Questions, answered

Frequently asked questions

Security before compliance. Built by operators. Here is how it works.

Who is Klavan Security?

Klavan Security is an Ottawa-based cybersecurity company that builds platforms helping startups become enterprise-ready. Its flagship product, BaseCamp, is a guided security and compliance platform for SOC 2, ISO 27001, and CMMC. The team is made up of ex-military and ex-intelligence operators, and the company follows a security-before-compliance approach: building real security foundations first and pursuing certification second.

What is BaseCamp?

BaseCamp is Klavan Security's flagship platform. It is a guided 12-month security and compliance cycle that combines software with human Guides. It builds readiness for SOC 2 Type II, ISO 27001, CMMC, NIST 800-171, HIPAA, and FedRAMP, and includes a live Trust Center from month one. Unlike self-serve compliance software, the BaseCamp platform comes with people who do the work with you.

How much does SOC 2 cost for a startup?

Going it alone with a traditional consultant often costs tens of thousands of dollars. BaseCamp starts at $297 per month for the self-guided Scout tier and $597 per month for the Guide tier, which includes a dedicated human Guide. Larger teams use the HighCamp tiers, HighCamp Rope Team at $2,800 per month for teams of 2 to 10, and HighCamp Expedition at $4,200 per month for teams of 10 to 50, both of which include SOC 2 Type I and Type II audit fees and an annual penetration test. BaseCamp is a 12-month cycle and includes a live Trust Center from month one.

What is BaseCamp Recon?

BaseCamp Recon is Klavan's human-led penetration testing service, run by its in-house SHELLHOUNDS team. It tests web applications, APIs, and cloud infrastructure, including AI-generated and vibe-coded apps, and delivers a plain-English report in 5 business days. It starts at $499. The testing is always human-led, never automated scanner output.

Do I need a penetration test for SOC 2?

A penetration test is commonly expected for SOC 2 and is frequently requested during enterprise security reviews. Klavan provides this through BaseCamp Recon, starting at $499 with a report in 5 business days.

What is the difference between Klavan and a compliance platform like Vanta or Drata?

Vanta and Drata are software you operate yourself. Klavan builds a platform, BaseCamp, that comes with human Guides who are ex-military and ex-intelligence operators. Klavan drives the GRC tooling, coordinates with auditors, and runs the security program with you, rather than handing you a dashboard and leaving you to figure it out. The platform comes with the people.

What does "security before compliance" mean?

It means building genuine security controls first, then proving them through certification. Many firms reverse this and chase a checklist, which produces a certificate without real security underneath. Klavan builds the security posture first so the compliance result holds up under an actual security review.

Who is BaseCamp for?

BaseCamp Scout and Guide are built for bootstrapped, pre-seed startups with teams of roughly 1 to 5 people who have not raised funding. Funded startups and larger teams, up to about 50 people, use the HighCamp tiers. Common sectors include fintech, healthtech, cleantech, SaaS, AI, agritech, and critical infrastructure.

What is a Trust Center?

A Trust Center is a public page that shows a company's security posture, controls, and compliance status to prospects and customers. In BaseCamp, the Trust Center goes live in month one, so a startup can show credibility to buyers before certification is complete. It is proof the security program is working, not the product itself.

Does Klavan help with frameworks other than SOC 2?

Yes. BaseCamp supports SOC 2 Type II, ISO 27001, CMMC, NIST 800-171, HIPAA, and FedRAMP readiness. The same underlying security program maps to multiple frameworks, so a company does not start over for each one.

Where is Klavan Security located?

Klavan Security is based in Ottawa, Ontario, Canada, and serves startups across Canada and the United States.

LLMS

Klavan Security · Mission-Ready Security
Military & Intelligence Background · 20+ Years
Hackers turned entrepreneurs. Not compliance turned security.

BIG CUSTOMERS DON'T SAY NO.
THEIR SECURITY TEAM DOES.

MONTH 0 PRE-LAUNCH

The contracts that would change your company are gated by a security review you can't pass yet. We get you through it, and keep you through it.

Klavan builds your security program, runs it, and maintains it, so you pass the review, win the deal, and stay ready for the next one. SOC 2, ISO 27001, CMMC, and more. The people who build your proof break into systems for a living. Security before compliance.

160+
Engagements
50+
Innovation Hubs
47%
Faster Readiness
#1
Startup Security Provider
Pedigree
Military & Intelligence Background Canadian Security Intelligence Service (CSIS) Background Rogers Cybersecure Catalyst / TMU / RBC Saskatchewan Polytechnic DFIR BSides Ottawa · Calgary · Hacker Halted
What We Do

MISSION-READY SECURITY

Security before compliance. You focus on winning. We handle the complexity.

01 // FLAGSHIP
Mission Ready SOC 2 Success Path™
Five-step methodology. We drive your GRC (Vanta/Drata), coordinate with auditors, infuse SHELLHOUNDS research throughout. 47% faster than industry average. See pricing →
02
BaseCamp
12-month security cycle. Work through it yourself or with your dedicated Guide. Trust Center live from Month 1. Starting at $597/mo. soc2success.io → · View our Trust Center →
03
BaseCamp Recon
Real-world pen test for your vibe-coded app. Simulated attack by Klavan's offensive team. Plain English report in 5 business days. From $499. soc2success.io/recon →
04
SHELLHOUNDS Pen Testing
Ex-military, ex-intelligence, natural-born hackers. Penetration testing powering the Mission Ready SOC 2 Path™ and available standalone. Learn more →
06
SYBA Personal Cyber Insurance
Exclusive for Klavan clients. Up to $500K CAD insurance-backed coverage for Canadian families, executives, and HNWIs. From $14.95/mo. Learn more →
Offensive Security · Rapid Tactical Prototyping Lab

SHELL
HOUNDS

A Division of Klavan Security · Under Shadow Tactics

A high-speed, black-box research lab for cyber and physical security R&D. Think DARPA meets underground skunkworks. Ex-military, ex-intelligence operatives and natural-born hackers. Our penetration testing directly powers the Mission Ready SOC 2 Success Path™ and is available as standalone engagements. We don't sell fear. We build credibility that closes deals, and we monetize zero-days.

Cyber Operations
Red Team & Offensive Tools
Custom malware, post-exploitation frameworks, adversary simulation, hardware implants, side-channel attacks, RF exploits.
Physical Security
Covert Entry & TSCM
Lock picking, relay attacks, smart lock research, covert breaching, counter-tracking, electronic access control hacking.
Remote Digital
Exploitation & Defense
Zero-click exploits, network pivoting, OSINT/SIGINT collection, AI-driven offensive attacks, anti-forensic frameworks.
Vibe-Coded Apps
BaseCamp Recon
Real-world pen testing for AI-generated applications. Auth bypass, API abuse, RLS gaps, injection, logic flaws.
AI Security
ML & AI Assessment
Testing vulnerabilities in AI systems and ML models. Offensive AI attacks, deepfake security, AI governance.
Specialized
Custom Engagements
Adversarial emulation, ransomware negotiation, social engineering, zero-day research and acquisition.
Request an Engagement
Transparent Pricing

MISSION READY SUCCESS
PATHS TO THE SUMMITS

All-included. SOC 2 Type I & II audit fees, annual pen tests, GRC platform on every path. Savings of $40K+ vs going it alone.

BaseCamp Scout
For 1–3 person teams · pre-revenue · self-guided · Platform + Trust Center · 12-month cycle
$297/mo
Start Scout
BaseCamp Guide
For 1–3 person teams · pre-revenue · dedicated Guide + Platform + Trust Center · 12-month cycle
$597/mo
Start Guide
HighCamp Rope Team · 2–10 people
$2,800
/month · 24-month program
  • SOC 2 Type I & Type II audit fees included
  • Annual pen test included
  • GRC setup & management (Vanta/Drata)
  • CPA firm coordination
  • Save $40K+ vs going it alone
Choose Rope Team
Most Popular
HighCamp Expedition · 10–50 people
$4,200
/month · 24-month program
  • Everything in Rope Team
  • SOC 2 Type I & Type II audit fees included
  • Annual pen test included
  • Dedicated advisor + risk register
  • Priority response SLOs
  • Save $75K+ vs going it alone
Choose Expedition
All-Included:Pen testing annually Audit fees covered GRC tool setup CPA firm coordination 30-day satisfaction guarantee
We Leveled Up With Klavan

COMPANIES WE'VE
HELPED HARDEN

Real teams. Real engagements. Across sectors and stages.

Loyalty & Rewards
Spoonity
SOC 2 compliance documentation and OCI DMAP completion.
Data Intelligence
ARIMA
SOC 2 policy development and ongoing compliance program support.
Aerospace
ALFA Aero Solutions
SOC 2 Type I complete, Type II in progress.
Energy Technology
Relion
Security program assessment and compliance readiness.
Energy Analytics
Orennia
Security posture assessment and compliance gap analysis.
Technology
Ctrl.
Security program and compliance foundation.
Financial Services
LSQ
Cybersecurity program review and compliance readiness.
Alternative Lending
eCapital
Compliance gap analysis and security program review.
Productivity SaaS
Fellow
SOC 2 program. Policy framework and controls implementation.
Legal Technology
Qlarifi
Security program design and compliance readiness.
Fuel & Retail
MacEwen / QuicKie
Physical and cyber security assessment.
HR Technology
talent.com
Fractional CISO engagement and vendor risk management.
Energy
Provident
Security posture review.
Legal Services
Gowling WLG
Security posture and compliance readiness review.
Legal Services
Carranza LLP
Cybersecurity program and compliance review.
Non-Profit
Kristus Darzs Latvian Home
Cybersecurity program and risk assessment.
Healthcare Tech
Welbi
Security program for senior care platform.
Technology
KOTT
Security assessment and compliance readiness.
Skateboard Mfg & Design
TROUBL3
Security and compliance program for TROUBL3 Skateboards.
Pharmaceutical
Ipsen
Security program review and compliance guidance.
Research & Advisory
Info-Tech Research Group
Security posture and compliance assessment.
Security Services
MHM Security Privacy Inc.
Security partnership and collaboration.
EV Infrastructure
AXSO
Pre-production penetration testing of EV charging platform.
Utilities
Hydro Quebec
Security assessment and compliance guidance.
Technology
Ollon
Security program design and compliance foundation.
Exclusive for Klavan Clients · Canadian Families & Employers

SYBA
INSURANCE

Personal cyber protection, and a benefits package your team will actually value.

Up to $500K CAD in insurance-backed coverage, 24/7 expert support, and proactive monitoring, offered exclusively through Klavan Security. Protect your executives and their families as a personal benefit. Or offer it as a competitive employee retainer. The kind of benefit that signals you take security seriously, inside and outside the office.

For Individuals & Families
Executive & Family Protection

High-net-worth individuals, family offices, C-suite executives, and board members. Cyber crime is no longer random. Wealthy professionals are deliberately targeted through personal devices, home networks, and children's online lives.

WiFi, device, email, and social monitoring
Identity theft, extortion, and reputation coverage
Household staff and associated LLCs included
Coverage at home and while travelling
24/7 cyber security team response
For Employers & Teams
Employee Cyber Benefits Package

Offer SYBA as a company benefit to your team. A meaningful retainer that protects employees' personal digital lives, reducing insider risk, building loyalty, and signalling that your company takes security seriously at every level.

Bulk enrollment for teams of any size
Reduces personal device risk that bleeds into company systems
Differentiates your benefits package. Most competitors don't offer this
Coordinated through Klavan, single point of contact
Works alongside your existing SOC 2 or BaseCamp program
Silver
Individual · you or one employee
$14.95
/month CAD per person
Coverage up to $100,000 CAD
Subscribe Silver
Most popular
Gold
You and your spouse · or two employees
$37.45
/month CAD per plan
Coverage up to $250,000 CAD
Subscribe Gold
Diamond
Whole family · or team enrollment
$74.95
/month CAD per plan
Coverage up to $500,000 CAD
Subscribe Diamond
Available as: Personal Protection Executive Benefit Employee Retainer Package Team Bulk Enrollment Family Office Coverage
Insurance Disclosure

Klavan Security and SYBA are not licensed as an insurance agency or third-party administrator in any jurisdiction. We do not engage in the solicitation of insurance. For any questions regarding insurance, please contact EPIC Insurance Brokers & Consultants: clientserviceinquiry@epicbrokers.com or +1 (407) 378 6203.

Who We Are

14 PRACTITIONERS.
THREE CORE LEADS.

This is not a team that learned security from a certification course.

A.A.
Andrew Amaro
Founder

20+ years in offensive security. Shellhounds red team under Shadow Tactics. I build what attackers fear.

20+ yrs offensive security Canadian Security Intelligence Service (CSIS) Background Shadow Tactics DFIR Instructor
E.W.
Elanor W.
Core Lead

A natural-born hacker and cypher punk. The kind of mind that finds the gap everyone else missed.

Natural-Born Hacker Cypher Punk Offensive Research
F.K.
Flint K.
Core Lead

Ex-military, Five Eyes signals intelligence. Operated where the stakes were real.

Ex-Military Five Eyes Signals Intel Offensive Security
+ 11 More Practitioners

Behind us are 11 more practitioners. Ex-military. Ex-intelligence. Offensive security backgrounds. This is not a team that learned security from a certification course.

Indie. Self-Made. Still In It.

WE'RE A
STARTUP TOO.
WE KNOW
YOUR PAIN.

Klavan Security is an indie, self-made firm. No VC. No enterprise backstory. We built this from the ground up, the same way you're building yours.

We know what it feels like when a buyer asks about security and you have nothing to send. We know what it's like to lose a deal over a questionnaire you couldn't answer. We know the pressure of a contract that requires SOC 2 and a runway that can't absorb a $200K consultant bill.

That's exactly why we built BaseCamp. Not for enterprises that can throw money at the problem. For founders and scale-ups who need to move fast, close deals, and not get buried in compliance theater.

"Startups and scale-ups, we know you. Because we are you."

Andrew Amaro · Founder, Klavan Security
We get it
You Can't Afford to Get It Wrong
One breach, one lost deal, one failed audit, and months of work disappear. We built our entire methodology around protecting your runway, not burning it.
We get it
You Don't Have Time for Theater
We don't do checkbox compliance. Every control we implement is real. Every policy is practical. Your team ships features. We handle the security program.
We get it
You Need Deals Now, Not in 18 Months
That's why BaseCamp puts a live Trust Center in front of buyers on Day 1. Credibility before certification. Revenue while you build toward the summit.
We get it
You Need Someone In Your Corner
Not a platform you get dropped into alone. Not a consultant who disappears after the kickoff call. A team that's with you for the full 12 months, and beyond.
Events

SPEAKING
ENGAGEMENTS

BSides Ottawa
Ottawa, Canada
BSides Calgary
Calgary, Canada
Hacker Halted
Atlanta, USA
Security Canada CANASA
Canada
ENSA Tangier
Morocco
Cyber Sec Brussels
Belgium
Vancouver Intl Security Summit
Vancouver, Canada
Invest Ottawa
Ottawa, Canada
Rogers Cybersecure Catalyst
TMU / RBC
SunSecCon
Security Conference
SaaS North
Ottawa, Canada
L-Spark
Ottawa, Canada
Tech North Atlanta Startup Center
Atlanta, USA
EU CYBERNET
Romania, Moldova, Estonia
Privy Council Office
Ottawa, Canada
CISO (OPP, Toronto Police)
Hamilton, Canada
CIS Ottawa
Ottawa, Canada
Unicorn Factory Lisboa
Lisboa, Portugal
Close Access Protection
Nigeria
Ecosystem

OUR PARTNERS

The community we operate in and contribute to.

CISA U.S. Cyber Command SYBA Rogers Cybersecure Catalyst Toronto Metropolitan University ISACA AICPA SOC Vanta OCI EU CyberNet OWASP Top 10 for LLM Pacific Hackers Association BSides Ottawa BSides Calgary SunSecCon L-Spark SaaS North Invest Ottawa Dragon Squad ENSA Architecture Technology Corporation Cyrin Cyber Range InfoSecMap Data Breaches Digest NordVPN Canadian Cyber Five Eyes Community
Live Security Posture
Our Public Trust Center

See exactly how Klavan Security handles security, compliance, and data protection. Real controls. Verified posture. Not aspirational. Documented and live.

View Trust Center →
Get Started

LET'S TALK
SECURITY.

No pressure. No pitch deck. A direct conversation about your situation, your risks, and whether Klavan is the right fit. If we're not, we'll tell you that too.

30 min
Intro Call
Your situation and where you want to go
60 min
Technical Scoping
Environment, compliance targets, threat profile
Custom
SHELLHOUNDS Scoping
Assets, rules of engagement, timelines
// Start the Conversation

Tell us what you're working on. No pressure, no pitch, just a direct conversation about your situation. If we're not the right fit, we'll say so.

What to expect
Intro calls typically scheduled within 24–48 hours
BaseCamp Recon reports delivered within 5 business days
SHELLHOUNDS engagements scoped before any contract