SELECTED WORK
Illustrative engagements along the perimeter
The summaries below represent the kinds of advisory work SecureWith delivers for Canadian SMEs. Client names and identifying details are changed or omitted. Figures are illustrative — not promises of what your engagement will achieve.
CLOUD HARDENING · OTTAWA PROFESSIONAL SERVICES
Shared-link exposure before a major client audit
A forty-person consulting firm on Bank Street approached us three weeks before a Fortune 500 client's security questionnaire arrived. Their Microsoft 365 tenant had accumulated overshared folders, legacy external collaborators and conditional access gaps that would not survive scrutiny.
We mapped sharing permissions across SharePoint and OneDrive, identified twelve high-risk links with anonymous access, and worked with their office administrator to tighten defaults without disrupting active projects. Conditional access policies were scoped to require MFA for all external sessions. Deliverables included a client-ready summary of controls and a staff guide for requesting external sharing.
The audit proceeded without remediation delays. The firm retained us on a light monthly advisory plan for vendor questionnaire support.
Engagement walkthrough — findings explained in business terms, not CVE lists.
Implementation support — advisors alongside your team, not instead of them.
IDENTITY PROGRAMME · REGIONAL HEALTH CLINIC GROUP
MFA adoption without shutting down Friday clinics
A multi-location clinic group with ninety staff had mandated MFA in policy but achieved only partial coverage. Front-desk tablets, shared nursing stations and a legacy practice-management integration complicated rollout. Previous attempts stalled when authentication prompts disrupted patient check-in.
We segmented users by role, deployed phishing-resistant MFA for administrators and finance first, then phased clinical staff during low-volume windows. Service accounts were inventoried and rotated. AI-assisted permission analysis flagged fourteen dormant accounts with elevated access.
Within six weeks, MFA coverage reached ninety-seven percent without a single clinic closure. Joiner-mover-leaver checklists were handed to their HR coordinator with quarterly advisor review built into the retainer.
PERIMETER ASSESSMENT · GATINEAU MANUFACTURING SME
Insurance renewal triggered a reality check
Their broker requested evidence of security controls before renewing cyber coverage. Leadership assumed backups and antivirus were sufficient. Our perimeter assessment revealed unpatched VPN firmware, flat internal network segmentation and no documented incident response plan.
We delivered a ranked remediation roadmap: critical items for insurance documentation within ten days, medium-term network segmentation over two months, and policy drafts for incident response and vendor management. The broker accepted our summary letter as evidence of active improvement. Premium negotiations improved modestly — the owner valued the clarity more than the discount.
PIPEDA ALIGNMENT · REMOTE-FIRST SOFTWARE VENDOR
Privacy documentation for a first enterprise sale
A twenty-five-person SaaS vendor landed their first municipal client and discovered their privacy materials were a single outdated paragraph on the website. The procurement team required PIPEDA-aligned policies, a data processing summary and breach notification procedures.
We drafted acceptable-use, data handling and incident response policies sized to their headcount, mapped data flows for their primary product, and prepared a client-facing security overview. Legal counsel reviewed two clauses; we revised within forty-eight hours. The deal closed on schedule. They now use our retainer for quarterly policy refresh and new-hire acknowledgement tracking.
AWARENESS PROGRAMME · OTTAWA NON-PROFIT
Wire-fraud near-miss became a teaching moment
A finance coordinator nearly transferred C$42,000 to a spoofed executive email. The transfer was stopped at the bank, but leadership wanted structural change — not a one-time lecture. We built a role-based awareness cycle: executive briefings on BEC tactics, finance-team simulations using their actual email patterns, and remote-worker guidance for home-network risks.
Phishing simulation click rates dropped from twenty-eight percent to nine percent over two quarters. More importantly, the finance team adopted a verbal confirmation protocol for payment changes that persists without our prompting. The programme renewed annually at a fraction of the cost of the near-miss.
See yourself in these stories?
Describe your situation in a perimeter review request. We will outline how advisory support could fit — or recommend alternatives if we are not the right match.
Book a perimeter review