Vulnerability Management and Social Engineering Consulting

The biggest threat to your physical and cybersecurity isn’t a technical one — it’s a human one.

Are your security policies, practices, and procedures are being followed properly? Are they good-on-paper but impractical for staff to actually implement and thus being ignored? Can a criminal gain a password by asking, or simply walk physical assets right out the door?

Using technical and non-technical open-source intelligence, human intelligence, and digital intelligence (OSINT/HUMINT/DIGINT) gathering and analysis methods; physical and remote Social Engineering (SE) and a range of software and hardware tools, we can simulate the attacks carried out by cybercriminals, insider threats, stalkers, and other bad actors.

Both the cost and risk to a cyber- or other criminal executing a social engineering attack are very low, but financial and reputational damage it brings to victims can be devastating: according to a 2021 report, the estimated average cost of a data breach, including ransomware attacks, is $6.35M CAD1, and nearly two-thirds of victims are small- to medium businesses (SMB). By identifying vulnerabilities and response capabilities, we can help SMB and Enterprise clients verify compliance with existing security policies and procedures, or work to create new ones.

We also provide privacy and safety consulting services to at-risk or exposed individuals.

Simulated Threat, Real Protection

Gilliam Burke Investigations is licensed under the Security Services and Investigators Act and our services are fully compliant with the Personal Information Protection and Electronic Documents Act, Health Information Act , Freedom of Information and Protection of Privacy Act , and other relevant legislation.

 For SMB and Enterprise Clients:

  •  SE Human Security Audits (Remote): We will test the human element of your cyber  and data security plan though email phishing, pre-texting, and other simulated remote attacks after carrying out OSINT gathering and digital reconnaissance. Our report will identify methods used, successes and failures, and opportunities for training and improvement. This is an excellent way to prepare and protect yourself against ransomware and other cybercriminal threats.
  • SE Human Security Audits (Physical): We will conduct advanced technical and offline OSINT, as well as physical surveillance to identify and exploit human-factor weaknesses in a physical, human social engineering test of your systems and facility.  Upon request, we can perform simulated data access and asset theft. Our report will identify methods used, successes and failures, and opportunities for training and improvement.
  • SE Human Security Audits (Remote and Physical): Using both our remote and physical testing frameworks we will identify and exploit every weakness we can find to test and validate your security. Our report will identify methods used, successes and failures, and opportunities for training and improvement.

For Individual Clients:

Gilliam Burke Investigations can help guide you to create and implement a plan with how to protect your privacy both online and offline. We provide in-depth privacy assessments and risk mitigation plans for select at-risk or exposed individuals.

  • Individual Privacy and Security Audits (On & Offline): An advanced technical and offline OSINT investigation to identify potential personally identifying information (PII) that could be exploited and used by an attacker, and to determine if PII has already been leaked by cybercriminals.
  • Anti-Stalking/Technical Surveillance Countermeasures: An analogue (physical) and/or digital examination to detect, prevent, and mitigate high tech stalking such as indicators of compromise (IoC), hidden cameras, and tracking devices.
  1.  “The Cost of a Data Breach Report 2021,” IBM, 28 July 2021.