Resources
Frequently Asked Questions
Twenty-six questions about sEyeber Hub — the program, risk scoring, NIST CSF 2.0, remediation, vendor risk, incident response, Reg S-P, the full-scope report, and how data is handled. Use the search and category filters to narrow down.
What is sEyeber Hub? Product
sEyeber Hub is a complete cybersecurity and AI risk program platform built for financial services firms — not a scanner, but a managed system. It measures your risk with a 0–100 score and NIST Tier (1–4), identifies every gap against NIST CSF 2.0, generates a remediation plan with tasks and costs, manages vendor risk and annual reassessment, runs a 6-stage incident command center with built-in Reg S-P clocks, and produces a full-scope examiner-ready report.
Who is sEyeber Hub for? Product
sEyeber Hub is built for small and mid-sized financial services firms: RIAs (Registered Investment Advisers), broker-dealers, ERAs (Exempt Reporting Advisers), family offices, hedge funds, and private equity firms operating under Regulation S-P, FINRA oversight, and similar cybersecurity requirements. It is designed for firms that need a mature, defensible cybersecurity program without a full-time security team.
How is sEyeber Hub different from a traditional GRC tool? Product
Traditional GRC tools are questionnaire-first: you answer hundreds of control questions and hope nothing drifts. sEyeber Hub is a full program management platform — it scores your risk, identifies your gaps, builds your remediation plan, assigns tasks, tracks vendor certifications, runs your incident response workflow with regulatory clocks, and generates the report your examiner actually wants. It does not replace professional judgment, but it closes the gap between your written program and daily execution.
What is the risk score and how is it calculated? Product
sEyeber Hub generates a company-wide risk score from 0 to 100 — lower is better. The score is derived from your NIST CSF 2.0 assessment responses, gap count and severity across all six functions (Govern, Identify, Protect, Detect, Respond, Recover), open remediation items, and vendor risk posture. The score updates as tasks close and your program matures, giving leadership and the board a single number that reflects the current state of your program — not last year’s assessment.
What is a NIST Tier rating and what does it mean for my firm? NIST CSF 2.0
NIST CSF 2.0 defines four implementation tiers: Tier 1 (Partial — reactive, ad hoc), Tier 2 (Risk Informed — aware but not organization-wide), Tier 3 (Repeatable — consistent policies, risk-managed), and Tier 4 (Adaptive — continuous improvement, threat-informed). FINRA examiners use this scale to evaluate program maturity. sEyeber Hub rates your overall firm tier and a separate tier for each of the six NIST functions so you know exactly where to invest to move the needle.
How does the NIST CSF 2.0 questionnaire work? NIST CSF 2.0
The questionnaire covers all 134 NIST CSF 2.0 subcategories across all six functions. sEyeber Hub auto-saves your progress at every step so you can pick up where you left off. AI suggests answers based on what it already knows from your Microsoft environment — your team reviews, accepts, or overrides each one. Nothing auto-submits. Every accepted answer is traceable to its source (connector signal, manual input, or uploaded evidence) so the record is defensible from day one.
What is the remediation plan and how is it created? Product
Once assessment gaps are identified, sEyeber Hub automatically generates a prioritized remediation plan — organized by risk level, NIST function, responsible party, estimated monthly and annual cost, implementation timeline, and difficulty rating. Each gap becomes a trackable task assigned to a team member with a due date. Overdue items are flagged automatically. The plan updates as tasks close and new gaps emerge, so your score and tier visibly improve as work gets done.
How does vendor risk management work? Product
The vendor risk module maintains a complete inventory of your vendors, classified by risk tier (Critical, High, Medium, Low) and tagged by NPI access status. sEyeber Hub connects to QuickBooks Online and Xero to auto-sync your vendor list so you start with a complete picture instead of a blank spreadsheet. It tracks SOC 2, ISO 27001, and PCI DSS certifications and flags expirations 30 days in advance. Because regulators require annual vendor reassessments, sEyeber Hub surfaces which vendors are due for review and which certifications have changed since your last assessment — because what you assessed last year may look completely different today.
Does sEyeber Hub help with Regulation S-P compliance? Compliance
Yes, in three ways. First, the vendor risk module tracks every vendor with NPI access — the foundation of a Reg S-P safeguards program. Second, the incident response module starts both Reg S-P notification clocks automatically when an incident is declared: 30 days to notify affected clients and 72 hours to notify service providers if a vendor breach exposed their data. Third, the full-scope report documents your written program, evidence, and controls in the format FINRA examiners and regulators expect to see. Reg S-P amendments took effect June 2026 — sEyeber Hub is built around those requirements.
How does incident response work in sEyeber Hub? Compliance
sEyeber Hub includes a 6-stage incident command center: Prepare, Declare, Assess, Contain, Determine Notice, and Recover. The moment an incident is declared, the platform starts the applicable Reg S-P clocks — 30 days for client notification and 72 hours for service provider notification if a vendor with NPI access was involved. AI helps classify the incident type and suggests which regulatory notification obligations apply. Every action, finding, and decision is timestamped and logged automatically, building your incident timeline for regulators, legal counsel, and postmortem review.
What is the full-scope assessment report? Product
The full-scope report is a complete, examiner-ready cybersecurity assessment document generated from your sEyeber Hub program data. It includes: an executive summary with maturity rating and 12-month goal; per-workstream findings across all 12 FINRA SFCC-aligned NIST workstreams; a remediation cost and implementation plan; a policies and procedures review against FINRA and Reg S-P requirements; and a Microsoft 365 and Azure domain assessment. Reports are date-stamped and immutable at generation time — the locked evidence record regulators and legal counsel can rely on.
Can I manage multiple firms from one sEyeber Hub account? Product
Yes. sEyeber Hub supports affiliated firm management for RIA consolidators, dual-registrants, and compliance networks. A portfolio rollup view shows every affiliated firm’s current risk score, open incidents, and overdue tasks in one dashboard. You can switch between firms with a single click — each firm’s data stays fully isolated. Supported affiliation types include Common Control, Common Ownership, and Parent/Subsidiary.
What systems does sEyeber Hub connect to? Connectors
The Microsoft-First v1.0 release connects to a single Microsoft tenant via a read-only Entra ID application, covering Entra (identity, conditional access, MFA), Azure Resource Inventory, Intune (device management), Microsoft Defender (endpoint, identity, and email alerts), and optionally Defender for Cloud Apps. For vendor risk, sEyeber Hub integrates with QuickBooks Online and Xero to auto-populate your vendor inventory. Google Workspace, AWS, and Okta connectors are on the roadmap.
Does sEyeber Hub install agents on our devices? Connectors
No. sEyeber Hub is agentless. All discovery is performed through read-only API calls to Microsoft Graph, Azure Resource Manager, Intune, and Defender. There is no software to deploy on endpoints, servers, or workstations.
Does sEyeber Hub need write access to our environment? Connectors
No. The Microsoft-First v1.0 connector uses read-only Microsoft Graph and Azure scopes. sEyeber Hub does not change configuration, deploy policies, modify users, or push remediations. Discovery is observation-only — keeping blast radius minimal and easing security review with your IT team.
Do we need to be a Microsoft-only shop? Connectors
The v1.0 release focuses on Microsoft 365, Entra, Azure, Intune, and Defender for security discovery. Most target customers already standardize on Microsoft 365, providing broad coverage on day one. For vendor risk, sEyeber Hub integrates with QuickBooks Online and Xero regardless of your IT environment. Google Workspace, AWS, and Okta connectors are on the roadmap.
How does sEyeber Hub map findings to NIST CSF 2.0? NIST CSF 2.0
Connector data flows through a deterministic pipeline: Collect → Normalize → derive Observations → generate Findings using rules → produce Suggested Answers tied to specific NIST CSF 2.0 subcategories. Each suggested answer cites the underlying evidence (e.g., “MFA enforced for 94% of privileged users via conditional access policy X”) so a human reviewer can accept, edit, or reject the proposed answer. Nothing auto-submits.
How much of NIST CSF 2.0 does the Microsoft-First v1.0 cover? NIST CSF 2.0
The questionnaire covers all 134 NIST CSF 2.0 subcategories across all six functions. Microsoft connector signals auto-suggest answers for approximately 20% of subcategories — concentrated in Identify (asset and identity inventory), Protect (identity, access, configuration), and Detect (alerting and logging). The remaining subcategories are completed through the guided questionnaire with SMB-specific plain-language guidance for each question. Auto-suggestion coverage expands as additional connectors ship.
Does sEyeber Hub replace a full NIST CSF assessment? NIST CSF 2.0
sEyeber Hub is the program — it is not a shortcut to a point-in-time report. It conducts the full NIST CSF 2.0 assessment, generates the remediation plan, manages execution, tracks vendor risk continuously, runs incident response, and produces the examiner-ready report. What it does not replace is the professional judgment of an assessor or fractional CISO who reviews findings and signs off. sEyeber Hub makes that professional’s work dramatically faster and more defensible.
How is customer data isolated? Data & Security
Each customer organization operates inside its own tenant boundary in the sEyeber Hub data model, with separate access control, storage scope, and AI processing context. One firm’s scan data, evidence, prompts, and generated outputs are never used as context for another firm’s workflows.
How does sEyeber Hub use AI, and do you train on customer data? Data & Security
AI is used to: (1) suggest NIST CSF 2.0 questionnaire answers from observed evidence, (2) classify incident type and suggest regulatory notification obligations, (3) draft narrative summaries and remediation language, and (4) propose cost and timeline estimates in the remediation plan. AI processing is organization-scoped — a firm’s data stays inside its own processing boundary. Customer data is not used to train shared models unless the customer explicitly opts in.
Where is customer data stored? Data & Security
Application data is stored in Neon (PostgreSQL) in the United States. The application runs on Fly.io with the marketing site on Netlify. Payments are processed through Stripe so card data never touches the sEyeber Hub application. Each vendor has its own SOC 2 / ISO 27001 posture; details are summarized on the Trust & Security page.
What happens to our data if we cancel? Data & Security
On cancellation, customers can export their NIST CSF profile, remediation plan, evidence, and findings. Customer data is then scheduled for deletion from production systems within a defined retention window. Backups are aged out per the standard retention policy. Specific timelines will be published in the data processing addendum.
How is sEyeber Hub priced? Pricing & Access
Pricing is per-organization with tiers based on firm size (employee count and assets under management), billed monthly through Stripe. AI usage and connector API calls beyond included thresholds are billed as a separate line item so customers see the full cost of compute. Detailed pricing is finalized at early-access conversion. Founding firms that join the first 100 lock in 25% off.
Is sEyeber Hub generally available today? Pricing & Access
sEyeber Hub is currently in early access. The Microsoft-First v1.0 release is the first generally available version, giving early access firms all platform modules from day one plus the founding-firm discount (25% off for the first 100 firms). Additional connectors (Google Workspace, AWS, Okta) are sequenced after v1.0. Request early access →
How do we get started? Pricing & Access
Request early access from the homepage or platform page. Once approved, onboarding requires a single Microsoft global-admin consent grant for the read-only application registration. After that, discovery begins immediately and the NIST CSF 2.0 questionnaire is ready to complete with AI-suggested answers pre-populated from your environment.
No questions match your search. Try a different term or .