CS-01
AI Security Strategy & Threat Modelling
Before any model trains on your logs, we need to know what you are defending and what your analysts can actually respond to. Our strategy engagements map attack surfaces across cloud, identity, and application layers, then translate business risk into a detection roadmap. Workshops with your security and platform teams produce threat models grounded in your sector — fintech fraud paths, healthcare data exfiltration patterns, retail credential abuse — not generic MITRE posters on a wall. Deliverables include prioritised detection requirements, data-source inventory, analyst-capacity assessment, and a phased plan for ML threat detection and SOC automation investment. We document assumptions, note where AI-assisted analysis may miss threats, and set measurable outcomes your CISO can report to the board. This is cybersecurity consultancy with engineering follow-through — not a one-day audit that gathers dust.
Indicative range: C$22,000–C$55,000 per engagement
CS-02
ML Threat Detection & Anomaly Analytics
Generic signatures fail when attackers adapt faster than vendor update cycles. We build machine-learning detection pipelines trained on your own telemetry — authentication flows, network metadata, endpoint events, cloud audit logs — to surface behavioural analytics anomalies that rule-based SIEM content misses. Our engineers handle feature engineering, model selection, false-positive reduction tuning, and integration with your alert triage workflow. Every model ships with documentation explaining what it detects, what it cannot see, and how analysts should validate outputs before escalation. We support supervised and unsupervised approaches depending on labelled data availability, and we run adversarial testing to stress-test classifiers before production. Anomaly detection is not magic — it requires clean data, human review, and ongoing retraining. We stay through the tuning phase so your SOC team trusts the alerts, not just the architecture diagram.
Indicative range: C$45,000–C$120,000 per detection layer
CS-03
SOC Automation, SIEM & SOAR Engineering
An alert queue nobody had time to triage is where real intrusions hide. Our SOC automation practice engineers SIEM correlation rules, SOAR playbooks, and enrichment pipelines that shorten tier-one response without removing analyst judgement. We audit existing detection content, measure false-positive rates, retire noisy rules, and build automation that handles repetitive enrichment while flagging edge cases for human review. Integrations span common platforms — Splunk, Microsoft Sentinel, Elastic, Chronicle, custom log stacks — with attention to data governance and PIPEDA requirements for log retention and access controls. Playbooks include explicit escalation gates: automated containment only where your policy permits, with analyst sign-off on anything irreversible. We also train your team on maintaining the automation layer after handoff, because detection engineering is an operational discipline, not a install-and-forget product deployment.
Indicative range: C$35,000–C$95,000 · Retainers from C$8,500/mo
CS-04
Phishing & Fraud Detection Systems
The phishing wave that slips your filter at 4:55 on a Friday costs more than the email itself — it costs analyst trust in every subsequent alert. We design phishing detection and fraud detection systems that combine metadata analysis, URL reputation signals, user-reported feedback loops, and ML classifiers tuned to your organisation's communication patterns. For Canadian enterprises handling payment flows, we model transaction fraud indicators alongside email-based social engineering. Detection outputs route through human-in-the-loop review before auto-quarantine or account lockout — because false positives on executive inboxes create their own incident. We integrate with your existing email security stack rather than replacing it, and we document detection coverage gaps honestly. No system catches every phish; our goal is to surface the campaigns that matter and give analysts context to respond fast.
Indicative range: C$38,000–C$85,000
CS-05
AI/LLM Model Security & MLSecOps
Internal chatbots shipped to production with no guardrails and a very helpful attitude are a security incident waiting for a prompt-injection trigger. Our MLSecOps practice secures AI and LLM deployments through model security reviews, input/output guardrails, adversarial testing, and monitoring integration that catches anomalous model behaviour in real time. We assess training data handling, inference pipeline exposure, API authentication, and prompt-injection defence layers for both customer-facing and internal AI features. Deliverables include threat models specific to your model architecture, red-team test results, guardrail configurations, and incident response playbooks for model-related events. We work alongside your ML and platform teams — this is not a general LLM consultancy; security engineering stays central. AI models can be manipulated, leak training data, or produce harmful outputs; we build controls and monitoring, not promises of perfect safety.
Indicative range: C$40,000–C$110,000
CS-06
Detection QA, Guardrails & Response Enablement
Shipping detections without QA is how false-positive storms burn out night shifts and hide the one alert that mattered. Our detection QA discipline validates every rule, model, and playbook before production — through structured test cases, adversarial testing scenarios, and analyst walkthroughs that confirm triage workflows actually work under pressure. Guardrails define what automation may do autonomously versus what requires human approval. Incident response enablement includes runbook development, tabletop exercises, vulnerability triage support, and threat intelligence integration so your team knows what to do when detection fires. We measure outcomes: alert fidelity, mean time to triage, analyst satisfaction — not vanity deployment counts. This service often extends a retainer relationship for Canadian organizations that want ongoing detection engineering rather than a one-time project. Results depend on implementation discipline and environment factors we document upfront.
Indicative range: C$25,000–C$60,000 · Retainers from C$7,500/mo