SELECTED WORK

Illustrative engagements — detection in practice

The summaries below describe representative work CyberMind has performed for Canadian clients. Names and identifying details are changed or omitted. These are not guarantees of future outcomes — they show how machine-learning detection and human analyst review combine in real environments.

DETECTION TUNING · SAAS

A Canadian SaaS scale-up drowning in SIEM noise

The client's security team of three was spending six hours daily on alert triage. Their SIEM generated over four hundred events per day; fewer than two percent warranted investigation. CyberMind conducted a four-week detection engineering sprint: we baselined normal behaviour with anomaly detection models, retired redundant correlation rules and rebuilt priority queues with human-in-the-loop verification.

Within six weeks, daily triage volume dropped by roughly ninety-four percent while maintaining coverage for credential abuse and lateral movement patterns. Two weeks after go-live, a machine-learning flag on an unusual OAuth consent grant was verified by an analyst and traced to a credential-stuffing campaign — contained before data exfiltration. The engagement cost approximately C$19,500 as a fixed project.

CyberMind workshop with client security team reviewing detection tuning results in Toronto boardroom

Mid-engagement review — client team and CyberMind analysts aligning on triage priorities.

CyberMind analysts conducting structured incident review session with timeline documentation

Post-incident review — mapping attacker timeline against detection gaps.

INCIDENT RESPONSE · HEALTHCARE

Phishing-led access at an Ontario clinic network

A regional healthcare provider contacted us after an executive received a convincing invoice phishing email. The message bypassed their gateway filter; the executive clicked a link and entered credentials on a cloned Microsoft login page. Within forty minutes, our retainer SOC support flagged an impossible-travel login from Eastern Europe.

Analysts verified the signal, initiated account lockout procedures with the client's IT lead and mapped the attacker's session activity. No patient records were accessed — the attacker's session was limited to email and calendar before containment. We delivered a written incident summary, updated phishing detection rules and facilitated a tabletop exercise for the leadership team. Ongoing retainer: C$11,500 per month.

THREAT INTELLIGENCE · FINANCIAL SERVICES

Detection engineering for a Toronto fintech's cloud migration

As the client migrated workloads from on-premises infrastructure to Azure, their existing SIEM rules became largely irrelevant. Log sources changed, identity patterns shifted and the team lacked visibility into cloud-native attack techniques. CyberMind mapped their new telemetry landscape, curated threat intelligence for fintech-targeted campaigns and produced thirty-seven custom detection rules aligned to MITRE ATT&CK cloud techniques.

We ran a parallel observation period where AI-driven detection flagged anomalies and analysts validated each one against the client's change-management calendar — reducing false positives during the chaotic migration window. The twelve-week project totalled C$21,000 and included handover documentation so their internal team could maintain rules independently.

SOC SUPPORT · MANUFACTURING

Extended-hours triage for a Quebec manufacturer

A mid-size manufacturing firm with operations across Quebec and Ontario had EDR deployed but no dedicated security analyst. Alerts accumulated over weekends until Monday morning triage became a backlog crisis. CyberMind provided business-hours-plus triage coverage: analysts reviewed EDR and firewall logs, escalated only human-verified threats and delivered a weekly threat summary in French and English.

Over a six-month retainer at C$8,200 per month, the client reported zero missed escalations and a measurable reduction in mean time to acknowledge for genuine threats. We also identified three shadow-IT cloud storage instances through anomaly detection on outbound traffic — referred to their IT team for policy review, not accessed without authorization.

AI SECURITY · TECH

Model and data security assessment for an AI product team

A Toronto technology company building customer-facing AI features needed an independent security review before their Series B diligence. CyberMind assessed API authentication for model endpoints, training data access controls, prompt injection risks and logging gaps in their inference pipeline. We did not perform offensive exploitation — the assessment was governance-focused and aligned with their existing SOC 2 preparation.

Deliverables included a prioritized risk register, recommended monitoring additions for model-serving infrastructure and a briefing for their engineering leads. Fixed-fee assessment: C$14,500. Follow-on detection engineering for their API layer was scoped separately.

OUR APPROACH

What every engagement shares

Authorized work only. Human analysts in the loop. Transparent reporting. No promises we cannot substantiate.

SCOPE

Written authorization first

We do not access client systems, data or networks without explicit written consent and defined boundaries. Every engagement letter specifies what we will and will not do.

METHOD

AI assists, humans decide

Machine-learning detection surfaces candidates; qualified analysts verify before escalation. False positives feed back into detection engineering.

OUTCOME

Risk reduced, not eliminated

We improve detection posture and response readiness. No provider can guarantee you will never be breached — we are honest about that limitation.

Discuss your environment

These summaries are illustrative. Tell us about your telemetry, team size and threat concerns — we will outline what a scoped engagement could look like for your organization.

Request a detection review