Session Sneak Peek: Jonathan Trimble
January 05, 2026
Jonathan Trimble is a former FBI cyber executive and the co-founder of Bawn, a cybersecurity firm helping CPA firms and financial professionals strengthen compliance and reduce cyber risk. During his time in the FBI, he saw firsthand how preventable cyber incidents could shut down small and mid-sized businesses, simply because basic controls were missing. Today, Jonathan focuses on giving CPAs practical, attainable frameworks to meet regulatory expectations and protect client data without needing deep technical expertise.
OSCPA: How did you become a cybersecurity expert?
Trimble: I spent my career in the FBI working on cyber and national security investigations, where I helped protect critical systems and sensitive information. During that work, I saw firsthand how small and mid-sized businesses are often the most impacted by cyber incidents — not because attackers target them specifically, but because basic security steps were missing. After leaving government, I co-founded Bawn to help CPA firms and financial professionals protect client data and reduce risk using practical, achievable controls — not buzzwords or expensive systems.
OSCPA: Why should members attend your session, and what’s the key takeaway?
Trimble: Cybersecurity regulations now apply directly to CPA firms — especially under the FTC Safeguards Rule and IRS data protection standards. Many firms are still unsure what “reasonable security” actually means in day-to-day operations. This session will walk through exactly what needs to be documented, implemented, and monitored, and how to do it without disrupting your practice.
You’ll leave with:
- A readiness checklist you can use immediately
- Policy language examples you can adapt
- And simple tools to confidently discuss cyber risk with clients
Key takeaway: You do not need to be a cybersecurity expert to be compliant and protected — you just need a clear, structured process.
OSCPA: What’s the biggest cybersecurity challenge CPAs face today?
Trimble: CPA firms hold some of the most sensitive financial and identity data — yet most cybersecurity guidance is written for large enterprises, not firms with 5–50 people. At the same time, clients are now turning to their CPAs first when they have cybersecurity questions, vendor security questionnaires, or insurance renewal requirements.
The challenge is how to meet those expectations without becoming “IT support.”
The solution is to use a business-minded approach to cyber risk — one that fits the way CPAs already think about internal controls, documentation, and fiduciary responsibility.
Attend the Lunch + Learn
OSCPA's January Lunch + Learn
January 20|Oklahoma City| Virtual| Recommended CPE: 1 hour