About
Who We Are
A look at the experience, projects, and capabilities behind The Safe North — and what we bring to every engagement.
01. Our Team
Who We Are
The Safe North is led by an Information Security Specialist based in Toronto, ON, with deep experience across security operations, threat investigation, identity management, and cloud security.
Our work spans enterprise-grade engagements: rolling out Zero Trust architectures, migrating WAF infrastructure to the cloud for 20+ applications, and building AI governance standards that align with privacy and compliance requirements.
We focus on practical security — building dashboards for leadership, running awareness programs, and automating workflows where it counts. Every finding is delivered in plain language so the whole organization can act on it, not just the technical team.
3+
Years in Security
20+
WAF Apps Migrated
98%
Phishing Awareness
2
Industry Certifications
02. Background
Where Our Expertise Comes From
Enterprise Security Operations
Large Enterprise — Financial Sector
- Investigated and responded to security incidents using enterprise SIEM and EDR platforms, analyzing threats and driving remediation across teams.
- Led Zero Trust implementation, strengthening identity-based authentication and DLP enforcement across enterprise systems.
- Developed AI governance standards aligned with security, privacy, and regulatory requirements.
- Conducted vulnerability assessments, supported penetration testing, and collaborated with IT teams on remediation prioritization.
- Ran security awareness programs, lifting phishing simulation scores from 88% to 98% across the organization.
- Automated security workflows and built executive reporting dashboards to communicate risk posture to leadership.
- Led cloud security initiatives including migration of WAF infrastructure covering 20+ applications with zero downtime.
Regulated Industry — Risk & Compliance
Financial Services
- Managed sensitive client information under strict regulatory and compliance standards.
- Identified fraud risks and escalated suspicious activity in line with internal risk procedures.
03. Projects
Key Enterprise Engagements
Business Continuity
Backup & Disaster Recovery Assessment
Assessed backup and disaster recovery setup across on-premises and cloud environments for a large enterprise client. Reviewed RTO/RPO targets, tested recovery procedures, found the gaps, and delivered a DR readiness report for leadership with a clear priority list.
Why it mattered: To ensure the organization could recover quickly from ransomware, a hardware failure, or a major outage, and to meet regulatory requirements around data availability.
Cloud Security
WAF Migration — F5 Silverline to Cloud
Migrated the Web Application Firewall from on-premises F5 Silverline to a cloud solution for a large enterprise. Reviewed 20+ web applications, built the new WAF rule sets, worked closely with application owners, and completed the migration without any downtime or gap in protection.
Why it was migrated: The on-premises setup was aging and harder to manage as the environment shifted more to the cloud. Moving to a cloud WAF made it easier to manage centrally, scale when needed, and cut down on maintenance overhead.
Identity & Access
RSA Authentication Migration & Upgrade
Helped coordinate the migration and upgrade of RSA Authentication Manager, used for MFA and remote access. This involved reassigning tokens, updating integrations with VPN and other internal systems, and making sure authentication kept working for users throughout the change.
Why it was upgraded: The version in use was end-of-life and had unpatched vulnerabilities. Upgrading fixed those gaps and maintained compliance with identity security requirements.
Security Architecture
Zero Trust Implementation
Worked on rolling out Zero Trust across the organization, starting with identity and device controls. This included setting up conditional access in Azure AD, enforcing device compliance before granting resource access, and removing the assumption that anything on the internal network could be trusted. The rollout was phased to keep disruption low.
Why Zero Trust: As the organization moved to hybrid and remote work, the old network perimeter model stopped making sense. Zero Trust reduced lateral movement risk and gave the team tighter control over who could access what.
Endpoint Security
EDR Replacement — Carbon Black → Microsoft Defender
Managed the replacement of Carbon Black with Microsoft Defender for Endpoint across all endpoints. Compared the feature coverage, planned the rollout in phases, coordinated the removal of Carbon Black agents, and connected Defender alerts into the SIEM so everything was visible in one place.
Why it was replaced: The client runs a mostly Microsoft environment, so Carbon Black’s licensing cost and integration overhead no longer made sense. Defender is built into the Microsoft ecosystem, the portal is unified, and it’s much simpler to manage day to day.
SIEM & Vuln. Management
SIEM & VM Replacement — Rapid7 → Jolear, Qualys & Elastic
Worked on replacing Rapid7 InsightIDR/InsightVM with a newer stack: Jolear for SIEM and detection, Qualys for vulnerability management, and Elastic Agent for log collection. Built out the new architecture, created detection rules and dashboards, and moved over existing workflows.
Why the switch: Qualys provides more detailed vulnerability coverage, Jolear is more flexible and cost-effective as a SIEM, and Elastic Agent covers more log sources. It also removed single-vendor dependency.
04. Capabilities
What We Work With
Security Operations
Cloud & Network Security
Identity & Access Management
Analytics & Automation
Governance & Compliance
Platforms & PKI