ThreeShield Information Security network, cloud, and on-premise computer security
Comprehensive IT

Calgary-based Information Security

ThreeShield Information Security Corporation: Your Trusted Partner for Comprehensive IT Security Solutions Across Calgary, Vancouver, and Toronto!

Penetration Test / client, compliance, or insurance requirements?

If you just want to close the deal or find problems, we've got your back!
Our comprehensive vulnerability assessments go beyond pen testing to cover all your risks and give real, actionable results so you can prove and improve your security!

Add security to your IT team

We'll stop your endless emergencies, free up your time, and fill in the gaps while blending into your IT team.
ThreeShield fills in the gaps with respected frameworks to bring you to the next level.

Cybersecurity for start-ups

Credit card agreements, insurance, banks, clients, and governments require strong IT security controls to meet compliance requirements.
ThreeShield will meet your new compliance requirements and can even set you up with credit card machines and security cameras.

ThreeShield Information Security Corporation is a leading provider of information security services across Calgary, Vancouver, and Toronto, offering a holistic approach that covers all aspects of IT security, from managed security for computers, cloud platforms, and code, to security awareness training, independent IT audits, compliance, and incident response and management.

ThreeShield leverages its expertise, proprietary tools, and strategic partnerships to deliver customized and cost-effective solutions that meet the specific needs and goals of each client.

IT Security for a Competitive Edge

ThreeShield’s information security approach makes you your business's hero to enhance your performance, productivity, and reputation, as well as gain trust and loyalty from their customers and stakeholders.

Our control-based approach empowers you to bid on big RFPs, confidently complete client security questionnaires, qualify for lower insurance rates, and benefit from tight vendor integrations.

Scalable Information Security

ThreeShield’s cybersecurity solutions are adaptable and scalable to the changing needs and demands of businesses, as well as the evolving threat landscape and regulatory environment from PCI and PII to provincial, Canadian, and global privacy requirements, including GDPR.

From one Microsoft Windows, Mac, or Linux computer to thousands, we grow with you. Our proprietary patching approach will even make sure that your patches don't clog up your network when you grow to have hundreds of laptops, servers, and other network equipment.

Penetration Testing and Vulnerability Assessments

Everything from insurance questionnaires to client and credit card merchant agreements require penetration tests nowadays.

The problem with standard pen tests is that they are often just automated scans or attempts to find the first problem and get in. Companies that take this approach don't deliver much value. Sadly, when we're hired for follow-up information security audits, we have to look at these scant pen test reports and wonder how other companies can justify calling sumething an IT vulnerability assessment when they just ran a scan and came up with five IT security recommendations.

ThreeShield takes a comprehensive information security controls approach, based on decades of experience auditing everything from Government of Alberta entities and the space shuttle rocket mission control room to fintech startups, accounting firms, primary healthcare networks, military contractors like Sikorsky Helicopters, and ecommerce companies.

Yes, we do run the standard scans, provide Payment Card Industry (PCI) Approved Scanning Vendor (ASV) reports. However, we use that as our starting point -- not the final product. We do a deep dive into potential problems and review all information security controls — within an agreed scope to keep costs down.

This means that we'll often provide over 200 recommendations after another firm — including the Big 4 accounting firms like Deloitte — provided a basic report with 5 or fewer recommendations in their penetration test report.

The best part of our vulnerability assessment process? It involves very little operational disruption.

If you're web-only, it may just involve some short discussions and access to your systems. For large on-premise vulnerability assessments, we'll hook up an assessment device through which we'll run on-site vulnerability and penetration tests.

Since the pandemic and the explosion of hybrid working, many offices are often sparsly populated. This approach avoids disturbing people and avoids having to co-ordinate access.

On-prem Cybersecurity: firewalls, wireless, server, network, and desktop security

When's the last time you updated your switches, routers, and firewalls? Our process includes daily checks to make sure that your systems don't remain vulnerable to newly-discovered problems, patches, and attack approaches.

Many Managed IT Service Providers (MSP) and IT shops often limit information security to Windows patching, backups, and initial configuration of firewalls.

However, maintaining a secure business is a continuous process, which requires continuous firewall configuration updates, wireless monitoring and updates, and changes to computer settings to protect servers, desktops, and laptops from emerging threats.

We also look at your infrastructure design. In some cases, virtualization technologies like Hyper-V and VMware might save you money and increase reliability, for example. In others, moving some infrastructure to the cloud might make your staff more productive and earn more revenue.

Cloud security

We've got you covered to secure your IT cloud. The primary cloud platforms that we support include:

  • Amazon Web Services - AWS
  • Microsoft Azure
  • Microsoft 365 - M365
  • Google Cloud Platform - GCP
  • Google Workspace
  • cPanel
  • Cloudflare
  • WordPress
  • Atlassian - Jira - Bitbucket - Confluence
  • GitHub
  • QuickBooks
  • Salesforce

Disaster Recovery, Backups, and Business Continuity

Every time we get called to respond to a new client's ransomware attack, they had already tried to restore their backups.
Nearly every time, the backups were on-premise, on the same computer network as the compromised computers. Both had been ransomwared.

We also find that cloud computing systems are rarely properly secured or backed up. These include email and storage platforms like Microsoft 365 and Google Workspace; virtual private cloud systems like GCP, AWS, Linode, and Azure; development systems like Bitbucket and GitHub; and business systems like Salesforce.

Business Impact Assessment (BIA) and Data Governance

This is why we start our clients on a comprehensive Business Impact Assessment (BIA) exercise to understand what information you have, how long you can live without it, how much data you can afford to lose, and how it has to be secured.

Business Continuity Planning - BCP

Next, we go through your manual processes to understand how your organization could keep working if your primary systems were unavailable. During this process, we also understand the types of sensitive data that you store and transmit through email and other means. This helps to inform your overall data governance and protection approach.


Like all IT service providers and help desks, we provide backups. However, since we focus on security, we don't just set up something like VEEAM and run away, leaving you to fend for yourself when ransomware or system failures come knocking.

Instead, we first look at how we can optimize your backups.
Can you replicate your Desktop, Documents, and Pictures to Microsoft 365 (M365) or Google Workspace and just back up M365 or Google?
Which users have so much going on that they need to back up their whole workstations?
What servers need to be backed up? Which VMware, Hyper-V, or other hypervisors need to be backed up?
What cloud services like Salesforce, Atlassian, Bitbucket, Jira, Confluence, GitHub, QuickBooks, Dental Practice Management Systems (DPMS), or accounting systems need to be backed up?
What databases, RDS, DynamoDB, or other fragile systems need to be quickly recoverable?
What process do you use for your website backups and updates?
How are your backups isolated from the rest of the environment?

Disaster Recovery Planning

Recovering from a disaster is different than just restoring a backup. It includes DRP testing, notification processes, and correct sequences. We take care of all facets of DRP for you.

Read More

Code Security - CI/CD - Development Security

Yes, we'll manage your Static Application Security Testing (SAST) and Dynamic Application Security Testing tools.
However, we go a lot farther by manually reviewing your pull requests before you merge them and going over your projects with a fine-toothed comb to find potential vulnerabilities.
Not only will your code become more reliable and secure, but your developers will adopt better practices, become resistant against OWASP Top 10 threats, and meet PCI compliance requirements. Read More

Incident Response Planning

Plan for the worst; protect with the best.
PCI, privacy regulations, vendor contracts, and insurance forms all require sustainable incident response plans -- in addition to best-in-class security controls.
Security is an ever-evolving field. Every day, our teams look for the latest new threats. However, it's possible that one day, one will come up before our multiple cybersecurity threat intelligence sources know about them.
If a Zero Day hits, you need to be prepared. Our business continuity planning and disaster recovery planning will play a big piece; however, it's even more important to find a potential breach before it can do enough damage to invoke a BCP or DRP.
This is why we monitor for risky behaviours and activities in everything from Microsoft 365 to AWS. If information is at risk, we'll support you through the incident response plan to make sure that you eliminate or minimize any compliance penalties and reputational damage.

Patching and Security Updates

Of course, you know to apply Windows updates. However, how often do you check:

  • Mac OS updates
  • Windows optional updates
  • Driver and firmware updates
  • Non-Microsoft application updates
  • Non-Apple application updates
  • Linux updates
  • WordPress and other web updates
We were disappointed to see the low quality of patching tools that most MSPs and IT departments use. It got so bad that we wrote our own to give comprehensive patch coverage, easy patch planning, and low network impact.

Security Awareness Training and Phishing Simulations

Despite all of our technical protections, the human is still one of our biggest threats.
Staff click phishing emails, get malicious notifications, and introduce viruses to companies more than any other source.
For this reason, we provide comprehensive information security awareness training and phishing simulations to build your staff up and keep your business secure. Read More

Data Loss Prevention - DLP

Where is your data?
How do your employees protect your data?
Are you meeting privacy and credit card regulations?
If an employee clicks a phishing email, how much client data will be exposed?

These are all questions that your clients and insurance company want to know. It's why we deploy DLP tools as part of our onboarding processes to work with you to develop secure data processing processes.

Security Cameras and Physical Security

We use state-of-the-art network-based camera systems that don't require expensive recording stations and can keep recording during network and power outages.

These smart cameras have AI built in and can interface with your access control and alarm system to monitor for suspicious people verify the identity of employees using access codes or key cards, and even let you look for specific license plates or descriptions of people!

Continuous Monitoring SOC

We continually update our daily, weekly, monthly, and quarterly review processes to reflect new attacks that we discover through threat intelligence and real-time sources.
For example, we include:

  • Comprehensive and ongoing vulnerability and information security control assessments to proactively find security and compliance improvement opportunities
  • Monitoring for hardware, patch, website, service, backup, cloud (AWS, Azure, Cloudflare Google, Microsoft 365, etc.) security issues
  • Daily reviews for server health in addition to real-time alert monitoring
  • Proactive responses to login failures
  • Reviews for unusual activities in cloud and physical systems
  • Proactive firewall monitoring and tweaking
  • Upstream provider monitoring for services, such as AWS, Bandwidth, Cloudflare, Google, Microsoft 365, Postmark, Shaw, Bell, Telus, etc.
  • Breach detection in addition to best-in-class managed detection and response for viruses, hackers, ransomware, etc.
  • Disaster recovery, business continuity, and backup restoration testing
  • Custom cloud service monitoring, such as DMS in AWS, VPNs, etc.
  • Monitoring for patches that typical MSP tools can't manage, such as unusual Apple software, VMware, Linux, routers, and firewalls
  • Deep-dive into security and compliance alerts and reports in Microsoft 365 and Google Workspace.
  • Process and system monitoring
  • Encryption control and key backup processes to make sure that Windows BitLocker doesn't prevent your staff from working
  • Intrusion detection through firewalls, workstation and server tools, and cloud monitoring
  • Controls to keep hackers outside of your operating area from getting into your physical and cloud systems
  • Layers of security to protect your website administration area from being compromised

What our clients say about ThreeShield

Calgary IT Security Testimonial

CTO, Tilia Inc. (Financial Technology and Online Payments)

" ThreeShield has employed a dynamic, risk-based approach to information security that is specific to our business needs but also provides comfort to our external stakeholders. I recommend their services. "

Calgary IT Security Testimonial

VP Operations and Platform Engineering

" Chris [of ThreeShield] possesses the rare skill in security professionals of understanding broader business and technical demands and using that knowledge to develop a balanced approach to security. He skillfully avoids the dogmatic, prescriptive approach to security I've seen all too often and instead builds a security plan that genuinely strengthens the business. "

Calgary IT Security Reference

IT Architect, Financial Technology and Online Retail

" Collaborating with ThreeShield to ensure data security was an exciting and educational experience. As we exploded in growth, it was clear that we needed to rapidly mature on all fronts, and ThreeShield was integral to building our confidence with information, software, and infrastructure security. "

Calgary IT Security Testimonial


" Chris at ThreeShield provided really great expertise around our online security needs. His process walked us through a full review in a fun and informative way and then offered practical prioritized recommendations to empower us to boost our productivity and enhance our security without it being too big of a hassle. Chris and his team took us beyond just changing settings. They educated us with valuable tips and tricks that allowed us to evolve and better understand our needs and our audience. The simple changes improved our reliability and reduced risks that were baked into our old process and default web hosting settings. I'd recommend Chris and his team to anyone who knows they need help, or us unsure of what help they need. ThreeShield will take care of you. "

Calgary IT Security Review

IT Security Director, Linden Lab (Virtual Reality)

" ThreeShield helped us focus our efforts, enhancing our security posture and verifying PCI compliance.

All of this was achieved with minimal disruption to the engineering organization as a whole.

The approach was smart. In a short time, we accomplished what much larger companies still struggle to achieve. "

Calgary Information Security Review

Senior Director of Systems and Build Engineering

" ThreeShield very much values active and respectful collaboration, and went out of their way to get feedback on policies to make sure proposals balanced business needs while not making employees feel like they were dealing with unreasonable overhead. By doing so ThreeShield really helped change the culture around security mindfulness is positive ways."

Calgary Information Security Review

Director of Customer Support

" Chris [of ThreeShield] was keen on building partnerships of understanding with key stakeholders, and made the effort to understand the needs of the customer support team in terms of information, and balance those with the regulatory concerns -- both in specific and in general -- over PII, data storage and transmission, etc. It is this proactive approach that ensured that we had an open line of communication with Chris, and made me feel confident that when reaching out to him with a question or concern would net me a direct and actionable response."

Calgary Information Security Review

Sales Enablement Lead, Precious Metals

" ThreeShield is a really good company to work with. They have a great blend of security and efficiency, making sure that you are 100% secure, but not at the expense of your productivity. 10/10 would use them again. "

Calgary Information Security Review
Chris B.

IT Analyst, Oil & Gas

" Awesome company, great people to interact with, smart, quick responding, and reasonably priced too. "

Calgary Information Security Review
Moe A.

Senior Trading Lead, Precious Metals

" Great company to work with! Efficient, secure and always on the ball. Truly a pleasure working alongside Chris & Tyson. Highly recommended. "

Ready to get started?
Popular Technical Articles
VMware ESXiArgs Ransomware
VMware ESXiArgs Ransomware

13 February 2023

OneNote Phishing
OneNote Phishing

2 February 2023

Social sites