SELECTED WORK
Illustrative engagements — detection in practice
The summaries below describe representative work CyberMind has performed for Canadian clients. Names and identifying details are changed or omitted. These are not guarantees of future outcomes — they show how machine-learning detection and human analyst review combine in real environments.
DETECTION TUNING · SAAS
A Canadian SaaS scale-up drowning in SIEM noise
The client's security team of three was spending six hours daily on alert triage. Their SIEM generated over four hundred events per day; fewer than two percent warranted investigation. CyberMind conducted a four-week detection engineering sprint: we baselined normal behaviour with anomaly detection models, retired redundant correlation rules and rebuilt priority queues with human-in-the-loop verification.
Within six weeks, daily triage volume dropped by roughly ninety-four percent while maintaining coverage for credential abuse and lateral movement patterns. Two weeks after go-live, a machine-learning flag on an unusual OAuth consent grant was verified by an analyst and traced to a credential-stuffing campaign — contained before data exfiltration. The engagement cost approximately C$19,500 as a fixed project.
Mid-engagement review — client team and CyberMind analysts aligning on triage priorities.
Post-incident review — mapping attacker timeline against detection gaps.
INCIDENT RESPONSE · HEALTHCARE
Phishing-led access at an Ontario clinic network
A regional healthcare provider contacted us after an executive received a convincing invoice phishing email. The message bypassed their gateway filter; the executive clicked a link and entered credentials on a cloned Microsoft login page. Within forty minutes, our retainer SOC support flagged an impossible-travel login from Eastern Europe.
Analysts verified the signal, initiated account lockout procedures with the client's IT lead and mapped the attacker's session activity. No patient records were accessed — the attacker's session was limited to email and calendar before containment. We delivered a written incident summary, updated phishing detection rules and facilitated a tabletop exercise for the leadership team. Ongoing retainer: C$11,500 per month.
THREAT INTELLIGENCE · FINANCIAL SERVICES
Detection engineering for a Toronto fintech's cloud migration
As the client migrated workloads from on-premises infrastructure to Azure, their existing SIEM rules became largely irrelevant. Log sources changed, identity patterns shifted and the team lacked visibility into cloud-native attack techniques. CyberMind mapped their new telemetry landscape, curated threat intelligence for fintech-targeted campaigns and produced thirty-seven custom detection rules aligned to MITRE ATT&CK cloud techniques.
We ran a parallel observation period where AI-driven detection flagged anomalies and analysts validated each one against the client's change-management calendar — reducing false positives during the chaotic migration window. The twelve-week project totalled C$21,000 and included handover documentation so their internal team could maintain rules independently.
SOC SUPPORT · MANUFACTURING
Extended-hours triage for a Quebec manufacturer
A mid-size manufacturing firm with operations across Quebec and Ontario had EDR deployed but no dedicated security analyst. Alerts accumulated over weekends until Monday morning triage became a backlog crisis. CyberMind provided business-hours-plus triage coverage: analysts reviewed EDR and firewall logs, escalated only human-verified threats and delivered a weekly threat summary in French and English.
Over a six-month retainer at C$8,200 per month, the client reported zero missed escalations and a measurable reduction in mean time to acknowledge for genuine threats. We also identified three shadow-IT cloud storage instances through anomaly detection on outbound traffic — referred to their IT team for policy review, not accessed without authorization.
AI SECURITY · TECH
Model and data security assessment for an AI product team
A Toronto technology company building customer-facing AI features needed an independent security review before their Series B diligence. CyberMind assessed API authentication for model endpoints, training data access controls, prompt injection risks and logging gaps in their inference pipeline. We did not perform offensive exploitation — the assessment was governance-focused and aligned with their existing SOC 2 preparation.
Deliverables included a prioritized risk register, recommended monitoring additions for model-serving infrastructure and a briefing for their engineering leads. Fixed-fee assessment: C$14,500. Follow-on detection engineering for their API layer was scoped separately.
Discuss your environment
These summaries are illustrative. Tell us about your telemetry, team size and threat concerns — we will outline what a scoped engagement could look like for your organization.
Request a detection review