Select Page

Information Security Consultant

Professional Engineer - Client Service Focus - Proven Track Record

Security Governance

S-GRC: Security – Governance, Risk, and Compliance

IT Security Standards

Customized Security Standards
Policies and Directives

Secure Development

System Development Life Cycle
Application Development

Project Management

Business Analysis Technical Requirements and Specifications

Security Operations

SOC Monitoring
Data Loss Prevention
Incident Response

Security Audit

Threat and Risk Assessment
Vulnerability Assessment

Security Architecture

Cloud Security
Migration Strategy
Reference Architectures

Corporate Security

Security Awareness
Cyber Security Program

Private Sector Engagements

TMX Group Limited (TMX)

American International Group (AIG)

PriceWaterhouseCoopers

TC Energy (Formerly TransCanada Pipelines)

Telus Health (Formerly BCE Emergis)

Bell Canada

Firelytics Network Analyzer

Amer Networks

Certicom Corp.

TRW LLC

Waterloo Maple

Public Sector Engagements

Bank of Canada

Payments Canada (Canadian Payments Association)

Elections Canada

Office of the Superintendent for Financial Institutions (OSFI)

Natural Resources Canada (NRCan)

Environment and Climate Change Canada (ECCC)

Global Affairs Canada (Formerly DFAIT)

Public Services and Procurement Canada (PWGSC)

Canadian Blood Services

Ontario Clean Water Association (OCWA)

TV Ontario

Security Governance

Managing your organization’s overall enterprise risk and compliance with industry recognized security regulations, controls, and best practices.

Aligning security recommendations and practices with business objectives, ensuring an appropriate level of engagement with stakeholders and contributors.

Developing a solid GRC framework including all related processes and procedures to manage security risk and meet compliance requirements.

IT Security Standards

Customizing industry recognized IT Security Standards, including NIST and ISO, for specific applicability to your organization’s IT environment.

Developing and maintaining a comprehensive set of IT security policies, directives, and guidelines to support and help implement standards.

Aligning polices with objectives for the IT security program and broader IT roadmap and strategy to build a foundation that will withstand evolving threats.

Secure Development

Ensuring that security is adequately considered and built into each phase of every system development lifecycle (SDLC), particularly from initial phases.

Enabling and managing security assurance activities such as penetration testing, code review, and architecture analysis as an integral part of the development effort.

Writing security requirements and merging them with  functional requirements, or performing an threat modelling and risk analysis during design phases.

Project Management

Effectively engaging executive sponsorship and formal backing for security considerations in project management, scope, objectives, and strategy.

Executing responsible oversight for application design, development, and integration and transitioning to operational management.

Completing projects by coordinating resources and timetables with stakeholders, departments, operations, and data center.

Security Operations

Developing operational procedures and standards for enterprise information security monitoring, detection, analysis, response.

Defining plans for incident response to manage malware threats, malicious attacks, network disruptions such as DDoS, and post-incident investigation and forensics.

Assessing, designing, and operationalizing complex and distributed delivery models of security operations, including cloud, SaaS, and SOC-as-a-service.

Security Audit

Identifying and assessing your organization’s critical information technology assets, data, and processes, that if compromised would have a major impact on business operations.

Identifying threats that would affect the ability of business functions to operate, cause damage to business reputation, or incur legal liability due to regulatory non-compliance.

Conducting internally managed security audits on your organization’s compliance programs to reduce the challenge of formal audits, and identify issues within existing policies and governance.

Security Architecture

Developing cloud migration strategy, addressing technical, functional, legal, procurement, security, and operational needs of the organization.

Assessing technical environments for cloud security compliance and attestation, including controls assurance for defined sets of service provider’s systems.

Integrating patterns and reference architectures with security standards, disaster recovery, continuity, DevOps, and application management.

Corporate Security