Cybersecurity Consulting – Vancouver Island, BC

We Protect What
You’ve Built

Bolt Hold Cyber Security defends Canadian businesses and high-value individuals against data breaches, ransomware, and cyber threats – before they happen. Expert-led audits, CPCSC and CMMC compliance, SA&A, and program development, available 24/7.

bolt·hold /ˈbōltˌhōl/ (noun): In military jargon, a bolt hold is the ultimate secure location – where the most protected information is secured. That’s the standard we bring to your digital environment.
Book a Free Discovery Call View Services
Credentials
Veteran-Owned
CISSP
GSEC
GCIH
GSTRT
SSAP
GIAC / SANS · ISC²
Core Services

Cyber Security
Services

Tailored protection for individuals and organizations across Vancouver Island, British Columbia and Canada – available 24 hours a day, seven days a week.

01 / 03

VIP Personal Audit

For executives, high-net-worth individuals, and public figures on Vancouver Island and across BC. We identify every exposure in your personal digital footprint and close it before it becomes a crisis.

Includes
Device audit, account security review, dark web scan, social engineering exposure assessment
Timeline
Typically 5-10 business days
Deliverable
Written risk report with prioritized remediation steps
Best for
Executives, professionals, high-net-worth individuals
Learn More
02 / 03

Business Audit

A comprehensive security assessment for small and medium businesses across the Comox Valley and Vancouver Island. We expose the gaps that attackers find – and give you a clear, actionable plan to close them.

Includes
Network and infrastructure review, phishing vulnerability test, staff security posture, data handling assessment
Timeline
2-4 weeks depending on organization size
Deliverable
Executive summary + technical report with ranked vulnerabilities
Best for
SMBs, professional services, healthcare, legal, retail
Learn More
03 / 03

Program Development

We build your organization’s cyber security program from the ground up – or strengthen what you already have. Policies, procedures, training, and monitoring frameworks custom-fit to your operations and risk profile.

Includes
Policy creation, incident response planning, staff awareness training, ongoing advisory
Timeline
4-12 weeks depending on scope
Deliverable
Full documented security program and tailored playbooks
Best for
Growing businesses, regulated industries, post-breach recovery
Learn More
Federal & Defence Services
Federal & Defence

Government Contracting
Security

For Canadian companies pursuing – or already holding – federal and defence contracts. We help you achieve and document the compliance required to bid, win, and operate in Canada’s defence supply chain and federal IT ecosystem.

The Government of Canada’s Canadian Program for Cyber Security Certification (CPCSC) Level 1 becomes mandatory for select defence contracts in Summer 2026 – months away. Most suppliers don’t know it’s coming. Bolt Hold helps you get audit-ready, document your controls, and understand the attestation risk of signing a self-assessment before your processes are actually in place. We also assist companies pursuing US DoD contracts under CMMC, and those building or operating IT systems that require a Government of Canada Authority to Operate (SA&A).

01 / 03

CPCSC Level 1

Readiness advisory and audit-ready documentation for Canadian defence suppliers. We assess your 13 controls, identify gaps, guide remediation, and help you produce the documented evidence that makes your self-attestation defensible – and keeps you out of legal jeopardy.

Includes
Gap assessment across all 13 CPCSC Level 1 controls, remediation guidance, documentation package, attestation risk briefing
Standard
ITSP.10.171 / NIST SP 800-171
Deliverable
Audit-ready control evidence package + gap remediation report
Deadline
Required at contract award – Summer 2026 rollout
Learn More
02 / 03

CMMC Level 1

For Canadian companies pursuing US Department of Defense contracts. CMMC Level 1 covers 17 practices protecting Federal Contract Information. We prepare your documentation, assess your practices against each control, and ensure your self-assessment is grounded in verifiable evidence.

Includes
17-practice gap assessment, policy alignment, documentation support, self-assessment preparation
Standard
FAR 52.204-21 / NIST SP 800-171
Deliverable
SPRS-ready score documentation and remediation roadmap
Best for
Canadian companies in the US defence industrial base
Learn More
03 / 03

SA&A (Security Assessment & Authorization)

For vendors and contractors building or operating IT systems that handle Government of Canada information. We guide your system through the ITSG-33 SA&A lifecycle – from Threat and Risk Assessment through to Authority to Operate – so your system can legally operate in a federal environment.

Includes
TRA (Threat & Risk Assessment), security control profile selection, SRTM, ATO evidence package
Standard
ITSG-33 / Protected B (PBMM)
Deliverable
Complete SA&A evidence package supporting Authority to Operate
Best for
SaaS vendors, IT contractors, cloud service providers serving the GC
Learn More
CPCSC Rollout Timeline
March 2025
Phase 1 – Standard PublishedCPCSC standard released publicly. Level 1 self-assessment tool launched. SCC begins accepting assessor applications.
Summer 2026
Phase 2 – Level 1 MandatoryLevel 1 certification required at contract award for select defence contracts. Self-attestation must be documented and defensible.
Spring 2027
Phase 3 – Level 2 Third-PartyLevel 2 requires accredited third-party assessment. Bolt Hold has applied to the Standards Council of Canada for assessor accreditation.
2027+
Phase 4 – Level 3Government-led assessments for highest-risk scenarios involving weapon systems, critical infrastructure, and Five Eyes intelligence.
Client Outcomes

Real Results,
Real Protection

Our clients choose to remain confidential – that’s the nature of this work. Here’s what our engagements have delivered.

Business Audit – Professional Services
A regional law firm on Vancouver Island approached us after a suspicious email nearly compromised their client files. Our audit revealed three critical vulnerabilities – unpatched software, a shared admin credential, and no MFA on their document system. All resolved within two weeks, no incident since.
Regional law firm · Comox Valley, BC
Program Development – Healthcare
A Vancouver Island healthcare provider needed to meet new provincial data security requirements before a contract renewal. We built their complete security program – policies, incident response procedures, and staff training – in six weeks. The contract was renewed with zero issues raised by the auditor.
Healthcare provider · Vancouver Island, BC
VIP Personal Audit – Executive
A BC-based executive discovered their personal email credentials were being sold on the dark web. We conducted a full personal digital audit, secured every account, enabled proper identity monitoring, and briefed their family on social engineering risks. The whole engagement took eight days.
Senior executive · British Columbia
Available 24/7
Veteran-
Owned &
Operated
East coast of Vancouver Island,
Comox Valley, British Columbia.
20+
Yrs Experience
About Us

Intelligence-Led.
Veteran-Owned.
Local Expertise.

Bolt Hold Cyber Security is a veteran-owned firm founded in British Columbia. Our team brings decades of combined experience advising organizations and government leaders on intelligence threats, offensive cyber security, and general security consulting. We combine the discipline and operational ethos developed through military service with deep technical expertise and continued study of the evolving cyber threat landscape.

Our principal consultant has over two decades of experience advising on risks and threats, with a background in the Canadian Armed Forces that included specialization in human intelligence collection operations and eight years with the Canadian Special Operations Forces. We understand how adversaries think – because our team has spent careers studying them.

Professional Certifications
CISSPISC²
GSECGIAC Security Essentials
GCIHGIAC Certified Incident Handler
GSTRTGIAC Strategic Planning & Leadership
SSAPGIAC Applied Knowledge
Proudly Collaborating With
Coding for Veterans
King’s Trust Canada
The Team

Specialists, Not Generalists

Our consultants are engaged based on the specific demands of each engagement. Each brings a distinct specialization – so you get the right expertise applied to your actual problem, not a generalist stretched thin across disciplines.

Principal Consultant

Intelligence & Strategic Security

Over two decades of experience advising organizational and government leaders on intelligence threats, risks, and security strategy. Specializes in threat and risk assessment, intelligence analysis, and crisis response planning – bringing an adversarial perspective to every engagement.

Threat & Risk Assessment
Intelligence Analysis
Crisis Response
HUMINT
Security Strategy
CAF · Canadian Special Operations Forces · 8 years
Associate Consultant – Offensive Security

Threat Research & Adaptive Security

A creative and flexible operator who excels at understanding a desired outcome and engineering a path to it. Stays at the forefront of investigating current and evolving cyber threats, with a particular talent for approaching problems from an attacker’s perspective.

Threat Research
Offensive Security
Vulnerability Analysis
Adaptive Problem Solving
CAF · Combat Engineer veteran
Senior Associate – Red Team & Incident Response

Penetration Testing & Red Team Operations

A senior red team operator and respected penetration tester with expertise spanning the full offensive security spectrum. Brings deep hands-on capability to engagements where the goal is finding and demonstrating real vulnerabilities – and then helping close them.

Penetration Testing
Red Team Operations
Application Security
Wireless Security
Social Engineering
Incident Response
Ransomware Recovery
Senior security consultant · 10+ years operational experience

Ready to Know Where You Stand?

Book a free 30-minute discovery call – no sales pitch, just an honest assessment of your risk posture.

Book a Discovery Call Email Us