// SECURITY ASSESSMENTS AND REVIEWS · HANS STUDY · ONTARIO, CANADA

Security Assessments and Reviews

Not every problem needs a CISO on retainer. Sometimes you need a specific piece of work done well by someone independent: a clear-eyed assessment, an architecture you can trust, a network hardened properly, or an experienced set of eyes on a project that's about to go sideways. That's this side of the work.

Everything here is vendor-agnostic. I don't resell hardware or software, I don't take finder's fees, and I don't run your operations. When I recommend a control or a product, it's because it fits your risk, not because it's on a price list I benefit from.

This is the program-level and assessment work: where you stand against a standard, the security architecture underneath the operation, and independent oversight on a build. For domain-specific technical engineering, Genetec Security Center, CCTV and access control, enterprise and OT networks, physical security design, and structured cabling, see engineering. For the leadership and strategy side, the fractional CISO role and security strategy, see advisory.

Assessments

A security program and gap assessment tells you where you actually stand against the standard that matters: NIST 800-171, NERC CIP, ISO 27001, or CIS Controls. You get a gap analysis, a maturity rating, a third-party and vendor risk read, and a remediation roadmap your board, auditor, or insurer can act on. A convergence assessment goes after the gaps a conventional audit misses because it never looks at the cameras, the controllers, or the OT boundary.

Architecture and hardening

Independent security architecture for the network and systems underneath your operation, and hands-on hardening of the platforms I work in daily: Windows server and workstation, Cisco, Aruba, and the rest. This is the tuning-and-hardening work that closes the gap between a system that passed acceptance testing and one that actually holds up.

Project and program oversight

Independent oversight for a specific build: a Genetec deployment, a network modernization, a site or campus security upgrade. I sit on your side of the table, hold the integrator and the design to a standard, and catch the problems before they're poured into concrete or pulled through conduit. I've spent enough years watching poorly deployed systems pass sign-off to know exactly where to look.

Related advisory areas

Security Leadership, Advisory, and Strategy →

The hub for fractional CISO, strategy, compliance, and convergence work.

OT/IT and Physical Security Convergence →

The boundary assessments a conventional security audit never reaches.

Security and Technology Strategy →

When the engagement points toward direction rather than a single piece of work.

Scoped per engagement

Consulting work is scoped per engagement. Email contact@hans.study with what you're dealing with and I'll tell you whether it's something I can help with.

Start a conversation