see it Ray!

1 Reaction

Destiney D. Mohammed

A Multidimensional Leader With a Barbie-like Resume! | Empowers $100K Investments @Northwestern Mutual Black Founder Accelerator® | OH SNAP! The Best Part—The Old Schooler of Cultured Diapers® (10 Years in The Game)! ⚡

1mo

Excellent news, Ray & Andrew!

Matthew Parker

Entrepreneur | Vertical AI | Startup Advisor | Expert in Early Stage Fundraising, B2B Data Tools | Tax Tech Enthusiast

1mo

Nice work.

1 Reaction

See more comments

To view or add a comment, sign in

More Relevant Posts

Vanessa Phillips

VP, Branch Executive, Global Risk Solutions at Liberty Mutual Insurance (LA, MS, AR)
2mo
Report this post
"We're seeing attackers becoming more efficient in their attacks, so things that would have been more manual for attackers a few years ago are automated, allowing attackers to target more victims more quickly than they could have in the past." Interesting reflections from our Director of Cyber Risk Engineering, Gabriel Bassett in this interview with AM Best at RIMS #riskworld. https://bit.ly/3UHwikN

Cyber Panel: Insurers Leverage Economic Incentives to Drive Improved Cybersecurity

ambest.com
Like Comment
To view or add a comment, sign in
Kevin G. Smith

President, Liberty Mutual Global Risk Solutions North America
10mo
Report this post
October is Cybersecurity Awareness Month and it's never too early to adopt proper cyber-hygiene...especially for organizations like PE firms. I encourage you all to read Amy Gross' blog to learn more about how PEs can weather a cyberattack...great insights in this one. https://lnkd.in/gNJb_ctR

Crafting a cyber response playbook to protect the bottom line

business.libertymutual.com
Like Comment
To view or add a comment, sign in
Stephen Gorham

COO @OPSWAT
8mo
Report this post
"The paramount lesson learned this year is the shifting of responsibility upstream, placing greater demands on boards and executives. It’s no longer sufficient for organizational leaders to ensure the protection of their digital assets; they are now expected to possess a comprehensive understanding of the risks faced by their organizations and actively engage in the mitigation of these risks." Here more of my thoughts on cybersecurity lessons learned in 2023 at: https://lnkd.in/gmne49Hg

Intelligent CISO Issue 68 | Page 28

magazine.intelligentciso.com
Like Comment
To view or add a comment, sign in
Matt Schafer Jr.

Commercial Account Representative - Indiana at Arctic Wolf
10mo Edited
Report this post
The cyber world is an ever-evolving landscape. Interesting read below around the perspective on a CISO and how a new approach is driving the future of the position. Reach out to learn how Arctic Wolf can help with our multiple teams (CST, Triage, Deployment, IR) to help your business with different perspectives and a unique approach, including better understanding how we help our customers with SPiDR ((Secuirty Posture in-Depth Reviews).

Changing Role of the CISO: A Holistic Approach Drives the Future

darkreading.com
Like Comment
To view or add a comment, sign in
Gabriel Bassett

Good at somethings. Bad at others. I like big, complex, altruistic challenges.
2mo
Report this post
"We're seeing attackers becoming more efficient in their attacks, so things that would have been more manual for attackers a few years ago are automated, allowing attackers to target more victims more quickly than they could have in the past." Interesting reflections from our Director of Cyber Risk Engineering, Gabriel Bassett in this interview with AM Best at RIMS #riskworld. https://bit.ly/3K4dmaZ

Cyber Panel: Insurers Leverage Economic Incentives to Drive Improved Cybersecurity

1 Comment
Like Comment
To view or add a comment, sign in
CyberCX

51,175 followers
4mo
Report this post
Today CyberCX has released our annual Digital Forensics and Incident Response Year in Review Report for 2023. Based on data from a sample of over 100 serious incidents our DFIR team responded to last year, the Report reveals that business email compromise, unauthorised access, and cyber extortion attacks dominated the attack landscape across Australia and New Zealand (AUNZ) last year. “CyberCX’s DFIR team is the largest group of digital forensics investigators and incident responders across both Australia and New Zealand” said CyberCX’s Executive Director of Digital Forensics and Incident Response, Hamish Krebs. “Our insights are therefore hard-won and genuinely unparalleled in our region. It is our hope that organisations across our region will leverage these valuable insights and implement our recommendations to increase their security posture as they consider how to protect their organisations, customers and their people in 2024 and beyond.” You can download and read the full report here: https://lnkd.in/d9W7Sck2

DFIR - Year In Review 2023

cybercx.com.au
Like Comment
To view or add a comment, sign in
Henry Umney

MD GRC Strategy, Mitratech (former CEO at ClusterSeven)
1y
Report this post
Looking forward to a lively debate with Michael Rasmussen and Meri Malena Kukkonen next week on the requirements firms have faced in implementing their CIRMP and the challenges ahead to comply with the Cyber controls. https://lnkd.in/e8MrYQG3

SOCI Act 2022: One Year In, One Step Ahead of Cyber and IT Risks

grc.mitratech.com
Like Comment
To view or add a comment, sign in
Chuck Hegarty
9mo
Report this post
Recovering from a cyber breach is about more than just finances. Daniel McGarry, Head of ICT at BG&E emphasizes, time and reputational damages are also at stake. This holistic understanding of risk puts BG&E a step ahead. Watch entire video: https://scwx.us/jc #cybersecurity #cyberattacks #cyberbreach

Engineering Company Trusts Secureworks for Defense

secureworks.com
Like Comment
To view or add a comment, sign in
FS-ISAC

19,051 followers
7mo
Report this post
#ICYMI We have will have a new CISO, John Denning, effective as of 1 January, 2024! John joins us from Bank of America after 13 years. In addition to leading FS-ISAC’s internal cybersecurity and risk management functions, Denning will strengthen FS-ISAC’s work of curating and disseminating critical baseline cybersecurity practices across the financial sector, including working with global financial institutions to ensure the entire sector has access to the deep knowledge of those with the most mature cyber defense programs. Read more in the press release: https://bit.ly/3RAUALA
18 Comments
Like Comment
To view or add a comment, sign in
Intezer

7,146 followers
4mo
Report this post
SOC analysts have to investigate a LOT of vague security alerts about "suspicious activity." Join this webinar from Nicole Fishbein and Ryan Robinson to learn how how our security researchers get fast answers using this simple analysis tool. 📆 Tuesday, April 16 @ 11am EST Register here 👉 https://lnkd.in/eJFunKvW #incidentresponse #cybersecurity #securityoperations

Investigating Vague Suspicious Behavior Alerts, The Easy Way

https://intezer.com

1 Comment
Like Comment
To view or add a comment, sign in

2,525 followers

37 Posts

View Profile Follow

Ray Denis’ Post

More Relevant Posts

Explore topics