Passer au contenu principal

Carmel Info-Risk Offers Leadership and Expertise

Craig Hachey, P. Eng, CISM, PMP

Carmel Info-Risk Offers Leadership, Expertise and Training to Help Safeguard the Cybersecurity of Small and Medium-Sized Organizations

The Vancouver-based company provides clients with the services of a remote information security officer (i.e.,a vCISO) to help protect their networks. Edward Pereira, Carmel Info-Risk’s vCISO Practice Leader and founder, describes the company’s services and the cybersecurity challenges faced by small and medium-sized Canadian businesses.

In-Sec-M: How long has Carmel Info-Risk been active in the field of cybersecurity?

Carmel Info-Risk’s strength lies in a team of consultants who bring, in total, more than 30 years of expertise in the security field. Our experience allows us to provide real leadership as chief information security officers with a vision to implement enterprise cybersecurity programs.  I, myself, worked for eight years implementing security systems in two large public companies. As a result, I wanted to launch my own practice in 2013. Together with my partner, we speculated that, as large companies faced an ever-increasing wave of cyberattacks, small and medium-sized businesses would inevitably be implementing entreprise security programs.

In-Sec-M: What services do you offer these companies?


Our expertise lies mainly in the launch of new cybersecurity programs or the revitalization of existing ones. This is done with the implementation of a cybersecurity management policy, compliance with regulations, improvement of the security system architecture, etc. Our services encompass, among other things, training on the importance of cybersecurity for both end users and for IT professionals, as well as the deployment of new technologies, and the countless procedures that make it possible to maintain a secure environment in IT departments.

In-Sec-M: In your opinion, what’s the biggest cybersecurity need for Canadian businesses today? 

In looking to improve on this particular front, companies need to do two things. The first is education. They need to learn what is commonly known as cyber hygiene, but also understand how they are putting themselves at risk if they aren’t well protected. The second thing to do is to regularly train employees on the latest phishing techniques. It should be noted that 90% of successful attacks on corporate networks involve phishing. Within IT departments, at least one individual should be identified as a cybersecurity lead, particularly in monitoring & data analysis, and in end user education. This role is now needed in IT departments of every size. In order to address the ever-increasing number of attacks, often involving the latest technologies and new techniques. Government could play a role in elevating the importance of the Cybersecurity Lead role in IT departments of small and medium-sized organziations through (1) training credits for students, (2) wage subsidization for employers, and (3) supporting postsecondary institutions in increasing enrollment in cybersecurity programs.


In-Sec-M: What do you expect from In-Sec-M?

We hope to spread the word through In-Sec-M that the goal of Carmel Info-Risk is to provide each of its clients the benefit of a team of information security managers ready to tackle the biggest challenges brought about by cyberattacks. Skills and experience are hard to acquire in cybersecurity. We believe that having a virtual information security officer is the best way to bring these benefits to small and medium-sized businesses. We provide not only technical knowledge, but also communication skills, both verbal and written, and organizational skills. Trust, integrity and experience are the core values at Carmel Info-Risk.

Learn more about our members as MS Solutions