About Us

Procyon Security Group brings together focused information security services provided by highly skilled security and computer network specialists. Procyon is a customer-focused, vendor-neutral security services organization. We are dedicated to the success of our clients' projects, and to achieving 100% customer satisfaction.

Procyon's four Principal Consultants combine over 100 years of experience in information technologies with more than 60 years of experience in IT and Information Security. They have worked diligently to establish reputations for consistently providing very high-quality services on demanding IT development and deployment projects. Our group holds the following credentials and certifications:

  • Certified Information Systems Security Professional (CISSP®)
  • Certified Information Systems Auditor (CISA®) Certified Information Security Manager (CISM®) Certified in Risk and Information Systems Control (CRISC™)
  • Certified Penetration Testing Engineer/Consultant (CPTE/CPTC)
  • Payment Card Industry Professional (PCIP)

Procyon Security Group was registered as a General Partnership in the Province of British Columbia in March 2003. The Group takes its name from Procyon (PRO•see•on), the primary star in the constellation Canis Minor and the eighth brightest star in the sky. Proycon, meaning "ahead of the dog" in Greek, was used by sailors in ancient times as a navigational aid. From early autumn, it rises in the east well before Sirius and is one of the brightest stars in the Northern Hemisphere.

Services

Procyon Security Group focuses on providing the following information security services to both public and provate sector clients:

Vulnerability Assessment and Penetration Testing (VAPT)

Stay ahead of malicious parties that exploit vulnerabilities in your IT systems.

Hackers are always discovering new ways to break into your IT systems to steal your data, hold it at ransom or, increasingly, both. Regularly scanning your systems for vulnerabilities, testing your defenses to see how they can be penetrated, and then fixing what gets uncovered is a critical process to reduce the chances that your organization's systems are broken into. This includes testing your IT infrastructure inside and out, including wireless networks, but also your applications and APIs, as well as the resiliency of your people to social engineering attacks. Contact Procyon to hack your own systems before the hackers do.

Security Threat Risk Assessment (STRA)

Understand the threats and risks to your data and services, and discover the most effective ways to invest limited resources.

Assess the threats facing your organization, determine where and how your data is at greatest risk, and where you can get quick wins in protecting your data. A security threat risk assessment is an important first step to protecting your data in an efficient and methodical way. Procyon uses an ISO 27002:2013 based assessment methodology which models how threat events can exploit vulnerabilities in your systems. We can alternatively use a methodology of your own choosing.

IT Security Governance and Management

Understand why governance is so important, and how security helps your organization achieve its business goals, particularly when using the cloud.

Good governance is important, especially when using the cloud or when you rely heavily with external parties. Contact Procyon for help with developing strategies, governance structures, policies and metrics so that security contributes to achieving your business goals. Procyon can also review or negotiate the security aspects of your contracts with external parties, or assist you with dealing with them.

Security Standards Compliance

Get help complying with complex customer or external security standards like SOC 2, ISO 27001, the PCI Data Security Standard, and privacy and security laws.

Your organization may have legal or customer requirements such as being audited against standards like:

  • ISO 27001
  • SOC2
  • NIST CSF 2.0
  • Payment Card Industry Data Security Standard (PCI DSS)
  • NHS Data Security and Protection Toolkit (DSPT)
  • UK Cyber Essentials
  • other industry specific security requirements

Security compliance and audits consume time and effort, and can be challenging to deal with. Ask Procyon for help with understanding your obligations, navigating these standards, responding to auditor's questions, and setting up a program so that your organization can comply in the most cost-effective way.

Security Architecture

Put all the pieces together into a comprehensive security architecture that establishes trust in your organization with customers, staff, and vendors.

Organizations and IT systems are complex, and so is the security need to protect them and their data. All the different components, like governance, policies, risk assessments, processes, controls, testing, user awareness, monitoring and alerting need to work together to protect information and systems effectively. Procyon can help design and implement an organization's security architecture, as well as each of the various components.

Security Program and Process Implementation

Put all the pieces together into a comprehensive security architecture that establishes trust in your organization with customers, staff, and vendors.

Organizations and IT systems are complex, and so is the security need to protect them and their data. All the different components, like governance, policies, risk assessments, processes, controls, testing, user awareness, monitoring and alerting need to work together to protect information and systems effectively. Procyon can help design and implement an organization's security architecture, as well as each of the various components.

Security Policy and Guidance

Set clear expectations for your staff and vendors on how they should be protecting data and systems.

Security policies set the organization's approach to security, and provides management support and direction for protecting data and systems. Good security policies and guidance are based on the organization's risks, are clear in describing what outcomes are desired, and lay the foundation for your security program. Procyon can rework existing policies and guidance, or write new ones using either an existing structure and format, or set up a new one up for you.

Project History

Below are some examples of types of projects that Procyon has worked on

Azure Landing Zone STRAs for Health Authorities

Procyon worked closely with two health sector clients to conduct security threat and risk assessments (STRAs) of their Azure Landing Zones (ALZs). In one case the ALZ was implemented as a lift and shift of existing infrastructure and applications. In the other case the implementation was based on cloud native architecture. In both cases Procyon leveraged Microsoft’s Cloud Adoption Framework to structure the STRAs, and to provide applicable guidance and balanced risk remediation recommendations.

Ongoing Information Security Advisory and Support for Health Care Startup

Procyon is providing ongoing security advisory services for a health technology startup on a retainer basis. Monthly tasks can involve:

  • Prioritizing response to automated security alerts
  • Assistance with regulatory compliance
  • Develop ongoing security roadmap/strategy
  • Security policy review, development, maintenance
  • Coordination and review of 3rd party pentesting
  • Coordination of security education and training
  • Internal preparation for compliance audits
  • Ad-hoc security testing
  • Assess vendor security

BC Government Facilities Management STRAs

Procyon participated in due diligence activities in support of the IT security assessment on a Proponent's submission regarding the information management systems proposed for the management of the BC Government's real property. Subsequently, a Procyon team of security analysts developed a detailed security threat risk assessment (STRA) on the final solution, which is comprised of 15 best-of-breed applications hosted in 8 different data centres (SaaS, PaaS, and service provider co-location facilities). Procyon has been retained to assist with implementing STRA recommendations and assessing further enhancements.

eHealth Technical Integration and Enterprise Security

Procyon acted as the enterprise security lead for the BC Yukon Public Health Implementation Project (BCY-PHIP, aka Panorama), with lead responsibility for enterprise security, user management and federated authentication solutions. Conducted security threat risk assessments on several different Panorama environments (data migration, staging, and clinical deployment) and provided advice and guidance on network security requirements.

Partners

Impact Privacy

Procyon Security Group has partnered with Impact Privacy to provide Information Security expertise and resources for digital health solutions. Impact Privacy focuses on solving privacy and AI problems while provding privacy, data protection, and AI services to the healthcare industry.

Impact Privacy is Procyon's preferred privacy services partner for private sector healthcare and digital health solutions

Our Team

Ryan Liu, B.Comm, CISSP

Ryan Liu has 22 years of direct experience in systems audit and IT risk management with over 10 years of experience working in formal security risk assessment and health informatics. Having started his career working for two international accounting and audit firms, he has a solid foundation in IT audit and controls and played a key role in building one of the earliest professional network penetration testing practices in Canada.

In addition to information security governance, security standards conformance (CobiT, ISO27002), vulnerability assessment, and penetration testing, Ryan has delivered risk assessments for Government of British Columbia and Health Authorities for major multi-year IT projects using both formalized risk assessment methodologies (RCMP, ISF IRAM, OCIO STRA) and customized assessments.

Ryan has provided security services to both public and private sector clients including provincial and municipal governments, BC health authorities, crown corporations, post-secondary, retail, mining, and financial services.

Rui Pereira, B.Sc(Hons), CISSP, CISA, CPTE/CPTC

Rui Pereira is a Principal Consultant for Procyon Security Group with over 35 years of experience in IT, specializing in Information Security and Audit for the last 25. Rui is a Certified Penetration Testing Engineer (CPTE) and Consultant (CPTC), and has also obtained the CISSP and CISA certifications.

Rui has provided both management and technical consulting to a wide range of customers in Western Canada in a variety of industries. He specializes in security reviews and audits; vulnerability assessments and penetration testing (ethical hacking), including for PCI DSS; wireless and (web) application security (including API security); PCI DSS, privacy and other compliance and legal requirements; Security Threat/Risk Assessments (STRAs) and threat modeling; security architecture development, review and implementation; and security awareness training.

He is active in the local IT security community, including the Vancouver Security Security SIG and the Vancouver Chapter of OWASP. He has presented on various security topics before these and other local organizations. Rui also taught various security topics at BCIT and UBC, and presents several multi-day courses in secure web application development, wireless network security, and ethical hacking.

Orvin Lau, CISSP, CISM, SCF, CRISC, PCIP

Orvin Lau is an information security consultant focusing on information security management, governance, business processes, and compliance. With over 24 years of experience in information technology and 16 years specializing in information security, governance, risk and compliance, Orvin is experienced at relating business requirements to technical requirements, and using frameworks such as ISO/IEC 27001 and 27002, the PCI Data Security Standard, and CobiT.

He has provided security consulting services to a wide variety of clients, including financial institutions, brokerage firms, professional regulators, manufacturing companies and transportation companies. In 2016 he was invited by the BC Government’s Office of the Chief Information Security Officer to join its Provincial Security Advisory Council.

Orvin previously worked as an information security managing consultant for leading Canadian accounting and business advisory firm where he provided IT Security consulting and audit services to clients in industries such as financial services, brokerage firms, health authorities, utility companies, and municipal governments. He has obtained the CISSP, CISM, CRISC and PCIP certifications.

Richard Barlow, UVic CBIS Certificate, CISSP

Richard joined Procyon as an Associate Consultant in 2022 and has supported STRA engagements for several Procyon clients including the Ministry of Citizens' Services, the Natural Resource Ministries, the Provincial Health Services Authority, and the University of British Columbia.

Ricahrd's formal certifications include Certified Infromation Systems Security Professional (CISSP) from ISC2 and the ITIL IT Service Mangement Certification from PeopleCert.

Prior to joining Procyon, Richard had a long career with the Government of BC, finishing as the Director of Privacy and Security for the Ministry of Finance for five years.

Partner Emeritus

Steven Schnider, MASc, BASc

Steven Schnider was one of the original founders of the Procyon Security Group in 2003, and practices as an Information System Security Architect. He has been involved in the development of information technology systems since 1979 and has specialized in information security technology and Infosec risk management since 1987. He previously held senior technical positions with Certicom, LGS/DOMUS Security, and Hughes Aircraft Canada and led the security product development team at Bell-Northern Research.

Steven has provided security consulting services to a broad range of public sector organizations including the federal government (DND, RCMP, CSE, Public Works and Government Services), provincial and territorial governments (British Columbia, Alberta, Saskatchewan, Ontario, the Yukon) and at the municipal level. His private sector experience ranges from international oil companies and multi-national wireless telecommunications providers through to small technology start-ups. Steven's primary interests are in high assurance system development, secure wide-area networking, distributed applications, and pervasive computing.

Contact

 

© Procyon Security Group 2026. Design: HTML5 UP.