Integrated coverage
Architecture, operations and offensive testing under one banner, with methodological consistency.
Cybersecurity firm — Québec, Canada
Security, integrated end to end.
HM-DJANTA SÉCURITÉ designs, operates and tests your defenses in a continuous improvement loop. Offensive, operational and architectural cybersecurity — under a single banner.
3
Integrated streams
20+
Certifications
10+
Sectors served
01 — Who we are
A coherent vision,
A coherent vision,
from design to defense.
A Québec firm operating across Canada, HM-DJANTA SÉCURITÉ covers the entire lifecycle of information security.
Offensive cybersecurity, operational security and architecture : we design the controls, we operate them and we test them. A continuous improvement loop rarely offered by a single provider in the SME segment.
Why HM-DJANTA.
Advanced technical expertise
Team certified OSCP, OSWE, OSEP, CRTL, CRTO, CISSP, CISM, ISO 27001 LA/LI and more.
Recognized methodologies
NIST, OWASP, PTES, MITRE ATT&CK, ISO/IEC 27001 — combined to fit your context.
Dual-audience deliverables
Executive summary for leadership, technical detail for operational teams.
Insured protection
Professional liability (E&O) and cyber insurance from the very first engagement.
Legal framework respected
Canadian Criminal Code, Law 25, PIPEDA — written authorizations as standard.
Our values
Five principles that guide
Five principles that guide
every single engagement.
-
01
Rigor
Every engagement is carried out following recognized methodologies and undergoes an internal review by a second consultant before delivery.
-
02
Transparency
Our reports honestly describe what was tested, designed or operated, as well as the limits of each assessment.
-
03
Pedagogy
We translate technical complexity into business risks that decision-makers can understand.
-
04
Ethics
Strict respect for the legal framework and confidentiality guides all of our work.
-
05
Continuous excellence
We invest in training, certifications and technology watch to stay at the cutting edge.
02 — Our expertise
Three areas of expertise,
Three areas of expertise,
verifiable know-how.
20+
Professional
certifications
certifications
11
Methodological
frameworks
frameworks
10+
Industry
sectors
sectors
A
Offensive security
Proactively identifying and demonstrating exploitable vulnerabilities before an attacker discovers them.
B
Operations & response
Active defense, continuous monitoring, incident response and day-to-day support of your security posture.
C
Governance & compliance
Designing secure architectures, frameworks and policies aligned with the world's best standards.
Applied methodological frameworks
Penetration testing
NIST 800-115
OWASP WSTG
OWASP ASVS
OWASP MASVS
PTES
OSSTMM v3
MITRE ATT&CK
CSA Cloud
Architecture
ISO 27001/2/5
NIST CSF
CIS Controls v8
SABSA
TOGAF
NIST Zero Trust
Incidents
NIST 800-61 r2
ISO 27035
SANS IH
Pyramid of Pain
Compliance
ISO 27001
Law 25
PIPEDA
SOC 2
PCI-DSS
GDPR
HIPAA
Sectors served
Finance & insurance
Health & social services
SaaS & technology
Education & research
Public sector
Nonprofits
Retail & e-commerce
Manufacturing
Transport & logistics
Telecom & energy
03 — Services
Three streams,
Three streams,
one single coherence.
Our engagements follow recognized frameworks combined to fit your maturity and context. Select a stream to explore the services.
Stream A — Offensive
Find what's exploitable
Find what's exploitable
before the attacker does.
From validated vulnerability scans to multi-vector Red Team engagements, we emulate real tactics to reveal your blind spots.
External penetration test
Assessment of the Internet-facing infrastructure, black-box or grey-box.
Internal penetration test
Active Directory, segmentation, lateral movement, simulated exfiltration.
Web & mobile apps
OWASP WSTG, ASVS and MASVS — Top 10 and business logic.
Cloud penetration test
AWS, Azure/Entra ID and GCP following the CSA Cloud Pentest Playbook.
Wireless test (Wi-Fi)
WPA2/WPA3/802.1X, Evil Twin, guest/corporate isolation.
Red Team engagement
Multi-vector simulation over 3 to 8 weeks with a defined objective.
Vulnerability scan
Pro tools + manual review to eliminate false positives.
Recurring PTaaS
Scheduled tests, unlimited re-tests, dashboard and dedicated consultant.
Stream B — Operational
Defend actively,
Defend actively,
every single day.
Managed SOC, incident response and continuous vulnerability management following NIST SP 800-61 and MITRE ATT&CK.
On-demand SOC
Analysts for monitoring, triage and investigation — block of hours or one-off.
Light managed SOC
Extended monitoring 5–7 days/week, SIEM integration, continuously tuned rules.
Incident response
NIST 800-61 r2 cycle — containment, forensics, eradication, post-mortem.
Vulnerability management
CVSS + EPSS + impact prioritization, remediation tracking, dashboards.
Custom threat watch
Dark web, compromised credentials, typosquatting, applicable CVEs.
Awareness training
Simulated phishing, workshops, e-learning, developer training.
Tool hardening
SIEM, EDR, firewall, IAM, M365 and Workspace per CIS Benchmarks.
Stream C — Architectural
Design first,
Design first,
defend next.
Target architectures, documentation frameworks, Zero Trust, ISO 27001 and SOC 2 — security planned upstream, aligned with ISO/IEC 27005 and NIST CSF.
Architecture design
Network, application, cloud, identity, data, logging.
Architecture review
Gap analysis vs NIST CSF, CIS Controls and ISO 27002.
Risk assessment (TRA)
ISO/IEC 27005 — assets, threats, impacts, register, action plan.
Frameworks & policies
Corpus aligned with ISO 27001 Annex A, NIST CSF or CIS Controls.
Zero Trust strategy
NIST SP 800-207 roadmap over 12 to 36 months.
BCP / DRP
BIA, scenarios, RTO/RPO, table-top exercises and simulations.
ISO 27001 & SOC 2
End-to-end support: gap → compliance → audit.
vCISO
Part-time virtual security chief — 2 to 8 days/month.
04 — Process
Eight steps
Eight steps
across four phases.
Our delivery process is standardized to guarantee consistency, quality and traceability across all three streams.
Phase 01
Preparation
Scoping & qualification
Scoping workshop, perimeter definition, objectives and intervention window.
→ Statement of Work (SOW)Contracting
Signing of the contract, NDA and — for offensive work — Rules of Engagement.
→ Signed contract fileTechnical preparation
Tool configuration, perimeter validation, coordination checkpoint.
→ Execution plan
Phase 02
Execution
Execution
Delivery per methodology, regular communication, immediate alerts on critical findings.
→ Progress notesAnalysis & validation
Manual validation of findings, CVSS + business context prioritization.
→ Preliminary report
Phase 03
Delivery
Deliverables drafting
Executive summary + technical detail, internal review by a second consultant.
→ Final reportDebrief
Oral presentation, knowledge transfer, Q&A session and prioritized action plan.
→ Action plan
Phase 04
Follow-up
Post-engagement follow-up
30-day support, satisfaction survey, proposal for a recurring engagement.
→ Closing letter
05 — Compliance
Law 25, ISO 27001
Law 25, ISO 27001
& SOC 2 support.
Québec's Law modernizing legislative provisions on the protection of personal information is fully in force. We combine our three streams to achieve operational and lasting compliance.
A
Compliance assessment
Mapping of personal information, assessment of current practices, gap identification and prioritized action plan.
B
Required measures
Appointment of the privacy officer, governance policies, incident management process, PIAs and out-of-Québec transfers.
C
Technical implementation
Encryption, access controls, logging, anonymization, penetration testing and continuous monitoring.
D
Awareness & training
Training tailored to each role (leadership, HR, marketing, IT) and preparation for handling requests.
06 — Contact
Let's discuss your
Let's discuss your
next project.
Have a project, a question or an emergency? Our team responds quickly and confidentially.