ThreeShield.ca — Complete Site Index

Lavawall® platform overview, services summary, industries served, client testimonials

Company history, credentials, CISSP/CISA certification, expert witness capability, B-Corp standards

Structured factual overview for AI tools and researchers — schema.org markup, client list, testimonials

Contact form, all phone numbers, Calgary office addresses, free domain scan link

Internet-facing security scan powered by Lavawall — no account needed

Working at ThreeShield, employee benefits, current opportunities, CISSP/CISA mentorship

Emergency IT support during wildfire evacuations — waived minimums, immediate remote help

Continuous monitoring of 7,533+ applications, M365/Entra/AWS security, GRC for 15+ frameworks simultaneously, ransomware IOC hunting and breach detection

CISSP/CISA-led assessments combining external attacker view with insider context. Typically finds many more issues than standard penetration tests

Lavawall® automation frees 10-15 hours/week from manual security operations for strategic work

Security-first managed IT for Calgary healthcare and accounting firms. CISSP/CISA oversight, local support team

End-to-end compliance programs for Canadian, US, and EU frameworks. 3 tiers: DIY, Supported, Done-for-You

Ransomware-resilient backup design, 3-2-1-1 architecture, quarterly restore testing, M365 backup, and business continuity planning

Move from GoDaddy Airo, Wix, or Squarespace to free Cloudflare Pages hosting. Included in managed package

Clinics, primary care networks, pharmacy groups. Alberta HIA, BC PIPA, HIPAA, PCI for medical offices accepting card payments

CPA firms and financial advisors. CPA Canada framework, PIPA, Caseware/TaxCycle/ProFile expertise. Founder speaks at CPA Banff Forum

White-label Tier 3 security services and Lavawall® for MSPs. CISSP/CISA expertise without a full-time senior hire

Ransomware protection, OT/IT security, and backup for farms, agribusiness, co-operatives, and rural Alberta organizations

NERC CIP compliance for BES operators. CIP-004 training, CIP-005 ESP assessments, CIP-007 vulnerability assessments. Bill C-8 for pipelines

PCI DSS v4.0.1 compliance for businesses accepting card payments. SAQ type determination and compliance program

Passed House of Commons March 26, 2026. 90-day program deadline, 72-hour CSE reporting, $15M/day fines. Designated operators in telecom, banking, nuclear, pipelines, transport

Canadian Centre for Cyber Security baseline controls for federal government suppliers and critical infrastructure

Office of the Superintendent of Financial Institutions technology and cyber risk guideline for federally regulated financial institutions

Health information custodian obligations for clinics and health organizations in Alberta. Former AHS auditor on staff

Personal Information Protection Act for private sector organizations in Alberta collecting, using, or disclosing personal information

Quebec's private sector privacy law — mandatory privacy officers, PIAs, and 72-hour breach reporting

Federal privacy law for commercial organizations. Bill C-27 brings GDPR-style consent and penalty regime

BC Personal Information Protection Act and health information privacy for BC organizations

North American Electric Reliability Corporation Critical Infrastructure Protection for BES cyber systems. CIP-004, CIP-005, CIP-007 assessments

Accounting firm cybersecurity framework. Caseware, TaxCycle, ProFile integration experience. CPA Banff Forum presentations

Canadian Investment Regulatory Organization cybersecurity requirements for investment dealers and mutual fund dealers

BC Financial Services Authority technology risk expectations for provincially regulated financial institutions

Ontario public sector and MUSH sector cybersecurity framework requirements

Health Insurance Portability and Accountability Act for US health information. Canadian health tech companies with US clients

AICPA Service Organization Control 2 — security, availability, confidentiality, processing integrity, privacy trust criteria

Payment Card Industry Data Security Standard for any business accepting Visa or Mastercard

Cybersecurity Maturity Model Certification for US DoD contractors and Canadian companies in the US defence supply chain

Center for Internet Security Controls — 18 control groups that satisfy most cyber insurance questionnaires

NIST Cybersecurity Framework — Identify, Protect, Detect, Respond, Recover, now with Govern function

International standard for Information Security Management Systems. 93 Annex A controls

General Data Protection Regulation — applies to any organization processing EU residents' data, including Canadian companies

Network and Information Security Directive 2 — mandatory for 18 critical sectors in the EU. In force October 2024

NCSC-backed certification required for UK government contracts. Delivered via ThreeShield Information Security Ltd (UK)

Overview of all security awareness, compliance, and technical training programs

Staff training on phishing, password hygiene, social engineering, and safe computing. PIPA/PIPEDA/HIPAA/HIA compliant

Controlled phishing tests to identify at-risk staff and measure training effectiveness

HIA, HIPAA, and PIPEDA-aligned training for clinical and administrative healthcare staff

OT/IT convergence, ICS/SCADA, Bill C-8 CCSPA, and CER/AER compliance for energy sector staff

Board-ready cybersecurity briefings covering threat landscape, regulatory exposure, and governance obligations

Facilitated scenarios testing your team's response to ransomware, breach, and business continuity situations

Staff training designed to meet CCSPA designated operator program requirements including supply chain risk awareness

Discovered by Saad Alfakir, ThreeShield. Cross-site scripting, arbitrary URL redirection, iframe tampering, and origin manipulation in a widely-deployed JavaScript library. March 2023

Managed appliances ship with unpatched IPMI firmware and default credentials. We asked the vendors — here is what they said. June 2019

Thousands of VMware ESXi servers hit in February 2023. ThreeShield clients were unaffected. Analysis of what proactive patching and segmentation actually prevented

LastPass disclosed attackers obtained encrypted password vault backups. Video briefing covers risk and required actions. January 2023

Akira has hit multiple Canadian healthcare organizations. Lavawall® includes an active ransomware IOC hunter covering Akira, LockBit, BlackBasta, and emerging strains. How to defend it. 2024

Employees install software outside IT visibility. Personal password managers and media servers create credential exposure MSPs miss

75% of managers fell for this attack in ThreeShield simulations. Attackers use legitimate cloud services to deliver ransomware from known contacts. 21-minute video. January 2021

Encrypted email delivers phishing links and ransomware that security tools cannot inspect. Video explains how and how to protect your organization. March 2021

Attackers hide malicious scripts in OneNote files. Exact list of attachment types to block at your email gateway

Scammers combine breached passwords with LinkedIn data to run extortion campaigns. Featured in CBC coverage. Exactly how it works and what to do

Gmail and Yahoo changed email policies in 2024. SPF, DKIM, and DMARC configuration required or your emails may be blocked. February 2024

Direct links to enable multi-factor authentication on Microsoft 365, Google, Amazon, LinkedIn, QuickBooks, Xero, and 13 more. Updated February 2023

Multiple disconnected vendors for GRC, monitoring, auditing, and training can cost $150K+ per year. ThreeShield integrates them

Many Calgary health organizations face both. Understanding the overlap and differences is critical for cross-border health tech

CIS IG1 is what most insurers want. Lavawall® monitors your CIS posture continuously and produces the evidence insurers require

Lavawall® and ThreeShield white-label Tier 3 lets MSPs deliver enterprise-grade security and compliance without hiring

Independent security and privacy review of Alberta's COVID-19 contact tracing app by a former Alberta Health Services auditor. Featured in Global TV and CBC coverage. 2020

Securing remote work environments during a pandemic — VPN security, cloud services, phishing awareness, and backup isolation. Featured in BBB coverage. 2020