TRM Solutions is a boutique virtual cybersecurity advisory firm founded by Teddy Mutterperl — with nine years of experience across American Express, Deloitte's Cyber Risk practice, and Morgan Stanley, bringing audit discipline, senior judgment, and practical execution to every engagement.
After nine years inside American Express, Deloitte's Cyber Risk practice, and Morgan Stanley's wealth management division — leading cybersecurity audits, investigating data privacy incidents, and translating regulatory demands into workable controls — Teddy saw a persistent gap in the market.
Fortune 500 companies had deep benches of senior cybersecurity talent, Big Four rate cards, and the luxury of long remediation timelines. Startups had their founder plus a Slack channel. But the mid-market — companies between 20 and 500 employees — kept getting squeezed into one of two bad options: they paid large-firm rates for layered delivery models, or they didn't get advisory help at all. Neither was good enough.
TRM Solutions was built to be the third option: boutique senior cybersecurity advisory, delivered directly by a practitioner who spent nearly a decade inside the largest regulated environments in financial services — applied proportionally to companies that don't have Fortune 50 budgets.
Boutique advisory with Big Four quality has always faced one constraint: senior people are expensive and their time doesn't scale. The traditional answer has been to staff engagements with junior consultants and partner supervision — which is how mid-market clients end up paying premium rates for work that wasn't done by the senior they thought they were hiring.
TRM Solutions is built on a different premise. Every TRM engagement is done by Teddy directly. The leverage comes from using modern tooling — AI assistants, automation, advanced analytics — to accelerate the structured parts of the work: mapping controls to frameworks, building artifacts, producing documentation, drafting first-pass assessments. The parts that require senior judgment — reading the room with a board, understanding regulator expectations, making calls under ambiguity — remain where they belong: with a senior practitioner.
This isn't theoretical. The same AI-assisted workflow approach — using structured automation to accelerate documentation and analysis while keeping senior judgment on the decisions that actually matter — is what TRM applies to every client engagement. Client information is handled under confidentiality controls, and sensitive client materials are not used in public AI tools or to train external models.
The result: the quality of a Big Four senior manager engagement, delivered with the efficiency of a well-tooled solo practice — often at a significantly lower cost than traditional consulting models.
American Express — Senior Manager, IT & Cybersecurity Internal Audit. Auditor-in-Charge across cybersecurity, cloud security architecture, network infrastructure, and third-party risk audit programs.
Advisory experience. Senior Consultant in Deloitte's Cyber Risk practice (2020–2025). Led cybersecurity and IT audit engagements for large financial institutions including Bank of America, designed a new audit issue validation methodology that standardized tracking and closure across a multi-year engagement, performed SOC 1 / SOC 2 / SOX IT general controls testing for broker-dealers, and partnered with the Department of Veterans Affairs Privacy Service on federal privacy programs.
Financial services foundation. Client Data Privacy Officer at Morgan Stanley (2019–2020). Assessed cybersecurity and data privacy risks across systems supporting core wealth management operations, evaluated hundreds of control gaps, supported incident response, and implemented DLP controls protecting client PII.
Earlier in career. Information Security Analyst roles at Namely (HR SaaS) and MASS Communications — building foundational experience across access controls, threat intelligence, security monitoring, and compliance documentation.
Education. M.S. Cybersecurity from Yeshiva University (Katz School of Science and Health, 2020, GPA 3.8). B.S. Information Technology & Management from Syracuse University (iSchool, 2016, GPA 3.6).
A lot of the cybersecurity industry runs on fear. "You'll get breached. Your board is liable. Your competitors are spending more." The answer is almost always another tool, another certification, another retainer.
I don't work that way. Most of what mid-market companies actually need isn't another tool — it's a clear-eyed read on what real risks look like for their business, what controls are actually worth having, and what the auditor or insurer or board is actually going to ask about next quarter. That's what nine years of doing this inside the largest regulated environments in financial services has taught me to do well.
If you're navigating a cyber challenge — an upcoming audit, a recent incident, a board question you don't have a good answer to, or just the uneasy sense that your security program has grown past what one stretched-thin IT manager can handle — let's talk. The first call is free, and I'll tell you honestly whether TRM is the right fit.