About Us

Home / About

We focus on security so you can focus on your business

Vulnerability Assessment

Go beyond a penetration test or vulnerability scan. Our holistic approach focuses on keeping your business running.

Security management

You don't need to pay for a full-time CISO or IT Security Manager -- but you do need someone to keep you secure around the clock.

Information security training

We take care of your compliance training needs and reinforce lessons through phishing, malicious USB, and other simulations.

Compliance audit preparation

As security auditors, we know how to prepare you for your NERC, PCI, ISO, and internal audit based on COBIT, NIST, and other standards.

Backup & Failover

We provide automatic backup to local appliances and Canadian data centres, automatic failover, near-instant spin-up of machine images, workstation imaging and file-level backup, and version control/backup for cloud services.

Third-Party Products & Services

We have partnered with the following companies to provide outstanding support and prices well below MSRP: AutoTask, Blackberry, Cisco, Datto, KnowBe4, Meraki, SecurityMetrics, Sophos, Tenable, Trend Micro, and other industry leaders.

Experience and Credentials

One of our founders oversees all security engagements.

Chris easily translates business requirements into security controls with help from his:

  • MBA and Computer Science degrees,
  • CISSP (Certified Information Systems Security Professional),
  • CISA (Certified Information Systems Auditor),
  • PCIP (Payment Card Industry Professional), and
  • other security certifications.

    His two decades of experience in information security includes energy companies, such as Syncrude Canada; the Office of the Auditor General of Alberta; banks, colleges, and universities in Alberta; large corporations like United Technologies, Pratt & Whitney Canada, Sikorsky; critical infrastructure; and large cloud-based entertainment infrastructure for Second Life and other organizations.

    The Court of Queen's bench has certified Chris as an expert in the general area of cyber security and he serves as an Expert Witness in cases that involve information security vulnerabilities and privacy, including social media.

    ThreeShield provides small and medium-sized enterprises the rare opportunity to benefit from his extensive experience at a fraction of the cost. 

  • Ready to protect your business?


    Our Internal Security Practices

    During the assessment process, we request your configuration information, policies, and related documentation. We understand that this is sensitive information and protect it the same way that we protect our own. Here are some of the controls that we employ:
  • Data in transit: All data in transit is encrypted using TLS (SSL support has migrated to TLS; threeshield.ca no longer supports SSL)
  • Data at rest: All sensitive information is encrypted using AES. Your information is encrypted using an encryption key that is unique to your company.
  • Removable media: All customer data on removable media (including SD cards and USB drives) is stored within encrypted containers, so if it is ever misplaced or stolen, it will remain protected.
  • Passwords: Our secure internal client documentation request system uses multi-factor authentication that relies on a combination of your email, a cookie that we use to recognize your computer, and your computer's network. However, during the registration process, we request a password for you to use to confirm your identity in case you need to send us information from a new computer or network (used in combination with email verification). We never store the actual password. Instead, we use a slow one-way salted hash called Bcrypt. This means that even if our password database is compromised, your password will not be disclosed. If someone tries to "brute force" your password by reverse-engineering the hash, the amount of time it would take to crack it would be infeasible -- much longer than with other industry standards, such as SHA256.
    Our email and accounting systems, which may contain your information are also protected by multifactor or 2-step authentication.
  • Our Privacy Policy

    We do not rent, sell, or trade any of your information with third parties.
    We use third-party hosting and load balancing providers. Although your data is encrypted, it is possible that our hosts may have access to your information while it is temporarily decrypted in memory. Your information may also be stored in our hosted accounting and customer relationship management tools.

    Social and Environmental Impact

    In addition to being active members of the Information Security community, we proudly support Safe and Secure Online. This is a flagship online safety program that teaches children, parents, grandparents and whole communities how to protect themselves online and become responsible digital citizens. If you are interested in a free security awareness presentation at your school, library, or other organization, please contact us.

    We sponsor several cultural, music, and start-up events in the city of Calgary with the objective of maintaining Calgary as an attractive city for headquarters and to raise families. However, our focus remains Safe and Secure Online because the security threats that businesses face often extend to employee homes. Security-conscience families in a vibrant city help to secure our clients.


    ThreeShield Information Security Corporation is a Canadian federal corporation incorporated under the Canada Business Corporations Act and is registered in Alberta as an extra-provincial corporation.

    GST Account #79028 2099 RT0001


    As the Chief Compliance Officer of a payments entity, I have relied on ThreeShield Information Security to provide risk-based solutions that have satisfied regulators and business partners alike. While our Money Services Business is unique in that it supports commerce within virtual worlds and video game environments, the security standards that we have to meet are the same as they would be for any regulated financial institution.

    ThreeShield has employed a dynamic, risk-based approach to information security that is specific to our business needs but also provides comfort to our external stakeholders.

    I recommend their services.

    -Scott Butler, CCO of Tilia Inc.


    ThreeShield Information Security has provided customized IT security tools and consulting to organizations of all sizes, including the following:
    1-Page  •   Calgary Foothills Primary Care Network  •   Carrier Corporation  •   Collins Barrow Calgary LLP  •   Computer Sciences Corporation  •   Deloitte  •   Ernst & Young  •   Escape Ops  •   First Gulf Bank  •   Government of Alberta  •   Hamilton Sundstrand Corporation  •   Hurricane Computer Solutions  •   International Aero Engines  •   KPMG  •   Linden Research (Linden Lab)  •   NASA  •   NORESCO  •   Otis Elevator Company  •   Plateau Systems  •   Pratt & Whitney  •   Red Link SA (Argentina)  •   Segurança da Informação e Conformidade  •   Sikorsky Aircraft Corporation  •   Tilia Inc  •   TOOT'n TOTUM  •   Towers Watson  •   United Technologies Corporation  •   Universidade de São Paulo  •   UTC Power  •   Whitecap Resources Inc