Cybersecurity, penetration testing & IT consulting
IT Sincennes helps Canadian organizations learn where they’re vulnerable, put the right rules in place, and deploy the protections that stop threats. We’re also the team behind Cactus Security.
Canadian-owned and operated — your data stays in Canada, hosted in Canadian regions (Azure Canada Central/East, AWS ca-central-1). Bilingual, locally based in Ottawa, Ontario and Gatineau, Quebec.
- Microsoft Cybersecurity Architect Expert (SC-100)
- Bilingual — English & French
- Based in Ottawa & Gatineau
- Canadian-owned · data stays in Canada
Subject to Law 25? Take the free 2-minute self-check →
Hands-on expertise for your business
The same expertise behind the free Cactus Security tools, available hands-on for businesses that need more than a self-serve check.
Cybersecurity assessments
A practical review of your organization’s security posture — what’s exposed, what matters most, and a prioritized plan to fix it.
Penetration testing
Authorized, real-world testing of your systems and applications, with a clear report your team can actually act on.
IT consulting & managed IT
Day-to-day IT done right for small and mid-sized businesses: infrastructure, Microsoft 365, backups, and security baked in from the start.
Virtual CISO (vCISO)
Executive security leadership on demand: strategy, governance and compliance (Law 25) — at a fraction of a full-time CISO’s cost.
Everything to keep your IT running
Compliance & frameworks
SOC 2 readiness, NIST CSF 2.0 audits and Quebec Law 25 / PIPEDA — get audit-ready and pass client and insurer requirements.
Managed Detection & Response (MDR)
24/7 monitoring and response — a managed SOC without building one, with telemetry kept in Canada.
Quebec Law 25 compliance
Quebec’s Law 25 made practical for SMBs — privacy officer, EFVP, governance and breach reporting, in French.
Canadian data sovereignty
A Canadian-owned firm hosting your data in Canada — reducing CLOUD Act exposure and supporting Law 25.
Vulnerability management
Continuous identification, prioritization and tracking of vulnerabilities — so the risks that matter get fixed first.
Incident response planning
Response plans, runbooks and tabletop exercises so your team knows exactly what to do when it counts.
Awareness & phishing training
Bilingual phishing simulations and awareness training that turn your employees into a first line of defense.
Microsoft 365 security
Entra ID and MFA, conditional access, Defender and Purview — Microsoft 365 locked down and aligned to Law 25, by an SC-100 architect.
Cloud & hosting
Secure cloud architecture and migration on Azure, AWS and Google Cloud, plus Microsoft 365 and website hosting.
Hardware & licensing
Laptops, desktops, servers, accessories and software licensing — sourced, configured and supported.
A local partner that speaks your language
Based in Ottawa and Gatineau, we serve businesses coast to coast to coast — in English and French, with Canadian compliance front of mind.
- Assessment first. We start by measuring risk, not by selling products.
- Bilingual. Full service in both French and English.
- Local. A National Capital Region team that understands your reality.
- End to end. From strategy through to day-to-day operations.
- Canadian-owned. Your data stays in Canada, under Canadian privacy law.
We build Cactus Security
Cactus Security is a collection of free cybersecurity tools — for everyone, forever. Link checkers, scam alerts, breach checks and more, built and operated by IT Sincennes.
- Link & email checker
- Breached-website lookups
- Security Checkup & Spot-the-Scam quiz
- Scam of the Week & newsletter
Ready to know where you stand?
Book a no-obligation risk assessment and get a clear, prioritized plan.
Get in touch- Canadian-owned
- Microsoft SC-100
- Bilingual
- 48-hour reply
Frequently asked questions
What does a cybersecurity assessment include?
We review your security posture end to end — what’s exposed and what matters most — and hand you a prioritized, plain-language plan your team can act on.
What is penetration testing, and does my business need it?
Penetration testing is authorized, real-world testing of your systems and applications that finds weaknesses before attackers do. Most organizations that handle client data — or are required to by insurance or compliance — benefit from regular testing.
Do you serve both Ottawa and Gatineau, in English and French?
Yes. We’re based in the Ottawa-Gatineau region and serve clients on both sides of the river, fully in English and French, as well as across Canada.
Do you work with small and mid-sized businesses?
Absolutely. We work with organizations of all sizes, across every sector, and right-size our recommendations to your budget and risk.
Are you certified?
Yes. Our work is backed by Microsoft expert certifications — Cybersecurity Architect Expert (SC-100), Azure Solutions Architect Expert, and Identity & Access Administrator — plus 20+ years of hands-on experience.
Is IT Sincennes Canadian-owned, and does our data stay in Canada?
Yes. IT Sincennes is a Canadian-owned and operated firm based in Ottawa and Gatineau. We keep client data in Canada — hosted in Canadian cloud regions (Azure Canada Central/East, AWS ca-central-1) — so it stays subject to Canadian privacy law rather than crossing the border. For organizations bound by Quebec’s Law 25 or PIPEDA, that data residency is a deciding factor, and it’s something US-headquartered providers can’t match.
How do we get started?
Send us a note through the contact form or email [email protected]. We usually start with a no-obligation risk assessment, then give you a clear, prioritized plan.
Let’s talk about your project
Send us a note and we’ll get back to you within 48 hours.