Capability matrix, attack-surface schematics, engagement records. The document is the pitch.
ASEC is a Toronto offensive-security practice. This document enumerates our service surface, the threat models we test against, and the open-source artifacts the rest of the industry trains on. It is not a pitch deck. It is the working specification a procurement officer or systems-engineering lead is meant to evaluate.
The drone, UAV, and robotics adversarial-testing line is highlighted where it appears, because no other commercial firm in Canada claims that lane. The remainder of the practice covers penetration testing, consulting, incident response, training, and the ASEC continuous testing platform across web, cloud, mobile, IoT, OT, building automation, and GraphQL.
FIGURE 01 // CAPABILITY MATRIXSERVICE LINES × TARGET SYSTEMS
Capability matrix, ASEC service lines crossed with target systems
OFFEREDACTIVE
DRNDrone & Robotics
BASBuilding Automation
CLDCloud Native
WEBMobile + Web/API
OTOT / ICS
NETIT Network
01Adversarial Assessments
ACTIVE
02Security Consulting
03Incident Response
04Security Training
ACTIVE
05ASEC Platform
The drone, UAV, and robotics column is highlighted as ASEC's commercial niche. ACTIVE indicates a current engagement type, OFFERED indicates an available service line, empty indicates the practice does not extend into that target system today.
Autonomous platform attack surface, exploded view of six vectors
ASEC's adversarial assessment methodology catalogues all known attack vectors across an autonomous aerial platform before testing begins. From supply-chain integrity to RF link spoofing, the threat surface is enumerated, prioritized, and tested systematically. Each vector maps to a documented test plan with reproducible findings, CVSS-scored severity, and remediation guidance.
FIGURE 03 // PRACTICE AREASSPECIFICATION SHEET
Practice area specification sheet
03.01
Adversarial Assessments
ACTIVE ENGAGEMENT TYPE
SCOPE
Black-box, grey-box, and white-box engagements against drone and UAV airframes, GraphQL and REST APIs, cloud-native workloads, building automation, OT and ICS targets, and full IT network surface.
STANDARDS CITED
OWASP WSTG
OWASP API Top 10
NIST SP 800-115
PTES
DO-326A advisory
OUTPUT ARTIFACTS
Findings report
CVSS-scored severity
Reproduction steps
Remediation guidance
Re-test attestation
ENGAGEMENT FORM FACTOR
2 to 6 week sprint
Retainer scope
Annual program
03.02
Security Consulting
SCOPE
Threat modeling, virtual CISO, NIST cyber-maturity assessment, vendor-risk program design, vulnerability-management program build, compliance readiness, secure SDLC integration.
STANDARDS CITED
NIST CSF 2.0
NIST SP 800-53
CIS Controls v8
ISO/IEC 27001
SOC 2 readiness
OUTPUT ARTIFACTS
Maturity score with gaps
Threat model diagrams
Vendor-risk register
Program runbooks
Quarterly review
ENGAGEMENT FORM FACTOR
Fixed-scope project
Fractional vCISO
Ongoing advisory
03.03
Incident Response
SCOPE
Proactive threat hunting, IR program assessment, playbook authoring, digital forensics, retainer-backed live IR, executive table-top exercises tailored to attacker playbooks ASEC has run.
STANDARDS CITED
NIST SP 800-61
MITRE ATT&CK
SANS DFIR
OUTPUT ARTIFACTS
IR playbook library
Forensic timeline
Indicators of compromise
Containment guidance
Lessons-learned brief
ENGAGEMENT FORM FACTOR
IR retainer
On-call surge
Tabletop workshop
03.04
Security Training + ASEC Platform
SCOPE
Executive and board awareness, secure-development training, two-day Offensive GraphQL API Security Training. ASEC Platform layers continuous testing, attack-surface management, patch validation, regression monitoring, and Nuclei test development on a productized cadence.
STANDARDS CITED
OWASP curriculum
GraphQL security advisories
Nuclei templates
OUTPUT ARTIFACTS
Recorded curriculum
Live workshop
Continuous-testing dashboard
Per-release diff report
ENGAGEMENT FORM FACTOR
One-time workshop
Quarterly cohort
SaaS subscription
LEGEND // MEMBER OFFOUR ENTRIES
Memberships legend, four entries
CADSI
Canadian Association of Defence and Security Industries
ACDC
Association of Canadian Defence Contractors
CCTX
Canadian Cyber Threat Exchange
IN-SEC-M
Innovative Cyber Security Cluster
CONTACT BLOCKASEC HEADQUARTERS
Contact block, ASEC headquarters
ADDRESS
18 King Street East Suite 1400 Toronto, Ontario M5C 1C4