// OTTAWA · DEFENCE AND CPCSC · HANS STUDY
Security Leadership and CPCSC Readiness for Ottawa
Ottawa carries a concentration of organizations that need exactly this work: defence suppliers, government contractors, and the technology firms that sell into both. When CPCSC turns into a contract clause, the companies that feel it first are the ones in this ecosystem, and the readiness gap across the defence industrial base is wide.
I provide fractional CISO leadership, security strategy, and CMMC and CPCSC readiness to organizations in and around Ottawa, remotely for most of the work and on-site when a build or an assessment calls for it. The CPCSC baseline is NIST 800-171 under a Canadian wrapper, and I've worked that standard since 2019, so an Ottawa defence supplier facing a Level 1 self-assessment is getting someone who already knows where the work goes.
The local concentration of federal procurement also means controlled goods, sensitive unclassified information, and OT-heavy environments show up constantly here, which is squarely the convergence and compliance combination I work in. If you're an Ottawa supplier with a defence contract in front of you and a certification requirement attached to it, start the readiness work before you attest. Email contact@hans.study.
Where to start
CMMC and CPCSC Readiness →
Scoping, gap assessment, and attestation support for Canadian and cross-border defence suppliers.
Fractional CISO and vCISO →
Senior security leadership on a recurring basis, sized to your stage and budget.
Security Leadership, Advisory, and Strategy →
The full advisory practice: strategy, compliance, convergence, and consulting.
Start before you attest
If a certification requirement is attached to a contract in front of you, the readiness work belongs before the signature, not after. Email contact@hans.study or book a scoping call.
Start a conversation