Frequently Asked Questions (FAQ)

1. What is Klavan Security's approach to providing security solutions?

Klavan Security combines intelligence tradecraft, military discipline, and tech operations to deliver custom security solutions. Our team includes experts from CSIS, the Canadian Armed Forces, and Five Eyes communities. We serve startups and SMBs by embedding strategic, scalable, and rapid-response security programs that adapt to high-risk environments and complex compliance requirements.

2. What are Klavan Security's vCISO services?

Our vCISO (Virtual Chief Information Security Officer) services provide executive-level security leadership without the full-time cost. We deliver policy creation, regulatory alignment, risk management, board reporting, and audit preparation. Tiered plans are available for different maturity levels and industries.

3. How does Klavan Security assist with SOC 2 compliance?

We offer a streamlined, five-step SOC 2 readiness process that helps clients achieve Type I and Type II attestations faster. Our program reduces internal workload by up to 60% and ensures full documentation, automation, and audit liaison support throughout the engagement.

4. What happens in the event of a security breach?

Our incident response team follows a military-style playbook: contain, analyze, recover, and reinforce. We handle forensic investigations, breach containment, regulatory communication, and post-incident hardening to get you secure and operational again, fast.

5. What training does Klavan Security provide?

We offer live-fire cyber range environments, tabletop exercises, and technical workshops. These are designed to test and develop executive teams, SOC analysts, and engineering staff with hands-on threat simulation and strategic scenario planning.

6. How is adversary emulation used?

We simulate real-world attackers using modern TTPs from groups like APT29, FIN7, and others. This helps uncover security gaps that standard vulnerability scans miss and validates your blue team's ability to detect and respond under real-world pressure.

7. What is Klavan's AI LLM Security & Compliance Service?

This service uses large language models to guide secure architecture, identify misconfigurations, automate reporting, and align systems to frameworks like OWASP and CIS Controls. It's ideal for teams building modern applications or working in regulated industries.

8. What is SHELLHOUNDS?

SHELLHOUNDS is Klavan Security's internal rapid prototyping and threat research lab. It supports red team tooling, detection engineering, automation workflows, and counter-threat innovation. Clients benefit from research-backed recommendations and early access to emerging capabilities.

9. Does Klavan help with vendor management?

Yes. We maintain a vetted partner network of auditors, GRC platforms, training providers, and security tools. We also manage vendor risk programs, review security controls, and reduce the time your team spends on procurement due diligence.

10. What is the "Shadow Tactics" podcast?

Hosted by Klavan's Chief Holistic Security Officer, Shadow Tactics features in-depth interviews, threat breakdowns, and security leadership discussions. It's built for practitioners and executives who want to understand both the philosophy and practicality of real-world defense.

Privacy Policy

Effective Date: April 2022 Reviewed: April 2025

Klavan Security respects your privacy. This policy explains what information we collect, how we use it, and your choices.

1. Information We Collect

We collect:

  • Contact details you provide (e.g. email, name, company)

  • Technical data (IP address, browser type)

  • Client-provided information during service delivery

2. How We Use It

We use your data to:

  • Provide and improve services

  • Communicate with you

  • Meet legal and contractual obligations

  • Maintain security and compliance

3. Data Security

We protect all information using strong encryption, access controls, and secure infrastructure. Sensitive data is stored and processed according to industry best practices.

4. Sharing

We do not sell your data. We only share with:

  • Trusted vendors under NDA

  • Regulators or legal authorities when required

  • Partners as authorized by you

5. Retention

We keep data only as long as needed. When no longer required, data is deleted or anonymized.

6. Your Rights

You may request access, correction, or deletion of your data by emailing: protection@klavansecurity.com

7. Updates

We may update this policy. Any changes will be posted on our website.