ACA Aponix

Cybersecurity, technology risk assessment, and privacy services

ACA Aponix® provides cybersecurity and technology risk programs, data privacy compliance services, vendor and M&A diligence services, portfolio company oversight, network testing, and advisory services for companies of all sizes.

Our expertise

1 of
abstract black and white looking up at bridge rails

Strengthen your cyber program with Aponix Protect™

Aponix Protect helps firms address evolving cyber risks and threats to ensure that their cybersecurity needs are covered year-round. This solution is available in three tiers, each one designed to provide firms with a flexible, robust, responsive, and cost-effective cybersecurity program.​

black and white looking up at side of building

Increase oversight of your portfolio companies' cyber risk with PortCo Defend™

Our PortCo Protect program is designed to provide high-level insight into cybersecurity risks across a portfolio and measure the maturity of the cybersecurity approach at each investment entity. The program establishes minimum security requirements, a measurement framework and governance, and provide guidance/ assistance where needed. It is not intended to cause rework or significantly change the direction of a portfolio companies current security initiatives.​

abstract black and white architectural lines and shadows

Minimize risk and maximize enterprise value with technology, cyber, and privacy M&A diligence

Our team assists private equity firms with IT, cybersecurity, and privacy transaction advisory and risk management services. We provide full M&A integration analysis, design, oversight and execution services to help you minimize risk and maximize enterprise value for your most complex transactions by closely aligning our services with your investment thesis.​

Why work with us?

We provide cybersecurity and technology risk programs, data privacy compliance, vendor and M&A diligence services, network testing, and advisory services for companies of all sizes. Our unique approach combines a deep understanding of your workflows with our methodologies, thought leadership, and proprietary data to surface and prioritize the most important risks. Our award-winning solutions are designed to help firms uncover risks and identify deficiencies in their cybersecurity policies, procedures, and controls.

Why work with us?

Deep information technology experience. Award-winning solutions. Holistic approach to technology risk.

  • Experienced global team
  • Certified team members
  • Thought leaders in cybersecurity and IT risk
  • Over 650 companies work with us
  • Award-winning technology and solutions
  • Holistic approach to cybersecurity and IT risk

ACA Aponix provides cybersecurity and technology risk assessments, data privacy compliance, vendor and M&A diligence services, network testing, and advisory services for companies of all sizes. Our unique approach combines a deep understanding of your workflows with our methodologies, thought leadership, and proprietary data to surface and prioritize the most important risks. Our award-winning solutions are designed to help firms uncover risks and identify deficiencies in their cybersecurity policies, procedures, and controls.

Who we are

  • Our team consists of senior technologists who have started in the technology trenches, many growing into technology leaders at organizations ranging from small to large hedge funds, bulge-bracket banks, and technology services providers for the financial services sector.
  • ACA Aponix staff maintain or have held the following relevant certifications around cybersecurity risk management, incident response, penetration testing, information security, IT governance, privacy, and business. Additionally, select ACA Aponix staff maintain U.S. military security clearance.

Our certifications

Cybersecurity

  • CISSP, CISM, CISA, ISO27001:2013, CGEIT, CRISC, CTPRP, Security+, OSCE, OSCP, CEH, GXPN, GPEN, GWAPT, GCFE, GCCC, GCIH, GCIA, ECSA, SSA, CREST CPSA

Privacy

  • CIPM, CIPP, CIPT

IT & Business Continuity

  • A+, CCA, CNE, CCNA, CCNP, CSPO, ISO22301:2013, MCSA, MCSE, MSCP, Network+

Business

  • CFA, CM&AA, GSLC, JD, MBA, PhD, PMP, Six Sigma Black Belt

Our leadership team

Kavitha Vankita

Kavitha Venkita

Partner, Head of Cybersecurity and Risk

Kavitha is a Partner and the Business Lead for ACA Aponix, the dedicated global cybersecurity and technology risk advisory team.

Chad Neale, ISO27001:2013, GSLC, GCFE, CISA

Chad Neale

Partner

Chad is a Partner at ACA Aponix, the cybersecurity, privacy, and IT risk division of ACA Group and oversees ACA Aponix’s Strategic Technology Advisory and Risk practice.

Mike Pappacena

Mike Pappacena

Partner

Mike is a Partner at ACA Aponix, the cybersecurity, privacy, and IT risk division of ACA Group.

James Tedman

James Tedman

Partner

James is a Partner at ACA Aponix, the cybersecurity, privacy, and IT risk division of ACA Group. James manages ACA Aponix in Europe.

Marc Lotti, CGEIT, PMP

Marc Lotti

Strategic Advisor

Marc is a Strategic Advisor at ACA, and a Co-founder and formerly a Co-head Partner at ACA Aponix.

Kris Lau, CISM

Kris Lau

Managing Director

Kris is a Managing Director at ACA Aponix, specializing in information security program and policy development, risk management, vulnerability assessments, third-party security assessments, and audits.

Henry Lindemann

Henry Lindemann

Managing Director

Henry is a Managing Director at ACA Aponix, the cybersecurity, privacy, and IT risk division of ACA Group and oversees the sales department for the division.

Alex Scheinman, Ph.D.

Alex Scheinman

Managing Director

Alex is a Managing Director at ACA Aponix, overseeing ACA Aponix’s GDPR, CCPA, and other privacy regulation data-processing reviews and related programming.

Sara Laverick

Sara Laverick

Director

Sara oversees ACA Aponix's vendor diligence and management service (VMOS) team.

Jose Ramos

Jose Ramos

Director

Jose is a Director at ACA Aponix leading the penetration team.

Christine Tetherly-Lewis

Christine Tetherly-Lewis

Director

Christine is a Director at ACA Aponix.

1 of

Latest cyber and risk insights

ACA Threat Intelligence Alert Blog Image

Update: Major SolarWinds Breach

December 18, 2020

Following our Cyber Alert earlier this week about the SolarWinds breach, many extraordinary steps have been taken by industry leaders to respond to what may be the most material global intrusion campaign of the past decade.

Cyber Alert
  • Cybersecurity
ACA Threat Intelligence Alert Blog Image

Major SolarWinds Breach Affects Government and Businesses Worldwide

December 14, 2020

A major breach has compromised confidential data at several U.S. government agencies, including the Treasury Department and the Department of Commerce exposing information from the executive branch, the military, and intelligence services. It has likewise compromised leading telecommunications firms, technology firms, and international governments.

Cyber Alert
  • Cybersecurity

Helping Private Equity Firms Stay Ahead of Risk

December 10, 2020

On October 6, 2020, ACA Aponix held a panel discussion about portfolio company risk management at our Cyber Week Virtual Conference. The session featured panelists from leading Private Equity (PE) firms who have worked with ACA to deploy strategic portfolio company risk management programs and included participants from over 200 firms.

Article
  • Cybersecurity
ACA Threat Intelligence Alert Blog Image

Vulnerability Reported in Microsoft Teams

December 09, 2020

A critical vulnerability affecting Microsoft® Teams® has been reported involving attackers sending a specially crafted chat message to Teams users. Once viewed, the message captures the recipient’s sign-on information and enables remote code execution on the user’s machine.

Cyber Alert
  • Cybersecurity
ACA Threat Intelligence Alert Blog Image

Zoom Scam Forces Closure of Australian Hedge Fund

November 30, 2020

Learn how hackers used a Zoom scam to execute a cyberattack that ultimately forced an Australian hedge fund to close after approving $8.7M in fraudulent invoices.

Cyber Alert
  • Cybersecurity
Compliance Alert

SEC Issues Risk Alert Identifying 6 Areas of Deficiencies in Investment Adviser Compliance Programs

November 20, 2020

The SEC's Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert on November 19 providing an overview of notable compliance violations found during examinations relating to the Compliance Rule (Rule 206(4)-7 under the Investment Advisers Act of 1940). Here's what you need to know.

Compliance Alert
  • Compliance
  • BCP
  • Cybersecurity

News

ACA Group Acquires Catelas to Create Industry-first 360 Surveillance Offering

The acquisition of Catelas further enhances the holistic surveillance capabilities of ACA’s RegTech platform. Catelas’ patented technology automates the mapping of how people connect and form groups within a firm, isolates collusion risk, and detects high-risk behaviors.

ACA Group and the Investment Adviser Association Announce Strategic Partnership

ACA Group (ACA), a leading provider of governance, risk, and compliance (GRC) advisory services and technology solutions, today announced that it has entered into a strategic partnership with the Investment Adviser Association (IAA), a leading organization dedicated to advancing the interests of investment advisers.

ACA Group Continues to Enhance Compliance Team with New Hires: Former CCOs, Examiners, and General Counsels

ACA has recently welcomed several new members to our investment adviser practice, all of whom bring years of experience and skills to the team. These additions help us accommodate the developing regulatory landscape and meet our client’s specific needs.

Upcoming events

Senior Management Obligations under the SM&CR - 30 September 2021

The ever-increasing focus by the Regulators on the accountability of senior management, particularly when things go wrong, emphasises how important it is for individuals in senior positions to have a clear understanding of what is expected of them. This succinct course is designed to assist Senior Managers to have a full understanding of what they need to do to achieve compliance with the rules under the obligations created by the Senior Managers and Certification Regime (SMCR).

Online Training