Paul previously served as the Chief Information Security Officer for an independent Broker-Dealer with billions of dollars in assets under management and thousands of Advisors spread across the United States as well as a major defense contractor providing logistical services. Paul has been a part of several FINRA and SEC Cybersecurity sweeps and examinations and maintains a deep understanding of the regulatory requirements associated with financial institutions as well as prioritizing risk remediation activities. With a sister company operating in the tax preparation space and a large majority of Advisors having a separate tax practice Paul has a deep understanding of the IRS requirements set forth in the Strategic Threat Assessment & Response (STAR) work group to help protect taxpayers and the integrity of the tax ecosystem. Paul helps educate advisors on security requirements that are present in both businesses by drafting policies and procedures that are closely aligned to meet both business needs. Paul was also a 2016, 2015, 2014 & 2013 EC-Council Certified Chief Information Security Officer of the Year Finalist and was presented with the Excellence in Finance Leaders Award in recognition of his contributions to the Finance Industry at the 2019 FiNext Conference.

Paul holds a Master of Science in Management with a concentration in Information Systems Security and a Bachelor of Science in Business Administration in Information Technology from Colorado Technical University. Paul has also served on a variety of Advisory Boards for information security-related topics and has a deep dedication to the information security community by mentoring other security professionals.

Paul honorably served in the United States Air Force as a Special Agent and has an extensive physical and information security background from his time spent as an Agent.

In this episode, Eric and Paul Horn discuss:

• The critical first step toward security
• The threat of human error
• Non-negotiable security measures
• Basic cybersecurity “hygiene”

Key Takeaways:

• Performing a comprehensive cybersecurity risk assessment is the critical first step for organizations of all sizes to identify and address vulnerabilities.
• Human error, such as clicking on phishing links, remains the biggest cybersecurity threat, underscoring the importance of regular security awareness training.
• Multi-factor authentication is a non-negotiable security measure, not only for regulatory compliance but also for obtaining cyber insurance coverage.
• Small and mid-sized businesses often overlook basic cybersecurity hygiene like device encryption, patch management, and use of supported software versions, which can leave them exposed to significant risks.

“If you can't do the basics, you're not going to be able to do the advanced stuff, or it's very easy to walk right in (a trap) because you're not doing the basic stuff.” - Paul Horn

Connect with Paul Horn:

Website: https://www.h2cyber.com/

LinkedIn: https://www.linkedin.com/in/paul-horn-4107861a/

Connect with Eric Dyson:

Website: https://90northllc.com/

Phone: 940-248-4800

Email: contact@90northllc.com

LinkedIn: https://www.linkedin.com/in/401kguy/

The information and content of this podcast is general in nature and is provided solely for educational and informational purposes. It is believed to be accurate and reliable as of the posting date but may be subject to change

It is not intended to provide a specific recommendation for any type of product or service discussed in this presentation or to provide any warranties, investment advice, financial advice, tax, plan design or legal advice (unless otherwise specifically indicated). Please consult your own independent advisor as to any investment, tax, or legal statements made.

The specific facts and circumstances of all qualified plans can vary and the information contained in this podcast may or may not apply to your individual circumstances.