Free Exposure Risk Scorecard
Discover where identity, access, and sharing may be exposing sensitive data in your environment.
Focused on Sensitive, Critical, and Regulated Environments
I work with municipal, provincial, and federal government, defense contractors, critical infrastructure, healthcare, education, and other regulated organizations where sensitive data, operational criticality, and compliance expectations require a more disciplined approach to security risk.
Municipal, Provincial, and Federal Organizations
Built for government and public-sector environments where security decisions must support confidentiality, accountability, continuity, and defensible risk management.
- Municipal, provincial, and federal government environments
- Public-sector teams, agencies, and regulated public bodies
- Environments with elevated governance and oversight expectations
- Security review for accountability, exposure, and operational resilience
Government Suppliers, Defence Contractors, and Essential Services
Focused on organizations supporting government operations, defence work, utilities, and essential services where security failures can carry serious operational and procurement impact.
- Defence subcontractors, suppliers, and contract-sensitive environments
- Utilities, infrastructure operators, and essential service providers
- Critical construction and organizations supporting public systems
- Security review for resilience, documentation, and readiness expectations
Hospitals, Large Clinics, and Sensitive Health Environments
Designed for healthcare environments handling sensitive patient, operational, and regulated information where privacy, controlled access, and continuity of care matter.
- Hospitals, large clinics, and multi-site care organizations
- Sensitive health, patient, HR, and operational data environments
- Regulated workflows with elevated privacy and access requirements
- Security review for exposure, governance, and clinical resilience
Financial Operations and High-Impact Service Environments
Built for organizations where financial systems, service continuity, and control failures can create immediate operational, regulatory, or reputational consequences.
- Financial firms, advisory environments, and transaction-sensitive operations
- Systems where compromise can disrupt service or decision-making
- Environments with elevated governance and control expectations
- Security review for resilience, continuity, and risk reduction
Law, Accounting, Tax, and Other Sensitive Data Environments
Designed for organizations managing confidential client records, financial information, and large volumes of sensitive personal data where exposure risk must be tightly controlled.
- Mid-sized law firms, accounting firms, and tax advisory practices
- Environments handling legal, personal, and regulated financial data
- Sensitive records central to client trust and daily operations
- Security review for confidentiality, access, and data exposure risk
Universities, Colleges, and Large School Boards
Focused on education environments managing large volumes of student, staff, financial, and operational data across distributed systems and high-accountability institutions.
- Universities, colleges, and large school boards
- Student, staff, HR, financial, and operational data environments
- Microsoft 365, SaaS, identity, and access complexity at scale
- Security review for exposure, governance, and institutional resilience
Compliance and Standards Alignment
Built for organizations operating in regulated, procurement-sensitive, and mission-critical environments shaped by privacy, governance, security, and resilience expectations.
PIPEDA and Canadian Privacy
Support for organizations handling personal information under Canadian privacy expectations where confidentiality, access control, and defensible data handling are essential.
Healthcare Privacy and HIPAA
Built for healthcare environments handling sensitive patient and operational data where privacy, governance, and controlled access expectations are elevated.
NIST Cybersecurity Framework
Structured assessment work aligned with widely recognized NIST-oriented practices for identifying, prioritizing, and improving security across regulated sectors.
CIS Controls
Practical review informed by CIS-style control thinking to help organizations prioritize meaningful improvements instead of oversized remediation efforts.
ISO 27001 and Governance
Advisory support for organizations strengthening governance, policy maturity, access control discipline, and evidence-based security improvement over time.
CMMC 2.0 and Defense Supply Chains
Support for defence contractors, manufacturers, and government suppliers working toward stronger security posture in DoD- and procurement-sensitive environments.
Practical guidance for sectors where data sensitivity, compliance, and operational impact are higher
Dan works directly with organizations in government, defence-related supply chains, critical infrastructure, healthcare, education, and other sectors where security issues can affect sensitive data, operational continuity, procurement requirements, or regulatory exposure.
His background combines cybersecurity research, systems and software knowledge, cloud and identity security, and business risk advisory. That mix is useful in environments where technical issues need to be explained clearly and tied to governance, operational impact, and decision-making.
Security and Cloud Credentials
MSc. CS, MBA, CISSP, and CCSP support work that spans technical review, cloud risk, governance, and business-facing security assessment.
Structured Risk Review
Assessments are designed to identify exposure, explain why it matters, and provide findings that can support internal review and decision-making.
Standards and Framework Context
Work can be aligned to expectations shaped by NIST, CIS, ISO 27001, healthcare privacy, Canadian privacy obligations, and CMMC 2.0 environments.
Focused and Actionable
Engagements are intentionally scoped to surface meaningful issues without turning the work into a large, slow, or overly generic consulting exercise.