Skip to content
Close
Career
Contact
Career
Contact
Careers Contact
Cybersecurity

Security Strategy & Assessment

Know where you stand. Strengthen your defenses.

Strategic assessments and advisory services turn security from a collection of tools into a coherent, business-aligned program.
Right (13)

Security tools don’t add up to a security program

Most organizations have invested in security, including point tools, controls, and scattered policies. What’s often missing is clarity about where the program stands and how to ensure it aligns with the business. Meanwhile, pressures are compounding: Identity and access management has grown fragmented across cloud, SaaS, and remote work. Zero Trust is widely accepted in principle but unevenly implemented in practice. Software vulnerabilities have become the most common breach vector even as defenses mature. And AI adoption is racing ahead of the policies, controls, and governance models needed to support it safely.

Image (93)
The CBTS approach

Securing clarity for your enterprise

A security strategy engagement with OnX provides a structured evaluation of your unique environment, business drivers, and risk profile. We use a four-step methodology refined across hundreds of engagements: 

1. Identify. Map your current security program against business goals, regulatory obligations, and threat landscape. 

2. Develop. Build a strategy tied to your risk priorities and compliance requirements. 

3. Apply. Deploy best practices from globally recognized frameworks to protect data and assets.

4. Mature. Establish the practices, oversight, and review cycles that move your program forward year after year.

Security Strategy & Assessment capabilities

 We offer four assessment-driven engagements that establish your foundation
for a mature, business-aligned security program.

Security Strategy & Assessment

Where to start

Advisory engagements

A OnX advisory is a time-bound, fixed-fee engagement designed to give you a clear answer to a specific strategic question — fast.

Cybersecurity Maturity Assessment

Duration: 1 to 2 weeks 

Best for: Organizations that want a clear, third-party read on where they stand on AI and security readiness and where to focus first. 

You walk away with: 

  • An AI threat surface map specific to your environment 

  • An assessment of SOC scope and coverage against AI-related risk 

  • A prioritized roadmap aligned to frameworks, including the NIST AI Risk Management Framework and the EU AI Act 

  • Recommendations that connect directly to subsequent governance, prevention, detection, and response work 

Right (6) (1)

What success looks like

A well-built security strategy creates measurable improvements across three of the six outcomes that anchor every OnX engagement.

CBTS_IconSet_Green Duotone (6)

Reduced risk

Identify and govern risk against your organization’s unique tolerance. Know which exposures matter, which controls work, and where to invest next.

CBTS_IconSet_Green Duotone (7)

Operational excellence

 Replace ad hoc, reactive security work with a governed, repeatable program. Build the policies, processes, and review cycles that move security from project to program.

CBTS_IconSet_Green Duotone (8)

Business agility

 Move faster on AI, cloud, and digital initiatives with security designed in from the start.

 “Being a steward of security for an enterprise, the standard you hold yourself to is not ‘I’ve come in and fixed everything in three months.’ It’s year-over-year, dedicated and steady progress.”   

Ryan Hamrick

 Ryan Hamrick

Director, Security Practice, CBTS

Don’t take our word for it

“OnX continues to be a reliable and trusted partner, consistently providing support whenever we have questions or encounter issues. Doug's proactive engagement—regular attendance at our meetings and close alignment with our roadmap—demonstrates a genuine commitment to understanding our priorities and aligning with our operational needs. A key factor in OnX's successful relationship with the City of Edmonton is its deliberate focus on understanding our environment, our challenges, and the business outcomes we are working toward. Their highly skilled technical team further strengthens this partnership, enabling us to confidently tackle complex initiatives and advance critical projects with greater speed and assurance."

ManagerCity of Edmonton / Government

“OnX has been an incredible partner and really takes the time to understand our needs and our culture. Elias and Gabriel have been fantastic throughout and represent OnX professionally and with curiosity about our technology landscape.”

Centre for Addiction and Mental Health (CAMH) / Hospitals & Physicians; Medical

“The OnX account team consistently demonstrates a high level of professionalism and expertise. They are not only a pleasure to collaborate with, but also excel at understanding and translating customer requirements into practical, cost-effective solutions. Their ability to balance client needs with budgetary constraints ensures that projects are both feasible and aligned with business objectives. Overall, their commitment to service and depth of knowledge make them a valuable partner in achieving successful outcomes.”

Sr. Manager IT InfrastructureDeloitte / Accounting Services

“The commitment and dedication by OnX is second to none. We truly do feel that OnX is simply more than a vendor—rather a valuable partner in Sask Polytech's overall success. We truly value the insight that Mark T, Tuyet L, Marcel M, Ali S and various others have guided us within our value streams. Cannot say enough good things about OnX.”

Team Lead NetworkSaskatchewan Polytechnic / Education

“OnX's core competency in professional services, staffing and procurement services have been integral to the success of assisting the operations staff for the Canadian Blood Services. The OnX team have proved themselves to be more than a vendor but a partner in enabling the reliability for the services The Canadian Blood Services provides.”

Canadian Blood Services / Organization; Non-profit

Don’t take our word for it

“I love the creative, tailored solutions that are delivered in a consistent and reliable way while always doing what it takes to make things right.”

Chief Technology and Information Security OfficerFinancial Services / Banking

“My team at CBTS have been trusted partners for a long time. They provide excellent technical support and pre-sales work. Their breadth of knowledge and ability to bring in the right resources have helped us steer our technology into the future.”

Managing Director, CISO, Head of TechnologyPrivate Equity / Financial Services

“CBTS treats us like a partner and not just a customer. The technical expertise is next to none and the relationship management is some of the best I have experienced.”

Director, Telecom and Architecture ServicesHealthcare

Explore the full Cybersecurity portfolio

A connected set of services across the Prevent, Detect, Respond, and Assure lifecycle, designed to work together as your security program matures.

Related insights 

Frequently asked questions 

What’s included in a security strategy and assessment engagement? A OnX security strategy and assessment engagement evaluates your current security posture against industry frameworks like NIST CSF, CIS Controls, and ISO 27001. Our security experts examine policies, controls, identity governance, and architecture. The deliverable is a prioritized roadmap that identifies gaps, recommends specific actions, and aligns security investment to your business drivers and regulatory obligations. Engagements typically include stakeholder interviews, technical review of existing controls, and a final readout with executive and operational versions of the findings.
How long does a typical security assessment take? Most assessments run six to 12 weeks, depending on scope. A focused assessment of a single discipline (e.g., IAM governance or Zero Trust readiness) can be completed in four to six weeks. A comprehensive security architecture and program review across the full environment typically takes ten to 12 weeks. We scope every engagement to your timeline and risk priorities rather than running a fixed template.
What’s the difference between an IAM & Governance Assessment and Zero Trust Services? An IAM & Governance Assessment focuses specifically on identity: how users are provisioned, authenticated, and deprovisioned across your systems. Zero Trust Services takes a broader architectural view, covering identity but also network segmentation, device posture, application access, and the controls that enforce “never trust, always verify” across the environment. Many clients start with an IAM assessment because it’s tightly scoped and high value, then expand into Zero Trust planning as part of their multi-year roadmap.
When should an organization conduct an AI Readiness Assessment? The right time is before AI adoption outpaces your security program. For most organizations, that’s right now. If your business is piloting AI tools, integrating LLMs into customer-facing or internal workflows, or building agentic systems, the AI Readiness Assessment helps you understand the new exposure those efforts introduce and align your security program accordingly. It’s also a strong starting point for organizations whose boards are asking pointed questions about AI risk.
What outcomes can we expect from a strategy and assessment engagement? Expect three deliverables: a clear-eyed assessment of your current security posture against industry frameworks, a prioritized roadmap of actions tied to your business risk, and an executive-ready summary that translates security into terms your board and leadership can act on. Most clients use the roadmap to inform their next 12 to 36 months of security investment, including which subsequent engagements (managed services, additional advisory, technology investments) to pursue and in what order.

Shape a more secure future

Build the security program your business needs.