Klavan Security · Mission-Ready Security
Military & Intelligence Background · 20+ Years
Hackers turned entrepreneurs. Not compliance turned security.

BIG CUSTOMERS DON'T SAY NO.
THEIR SECURITY TEAM DOES.

MONTH 0 PRE-LAUNCH

The contracts that would change your company are gated by a security review you can't pass yet. We get you through it, and keep you through it.

Klavan builds your security program, runs it, and maintains it, so you pass the review, win the deal, and stay ready for the next one. SOC 2, ISO 27001, CMMC, and more. The people who build your proof break into systems for a living. Security before compliance.

160+
Engagements
50+
Innovation Hubs
47%
Faster Readiness
#1
Startup Security Provider
Pedigree
Military & Intelligence Background Canadian Security Intelligence Service (CSIS) Background Rogers Cybersecure Catalyst / TMU / RBC Saskatchewan Polytechnic DFIR BSides Ottawa · Calgary · Hacker Halted

What We Do

MISSION-READY SECURITY

Security before compliance. You focus on winning. We handle the complexity.

01 // FLAGSHIP
Mission Ready SOC 2 Success Path™
Five-step methodology. We drive your GRC (Vanta/Drata), coordinate with auditors, infuse SHELLHOUNDS research throughout. 47% faster than industry average. See pricing →
02
BaseCamp
12-month security cycle. Work through it yourself or with your dedicated Guide. Trust Center live from Month 1. Starting at $597/mo. soc2success.io → · View our Trust Center →
03
BaseCamp Recon
Real-world pen test for your vibe-coded app. Simulated attack by Klavan's offensive team. Plain English report in 5 business days. From $499. soc2success.io/recon →
04
SHELLHOUNDS Pen Testing
Ex-military, ex-intelligence, natural-born hackers. Penetration testing powering the Mission Ready SOC 2 Path™ and available standalone. Learn more →

Offensive Security · Rapid Tactical Prototyping Lab

SHELL
HOUNDS

A Division of Klavan Security · Under Shadow Tactics

A high-speed, black-box research lab for cyber and physical security R&D. Think DARPA meets underground skunkworks. Ex-military, ex-intelligence operatives and natural-born hackers. Our penetration testing directly powers the Mission Ready SOC 2 Success Path™ and is available as standalone engagements. We don't sell fear. We build credibility that closes deals, and we monetize zero-days.

Cyber Operations
Red Team & Offensive Tools
Custom malware, post-exploitation frameworks, adversary simulation, hardware implants, side-channel attacks, RF exploits.
Physical Security
Covert Entry & TSCM
Lock picking, relay attacks, smart lock research, covert breaching, counter-tracking, electronic access control hacking.
Remote Digital
Exploitation & Defense
Zero-click exploits, network pivoting, OSINT/SIGINT collection, AI-driven offensive attacks, anti-forensic frameworks.
Vibe-Coded Apps
BaseCamp Recon
Real-world pen testing for AI-generated applications. Auth bypass, API abuse, RLS gaps, injection, logic flaws.
AI Security
ML & AI Assessment
Testing vulnerabilities in AI systems and ML models. Offensive AI attacks, deepfake security, AI governance.
Specialized
Custom Engagements
Adversarial emulation, ransomware negotiation, social engineering, zero-day research and acquisition.
Request an Engagement

Transparent Pricing

MISSION READY SUCCESS
PATHS TO THE SUMMITS

Done right. No cheat codes.

BaseCamp Scout
For 1–3 person teams · pre-revenue · self-guided · Platform + Trust Center · 12-month cycle
$297/mo
Start Scout
Most Popular
BaseCamp Guide
For 1–3 person teams · pre-revenue · dedicated Guide + Platform + Trust Center · 12-month cycle
$597/mo
Start Guide
BaseCamp Operator
1–3 people · on BaseCamp · 12-month cycle
$1,497
/month · the Klavan team handles it
  • Everything in BaseCamp Guide
  • Runs on the BaseCamp platform
  • Security questionnaires handled for you
  • Quarterly strategy sessions
  • Audit liaison + priority response
  • SHELLHOUNDS Startup Pentest included
Start Operator
HighCamp Rope Team
2–10 people
$2,971.26
/month · fixed engagement
  • Type I · fixed 6-month engagement
  • Type II · fixed 12-month engagement
  • GRC setup & management
  • CPA firm coordination
  • Readiness done right, without the in-house build
Choose Rope Team
HighCamp Expedition
10–50 people
$4,561.26
/month · fixed engagement
  • Everything in Rope Team
  • Dedicated advisor + risk register
  • Multi-framework readiness
  • Priority response SLOs
  • Scales with your headcount and frameworks
Choose Expedition
HighCamp · engagement terms
SOC 2 Type I is a fixed 6-month engagement. SOC 2 Type II is a fixed 12-month engagement covering build and the observation window. Audit and pen test fees are quoted separately. Run it on the BaseCamp platform, or bring your own (Vanta, Drata, or your existing stack) and we manage it either way.
Coming from BaseCamp? Your time served comes off the clock. We credit 3 months against the fixed engagement, and you take 20% off the months that remain.

We Leveled Up With Klavan

COMPANIES WE'VE
HELPED HARDEN

Real teams. Real engagements. Across sectors and stages.

Loyalty & Rewards
Spoonity
SOC 2 compliance documentation and OCI DMAP completion.
Data Intelligence
ARIMA
SOC 2 policy development and ongoing compliance program support.
Aerospace
ALFA Aero Solutions
SOC 2 Type I complete, Type II in progress.
Energy Technology
Relion
Security program assessment and compliance readiness.
Energy Analytics
Orennia
Security posture assessment and compliance gap analysis.
Technology
Ctrl.
Security program and compliance foundation.
Financial Services
LSQ
Cybersecurity program review and compliance readiness.
Alternative Lending
eCapital
Compliance gap analysis and security program review.
Productivity SaaS
Fellow
SOC 2 program. Policy framework and controls implementation.
Legal Technology
Qlarifi
Security program design and compliance readiness.
Fuel & Retail
MacEwen / QuicKie
Physical and cyber security assessment.
HR Technology
talent.com
Fractional CISO engagement and vendor risk management.
Energy
Provident
Security posture review.
Legal Services
Gowling WLG
Security posture and compliance readiness review.
Legal Services
Carranza LLP
Cybersecurity program and compliance review.
Non-Profit
Kristus Darzs Latvian Home
Cybersecurity program and risk assessment.
Healthcare Tech
Welbi
Security program for senior care platform.
Technology
KOTT
Security assessment and compliance readiness.
Skateboard Mfg & Design
TROUBL3
Security and compliance program for TROUBL3 Skateboards.
Pharmaceutical
Ipsen
Security program review and compliance guidance.
Research & Advisory
Info-Tech Research Group
Security posture and compliance assessment.
Security Services
MHM Security Privacy Inc.
Security partnership and collaboration.
EV Infrastructure
AXSO
Pre-production penetration testing of EV charging platform.
Utilities
Hydro Quebec
Security assessment and compliance guidance.
Technology
Ollon
Security program design and compliance foundation.

Who We Are

14 PRACTITIONERS.
THREE CORE LEADS.

This is not a team that learned security from a certification course.

A.A.
Andrew Amaro
Founder

20+ years in offensive security. Shellhounds red team under Shadow Tactics. I build what attackers fear.

20+ yrs offensive security Canadian Security Intelligence Service (CSIS) Background Shadow Tactics DFIR Instructor
E.W.
Elanor W.
Core Lead

A natural-born hacker and cypher punk. The kind of mind that finds the gap everyone else missed.

Natural-Born Hacker Cypher Punk Offensive Research
F.K.
Flint K.
Core Lead

Ex-military, Five Eyes signals intelligence. Operated where the stakes were real.

Ex-Military Five Eyes Signals Intel Offensive Security
+ 11 More Practitioners

Behind us are 11 more practitioners. Ex-military. Ex-intelligence. Offensive security backgrounds. This is not a team that learned security from a certification course.


Indie. Self-Made. Still In It.

WE'RE A
STARTUP TOO.
WE KNOW
YOUR PAIN.

Klavan Security is an indie, self-made firm. No VC. No enterprise backstory. We built this from the ground up, the same way you're building yours.

We know what it feels like when a buyer asks about security and you have nothing to send. We know what it's like to lose a deal over a questionnaire you couldn't answer. We know the pressure of a contract that requires SOC 2 and a runway that can't absorb a $200K consultant bill.

That's exactly why we built BaseCamp. Not for enterprises that can throw money at the problem. For founders and scale-ups who need to move fast, close deals, and not get buried in compliance theater.

"Startups and scale-ups, we know you. Because we are you."

Andrew Amaro · Founder, Klavan Security
We get it
You Can't Afford to Get It Wrong
One breach, one lost deal, one failed audit, and months of work disappear. We built our entire methodology around protecting your runway, not burning it.
We get it
You Don't Have Time for Theater
We don't do checkbox compliance. Every control we implement is real. Every policy is practical. Your team ships features. We handle the security program.
We get it
You Need Deals Now, Not in 18 Months
That's why BaseCamp puts a live Trust Center in front of buyers on Day 1. Credibility before certification. Revenue while you build toward the summit.
We get it
You Need Someone In Your Corner
Not a platform you get dropped into alone. Not a consultant who disappears after the kickoff call. A team that's with you for the full 12 months, and beyond.
Events

SPEAKING
ENGAGEMENTS

BSides Ottawa
Ottawa, Canada
BSides Calgary
Calgary, Canada
Hacker Halted
Atlanta, USA
Security Canada CANASA
Canada
ENSA Tangier
Morocco
Cyber Sec Brussels
Belgium
Vancouver Intl Security Summit
Vancouver, Canada
Invest Ottawa
Ottawa, Canada
Rogers Cybersecure Catalyst
TMU / RBC
SunSecCon
Security Conference
SaaS North
Ottawa, Canada
L-Spark
Ottawa, Canada
Tech North Atlanta Startup Center
Atlanta, USA
EU CYBERNET
Romania, Moldova, Estonia
Privy Council Office
Ottawa, Canada
CISO (OPP, Toronto Police)
Hamilton, Canada
CIS Ottawa
Ottawa, Canada
Unicorn Factory Lisboa
Lisboa, Portugal
Close Access Protection
Nigeria

Ecosystem

OUR PARTNERS

The community we operate in and contribute to.

CISA U.S. Cyber Command SYBA Rogers Cybersecure Catalyst Toronto Metropolitan University ISACA AICPA SOC Vanta OCI EU CyberNet OWASP Top 10 for LLM Pacific Hackers Association BSides Ottawa BSides Calgary SunSecCon L-Spark SaaS North Invest Ottawa Dragon Squad ENSA Architecture Technology Corporation Cyrin Cyber Range InfoSecMap Data Breaches Digest NordVPN Canadian Cyber Five Eyes Community

Live Security Posture
Our Public Trust Center

See exactly how Klavan Security handles security, compliance, and data protection. Real controls. Verified posture. Not aspirational. Documented and live.

View Trust Center →
Get Started

LET'S TALK
SECURITY.

No pressure. No pitch deck. A direct conversation about your situation, your risks, and whether Klavan is the right fit. If we're not, we'll tell you that too.

30 min
Intro Call
Your situation and where you want to go
60 min
Technical Scoping
Environment, compliance targets, threat profile
Custom
SHELLHOUNDS Scoping
Assets, rules of engagement, timelines
// Start the Conversation

Tell us what you're working on. No pressure, no pitch, just a direct conversation about your situation. If we're not the right fit, we'll say so.

What to expect
Intro calls typically scheduled within 24–48 hours
BaseCamp Recon reports delivered within 5 business days
SHELLHOUNDS engagements scoped before any contract