What We Do


Preparing for a cloud deployment is tough enough - let us take on the security and privacy aspects. We can work with both administrative and technical teams to conduct a Technical Risk Assessment (TRA) and outline the risks that need to be addressed. This includes creating an Action Plan (AP) with your project team to implement these new system and process controls.

We use ISO standards as the yard stick for controls that should be considered and deployed. It also allows us to ensure your specific cloud security needs are considered and addressed.

We consider all aspects of a cloud deployment regardless of architecture or deployment model used. This includes:

  1. Reviewing MSAs and other contract vehicles to determine what was negotiated. Hopefully, we are engaged prior to contract to assist in selection of vendors and provide the necessary support when writing the MSA. 
  2. Clearly understanding the security capabilities of your cloud provider and ensuring your team understands the residual risk elements including the threat vectors for your data.
  3. Interviewing staff members to understand the implementation aspects of the cloud service and ensuring all technical control elements are reviewed in a TRA.
  4. Providing a detailed action plan to ensure critical risks are eliminated quickly and those that can wait are scheduled accordingly.
  5. Conduct a Privacy Impact Assessment to determine if and where critical data is being collected, processed, and stored.


While mobile has surpassed web for development projects, many programs lack even a basic System Development Lifecycle (SDLC) discipline. As a result, apps are created that lack security threat modelling and security gates that evaluate any new programming risk that might of been introduced to the source code.

We have developed a methodology that allows for software to be validated against vulnerabilities. The focus is on testing to flush these out using the source code where possible to conduct these tests. This includes network layer testing to see data that traverses connections and user identifiable details in these transactions.

Our services includes the following aspects:

  1. Code evaluations and best practice
  2. Determine cloud based apps and potential risks associated
  3. BYOD infrastructure assessments
  4. Intrusion and pattern monitoring
  5. Regulatory compliance
  6. System auditing


IoT is the future of technology and takes many aspects of mobile and cloud to a whole new level. While many companies are still considering their options in this developing market, the time is right to identify the risk posture of the potential solution and ensure that security and privacy have been designed into your solution.

While some organizations might already have solutions on the market, it’s not too late to consider how to secure the next revision. The key is conducting a security threat model and then update it accordingly. This includes ensuring the design and test plans validate the threats. If issues are found infield, they can easily be dealt with using the updated design and development process.

We also perform end-to-end solutions testing for organizations who are looking for a higher level of assurance. This can include code assessments and vulnerability assessments against both hardware and software components.

Virtual CSO

Are you considering new IT projects but don’t have a security sounding board? Have to meet new security requirements but don’t know where to start? Are you planning for growth and want to make sure that security and privacy are factored into your corporate plan? No problem, we can provide the necessary guidance on all of these and more. Our Virtual CSO service was designed to help companies of all sizes get the needed guidance when and where they need it. We aim to be your one-stop for guidance on any project where security and privacy are important but that you don’t have adequate resources to provide the necessary support. 

  1. Here are some ways you can leverage our expertise:
  2. Strategy Planning Sessions
  3. Project Risk Assessments 
  4. Support the creation of ISMS 
  5. Breach playbook Technology assessments
  6. Solution and architecture guidance

Connect with us to find out how we can help build a program to suit your specific business needs and budget. 

Breach Mitigation

Businesses have long struggled with how to handle the unfortunate moment when a network intrusion becomes a data breach. The security team at TwelveDot has developed a pre- and post- breach methodology to help organizations prepare for the day when a compromise to privileged data occurs. 

Based on international standards, our methodology considers the full breach picture from understanding the risk of data exposure, to breach prevention and incident response. Our holistic approach guides companies through the full breach lifecycle to mitigate risk and reduce company exposure to threats and breaches. 

Understanding the risk of any project that handles critical data is fundamental to a pre-breach program. Ensuring that adequate technical controls are are in place and that policies and procedures governing security practices are well communicated is paramount in a sound security program. TwelveDot will build a customized playbook to protect and secure your assets. 

The ability to detect and perform an incident response that follows a breach aids greatly in tightening security practices by identifying methods that will prevent further compromise in the future. Our team can help you implement procedures to handle this independently and can also be called on to assist in emergency situations.

ISO 27000

Building and maintaining an ISMS (Information Security Management System) is not always easy - especially for larger organizations who have already developed processes and procedures for managing risk. However, more governments, financial institutions and even software vendors now require partners to be compliant with ISO/ IEC 27001. Many countries in Europe and Asia are now requiring certain sector companies to be come 27000 certified to operate. Our approach to implementing an ISMS is divided into phases that help organizations big or small easily prepare for deploying an ISMS. The process is initiated with a gap analysis to better understand the organization and the current set of security controls that have been deployed. We then work with customers to understand the mandatory controls that will be required and provide technical consulting to implement these controls. Once completed, we work with customers to develop the Statement of Applicability (SoA) that will be used towards obtaining certification. While not always the goal of an organization who want an ISMS, it typically is the long term strategy for many companies.

Applying our intimate knowledge of the ISO 27000 standards family and technical deployment know-how, we can provide all the services necessary to support your implementation of an ISMS. If you think an ISMS is only for big companies, think again. Small and medium businesses also benefit from the controls that an ISMS requires to ensure a strong security foundation for the future. It will also significantly reduce the cost of deploying these aspects for a large company that now needs to comply to this standard to win large contracts or new customers. This investment in an ISMS will help prepare a company for its future.

Company Manifesto

TwelveDot was created to help businesses of all size deal with information and cyber security issues. While organizations of all sizes struggle to ensure their data and operations are secure on a daily basis, many miss vital warning signs that something is amiss. Often data breaches trigger a focus on security, but it doesn’t have to be that extreme. We help companies better understand their true data risks and how their teams can manage that effectively on a daily basis. We help demystify the marketing speak of security solutions and focus on the risk and exposure elements. Only then can an organization truly offer a solution that is both secure and user friendly. TwelveDot is devoted to being your unbiased, objective and collaborative partner. We respect your privacy and do not share your sensitive information nor do we keep your data.

Facts About Us

Team Members
Year We Started
# of Global Partners

Our Team

Faud Khan


Cid Parato

Manager, Security Services - Platform and HW Pen Testing

Jared Broughton

Head Developer, Web and App Pen Testing

Jon Castiglione

UX and Mobile Developer

Abhishek Joshi

SW and HW Engineer

Wayne Hendry

Community Manager

James Anderson

Product Management

Latest news

Eight years and counting

As we start another new year in business, I wanted to take this opportunity to thank all our customers, partners, and staff for the outstanding work we have accomplished to date. Over the past 8 years we have accomplished quite…


Well it has been a long wet summer but we are making progress on HiveSense. We are working on the iOS version of the mobile monitoring app and will be testing that over the next few months as we finalize…

Real-World IoT Security Conference (RISC) 2017

On June 20th, 2017, RISC will be held in Bangalore, India. It is a one day cyber security conference focused on issues around IoT security. Delegates will have the opportunity to attend a wide array of sessions to learn more…

Visit Our Blog

Message From Founder

When I started TwelveDot, I wanted to fill a void that was lacking in many big box security consulting companies — namely a global perspective. While many big box global consulting firms offer local resources around the globe, the resources have no global expertise. I wanted to share our global context and expertise with customers both in Canada and around the globe. This includes the standards work we have completed and will continue to develop in both ISO and ITU. We believe it is very important to base our advice on accepted and recognized security best practices. While we have a range of services to help companies, we focus on technologies and solutions around mobile, cloud and IoT. Many companies are struggling to secure these solutions. Connect with us to see how we can help you solve your security challenges. Chances are we’ve already helped someone like you solve a similar problem.
Faud Khan


TwelveDot is a technology and security consulting practice built on 20+ years of experience advising, managing, designing, and developing solutions for clients from a wide-range of sectors. Our clients include equipment manufacturers, software development companies, cloud solution providers, government departments, crown corporations, and private-sector businesses.


343 Preston St. 11th Floor
Ottawa, ON, Canada

+1 (613) 447-3393


TwelveDot Inc. All Rights Reserved © 2010-2017