PRACTICE AREAS
Advisory services sized for Canadian small and medium businesses
SecureWith delivers authorized, consent-based cybersecurity advisory from our Albert Street studio in downtown Ottawa. Every engagement pairs AI-assisted analysis with experienced human advisors — no offensive hacking, no spyware, no surveillance products. Pricing below is indicative in CAD; final scope is confirmed after a perimeter review conversation.
Scoping workshop — we learn your business before recommending controls.
HOW WE ENGAGE
Consultancy, not a product shelf
We work alongside your leadership and IT contacts — whether that is a fractional administrator, an office manager wearing multiple hats or a three-person internal team. Engagements begin with understanding your operations, regulatory context under PIPEDA and provincial privacy law, and the threats most relevant to your sector. Whether you need a focused two-week assessment or a monthly advisory retainer, we document scope, deliverables and reporting cadence before any work begins.
All figures on this page are ranges, not quotes. We invoice in Canadian dollars and can align billing to your procurement cycle. For organizations outside the National Capital Region, we deliver remotely with Ottawa-based advisor oversight.
SIX DISCIPLINES
Perimeter grid — full service descriptions
Perimeter Security Assessment
A structured review of how your organization connects to the world — external attack surface, email authentication, remote access paths, vendor integrations and internal segmentation. We use AI-assisted scanning and configuration analysis to accelerate discovery, then advisors validate findings against your actual workflows. Deliverables include a ranked findings report, executive summary for leadership and a remediation roadmap with effort estimates. Ideal for SMEs preparing for insurance renewals, client audits or post-incident hardening. Typical project duration is two to four weeks depending on environment complexity and stakeholder availability.
Identity & Access Programme
Identity is the new perimeter for most Canadian businesses. We design and help implement MFA coverage, privileged access workflows, service account inventories and joiner-mover-leaver procedures that your team can sustain. AI tools help flag dormant accounts and excessive permissions; advisors translate results into role-based access models aligned to your org chart. Engagements include policy templates, implementation checklists and optional hands-on support during rollout. Particularly valuable for firms with hybrid work, contractor access or recent acquisitions where account sprawl has outpaced governance.
Microsoft 365 & Cloud Hardening
Most Ottawa SMEs run on Microsoft 365, Google Workspace or a mix of SaaS tools — often with defaults that were reasonable three years ago but risky today. We review tenant configuration, sharing policies, conditional access rules, backup posture and third-party app permissions. Advisors produce a hardening guide with specific setting changes, not generic best-practice slides. We integrate with your existing licences and do not resell platforms. Multi-cloud and Azure workload reviews are available for organizations with custom applications or regulated data holdings.
Policy, Compliance & PIPEDA Alignment
Security policies fail when nobody reads them. We draft practical acceptable-use, incident response, data handling and vendor management policies sized to your headcount and industry. AI-assisted drafting accelerates first versions; advisors edit for clarity, legal appropriateness and alignment with PIPEDA fair information principles. Deliverables include staff acknowledgement workflows and a gap analysis against common client questionnaire requirements. This is advisory documentation support — not legal representation — and we recommend counsel review where regulatory obligations are complex.
Security Awareness & Phishing Resilience
Your staff are part of the perimeter. We build role-based awareness programmes — executive briefings, finance-team wire-fraud scenarios, remote-worker guidance — supplemented by controlled phishing simulations calibrated to your industry. Results feed back into policy and technical controls rather than blame. Programmes run as quarterly cycles or annual refreshes, with metrics leadership can track without shaming individuals. Particularly effective after a near-miss or when onboarding remote employees across multiple provinces.
Ongoing Security Advisory Retainer
Not every security question warrants a new project. Retainer clients receive scheduled check-ins, priority email access, vendor questionnaire support and incident guidance during business hours. Advisors who know your environment respond directly — not a rotating helpdesk. Monthly tiers range from C$2,400 for light advisory through C$8,500 for firms needing weekly touchpoints and board-ready reporting. Retainers include a defined number of advisor hours; overages are quoted before work proceeds. Ideal for growing organizations that need senior guidance without a full-time CISO hire.
DELIVERY
What every engagement includes
Written scope confirmation before work begins. Plain-language reporting suitable for non-technical leadership. Human advisor review of all AI-assisted outputs. Secure handling of assessment data under our client confidentiality protocols. Post-engagement summary call to walk through findings and answer questions.
We do not require you to purchase specific security products. When tooling gaps exist, we recommend capabilities honestly and can support evaluation — but remain vendor-neutral in our advisory role.
Policy review session — documentation your team can follow, not shelf-ware.
Retainer briefing — ongoing access to advisors who know your perimeter.
NEXT STEP
Start with a perimeter review
Not sure which discipline fits? Book a perimeter review conversation. We will ask about your team, tooling and concerns, then recommend a scoped engagement — or tell you honestly if you are not ready for paid advisory yet.